Agrius Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (375)

Временная шкала

Язык

en342
de12
fr6
sv4
pl4

Страна

us168
ru22
gb8
nl6
ie6

Акторы

Agrius12
Cobalt Strike2
Candiru1
PhotoLoader1
BazarBackdoor1

Деятельность

Интерес

Временная шкала

Тип

Not Defined126
WordPress Plugin22
Groupware Software14
Content Management System14
Operating System12

Поставщик

Not Defined126
Microsoft24
Samsung12
IBM4
Huawei4

Продукт

Microsoft Exchange Server8
Microsoft Windows8
Mozilla Firefox4
ImageMagick4
Atlassian JIRA4

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash раскрытие информации5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DZCP deV!L`z Clanportal config.php эскалация привилегий7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.570.00943CVE-2010-0966
3TikiWiki tiki-register.php эскалация привилегий7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix7.310.01009CVE-2006-6168
4PHP Outburst Easynews admin.php повреждение памяти7.36.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.040.05921CVE-2006-5412
5Microsoft Windows Win32k Local Privilege Escalation7.87.2$25k-$100k$5k-$25kFunctionalOfficial Fix0.000.00088CVE-2021-28310
6I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery Plugin межсайтовый скриптинг5.85.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00046CVE-2023-41658
7Popup Maker Plugin Shortcode Attribute межсайтовый скриптинг4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00056CVE-2022-4362
8Huawei HG8245H URL раскрытие информации7.47.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00167CVE-2017-15328
9Redis dbghelp.dll эскалация привилегий [Спорный]7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00180CVE-2022-3734
10Apple Mac OS X Server Wiki Server межсайтовый скриптинг4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.030.00263CVE-2009-2814
11WordPress WP_Query sql-инъекция6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.93536CVE-2022-21661
12Microsoft Exchange Server Remote Code Execution8.37.3$25k-$100k$0-$5kUnprovenOfficial Fix0.000.01068CVE-2021-31198
13YaBB yabb.pl межсайтовый скриптинг4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.01240CVE-2004-2402
14Apple M1 Register s3_5_c15_c10_1 M1RACLES эскалация привилегий8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00000CVE-2021-30747
15Devilz Clanportal sql-инъекция7.37.0$0-$5k$0-$5kHighOfficial Fix0.000.00684CVE-2006-6339
16Microsoft SharePoint Server Privilege Escalation6.05.3$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00483CVE-2021-31963
17lodash Template эскалация привилегий4.74.7$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00606CVE-2021-23337
18Spring Cloud Config spring-cloud-config-server обход каталога6.46.1$0-$5kРасчетNot DefinedOfficial Fix0.010.97175CVE-2020-5410
19Rittal PDU-3C002DEC/CMCIII-PU-9333E0FB эскалация привилегий7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00171CVE-2020-11953
20MyBB Sendthread Page sendthread.php отказ в обслуживании5.34.8$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000.00000

Кампании (1)

These are the campaigns that can be associated with the actor:

  • Israel

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
15.2.67.85mail.astrilll.comAgrius01.06.2021verifiedВысокий
25.2.73.67Agrius01.06.2021verifiedВысокий
337.59.236.23237.59.236.232.rdns.hasaserver.comAgrius01.06.2021verifiedВысокий
437.120.238.15Agrius01.06.2021verifiedВысокий
5XX.XX.XX.Xxxx.xx-xx-xx-xx.xxXxxxxx01.06.2021verifiedВысокий
6XX.XXX.XX.XXXxxxxx01.06.2021verifiedВысокий
7XX.XXX.XX.XXXXxxxxxXxxxxx09.11.2023verifiedВысокий
8XX.XXX.XX.XXXxxxxx01.06.2021verifiedВысокий
9XX.XXX.XXX.XXXXxxxxxXxxxxx09.11.2023verifiedВысокий
10XX.XXX.XXX.XXXXxxxxx01.06.2021verifiedВысокий
11XXX.XXX.XXX.XXXxxx.xxxxxxXxxxxxXxxxxx09.11.2023verifiedВысокий
12XXX.XXX.XX.XXXxxxxxXxxxxx09.11.2023verifiedВысокий
13XXX.XXX.XX.XXXxxxxxXxxxxx09.11.2023verifiedВысокий
14XXX.XXX.XX.XXxxxxxx.xxx-xxxx.xxXxxxxx01.06.2021verifiedВысокий
15XXX.XXX.XX.XXxxxx.xxxxxxx.xxxXxxxxx01.06.2021verifiedВысокий
16XXX.XXX.XXX.XXXxxxxx01.06.2021verifiedВысокий
17XXX.XXX.XXX.XXXxxxxxxxxxxx.xxxxxx.xxxXxxxxx01.06.2021verifiedВысокий
18XXX.XX.XX.XXXXxxxxxXxxxxx09.11.2023verifiedВысокий

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueУязвимостиВектор доступаТипУверенность
1T1006CWE-21, CWE-22, CWE-23Path TraversalpredictiveВысокий
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveВысокий
3T1059CWE-88, CWE-94Argument InjectionpredictiveВысокий
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveВысокий
5T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveВысокий
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveВысокий
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveВысокий
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveВысокий
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveВысокий
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveВысокий
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveВысокий
12TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveВысокий
13TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
15TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveВысокий
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveВысокий
17TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
18TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
19TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveВысокий
20TXXXX.XXXCWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveВысокий
21TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (117)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/admin/maintenance/view_designation.phppredictiveВысокий
2File/auth/registerpredictiveВысокий
3File/cgi-bin/kerbynetpredictiveВысокий
4File/damicms-master/admin.php?s=/Article/doeditpredictiveВысокий
5File/etc/quaggapredictiveСредний
6File/main?cmd=invalid_browserpredictiveВысокий
7File/opt/IBM/es/lib/libffq.cryptionjni.sopredictiveВысокий
8File/pdf/InfoOutputDev.ccpredictiveВысокий
9File/plugins/Dashboard/Controller.phppredictiveВысокий
10File/signup.phppredictiveСредний
11File/storage/app/media/evil.svgpredictiveВысокий
12File/uncpath/predictiveСредний
13File/usr/lpp/mmfs/bin/predictiveВысокий
14Fileadclick.phppredictiveСредний
15Filexxxxx.xxxpredictiveСредний
16Filexxxxx.xxxpredictiveСредний
17Filexxxxx/xxxxx_xxxxx.xxxpredictiveВысокий
18Filexxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveВысокий
19Filexxxxxxxxxxx/xxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxx.xxxxx.xxxpredictiveВысокий
20Filexxxxxxxxxxxx/xxxxxxxxx/xxx/xxxxx.xxxpredictiveВысокий
21Filexxxxxxxxxxxx.xxxpredictiveВысокий
22Filexxxxxxx/xxxxxx.xpredictiveВысокий
23Filexxxxxxxxx.xxxpredictiveВысокий
24Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveВысокий
25Filexxxxxx/xxx.xpredictiveСредний
26Filexxx.xxxxxxx.xxxpredictiveВысокий
27Filexxxxxxx_xxx.xxxpredictiveВысокий
28Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveВысокий
29Filexxx.xxxpredictiveНизкий
30Filexxxxxxxxxxxx.xxxpredictiveВысокий
31Filexxxx-xxxxxxxx-xxxxxx.xxxpredictiveВысокий
32Filexxxxx.xxxpredictiveСредний
33Filexxxxxxxxxxxxxxxxxxxxx.xxxpredictiveВысокий
34Filexxxxxxxxx.xxxpredictiveВысокий
35Filexx_xxx_xx.xpredictiveСредний
36Filexxx.xxpredictiveНизкий
37Filexxx/xxxxxx.xxxpredictiveВысокий
38Filexxx/xxxxx/xxxx-xxxxxxxx.xxxpredictiveВысокий
39Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveВысокий
40Filexxxxx.xxxxpredictiveСредний
41Filexxxxx.xxxpredictiveСредний
42Filexxxx/xx.xxxpredictiveСредний
43Filexxxxxxx.xxxpredictiveСредний
44Filexxxxxxxx.xxxpredictiveСредний
45Filexx_xxxx.xpredictiveСредний
46Filexxxxxx_xxxxxxx.xxxpredictiveВысокий
47Filexx/xxxxx/xxxxxxx/xxxx.xxpredictiveВысокий
48Filexxxxxxx.xxxpredictiveСредний
49Filexxxxx.xxxpredictiveСредний
50Filexxxxxxxx.xxxpredictiveСредний
51Filexxxxxxxx_xxxx.xxxpredictiveВысокий
52Filexxxxxxxxxx.xxxpredictiveВысокий
53Filexxxx-xxxxxx.xpredictiveВысокий
54Filexxxxxxxx.xxxpredictiveСредний
55Filexxxxxxx:xxxxxxxxxxxxxxxxpredictiveВысокий
56Filexxxxxxxxx/xxxxxxxxxxpredictiveВысокий
57Filexxxx-xxxxxxxx.xxxpredictiveВысокий
58Filexx_xxxx/xx/predictiveСредний
59Filexxxxxx.xxxpredictiveСредний
60Filexxxx.xxxpredictiveСредний
61Filexxxx_xxx.xxxpredictiveСредний
62Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveВысокий
63Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxx-xxxxxx-xxxxxpredictiveВысокий
64Filexx-xxxxx/xxxxxxxx/xxxxx-xxxx-xxxxxx-xxxxxxxx.xxxpredictiveВысокий
65Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveВысокий
66Filexx-xxxxx.xxxpredictiveСредний
67Filexxxxxxx.xpredictiveСредний
68FilexxxxxxxpredictiveНизкий
69Filexxxx.xxpredictiveНизкий
70Libraryx:/xxxxxxx xxxxx/xxxxx/xxxxxxx.xxxpredictiveВысокий
71Libraryxxxxxxxxxx.xxxpredictiveВысокий
72Libraryxxxxxx.xxxpredictiveСредний
73Libraryxxxxxxxx.xxxpredictiveСредний
74Libraryxxx/xxx/xx/xxx/xxxxxx.xxxxxxxxxxx.xxpredictiveВысокий
75ArgumentxxxxxxxxxxxxpredictiveСредний
76ArgumentxxxxxxxxpredictiveСредний
77Argumentxxxxxxxx xxxxpredictiveВысокий
78ArgumentxxxxxpredictiveНизкий
79ArgumentxxxxxxxxxxxpredictiveСредний
80ArgumentxxxpredictiveНизкий
81ArgumentxxxxxxxxxxxxxxxpredictiveВысокий
82Argumentxxxxxxx_xxxxxx_xxpredictiveВысокий
83ArgumentxxxxxxxxxxxxpredictiveСредний
84ArgumentxxxxxxpredictiveНизкий
85Argumentxx_xxxxx_xxpredictiveСредний
86ArgumentxxxxpredictiveНизкий
87ArgumentxxxxxxxxpredictiveСредний
88Argumentxxxxxx_xxxxx_xxxpredictiveВысокий
89ArgumentxxxxxxpredictiveНизкий
90Argumentxxxx_xxpredictiveНизкий
91ArgumentxxpredictiveНизкий
92ArgumentxxpredictiveНизкий
93Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictiveВысокий
94ArgumentxxxxpredictiveНизкий
95Argumentxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxx/xxxxxpredictiveВысокий
96Argumentxx_xxxxxpredictiveСредний
97ArgumentxxpredictiveНизкий
98Argumentxxxxxxx[xxxxxx_xxxxx]predictiveВысокий
99Argumentxxxx xxxxxpredictiveСредний
100ArgumentxxxxxpredictiveНизкий
101Argumentxxxx_xxxxxpredictiveСредний
102ArgumentxxxxxxxxxxxxxxxpredictiveВысокий
103Argumentxxxxxxx_xx_xxxxpredictiveВысокий
104ArgumentxxxpredictiveНизкий
105Argumentxxxxxxx/xxxx/xxxxxxxxxxxpredictiveВысокий
106ArgumentxxxxpredictiveНизкий
107ArgumentxxxxxxxpredictiveНизкий
108ArgumentxxxxxxxpredictiveНизкий
109ArgumentxxxxxxxxxxxpredictiveСредний
110ArgumentxxxxxxxxxpredictiveСредний
111ArgumentxxxxxxxxxpredictiveСредний
112ArgumentxxxxpredictiveНизкий
113ArgumentxxxxxxxxpredictiveСредний
114Argument__xxxxxxxxxpredictiveСредний
115Input Value%xx%xxxxx%xx/xxx/xxxxxx%xx%xxpredictiveВысокий
116Input Value<xxxxxx>xxxxx("xxx")</xxxxxx>predictiveВысокий
117Network PortxxpredictiveНизкий

Ссылки (3)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!