East Timor Unknown Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (28)

Временная шкала

Язык

en24
de2
zh2

Страна

us16
id6
gb2
pt2
tl2

Акторы

Unknown1

Деятельность

Интерес

Временная шкала

Тип

Not Defined8
Forum Software4
Web Server4
Remote Access Software2
Operating System2

Поставщик

Not Defined10
Microsoft6
Photography-on-the-net2
IBM2
Apache2

Продукт

Arvados2
JForum2
Photography-on-the-net Exhibit Engine 22
YaBB2
Backdoor.Win32.Wollf.h2

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemCTIEPSSCVE
1Microsoft IIS WebDav повреждение памяти5.65.2$25k-$100k$0-$5kHighOfficial Fix0.020.97418CVE-2003-0109
2LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable3.110.00000
3YaBB yabb.pl межсайтовый скриптинг4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.01240CVE-2004-2402
4Benjamin Arnaudetr Ginkgocms index.php sql-инъекция7.37.3$0-$5k$0-$5kHighNot Defined0.000.00161CVE-2013-5318
5Microsoft IIS межсайтовый скриптинг5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.070.00548CVE-2017-0055
6Apache HTTP Server mod_proxy_uwsgi эскалация привилегий6.96.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.01374CVE-2023-27522
7Apache HTTP Server mod_proxy эскалация привилегий7.47.3$5k-$25k$5k-$25kNot DefinedOfficial Fix0.080.00634CVE-2023-25690
8Apache HTTP Server Limit Directive ap_limit_section повреждение памяти6.46.3$5k-$25k$0-$5kHighOfficial Fix0.030.97305CVE-2017-9798
9Aruba Networks ArubaOS Command Line Interface отказ в обслуживании5.15.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00073CVE-2022-37910
10Arvados PAM слабая аутентификация6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00093CVE-2022-39238
11Apple macOS wifivelocityd эскалация привилегий8.27.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00148CVE-2020-3838
12Trend Micro Antivirus 2021 эскалация привилегий8.38.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00045CVE-2021-43771
13Backdoor.Win32.Wollf.h Service Port 7300 слабая аутентификация9.88.6$0-$5kРасчетProof-of-ConceptWorkaround0.000.00000
14Microsoft Exchange Server ProxyShell неизвестная уязвимость9.48.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.78222CVE-2021-34523
15Microsoft Windows Multimedia Library winmm.dll повреждение памяти10.09.5$100k и многое другое$0-$5kHighOfficial Fix0.040.97281CVE-2012-0003
16Microsoft Excel MergeCells Record Heap эскалация привилегий4.43.9$5k-$25k$0-$5kUnprovenOfficial Fix0.020.94726CVE-2012-0185
17ZTE ZXDT22 SF01 обход каталога6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00320CVE-2017-10933
18Apache OpenMeetings Password Reset sendHashByUser раскрытие информации7.57.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.00223CVE-2016-0783
19Host Web Server phpinfo.php phpinfo раскрытие информации5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.080.00000
20IBM Tivoli Endpoint Manager HTTPOnly Flag Cookie Handling раскрытие информации7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00305CVE-2012-1837

IOC - Indicator of Compromise (46)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
114.137.33.0East Timor Unknown30.05.2023verifiedВысокий
235.248.7.128East Timor Unknown30.05.2023verifiedВысокий
335.248.7.144East Timor Unknown30.05.2023verifiedВысокий
435.248.7.148East Timor Unknown30.05.2023verifiedВысокий
535.248.7.150var1.bch1-ae21-0.us.twtelecom.netEast Timor Unknown30.05.2023verifiedВысокий
635.248.7.152East Timor Unknown30.05.2023verifiedВысокий
735.248.7.156East Timor Unknown30.05.2023verifiedВысокий
835.248.7.158var2.bch1-ae21-0.3549.level3.netEast Timor Unknown30.05.2023verifiedВысокий
943.243.120.0East Timor Unknown30.05.2023verifiedВысокий
1043.254.56.0East Timor Unknown13.01.2023verifiedВысокий
11XX.XX.XX.XXXxx-xxxx-xx.xxxxxxxxxxxx.xxxXxxx Xxxxx Xxxxxxx13.01.2023verifiedВысокий
12XX.XX.XX.XXXXxxx Xxxxx Xxxxxxx13.01.2023verifiedВысокий
13XX.XXX.XX.XXxxx Xxxxx Xxxxxxx13.01.2023verifiedВысокий
14XX.XX.XXX.XXXXxxx Xxxxx Xxxxxxx13.01.2023verifiedВысокий
15XX.XX.XXX.XXXXxxx Xxxxx Xxxxxxx13.01.2023verifiedВысокий
16XX.XXX.XXX.XXxxx Xxxxx Xxxxxxx13.01.2023verifiedВысокий
17XXX.XX.XX.XXxxx Xxxxx Xxxxxxx13.01.2023verifiedВысокий
18XXX.XX.XXX.XXxxx Xxxxx Xxxxxxx13.01.2023verifiedВысокий
19XXX.XX.XX.XXxxx Xxxxx Xxxxxxx13.01.2023verifiedВысокий
20XXX.XX.XXX.XXxxx Xxxxx Xxxxxxx30.05.2023verifiedВысокий
21XXX.XX.XX.XXxxx Xxxxx Xxxxxxx13.01.2023verifiedВысокий
22XXX.XX.XXX.XXxxx Xxxxx Xxxxxxx13.01.2023verifiedВысокий
23XXX.XXX.XX.XXxxx Xxxxx Xxxxxxx13.01.2023verifiedВысокий
24XXX.XXX.XXX.XXxxx Xxxxx Xxxxxxx30.05.2023verifiedВысокий
25XXX.XXX.XXX.Xxxx-xxx-xxx-x.xxxxx.xxXxxx Xxxxx Xxxxxxx13.01.2023verifiedВысокий
26XXX.XXX.XXX.XXxxx Xxxxx Xxxxxxx13.01.2023verifiedВысокий
27XXX.XXX.XXX.Xxx-xxx-x.xxxxxxxxx.xxXxxx Xxxxx Xxxxxxx30.05.2023verifiedВысокий
28XXX.XXX.XXX.XXxxx Xxxxx Xxxxxxx30.05.2023verifiedВысокий
29XXX.XXX.XX.XXxxx Xxxxx Xxxxxxx30.05.2023verifiedВысокий
30XXX.XXX.XXX.XXxxx Xxxxx Xxxxxxx30.05.2023verifiedВысокий
31XXX.XXX.XXX.XXxxx Xxxxx Xxxxxxx13.01.2023verifiedВысокий
32XXX.XXX.XX.XXxxx Xxxxx Xxxxxxx13.01.2023verifiedВысокий
33XXX.XXX.XXX.XXxxx Xxxxx Xxxxxxx30.05.2023verifiedВысокий
34XXX.XXX.XXX.XXxxx Xxxxx Xxxxxxx13.01.2023verifiedВысокий
35XXX.XXX.XXX.XXxxx Xxxxx Xxxxxxx13.01.2023verifiedВысокий
36XXX.XXX.XXX.XXxxx Xxxxx Xxxxxxx13.01.2023verifiedВысокий
37XXX.XXX.XXX.XXxxx Xxxxx Xxxxxxx13.01.2023verifiedВысокий
38XXX.XXX.XXX.XXxxx Xxxxx Xxxxxxx13.01.2023verifiedВысокий
39XXX.XX.XXX.XXxxx Xxxxx Xxxxxxx30.05.2023verifiedВысокий
40XXX.XXX.XX.XXxxx Xxxxx Xxxxxxx13.01.2023verifiedВысокий
41XXX.XXX.XXX.XXxxx Xxxxx Xxxxxxx13.01.2023verifiedВысокий
42XXX.XXX.XX.XXxxx Xxxxx Xxxxxxx30.05.2023verifiedВысокий
43XXX.XXX.XX.XXxxx Xxxxx Xxxxxxx30.05.2023verifiedВысокий
44XXX.XX.XX.XXXXxxx Xxxxx Xxxxxxx13.01.2023verifiedВысокий
45XXX.XX.XXX.XXXXxxx Xxxxx Xxxxxxx13.01.2023verifiedВысокий
46XXX.XX.XXX.XXxxx Xxxxx Xxxxxxx30.05.2023verifiedВысокий

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueУязвимостиВектор доступаТипУверенность
1T1006CWE-22Path TraversalpredictiveВысокий
2T1059CWE-94Argument InjectionpredictiveВысокий
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveВысокий
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
5TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveВысокий
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveВысокий
7TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveВысокий
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveВысокий
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/forum/away.phppredictiveВысокий
2File/uncpath/predictiveСредний
3Filefetchsettings.phppredictiveВысокий
4Filexxx/xxxxxx.xxxpredictiveВысокий
5Filexxxxx.xxxpredictiveСредний
6Filexxxxx/xxxxx.xxxpredictiveВысокий
7Filexxxxxxx.xxxpredictiveСредний
8Filexxxx.xxpredictiveНизкий
9Libraryxxxxx.xxxpredictiveСредний
10ArgumentxxxxxxxxpredictiveСредний
11ArgumentxxxxxpredictiveНизкий
12ArgumentxxxxxxxxxxxpredictiveСредний
13ArgumentxxpredictiveНизкий
14ArgumentxxxxpredictiveНизкий
15ArgumentxxxxxxxxxxpredictiveСредний
16ArgumentxxxxxxpredictiveНизкий
17Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxx+xxxxxx+x,x,xxxx,xxx,x,x+xxxx+xxx_xxxxx+xxxxx+xx=x--+predictiveВысокий

Ссылки (3)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!