NetDooka Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (127)

Временная шкала

Язык

en128

Страна

de128

Акторы

NetDooka1

Деятельность

Интерес

Временная шкала

Тип

Not Defined70
Content Management System8
Web Browser6
Network Management Software6
WordPress Plugin4

Поставщик

Not Defined30
Cisco12
Aruba10
Google6
Siemens4

Продукт

Google Chrome6
Cisco SD-WAN6
Aruba ClearPass Policy Manager4
Aruba AirWave Management Platform4
Cisco DNA Center4

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemEPSSCTICVE
1Panasonic AiSEG2 Header слабая аутентификация9.29.2$5k-$25k$0-$5kNot DefinedNot Defined0.000530.03CVE-2023-28727
2Panasonic AiSEG2 эскалация привилегий8.48.4$5k-$25k$5k-$25kNot DefinedNot Defined0.001860.02CVE-2023-28726
3Aruba ClearPass OnGuard Agent эскалация привилегий7.87.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000420.00CVE-2023-25590
4Aruba AOS-CX Network Analytics Engine Privilege Escalation7.77.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.001710.04CVE-2023-1168
5Aruba ClearPass Policy Manager Web-based Management Interface эскалация привилегий7.17.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000890.00CVE-2023-25594
6Netgear Orbi Router RBR750 HTTP Request эскалация привилегий8.48.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000970.05CVE-2022-37337
7Hsycms Add Category Module cate.php межсайтовый скриптинг4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001860.08CVE-2023-1349
8Sage XRT Business Exchange Add Currencies/Payment Order/Transfer History sql-инъекция7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.000710.04CVE-2022-34324
9TRENDnet TEW755AP wizard_ipv6 повреждение памяти7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.001900.00CVE-2022-46583
10Elvexys StreamX HTML Component обход каталога5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000670.00CVE-2022-4778
11Mozilla Thunderbird WebGL повреждение памяти6.46.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.002080.00CVE-2022-46880
12Aruba EdgeConnect Enterprise Web Management Interface Privilege Escalation8.08.0$5k-$25k$5k-$25kNot DefinedNot Defined0.001370.00CVE-2022-44533
13Aruba Networks ArubaOS PAPI эскалация привилегий9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.003410.04CVE-2022-37897
14House Rental System view-property.php sql-инъекция7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002660.03CVE-2022-4274
15SimplePress Plugin межсайтовый скриптинг5.65.6$0-$5k$0-$5kNot DefinedNot Defined0.000500.00CVE-2022-4027
16Mozilla Firefox window.print отказ в обслуживании4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001030.00CVE-2022-42929
17Juniper Junos OS/Junos OS Evolved RPD состояние гонки5.95.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000950.04CVE-2022-22225
18Academy Learning Management System межсайтовый скриптинг4.84.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002120.00CVE-2022-38553
19Modern Campus Omni CMS login-page sql-инъекция8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.001580.06CVE-2022-40766
20XPDF AcroForm.cc повреждение памяти5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000510.00CVE-2022-36561

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
1195.201.81.165static.165.81.201.195.clients.your-server.deNetDooka20.04.2023verifiedВысокий

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueКлассУязвимостиВектор доступаТипУверенность
1T1006CAPEC-126CWE-22Path TraversalpredictiveВысокий
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveВысокий
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveВысокий
4T1059CAPEC-242CWE-94Argument InjectionpredictiveВысокий
5TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveВысокий
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveВысокий
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveВысокий
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveВысокий
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveВысокий
11TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
12TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
13TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveВысокий
14TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
15TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveВысокий
16TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveВысокий
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (34)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/api/ZRMacClone/mac_addr_clonepredictiveВысокий
2File/controller/publishHotel.php&amppredictiveВысокий
3File/fuelCM/fuel/pages/edit/1?lang=englishpredictiveВысокий
4File/interface/main/backup.phppredictiveВысокий
5File/view-property.phppredictiveВысокий
6File/xx-xxxxx/xxxxx-xxxx.xxxpredictiveВысокий
7File/xxxx/xxxxxxxx.xxpredictiveВысокий
8Filexxx/xxxxx/xxxxxx/xxxxx/xxxxx.xxxpredictiveВысокий
9Filexxxxxxxxxx\xxxx.xxxpredictiveВысокий
10Filexxxx/xxpredictiveНизкий
11Filexxxxxxxx/xxxxx-xxxx-xxxxxxxx.xxxpredictiveВысокий
12Filexxxxxxxxxxxxxx.xxxpredictiveВысокий
13Filexxxxxxxxxxxxxxxxxx.xxxpredictiveВысокий
14File\xxxxx\xxxxxxxxxxxpredictiveВысокий
15ArgumentxxxxpredictiveНизкий
16ArgumentxxxxxxxxxxxpredictiveСредний
17ArgumentxxxxxxxpredictiveНизкий
18ArgumentxxxxpredictiveНизкий
19Argumentxxxxx/xxxxxxxpredictiveВысокий
20Argumentxxxxxxx/xxxxxpredictiveВысокий
21ArgumentxxxxpredictiveНизкий
22ArgumentxxxxxxxxpredictiveСредний
23ArgumentxxxxxpredictiveНизкий
24Argumentxxxxxxxx_xxpredictiveСредний
25Argumentxxxxxx_xxxxpredictiveСредний
26ArgumentxxxxxxxxpredictiveСредний
27ArgumentxxxxxxxxxxpredictiveСредний
28ArgumentxxxxxxpredictiveНизкий
29ArgumentxxxpredictiveНизкий
30ArgumentxxxxxxxpredictiveНизкий
31Argumentxxxxxxxxx_xxxxx_xxxxxxx_xpredictiveВысокий
32ArgumentxxxxxpredictiveНизкий
33ArgumentxxxxxpredictiveНизкий
34Argumentx-xxxxxxxxx-xxxpredictiveВысокий

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Do you need the next level of professionalism?

Upgrade your account now!