Farseer Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (152)

Язык

en	104
zh	14
es	12
de	8
sv	6

Страна

cn	64
us	58
es	6
jp	4
ca	2

Акторы

Farseer	11
Cobalt Strike	4
NjRAT	2
Carbanak	1
Vicious Panda	1

Интерес

Тип

Not Defined	56
Operating System	10
Programming Language Software	8
Content Management System	8
Database Administration Software	6

Поставщик

Not Defined	54
Microsoft	14
Cisco	6
RealNetworks	2
Veritas	2

Продукт

Microsoft Windows	8
phpMyAdmin	6
PHP	6
MinDoc	2
ownCloud	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash раскрытие информации	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	OpenSSL c_rehash эскалация привилегий	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.10649	0.04	CVE-2022-1292
3	Tiki Wiki CMS Groupware tiki-jsplugin.php эскалация привилегий	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03454	0.04	CVE-2010-4239
4	Microsoft Windows Print Spooler Privilege Escalation	8.1	7.7	$25k-$100k	$5k-$25k	High	Official Fix	0.00101	0.34	CVE-2022-21999
5	Microsoft Azure HDInsights Apache Hadoop неизвестная уязвимость	3.9	3.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00051	0.00	CVE-2023-38188
6	Geddy index.js обход каталога	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01347	0.03	CVE-2015-5688
7	Asus AsusWRT start_apply.htm эскалация привилегий	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01350	0.07	CVE-2018-20334
8	EvoStream Media Server HTTP Request повреждение памяти	7.4	6.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01265	0.04	CVE-2017-6427
9	DZCP deV!L`z Clanportal config.php эскалация привилегий	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	1.29	CVE-2010-0966
10	Zulip Server Storage Backend межсайтовый скриптинг	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00054	0.03	CVE-2018-9999
11	WUZHI CMS неизвестная уязвимость	6.5	6.4	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00192	0.00	CVE-2018-10312
12	WebCalendar settings.php эскалация привилегий	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03093	0.00	CVE-2005-2717
13	Microsoft Windows iSCSI Target Service раскрытие информации	4.8	4.4	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00095	0.00	CVE-2023-24945
14	Microsoft Windows Netlogon Remote Code Execution	8.1	7.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00153	0.03	CVE-2023-28268
15	Microsoft Windows Kernel Privilege Escalation	8.1	7.4	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00048	0.04	CVE-2023-35359
16	Microsoft Windows Error Reporting Service Local Privilege Escalation	7.8	7.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00147	0.04	CVE-2023-36874
17	Flask раскрытие информации	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00142	0.02	CVE-2023-30861
18	WPS Hide Login Plugin Secret Login Page options.php эскалация привилегий	6.9	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02933	0.07	CVE-2021-24917
19	Fortinet FortiOS/FortiProxy Command Line Interpreter Format String	7.1	7.0	$0-$5k	Расчет	Not Defined	Official Fix	0.00042	0.08	CVE-2022-43953
20	Fortinet FortiOS CLI Command обход каталога	6.8	6.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.06752	0.00	CVE-2022-41328

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Identified	Тип	Уверенность
1	43.224.33.130	43.224.33.130.vultr.com	Farseer	22.12.2020	verified	Средний
2	45.32.24.39	45.32.24.39.vultr.com	Farseer	22.12.2020	verified	Средний
3	45.32.25.107	45.32.25.107.vultr.com	Farseer	29.08.2021	verified	Средний
4	45.32.44.52	45.32.44.52.vultr.com	Farseer	22.12.2020	verified	Средний
5	XX.XX.XX.XX	xx.xx.xx.xx.xxxxx.xxx	Xxxxxxx	22.12.2020	verified	Средний
6	XX.XX.XX.XXX	xx.xx.xx.xxx.xxxxx.xxx	Xxxxxxx	22.12.2020	verified	Средний
7	XX.XX.XXX.XX	xx.xx.xxx.xx.xxxxx.xxx	Xxxxxxx	29.08.2021	verified	Средний
8	XX.XX.XXX.XXX	xx.xx.xxx.xxx.xxxxx.xxx	Xxxxxxx	22.12.2020	verified	Средний
9	XX.XX.XXX.X	xx.xx.xxx.x.xxxxx.xxx	Xxxxxxx	22.12.2020	verified	Средний
10	XX.XX.XX.XXX	xx.xx.xx.xxx.xxxxx.xxx	Xxxxxxx	22.12.2020	verified	Средний
11	XX.XXX.XX.XXX	xxxxxx.xxxx.xxxxxxxxxxx.xxx	Xxxxxxx	22.12.2020	verified	Высокий
12	XX.XXX.XXX.XXX		Xxxxxxx	22.12.2020	verified	Высокий
13	XX.XXX.XXX.XXX		Xxxxxxx	22.12.2020	verified	Высокий
14	XXX.XX.XXX.XXX	xxx.xx.xxx.xxx.xxxxx.xxx	Xxxxxxx	29.08.2021	verified	Средний
15	XXX.XX.XXX.XXX		Xxxxxxx	22.12.2020	verified	Высокий
16	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxx.xxx	Xxxxxxx	22.12.2020	verified	Средний
17	XXX.XXX.XXX.XX		Xxxxxxx	29.08.2021	verified	Высокий

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Класс	Уязвимости	Вектор доступа	Тип	Уверенность
1		CAPEC-10	CWE-19, CWE-20, CWE-73, CWE-74, CWE-93, CWE-113, CWE-119, CWE-121, CWE-125, CWE-134, CWE-185, CWE-189, CWE-287, CWE-305, CWE-306, CWE-352, CWE-369, CWE-399, CWE-404, CWE-415, CWE-416, CWE-444, CWE-476, CWE-502, CWE-610, CWE-611, CWE-664, CWE-693, CWE-697, CWE-704, CWE-787, CWE-833, CWE-835, CWE-862, CWE-863, CWE-1018	Unknown Vulnerability	predictive	Высокий
2	T1006	CAPEC-126	CWE-21, CWE-22, CWE-36	Path Traversal	predictive	Высокий
3	T1055	CAPEC-10	CWE-74, CWE-707	Improper Neutralization of Data within XPath Expressions	predictive	Высокий
4	T1059	CAPEC-10	CWE-74, CWE-94, CWE-707	Argument Injection	predictive	Высокий
5	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Высокий
6	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
7	TXXXX.XXX	CAPEC-191	CWE-XXX, CWE-XXX, CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Высокий
8	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
9	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Высокий
10	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Высокий
11	TXXXX	CAPEC-184	CWE-XXX	Xxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxx	predictive	Высокий
12	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Высокий
13	TXXXX.XXX	CAPEC-1	CWE-XXX, CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Высокий
14	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
15	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
16	TXXXX.XXX	CAPEC-19	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Высокий

IOA - Indicator of Attack (87)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/.vnc/sesman_${username}_passwd	predictive	Высокий
2	File	/admin/users.php?source=edit_user&id=1	predictive	Высокий
3	File	/forum/away.php	predictive	Высокий
4	File	/icingaweb2/navigation/add	predictive	Высокий
5	File	/phppath/php	predictive	Средний
6	File	/rest/collectors/1.0/template/custom	predictive	Высокий
7	File	/start_apply.htm	predictive	Высокий
8	File	/uncpath/	predictive	Средний
9	File	/WEB-INF/web.xml	predictive	Высокий
10	File	/wp-admin/options.php	predictive	Высокий
11	File	xxxxx_xxxxxxxx.xxx	predictive	Высокий
12	File	xxxxx/xxxx_xxxxx_xxxx.xxx	predictive	Высокий
13	File	xxxxx.xxx	predictive	Средний
14	File	xxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Высокий
15	File	xxxxxxxx.xxx	predictive	Средний
16	File	xxx_xxxxxxx.xxx	predictive	Высокий
17	File	xxx-xxx/xxxxxx.xxx	predictive	Высокий
18	File	xxxxxx/xx.x	predictive	Средний
19	File	x_xxxxxx	predictive	Средний
20	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Высокий
21	File	xxxxxxxxxx.x	predictive	Средний
22	File	xxxxx_xxxxxxxxxxxx.xxx	predictive	Высокий
23	File	xxxx.xxx	predictive	Средний
24	File	xxxx_xxxxxxx.xxx.xxx	predictive	Высокий
25	File	xxxx_xxxx.x	predictive	Средний
26	File	xxxxxxxx.xxx	predictive	Средний
27	File	xxx/xxxxxx.xxx	predictive	Высокий
28	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	Высокий
29	File	xxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxx	predictive	Высокий
30	File	xxxxx.xxx?x=xxxxxx&x=xx_xxxxx	predictive	Высокий
31	File	xx/xxx/xxxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxx_xxxxx/_/xxxxxxx_xxx	predictive	Высокий
32	File	xxx/xxx/xxxxx.xx	predictive	Высокий
33	File	xxxxxxxxx/xxxxxxx/xxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxxxxxxxx.xxx	predictive	Высокий
34	File	xxxxxxxxx/xxxxxx.xxx.xxx	predictive	Высокий
35	File	xxxxx.xxxx	predictive	Средний
36	File	xxx/xxxx/xxxx_xxxxxxxxxx_xxxx.x	predictive	Высокий
37	File	xxxxxxxxxxx-xxxx.xx	predictive	Высокий
38	File	xxxxx/xxxxxxx.x	predictive	Высокий
39	File	xxxxx.xxx	predictive	Средний
40	File	xxxxxx.x	predictive	Средний
41	File	xxxxxxxx_xxxxxx.xxx	predictive	Высокий
42	File	xxxxxxxxxxx.xx	predictive	Высокий
43	File	xxxxx.xxx	predictive	Средний
44	File	xxxxxx_xxxxxx.xx	predictive	Высокий
45	File	xxxx/xxx/xxx_xxxx.x	predictive	Высокий
46	File	xxxxxxxxx/xxxxxx.x	predictive	Высокий
47	File	xxxxxxxx.xxx	predictive	Средний
48	File	xxxxx.xxx	predictive	Средний
49	File	xxxx-xxxxxxxx.xxx	predictive	Высокий
50	File	xxxxxx/xxxxxxxxxxxx	predictive	Высокий
51	File	xxx.xxx	predictive	Низкий
52	File	xx-xxxxx/xxxxx.xxx?xxxx=xxx-xxxxx&xxxxxx=xxxx-xxxxx	predictive	Высокий
53	File	xx-xx-xxxxxx.xxx	predictive	Высокий
54	Library	xxx/xxx/xxxxx.xx	predictive	Высокий
55	Library	xxx/xxxx.x	predictive	Средний
56	Argument	$_xxxxxx['xxxxx_xxxxxx']	predictive	Высокий
57	Argument	${xxx}	predictive	Низкий
58	Argument	/.xxx/xxxxxx_${xxxxxxxx}_xxxxxx	predictive	Высокий
59	Argument	xxxxxxx xx/xxxxxxx xxxx	predictive	Высокий
60	Argument	xxxxxx	predictive	Низкий
61	Argument	xxxxxxxx	predictive	Средний
62	Argument	xxxxxx	predictive	Низкий
63	Argument	xxx	predictive	Низкий
64	Argument	xxx_xxxx	predictive	Средний
65	Argument	xxxx/xxxx	predictive	Средний
66	Argument	xx_xxxxx	predictive	Средний
67	Argument	xxxx	predictive	Низкий
68	Argument	xxxxx	predictive	Низкий
69	Argument	xx	predictive	Низкий
70	Argument	xxxxxxxx	predictive	Средний
71	Argument	xxxxxx_xxxxx	predictive	Средний
72	Argument	xxxx	predictive	Низкий
73	Argument	xxxxx_xx	predictive	Средний
74	Argument	xxxxxxxx	predictive	Средний
75	Argument	xxxx_xxxx	predictive	Средний
76	Argument	xxxx_xx	predictive	Низкий
77	Argument	xxxxxx_xxxxxxxx_xx	predictive	Высокий
78	Argument	xxx	predictive	Низкий
79	Argument	xxxxxxxx	predictive	Средний
80	Argument	xxx	predictive	Низкий
81	Argument	xxxx-xxxxx	predictive	Средний
82	Argument	xxxxxxxx	predictive	Средний
83	Input Value	-x	predictive	Низкий
84	Input Value	.%xx.../.%xx.../	predictive	Высокий
85	Input Value	..%xx	predictive	Низкий
86	Network Port	xxx/xx (xxxxxx)	predictive	Высокий
87	Network Port	xxx/xx (xxx xxxxxxxx)	predictive	Высокий

Ссылки (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!