Zeppelin Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (14)

Idioma

en	8
ru	6

País

us	6
ru	4
ml	2
me	2

Actores

FIN7	1
MuddyWater	1
Bandook	1
TrickBot	1
Zeppelin	1

Interesse

Tipo

Not Defined	6
JavaScript Library	2
Photo Gallery Software	2
Content Management System	2

Fabricante

Not Defined	6
HCL	2
10Web	2
SAP	2

Produto

pesign	2
HCL Traveler Web Admin	2
Node.js	2
10Web Photo Gallery Plugin	2
WordPress	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Backdoor.Win32.Redkod.d Service Port 4820 Fraca autenticação	7.3	6.4	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00000	0.00
2	simple-git listRemote Remote Code Execution	7.8	7.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01499	0.05	CVE-2022-25860
3	SAP BASIS direitos alargados	8.8	8.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00094	0.02	CVE-2022-41264
4	Node.js Module._load direitos alargados	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00091	0.04	CVE-2023-32002
5	pesign systemd Service direitos alargados	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.02	CVE-2022-3560
6	WordPress Directório Traversal	5.7	5.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00326	0.04	CVE-2023-2745
7	Social Login and Register Plugin Fraca autenticação	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01494	0.00	CVE-2023-2982
8	HCL Traveler Web Admin LotusTraveler.nsf Roteiro Cruzado de Sítios	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00054	0.00	CVE-2022-27561
9	301 Redirects - Easy Redirect Manager Plugin WordPress Injecção SQL	6.7	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00064	0.00	CVE-2021-24142
10	WordPress Editor Divulgação de Informação	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00463	0.04	CVE-2021-29450
11	WordPress Media Library Parser XML External Entity	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01073	0.02	CVE-2021-29447
12	10Web Photo Gallery Plugin model.php Injecção SQL	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00138	0.00	CVE-2021-24139

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Campanhas	Identified	Tipo	Aceitação
1	45.142.213.167	katitoons.com	Zeppelin		12/05/2022	verified	Alto
2	XXX.XXX.XXX.XXX		Xxxxxxxx		12/05/2022	verified	Alto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
4	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Alto
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/etc/pki/pesign	predictive	Alto
2	File	frontend/models/model.php	predictive	Alto
3	File	xxxxxxxxxxxxx.xxx	predictive	Alto
4	Argument	xxx_xxxxxx_x	predictive	Médio
5	Argument	xxxxxx xxxx	predictive	Médio

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Interested in the pricing of exploits?

See the underground prices here!