LeetHozer Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (197)

Язык

en	180
zh	8
fr	6
es	2
ru	2

Страна

us	98
cn	52
ru	8
gb	2
ce	2

Акторы

Cobalt Strike	11
NetSupportManager RAT	10
SideWinder	8
Raccoon	8
Mirai	7

Интерес

Тип

Not Defined	80
Firewall Software	14
Router Operating System	12
Content Management System	12
WordPress Plugin	8

Поставщик

Not Defined	56
Microsoft	14
Comcast	10
QNAP	6
Hikvision	4

Продукт

WordPress	8
Comcast MX011ANM	6
Microsoft Windows	6
QNAP QTS	6
Palo Alto PAN-OS	4

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	Atmail Remote Code Execution	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00251	0.04	CVE-2013-5033
2	Palo Alto PAN-OS GlobalProtect Clientless VPN повреждение памяти	8.8	8.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00112	0.03	CVE-2021-3056
3	WordPress sql-инъекция	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00467	0.00	CVE-2022-21664
4	VeronaLabs wp-statistics Plugin API Endpoint Blind sql-инъекция	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00250	0.00	CVE-2019-13275
5	Linksys WRT54GL Web Management Interface SysInfo1.htm раскрытие информации	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00046	0.09	CVE-2024-1406
6	Teclib GLPI unlock_tasks.php sql-инъекция	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.12149	0.08	CVE-2019-10232
7	Sophos Firewall User Portal/Webadmin слабая аутентификация	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.97434	0.08	CVE-2022-1040
8	CutePHP CuteNews эскалация привилегий	7.5	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02107	0.08	CVE-2019-11447
9	WordPress Object эскалация привилегий	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00432	0.08	CVE-2022-21663
10	Microsoft Windows Active Directory Domain Services Privilege Escalation	8.8	8.1	$100k и многое другое	$0-$5k	Proof-of-Concept	Official Fix	0.07084	0.02	CVE-2022-26923
11	QNAP QTS Media Library эскалация привилегий	8.5	8.2	$0-$5k	$0-$5k	High	Official Fix	0.01575	0.03	CVE-2017-13067
12	RoundCube Webmail rcube_plugin_api.php обход каталога	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01163	0.02	CVE-2020-12640
13	Samurai Build File util.c canonpath повреждение памяти	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00085	0.07	CVE-2019-19795
14	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash раскрытие информации	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
15	Phpsugar PHP Melody page_manager.php межсайтовый скриптинг	5.2	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00083	0.00	CVE-2017-15648
16	RealNetworks RealServer Port 7070 Service отказ в обслуживании	7.5	7.3	$0-$5k	$0-$5k	Not Defined	Workaround	0.02116	0.09	CVE-2000-0272
17	Microsoft Windows Themes раскрытие информации	5.9	5.6	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00073	0.04	CVE-2024-21320
18	Royal Elementor Addons and Templates Plugin эскалация привилегий	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.96723	0.03	CVE-2023-5360
19	Hikvision Intercom Broadcasting System ping.php эскалация привилегий	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.90160	0.09	CVE-2023-6895
20	Hikvision Hybrid SAN Messages эскалация привилегий	8.2	8.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00091	0.02	CVE-2023-28808

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Identified	Тип	Уверенность
1	37.49.226.171		LeetHozer	11.02.2022	verified	Высокий
2	64.225.64.58		LeetHozer	11.02.2022	verified	Высокий
3	XXX.XXX.XXX.XXX		Xxxxxxxxx	11.02.2022	verified	Высокий
4	XXX.XXX.XX.XX	xx-xxxx.xxxxxxxxx.xxx	Xxxxxxxxx	11.02.2022	verified	Высокий
5	XXX.XXX.XX.XXX	xxxxx.xxxxxxx.xxx	Xxxxxxxxx	11.02.2022	verified	Высокий
6	XXX.XXX.XX.XXX		Xxxxxxxxx	11.02.2022	verified	Высокий

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CWE-22, CWE-23	Path Traversal	predictive	Высокий
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Высокий
3	T1059	CWE-94	Argument Injection	predictive	Высокий
4	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Высокий
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
6	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Высокий
7	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
8	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Высокий
9	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Высокий
10	TXXXX	CWE-XXX	Xxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxx	predictive	Высокий
11	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
12	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Высокий
13	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
14	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
15	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Высокий

IOA - Indicator of Attack (90)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/api/RecordingList/DownloadRecord?file=	predictive	Высокий
2	File	/apply.cgi	predictive	Средний
3	File	/php/ping.php	predictive	Высокий
4	File	/rapi/read_url	predictive	Высокий
5	File	/scripts/unlock_tasks.php	predictive	Высокий
6	File	/SysInfo1.htm	predictive	Высокий
7	File	/sysinfo_json.cgi	predictive	Высокий
8	File	/system/user/modules/mod_users/controller.php	predictive	Высокий
9	File	/wp-admin/admin-post.php?es_skip=1&option_name	predictive	Высокий
10	File	AjaxFileUploadHandler.axd	predictive	Высокий
11	File	xxxxxxx/xxxx.xxx	predictive	Высокий
12	File	xxxxxx/xxx.x	predictive	Средний
13	File	xxxxxxxxx.xxx.xxx	predictive	Высокий
14	File	xxxxx/xxxxx.xxx	predictive	Высокий
15	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Высокий
16	File	xxxx_xxxxx.xxx	predictive	Высокий
17	File	xxxxx.xxx	predictive	Средний
18	File	xxxxxx.xxx	predictive	Средний
19	File	xx/xx-xx.x	predictive	Средний
20	File	xxx/xxxx_xxxx.x	predictive	Высокий
21	File	xxxxxx/xxxxxxxxxxx	predictive	Высокий
22	File	xxxx_xxxxxx.x	predictive	Высокий
23	File	xxxx/xxxxxxx.x	predictive	Высокий
24	File	xxx/xxxxxx.xxx	predictive	Высокий
25	File	xxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxx	predictive	Высокий
26	File	xxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxx	predictive	Высокий
27	File	xxxxx.xxx?xxx=xxxx&xxx=xxxxxxxx	predictive	Высокий
28	File	xxxxxxxxxx.xxx	predictive	Высокий
29	File	xxxxx.xxx	predictive	Средний
30	File	xxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxx	predictive	Высокий
31	File	xxx/xxx.xxx	predictive	Средний
32	File	xxxx_xxxxxxx.xxx	predictive	Высокий
33	File	xxxxxx.x	predictive	Средний
34	File	xxxx.xxx	predictive	Средний
35	File	xxxxx.xxx	predictive	Средний
36	File	xxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]	predictive	Высокий
37	File	xxxxx_xxxxxx_xxx.xxx	predictive	Высокий
38	File	xxxxxxxx.xxx	predictive	Средний
39	File	xxxx.xxx	predictive	Средний
40	File	xxxxx/xxxxx.xxx	predictive	Высокий
41	File	xxxxxxxx.xxx	predictive	Средний
42	File	xxxx-xxxxx.xxx	predictive	Высокий
43	File	xxxxxxxxx.xxx	predictive	Высокий
44	File	xxxx.x	predictive	Низкий
45	File	xxxxxxxxxx	predictive	Средний
46	File	xxxx_xxx_xxx_xxxx.xxx	predictive	Высокий
47	File	xxxxxxx/xxxxx.xxx	predictive	Высокий
48	File	xx-xxxxx/xxxxx-xxxxxx.xxx	predictive	Высокий
49	Argument	xxxxxx	predictive	Низкий
50	Argument	xxxxxxx_xxxx	predictive	Средний
51	Argument	xxxxxx_xxxx	predictive	Средний
52	Argument	xxxxxxxx	predictive	Средний
53	Argument	xxx	predictive	Низкий
54	Argument	xxxxxxxxxxxxxxxxx	predictive	Высокий
55	Argument	xxxxx	predictive	Низкий
56	Argument	xxxxxxxxxxx/xxxxxxxx/xxx/xxxxx	predictive	Высокий
57	Argument	xxxxxx_xx	predictive	Средний
58	Argument	xxx	predictive	Низкий
59	Argument	xxxxxx	predictive	Низкий
60	Argument	xxxxxx	predictive	Низкий
61	Argument	xxxx	predictive	Низкий
62	Argument	xxxx	predictive	Низкий
63	Argument	xx	predictive	Низкий
64	Argument	xxxxx_xxxx	predictive	Средний
65	Argument	xxxxxxxx[xx]	predictive	Средний
66	Argument	xxxxxxx	predictive	Низкий
67	Argument	xxxxxxxx_xxxx	predictive	Высокий
68	Argument	xxx_xxxx	predictive	Средний
69	Argument	xxxx_xxxxx	predictive	Средний
70	Argument	xxxxxxxx	predictive	Средний
71	Argument	xxxx_xx	predictive	Низкий
72	Argument	xxxxxxx/xxxxx	predictive	Высокий
73	Argument	xxxxxx_xxx	predictive	Средний
74	Argument	xxxx_xx	predictive	Низкий
75	Argument	xxxxxxxx_xxxxxxxx	predictive	Высокий
76	Argument	xxxxxxxxxxxxxxxxxxxxx	predictive	Высокий
77	Argument	xxxx_xx	predictive	Низкий
78	Argument	xxx	predictive	Низкий
79	Argument	xxxx	predictive	Низкий
80	Argument	xxxxxxxx	predictive	Средний
81	Argument	xxxx/xx/xxxx/xxx	predictive	Высокий
82	Input Value	.%xx.../.%xx.../	predictive	Высокий
83	Input Value	../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxx	predictive	Высокий
84	Input Value	xxxxxxx -xxx	predictive	Средний
85	Input Value	xxxxxxxxxx	predictive	Средний
86	Network Port	xxxx	predictive	Низкий
87	Network Port	xxxx	predictive	Низкий
88	Network Port	xxxx xxxx	predictive	Средний
89	Network Port	xxx/xxx	predictive	Низкий
90	Network Port	xxx/xxxx	predictive	Средний

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!