Big Head Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (69)

Временная шкала

Язык

en70

Страна

tr70

Акторы

Big Head1

Деятельность

Интерес

Временная шкала

Тип

Not Defined24
Content Management System6
WordPress Plugin4
Operating System4
Groupware Software4

Поставщик

Not Defined26
Microsoft4
CentOS-WebPanel.com2
Rocklobster2
Apple2

Продукт

WordPress4
CentOS-WebPanel.com CentOS Web Panel2
Simple College Website2
Rocklobster Contact Form 72
Apple macOS2

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemEPSSCTICVE
1Google Chrome WebRTC повреждение памяти6.36.0$25k-$100k$5k-$25kHighOfficial Fix0.011520.03CVE-2022-2294
2nginx эскалация привилегий6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.63CVE-2020-12440
3Telegram раскрытие информации4.94.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000480.00CVE-2021-27205
4Joget Workflow account_new эскалация привилегий6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000910.03CVE-2019-14352
5KLog Server authenticate.php эскалация привилегий5.55.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.951630.04CVE-2020-35729
6Havelsan Dialogue ACL эскалация привилегий8.38.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2024-3375
7Nagios XI monitoringwizard.php sql-инъекция6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000430.04CVE-2024-24401
8Microsoft Windows эскалация привилегий10.09.5$100k и многое другое$0-$5kNot DefinedOfficial Fix0.822120.00CVE-2009-2512
9Python SimpleHTTPServer Module SimpleHTTPServer.py list_directory межсайтовый скриптинг6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.004220.04CVE-2011-4940
10CKeditor Paste межсайтовый скриптинг5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001230.03CVE-2018-17960
11CKEditor4 Advanced Content Filter межсайтовый скриптинг5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.004480.03CVE-2021-41164
12OpenSSH слабая аутентификация7.37.3$5k-$25k$5k-$25kNot DefinedNot Defined0.022410.03CVE-2010-4478
13MikroTik RouterOS Web Server повреждение памяти6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2023-30800
14Microsoft .NET Framework Array Copy повреждение памяти7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.240980.04CVE-2015-2504
15CodeBard Patron Button and Widgets for Patreon Plugin межсайтовый скриптинг5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2023-30491
16phpBB Error Message memberlist.php эскалация привилегий5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.018030.03CVE-2006-2219
17WordPress REST API class-wp-rest-users-controller.php раскрытие информации5.35.1$5k-$25k$0-$5kFunctionalOfficial Fix0.874100.00CVE-2017-5487
18Ovidentia CMS index.php sql-инъекция4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.04CVE-2021-29343
19Zoho ManageEngine Desktop Central MSP DLL dcinventory.exe эскалация привилегий7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.001020.00CVE-2020-9367
20Apple macOS Bluetooth повреждение памяти4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.00CVE-2022-42854

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
113.107.21.200Big Head10.08.2023verifiedВысокий
220.99.133.109Big Head10.08.2023verifiedВысокий
320.99.184.37Big Head10.08.2023verifiedВысокий
423.41.86.106a23-41-86-106.deploy.static.akamaitechnologies.comBig Head10.08.2023verifiedВысокий
5XX.XX.XX.XXXxxx-xx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxx Xxxx10.08.2023verifiedВысокий
6XX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxx Xxxx10.08.2023verifiedВысокий
7XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxx Xxxx10.08.2023verifiedВысокий
8XX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxx Xxxx10.08.2023verifiedВысокий
9XX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxx Xxxx10.08.2023verifiedВысокий
10XX.XXX.XX.XXxx.xx.xxx.xx.xxx.xxxx.xxxXxx Xxxx10.08.2023verifiedВысокий
11XXX.XX.XXX.XXxxxx-xx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxx Xxxx10.08.2023verifiedВысокий
12XXX.XXX.XXX.XXXxxxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxx Xxxx10.08.2023verifiedВысокий
13XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx.xxxxxx.xxxXxx Xxxx10.08.2023verifiedВысокий
14XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx.xxxxxx.xxxXxx Xxxx10.08.2023verifiedВысокий
15XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx.xxxxxx.xxxXxx Xxxx10.08.2023verifiedВысокий
16XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx.xxxxxx.xxxXxx Xxxx10.08.2023verifiedВысокий
17XXX.XX.XXX.XXXxx-xxx-xx-xxx-xxx-xxx.xxxxxx.xxxXxx Xxxx10.08.2023verifiedВысокий
18XXX.XXX.X.XXxx Xxxx10.08.2023verifiedВысокий
19XXX.XXX.XXX.XXXXxx Xxxx10.08.2023verifiedВысокий
20XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxx Xxxx10.08.2023verifiedВысокий

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueКлассУязвимостиВектор доступаТипУверенность
1T1006CAPEC-126CWE-22Path TraversalpredictiveВысокий
2T1059CAPEC-242CWE-94Argument InjectionpredictiveВысокий
3T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveВысокий
4TXXXXCAPEC-CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveВысокий
6TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveВысокий
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveВысокий
8TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
9TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveВысокий
10TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (36)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/alumni/admin/ajax.php?action=save_settingspredictiveВысокий
2File/cwp_{SESSION_HASH}/admin/loader_ajax.phppredictiveВысокий
3Fileactions/authenticate.phppredictiveВысокий
4Fileadmin/dashboard.phppredictiveВысокий
5Filecollege_website/admin/ajax.php?action=loginpredictiveВысокий
6Filexxxxxxxxxx/xxx.xxpredictiveВысокий
7Filexxxxxxxxx/xxxxxxx/xxxx.xxxpredictiveВысокий
8Filexxxxxxxxxxx.xxxpredictiveВысокий
9Filexxxxxxxx/xxxxxxxx.xpredictiveВысокий
10Filexxx/xxxxxxx.xxxpredictiveВысокий
11Filexxxxxxx_xxxx_xxxxxx.xxxpredictiveВысокий
12Filexxxx_xxxxxxx.xxx.xxxpredictiveВысокий
13Filexxxxx.xxxpredictiveСредний
14Filexx/xxx/xxxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxx_xxxxx/_/xxxxxxx_xxxpredictiveВысокий
15Filexxxxxxxxxx.xxxpredictiveВысокий
16Filexxxxxxx/xxxx/xxxx_xxxx.xxpredictiveВысокий
17Filexxxxxxxxxxxxxxxx.xxxpredictiveВысокий
18Filexxx/xxxxxx/xx_xxxxxx.xpredictiveВысокий
19Filexxxxxxxxxxxxxxxx.xxpredictiveВысокий
20Filexxx/xxxxxxx.xpredictiveВысокий
21Filexxxxxxxxx.xpredictiveСредний
22Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveВысокий
23File\xxx\xxxxx_xxxxxxxxxxxx.xxxpredictiveВысокий
24Libraryxxxxxxxx.xxxpredictiveСредний
25Argumentxxxxxxx xx/xxxxxxx xxxxpredictiveВысокий
26ArgumentxxxxxxxxxxxpredictiveСредний
27ArgumentxxxxxxxxpredictiveСредний
28ArgumentxxpredictiveНизкий
29ArgumentxxxxxxxxxxxxxxxpredictiveВысокий
30ArgumentxxxxxxxxxpredictiveСредний
31Argumentxxxx_xxxxxxxpredictiveСредний
32ArgumentxxxxpredictiveНизкий
33ArgumentxxxxpredictiveНизкий
34Input ValuexxxxxxxxpredictiveСредний
35Input Valuexxxx+x@!xxxx+predictiveВысокий
36Pattern() {predictiveНизкий

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!