Avos Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (66)

Временная шкала

Язык

en60
fr6

Страна

fr6
us4
ru2

Акторы

AvosLocker1
Tofsee1
Amadey1
RedLine Stealer1
RedLine1

Деятельность

Интерес

Временная шкала

Тип

Not Defined22
Operating System4
Anti-Malware Software2
Content Management System2

Поставщик

Not Defined8
Microsoft6
Coinsoft Technologies4
IW2
Huawei2

Продукт

Microsoft Windows4
Hydra4
Coinsoft Technologies phpCOIN4
IW Guestbook2
Huawei AR120-S2

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemEPSSCTICVE
1HP SAN/iQ hydra.exe эскалация привилегий4.33.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.002830.00CVE-2012-4362
2Hydra HTTP Header read.c process_header_end отказ в обслуживании6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.001170.02CVE-2019-17502
3IW Guestbook badwords_edit.asp sql-инъекция6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
4Hydra слабая аутентификация5.65.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000990.00CVE-2020-5300
5OmniSecure AddUrlShield index.php sql-инъекция6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.02
6ORY Hydra error Reflected межсайтовый скриптинг5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000970.00CVE-2019-8400
7PHPGurukul Hospital Management System dashboard.php эскалация привилегий5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.006610.02CVE-2020-35745
8HP SAN/iQ Login hydra.exe повреждение памяти10.09.5$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.466430.00CVE-2011-4157
9HP LeftHand Virtual SAN Appliance hydra повреждение памяти10.09.5$25k-$100k$0-$5kHighOfficial Fix0.784010.00CVE-2013-2343
10Coinsoft Technologies phpCOIN db.php эскалация привилегий7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.076060.00CVE-2005-4211
11Coinsoft Technologies phpCOIN db.php обход каталога5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.038770.02CVE-2005-4212
12Ilohamail межсайтовый скриптинг4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.04
13Small CRM межсайтовый скриптинг3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000520.00CVE-2023-44075
14Intern Record System controller.php межсайтовый скриптинг4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2022-40348
15Sitekit CMS registration-form.html межсайтовый скриптинг3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
16Microsoft Windows Backup Service Privilege Escalation7.77.1$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.003890.04CVE-2023-21752
17SunHater KCFinder upload.php межсайтовый скриптинг5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.001310.00CVE-2019-14315
18Canto Cumulus login эскалация привилегий8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.002830.02CVE-2022-40305
19IW Guestbook messages_edit.asp sql-инъекция6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
20CKEditor Clipboard Package эскалация привилегий6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001630.03CVE-2021-32809

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
145.136.230.191Avos29.07.2022verifiedВысокий
2XXX.XXX.XXX.XXXXxxx29.07.2022verifiedВысокий

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueКлассУязвимостиВектор доступаТипУверенность
1T1006CAPEC-126CWE-22Path TraversalpredictiveВысокий
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveВысокий
3TXXXXCAPEC-242CWE-XXXxxxxxxx XxxxxxxxxpredictiveВысокий
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveВысокий
5TXXXXCAPEC-CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveВысокий
7TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/cwc/loginpredictiveСредний
2File/intern/controller.phppredictiveВысокий
3File/iwguestbook/admin/badwords_edit.asppredictiveВысокий
4File/iwguestbook/admin/messages_edit.asppredictiveВысокий
5Filexxxxx/xxxxxxxxx.xxxpredictiveВысокий
6Filexxxxx.xxxpredictiveСредний
7Filexxxx_xxxxxxxx/xx.xxxpredictiveВысокий
8Filexxxxx.xxxpredictiveСредний
9Filexxxxx.xxxpredictiveСредний
10Filexxxxx.xxx/xxxxxxxxxxxxx/xxxpredictiveВысокий
11Filexxxxxx/xxxxxxxxx/xxxxxpredictiveВысокий
12Filexxxx.xpredictiveНизкий
13Filexxxxxxxxxxxx-xxxx.xxxxpredictiveВысокий
14Filexxxxxx.xxxpredictiveСредний
15Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveВысокий
16ArgumentxxxxxxxpredictiveНизкий
17ArgumentxxxxxxpredictiveНизкий
18ArgumentxxxxxxxxxxxxxxxpredictiveВысокий
19ArgumentxxxxxxxxxpredictiveСредний
20Argumentxxxxxxx-xxxxxxpredictiveВысокий
21Argumentxxxxx_xxxxpredictiveСредний
22Argumentxxxxxx$xxxxxpredictiveСредний
23ArgumentxxpredictiveНизкий
24ArgumentxxxxxpredictiveНизкий
25Argumentxxxx/xxxxxpredictiveСредний
26Argumentxxxx_xxpredictiveНизкий
27ArgumentxxxxxxpredictiveНизкий
28Argument_xxxx[_xxx_xxxx_xxxxpredictiveВысокий
29Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictiveВысокий

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Interested in the pricing of exploits?

See the underground prices here!