DeadBolt Анализ

IOB - Indicator of Behavior (14)

Временная шкала

Язык

en14

Страна

sg10
cn4

Акторы

Деятельность

Интерес

Временная шкала

Тип

Поставщик

Продукт

Microsoft Edge2
cPanel2
Apple macOS2
Synology Note Station Client2
Netgear R62202

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemCTIEPSSCVE
1Netgear AC1200 R6220 Path String Remote Code Execution8.38.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00678CVE-2019-17137
2Synology Note Station Client Authentication Management слабое шифрование3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00104CVE-2022-27619
3Netgear DGN1000/DGN2200 setup.cgi повреждение памяти10.09.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.030.00000
4Apple macOS Kernel Coldtro повреждение памяти7.87.6$5k-$25k$0-$5kHighOfficial Fix0.000.00128CVE-2022-32894
5AMD Ryzen/Athlon/EPYC Branch Predictor раскрытие информации4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00049CVE-2022-23825
6Microsoft Windows AMD CPU Branch эскалация привилегий5.55.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00049CVE-2022-23825
7Netgear R7450 mini_httpd слабая аутентификация8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00124CVE-2021-34865
8Netgear R6220/R6230 эскалация привилегий6.76.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2020-26929
9Intel Core/Xeon Local Privilege Escalation6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2020-12357
10cPanel cPHulkd слабая аутентификация5.35.2$0-$5kРасчетNot DefinedOfficial Fix0.020.00054CVE-2016-10835
11Microsoft Edge раскрытие информации4.34.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.030.01639CVE-2017-0009

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
1132.147.73.87fnet87-f73-access.vqbn.com.sgDeadBolt29.07.2022verifiedВысокий

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueУязвимостиВектор доступаТипУверенность
1T1040CWE-319Authentication Bypass by Capture-replaypredictiveВысокий
2TXXXXCWE-XXXxxxxxxx Xxxxxxxxxxxxxx Xx Xxxx Xxxxxx Xxxxx XxxxxxxxxxxpredictiveВысокий
3TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (2)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1Filesetup.cgipredictiveСредний
2Argument?xxxx_xxxx=xxxxxxx.xxx/xxxx=xxxxxx/xxx=xxx+/xxx/.xxxxxxxx/xxxxxxx=//xxxxxxxxxxxxxx.xxx=xpredictiveВысокий

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!