CDRThief Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (10)

Язык

zh	8
en	2

Страна

cn	10

Акторы

CDRThief	3

Интерес

Тип

Cloud Software	4
Not Defined	2
Jenkins Plugin	2
Printing Software	2

Поставщик

Not Defined	4
ownCloud	4
PrinterLogic	2

Продукт

Jitsi Meet	2
ownCloud user_ldap	2
ownCloud Server	2
Job and Node Ownership Plugin	2
PrinterLogic Web Stack	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	Hotline Connect Server раскрытие информации	3.3	3.3	$0-$5k	$0-$5k	Not Defined	Workaround	0.00000	0.00
2	ownCloud Server Password Protected Public Links слабая аутентификация	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00074	0.00	CVE-2021-35948
3	ownCloud user_ldap эскалация привилегий	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00054	0.00	CVE-2021-40537
4	Atlassian JIRA Server/Data Center Endpoint web.xml обход каталога	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.91900	0.03	CVE-2021-26086
5	Job and Node Ownership Plugin эскалация привилегий	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00055	0.00	CVE-2022-28151
6	PrinterLogic Web Stack слабое шифрование	7.7	7.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.06463	0.00	CVE-2021-42635
7	eEye Retina WiFi Scanner повреждение памяти	10.0	10.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.12680	0.00	CVE-2009-3859
8	PHP SoapClient query отказ в обслуживании	6.4	6.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01231	0.00	CVE-2021-21702
9	Jitsi Meet слабая аутентификация	8.5	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00196	0.08	CVE-2020-11878
10	OpenSSH Key Exchange Initialization kex_input_kexinit отказ в обслуживании	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.78351	0.01	CVE-2016-8858

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Identified	Тип	Уверенность
1	34.94.199.142	142.199.94.34.bc.googleusercontent.com	CDRThief	31.05.2021	verified	Средний
2	35.236.173.187	187.173.236.35.bc.googleusercontent.com	CDRThief	31.05.2021	verified	Средний
3	XXX.XX.XXX.XX		Xxxxxxxx	31.05.2021	verified	Высокий
4	XXX.XXX.XXX.XXX		Xxxxxxxx	31.05.2021	verified	Высокий
5	XXX.XXX.XXX.XXX		Xxxxxxxx	31.05.2021	verified	Высокий
6	XXX.XXX.XX.XXX		Xxxxxxxx	31.05.2021	verified	Высокий

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CWE-22	Path Traversal	predictive	Высокий
2	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Высокий
3	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
4	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Высокий

IOA - Indicator of Attack (3)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/WEB-INF/web.xml	predictive	Высокий
2	File	xxxxxxxx/xxxx_xxxx	predictive	Высокий
3	Argument	xxx_xxx	predictive	Низкий

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Might our Artificial Intelligence support you?

Check our Alexa App!