DEV-0530 Анализ

IOB - Indicator of Behavior (166)

Временная шкала

Язык

en164
pl2

Страна

us166

Акторы

Деятельность

Интерес

Временная шкала

Тип

Поставщик

Продукт

Microsoft Windows16
swftools4
Google Android4
jQuery-UI4
H3C Magic R1004

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemCTIEPSSCVE
1TLS Protocol/SSL Protocol RC4 Encryption Bar Mitzvah Attack слабое шифрование5.34.7$0-$5k$0-$5kUnprovenWorkaround0.020.00300CVE-2015-2808
2Couchbase Server раскрытие информации3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00158CVE-2022-32192
3OTRS Forwarder раскрытие информации3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00072CVE-2022-32740
4Veritas NetBackup pbx_exchange Process эскалация привилегий8.36.9$0-$5kРасчетProof-of-ConceptOfficial Fix0.040.00356CVE-2017-6407
5Microsoft Azure RTOS USBX ux_device_class_dfu_control_request повреждение памяти9.89.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.01235CVE-2022-29246
6PHPMailer Phar Deserialization addAttachment эскалация привилегий5.55.3$0-$5kРасчетNot DefinedOfficial Fix0.020.00748CVE-2020-36326
7jQuery UI dialog межсайтовый скриптинг5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00469CVE-2016-7103
8Intel Xeon BIOS раскрытие информации3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2021-33117
9HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Update повреждение памяти9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00261CVE-2022-31481
10Apache Tomcat HTTP Split эскалация привилегий7.26.8$5k-$25kРасчетProof-of-ConceptOfficial Fix0.030.00262CVE-2016-6816
11Delta Controls enteliTOUCH HTTP Request Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00188CVE-2022-29735
12Moment.js обход каталога6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.090.00330CVE-2022-24785
13Laravel PendingBroadcast.php __destruct эскалация привилегий6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.050.00049CVE-2022-31279
14Piwigo межсайтовый скриптинг3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00058CVE-2021-40678
15Linux Kernel Floating Point Register ptrace-fpu.c ptrace_get_fpr повреждение памяти8.07.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00048CVE-2022-32981
16GNU C Library mq_notify повреждение памяти5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.01386CVE-2021-33574
17Vyper Contract Address эскалация привилегий7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00062CVE-2022-29255
18Easy Blog неизвестная уязвимость4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.020.00063CVE-2022-27174
19Brocade SANnav REST API раскрытие информации3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2022-28162
20Python mailcap Module эскалация привилегий7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00141CVE-2015-20107

Кампании (1)

These are the campaigns that can be associated with the actor:

  • H0lyGh0st

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
1193.56.29.123DEV-0530H0lyGh0st15.07.2022verifiedВысокий

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueУязвимостиВектор доступаТипУверенность
1T1006CWE-21, CWE-22, CWE-23Path TraversalpredictiveВысокий
2T1040CWE-294Authentication Bypass by Capture-replaypredictiveВысокий
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveВысокий
4T1059CWE-94Argument InjectionpredictiveВысокий
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveВысокий
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveВысокий
8TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveВысокий
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveВысокий
10TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveВысокий
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveВысокий
12TXXXXCWE-XXXxx XxxxxxxxxpredictiveВысокий
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveВысокий
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
17TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveВысокий
18TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveВысокий
19TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveВысокий

IOA - Indicator of Attack (70)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/admin.php?page=batch_manager&mode=unitpredictiveВысокий
2File/goform/aspFormpredictiveВысокий
3File/omps/sellerpredictiveСредний
4File/php/passport/index.phppredictiveВысокий
5File/replicationpredictiveСредний
6File/settingspredictiveСредний
7File/staff/tools/custom-fieldspredictiveВысокий
8File/strings/ctype-latin1.cpredictiveВысокий
9File/xxxxxxx/predictiveСредний
10File/xxxxxxx-xxxxxxxxxx/xxxxx/xxxxxx_xxxxxx_xxxxxxx_xxxxxxx.xxx?xxxxxxx_xx=xxpredictiveВысокий
11Filexxxxx/xxxxxxxxxxxxxxxxx.xxxpredictiveВысокий
12Filexxxxxxxxxxxxxxxxx.xxxxpredictiveВысокий
13Filexxxxxxx.xxxxpredictiveСредний
14Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxpredictiveВысокий
15Filexxx-xxx/xxxxxxx.xxpredictiveВысокий
16Filexxxxxxxxx.xxxpredictiveВысокий
17Filexxxxx.xxxxxxxxxxx.xxxx[x]=xxxpredictiveВысокий
18Filexxxxxxxxxxxxxxxxxxxxxxx.xpredictiveВысокий
19Filexxxx/xxxxx/xxx_xxxxx.xxxpredictiveВысокий
20Filexxxx_xx.xxpredictiveСредний
21Filexxx_xxxxxx.xxpredictiveВысокий
22Filexxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictiveВысокий
23Filexxxxx.xxxpredictiveСредний
24Filexxxxxxxxx/xxxx/xxxxxx/xxxxxx_xxxxxxxxxx.xxxpredictiveВысокий
25Filexxxxxxxx/xx/xxxx_xxxxxx.xxpredictiveВысокий
26Filexxxxxxxxxx/xxxxxx_xxxxxxxx.xpredictiveВысокий
27Filexx/xxxxx/xxxxxxx/xxxx.xxpredictiveВысокий
28Filexxx/xxxx/xxxx.xpredictiveВысокий
29Filexxxxxx-xxx.xpredictiveСредний
30Filexxxxxx.xpredictiveСредний
31Filexxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx.xxxxpredictiveВысокий
32Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveВысокий
33Filexxxxx.xxxpredictiveСредний
34Filexxx/xxxx_xxxxxxx.xxpredictiveВысокий
35Filexxx/xxxx_xxxx.xxpredictiveВысокий
36Filexxxxxxx.xpredictiveСредний
37Filexxxx_xxx_xxx.xxxpredictiveВысокий
38Filexxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveВысокий
39Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveВысокий
40File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictiveВысокий
41Libraryxxxxx.xxxpredictiveСредний
42Argument?xxxx_xxxx=xxxxxxx.xxx/xxxx=xxxxxx/xxx=xxx+/xxx/.xxxxxxxx/xxxxxxx=//xxxxxxxxxxxxxx.xxx=xpredictiveВысокий
43ArgumentxxxxxxxxpredictiveСредний
44ArgumentxxpredictiveНизкий
45Argumentxxx_xxxxxxxxxxxxxxxxxxxxxxxpredictiveВысокий
46ArgumentxxxxxxxpredictiveНизкий
47Argumentxxxxxxxxxx_xxxxpredictiveВысокий
48Argumentxxxxx.xxxxxxxxxxx.xxxx[x]=xxxpredictiveВысокий
49ArgumentxxxxxxxxxpredictiveСредний
50ArgumentxxxxxxpredictiveНизкий
51Argumentxxxxxx/xxxxxxxxxxpredictiveВысокий
52Argumentxxxxx xxxxpredictiveСредний
53ArgumentxxpredictiveНизкий
54Argumentxxxxxxxxx/xxxxxxxxxpredictiveВысокий
55ArgumentxxxxpredictiveНизкий
56ArgumentxxpredictiveНизкий
57ArgumentxxxxpredictiveНизкий
58ArgumentxxxxxxpredictiveНизкий
59ArgumentxxxxxxxxpredictiveСредний
60ArgumentxxxxxxxxpredictiveСредний
61ArgumentxxxxxxxpredictiveНизкий
62ArgumentxxxxxpredictiveНизкий
63Argumentxxxxxx_xxxxpredictiveСредний
64ArgumentxxxxxxxxxxxxxxxxxxxpredictiveВысокий
65ArgumentxxxpredictiveНизкий
66ArgumentxxxxxxxxpredictiveСредний
67ArgumentxxxxxpredictiveНизкий
68Argumentxxxx_xxpredictiveНизкий
69Argumentx-xxxxxxxxx-xxxpredictiveВысокий
70Network Portxxx/xxxxxpredictiveСредний

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!