NDSW Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (74)

Временная шкала

Язык

en62
ru6
de2
zh2
it2

Страна

ru54
us18

Акторы

NDSW3
Locky2
Emotet (Trickbot + Zeus Panda)1
Hancitor (HelloFax Theme)1
YKCOL (Locky Variant)1

Деятельность

Интерес

Временная шкала

Тип

Not Defined12
Programming Language Software6
Content Management System4
Forum Software4
Router Operating System4

Поставщик

Not Defined8
Microsoft6
D-Link4
Phplinkdirectory2
Cisco2

Продукт

Microsoft Office2
Microsoft Visual Studio Code2
Phplinkdirectory PHP Link Directory2
Cisco IronPort AsyncOS2
WPML2

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemEPSSCTICVE
1PHP Link Directory Administration Page index.html межсайтовый скриптинг4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.17CVE-2007-0529
2LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000001.97
3Esoftpro Online Guestbook Pro ogp_show.php sql-инъекция7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.07CVE-2009-4935
4phpMyAdmin phpinfo.php раскрытие информации5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001420.00CVE-2016-9848
5DZCP deV!L`z Clanportal config.php эскалация привилегий7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.57CVE-2010-0966
6MGB OpenSource Guestbook email.php sql-инъекция7.37.3$0-$5k$0-$5kHighUnavailable0.013020.74CVE-2007-0354
7Flat PHP Board обход каталога3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.01
8Simple PHP Guestbook guestbook.php межсайтовый скриптинг3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
9212cafe 212cafeboard view.php sql-инъекция7.37.1$0-$5k$0-$5kHighUnavailable0.000640.08CVE-2008-4713
10Microsoft Office Object Remote Code Execution7.06.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.973390.02CVE-2017-8570
11Lars Ellingsen Guestserver guestbook.cgi межсайтовый скриптинг4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001690.17CVE-2005-4222
12Huawei SmartCare Dashboard Stored межсайтовый скриптинг4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000650.00CVE-2017-15312
13Flat PHP Board обход каталога3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04
14Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash раскрытие информации5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
15D-Link DIR-865L register_send.php слабая аутентификация7.57.1$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.001090.02CVE-2013-3096
16jforum User эскалация привилегий5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.06CVE-2019-7550
17Cannot PHP infoBoard эскалация привилегий7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.010490.00CVE-2008-4334
18Phplinkdirectory PHP Link Directory conf_users_edit.php неизвестная уязвимость6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.07CVE-2011-0643
19Add Comments Plugin Setting межсайтовый скриптинг3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000560.00CVE-2022-3909
20AlilG AliBoard File Upload usercp.php эскалация привилегий6.36.1$0-$5k$0-$5kHighUnavailable0.005290.05CVE-2008-7029

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
1109.234.35.249v1020533.hosted-by-vdsina.ruNDSW29.07.2022verifiedВысокий
2XXX.XX.XXX.XXXxxx29.07.2022verifiedВысокий
3XXX.XXX.XXX.XXXxxxx.xxXxxx29.07.2022verifiedВысокий

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueУязвимостиВектор доступаТипУверенность
1T1006CWE-22Path TraversalpredictiveВысокий
2T1059CWE-94Argument InjectionpredictiveВысокий
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveВысокий
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
5TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveВысокий
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveВысокий
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveВысокий
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
9TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (40)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/forum/away.phppredictiveВысокий
2Fileadmin/conf_users_edit.phppredictiveВысокий
3Fileadmin/index.phppredictiveВысокий
4Fileblog.phppredictiveСредний
5Filecomments/feedpredictiveВысокий
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveВысокий
7Filexxxxxxxx.xxxpredictiveСредний
8Filexxx/xxx/xxxxxpredictiveВысокий
9Filexxxxx.xxxpredictiveСредний
10Filexxxxx.xxxpredictiveСредний
11Filexxxxxxxxx.xxxpredictiveВысокий
12Filexxxxxxxxx.xxxpredictiveВысокий
13Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveВысокий
14Filexxx/xxxxxx.xxxpredictiveВысокий
15Filexxxxx.xxxxpredictiveСредний
16Filexxxxxxxx.xxxpredictiveСредний
17Filexxxx.xxxpredictiveСредний
18Filexxx_xxxx.xxxpredictiveСредний
19Filexxxxxxx.xxxpredictiveСредний
20Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveВысокий
21Filexxxxxxxx_xxxx.xxxpredictiveВысокий
22Filexxx.xpredictiveНизкий
23Filexxxxxx.xxxpredictiveСредний
24Filexxxx.xxxpredictiveСредний
25Filexxxxxx.xxxpredictiveСредний
26ArgumentxxxxxxpredictiveНизкий
27ArgumentxxxxxxxxpredictiveСредний
28ArgumentxxxpredictiveНизкий
29ArgumentxxxxxxxxxxxpredictiveСредний
30ArgumentxxxxxxxpredictiveНизкий
31ArgumentxxpredictiveНизкий
32ArgumentxxxxpredictiveНизкий
33ArgumentxxxpredictiveНизкий
34ArgumentxxxxxxxxpredictiveСредний
35ArgumentxxxxxxxxpredictiveСредний
36ArgumentxxxxxxxxpredictiveСредний
37ArgumentxxxxxxpredictiveНизкий
38ArgumentxxxxpredictiveНизкий
39ArgumentxxxxxpredictiveНизкий
40ArgumentxxxxxxxxpredictiveСредний

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Interested in the pricing of exploits?

See the underground prices here!