Arid Viper Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (400)

Временная шкала

Язык

en370
ru12
pl8
de8
sv2

Страна

us358
de16
ru12
pl8
ir2

Акторы

Arid Viper6
Sliver2
Desert Falcons2
BianLian2
MuddyWater2

Деятельность

Интерес

Временная шкала

Тип

Not Defined22
Content Management System6
Programming Language Software6
JavaScript Library4
Web Server4

Поставщик

Not Defined36
Microsoft4
Cisco4
Facebook4
Oracle2

Продукт

nginx4
PHP4
OpenSSH4
Facebook WhatsApp4
Remote Clinic2

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemEPSSCTICVE
1jforum User эскалация привилегий5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash раскрытие информации5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
3DZCP deV!L`z Clanportal config.php эскалация привилегий7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.81CVE-2010-0966
4Dreaxteam Xt-News add_comment.php межсайтовый скриптинг4.34.2$0-$5k$0-$5kHighUnavailable0.005990.07CVE-2006-6746
5Enigma2 Coppermine Bridge e2_header.inc.php эскалация привилегий9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.100260.00CVE-2006-6864
6IBM WebSphere Service Registry/Repository Access Restriction эскалация привилегий4.34.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.001620.00CVE-2014-6160
7Big Webmaster Big Webmaster Guestbook Script addguest.cgi межсайтовый скриптинг4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.006150.04CVE-2006-2231
8LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.21
9Joomla CMS remember.php эскалация привилегий5.44.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030440.00CVE-2013-3242
10Joomla CMS Media Manager обход каталога8.58.2$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.901670.04CVE-2019-10945
11Pligg cloud.php sql-инъекция6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.64
12Apple macOS слабая аутентификация5.65.4$5k-$25k$0-$5kHighOfficial Fix0.021810.02CVE-2023-41991
13Oracle Java SE JSSE неизвестная уязвимость7.47.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001110.06CVE-2023-21930
14ICQ fetch эскалация привилегий10.09.5$0-$5k$0-$5kNot DefinedOfficial Fix0.003460.00CVE-2011-0487
15WebP Converter for Media Plugin passthru.php Redirect4.94.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001060.00CVE-2021-25074
16CasaOS API эскалация привилегий5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.011870.04CVE-2022-24193
17jQuery межсайтовый скриптинг4.33.8$0-$5k$0-$5kNot DefinedOfficial Fix0.003060.03CVE-2011-4969
18Oracle Retail Central Office Security межсайтовый скриптинг6.26.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.003840.02CVE-2021-41184
19InsydeH2O SMM HandleProtocol отказ в обслуживании5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2021-41839
20PHP zip Extension php_zip.c повреждение памяти9.89.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.063260.03CVE-2016-5773

Кампании (1)

These are the campaigns that can be associated with the actor:

  • Hamas

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
154.255.143.112ec2-54-255-143-112.ap-southeast-1.compute.amazonaws.comArid Viper24.12.2020verifiedСредний
291.199.147.84s726618.srvape.comArid ViperHamas30.10.2023verifiedВысокий
394.131.98.3stockdc1.comArid ViperHamas30.10.2023verifiedВысокий
495.164.18.204vm1554543.stark-industries.solutionsArid ViperHamas30.10.2023verifiedВысокий
5XX.XXX.XX.XXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxx XxxxxXxxxx30.10.2023verifiedВысокий
6XXX.XX.XXX.XXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxx XxxxxXxxxx30.10.2023verifiedВысокий
7XXX.XX.XXX.XXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxx XxxxxXxxxx30.10.2023verifiedВысокий
8XXX.XXX.XX.XXxx.xx.xxx.xxx.xxxxxxxxxx.xxx.xxxxxxxxx.xxxXxxx Xxxxx24.12.2020verifiedВысокий
9XXX.XX.XX.XXXXxxx XxxxxXxxxx30.10.2023verifiedВысокий
10XXX.XX.XXX.XXXxxx.xxxxxxxx.xxxXxxx XxxxxXxxxx30.10.2023verifiedВысокий
11XXX.XXX.XXX.XXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxx XxxxxXxxxx30.10.2023verifiedВысокий
12XXX.XXX.XXX.XXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxx XxxxxXxxxx30.10.2023verifiedВысокий
13XXX.XX.XX.XXXxxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx Xxxxx24.12.2020verifiedВысокий
14XXX.XX.XX.XXXxxxxxxxxx.xxx.xxXxxx Xxxxx24.12.2020verifiedВысокий
15XXX.XXX.XXX.XXxxx.xxxxxxxxx.xxxXxxx Xxxxx24.12.2020verifiedВысокий
16XXX.X.XX.XXXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxx XxxxxXxxxx30.10.2023verifiedВысокий
17XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxx.xxxxxxxxxxxx.xxXxxx Xxxxx24.12.2020verifiedВысокий
18XXX.XXX.XXX.Xxxxxxx.xxxxxxxxxxxxx.xxxXxxx Xxxxx24.12.2020verifiedВысокий

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueУязвимостиВектор доступаТипУверенность
1T1006CWE-22Path TraversalpredictiveВысокий
2T1059CWE-94Argument InjectionpredictiveВысокий
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveВысокий
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
5TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveВысокий
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveВысокий
7TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveВысокий
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveВысокий
9TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
10TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (50)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/forum/away.phppredictiveВысокий
2Fileaddguest.cgipredictiveСредний
3Fileadd_comment.phppredictiveВысокий
4Fileadmin/index.phppredictiveВысокий
5Fileapi_jsonrpc.phppredictiveВысокий
6Filecloud.phppredictiveСредний
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveВысокий
8Filexx_xxxxxx.xxx.xxxpredictiveВысокий
9Filexxxxxx/xxx/xxxxxxx.xxxpredictiveВысокий
10Filexxxxx.xxxpredictiveСредний
11Filexxxxx/xxxxx_xxxxx_xpredictiveВысокий
12Filexxxxxx.xpredictiveСредний
13Filexx.xxxpredictiveНизкий
14Filexxxx/xxx_xxxx_xxxxx.xpredictiveВысокий
15Filexxx/xxxxxx.xxxpredictiveВысокий
16Filexxxxx.xxxpredictiveСредний
17Filexxxxxxxxxxx.xxxpredictiveВысокий
18Filexxxxxx/xxxxxx/xxxx.xpredictiveВысокий
19Filexxxxxxxx.xxxpredictiveСредний
20Filexxxxxxx_xxx.xxxpredictiveВысокий
21Filexxxxx/xxxxx.xxx.xxxpredictiveВысокий
22Filexxxxxxxx.xxxpredictiveСредний
23Filexxx_xxx.xpredictiveСредний
24Filexxxxxxx/xxxxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveВысокий
25Filexxxxxxxxxxxx.xxxpredictiveВысокий
26Filexxxxx/xxxxxxxxxxx/xxxxx.xxxpredictiveВысокий
27Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveВысокий
28Filexxx.xpredictiveНизкий
29Filexxxx-xxxx.xpredictiveСредний
30Filexxxxx/xxxxxxxx.xxxpredictiveВысокий
31Filexx/xx/xxxxxpredictiveСредний
32ArgumentxxxxxxxxpredictiveСредний
33ArgumentxxxxxxxxpredictiveСредний
34ArgumentxxxxxxxxxxpredictiveСредний
35Argumentxxxxxxxxxxxx/xxxxxxxpredictiveВысокий
36Argumentxxxx/xxxxpredictiveСредний
37ArgumentxxxxxxxxxpredictiveСредний
38Argumentxxxx_xxxpredictiveСредний
39ArgumentxxxxxxpredictiveНизкий
40ArgumentxxxxxxxxxxxpredictiveСредний
41Argumentxxx_xxxx_xxxxxxxxpredictiveВысокий
42Argumentxxxxx xxxx/xxxx xxxxpredictiveВысокий
43ArgumentxxxxxxpredictiveНизкий
44ArgumentxxpredictiveНизкий
45Argumentxx_xxxxpredictiveНизкий
46Argumentxxxx_xxxpredictiveСредний
47ArgumentxxxxxxxxpredictiveСредний
48Argumentxxxxxxx_xxxxx_xxxxx_xxxxxxx=xxxxxpredictiveВысокий
49Argumentxxxxxxxx_xxxpredictiveСредний
50ArgumentxxxpredictiveНизкий

Ссылки (4)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Do you need the next level of professionalism?

Upgrade your account now!