Ruskill Анализ

IOB - Indicator of Behavior (23)

Временная шкала

Язык

en18
pt4
fr2

Страна

Акторы

Деятельность

Интерес

Временная шкала

Тип

Поставщик

Продукт

CS-Cart2
Microsoft Windows2
Alibabaclone Alibaba Clone B2B2
Donglify2
cmsimple2

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemCTIEPSSCVE
1Sophos Anti-Virus RAR Archive rarvm.hpp повреждение памяти7.36.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.020.00000
2Donglify IOCTL повреждение памяти8.38.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2021-42994
3Donglify IOCTL повреждение памяти7.87.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00043CVE-2021-42996
4Microsoft Windows Desired State Configuration раскрытие информации5.14.7$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.00043CVE-2022-30148
5Microsoft Windows Access Restriction эскалация привилегий4.44.4$25k-$100k$5k-$25kNot DefinedNot Defined0.000.00057CVE-2011-4434
6BeyondTrust Secure Remote Access Base Software неизвестная уязвимость6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.020.00286CVE-2021-31589
7Craft EXIF Data Location раскрытие информации5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.02064CVE-2019-14280
8MetInfo sql-инъекция8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00220CVE-2019-17553
9SAP NetWeaver/ABAP Platform ABAP Server эскалация привилегий7.37.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00104CVE-2020-6296
10E-topbiz Online Store index.php sql-инъекция7.37.3$0-$5k$0-$5kHighUnavailable0.020.00137CVE-2008-5802
11Alibabaclone Alibaba Clone B2B countrydetails.php sql-инъекция7.36.9$0-$5kРасчетProof-of-ConceptNot Defined0.020.00112CVE-2010-4849
12OpenSSH X11 Authentication Credential xauth эскалация привилегий6.36.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.02329CVE-2016-3115
13PHP Session Name session.c эскалация привилегий7.57.3$5k-$25kРасчетNot DefinedOfficial Fix0.000.00577CVE-2016-7125
14Trend Micro Threat Discovery Appliance log_query_dlp.cgi эскалация привилегий8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00334CVE-2016-8590
15CakePHP security.php unserialize эскалация привилегий5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00000
16osTicket file.php sql-инъекция8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00205CVE-2017-14396
17CS-Cart Administration files эскалация привилегий5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.030.00099CVE-2017-15673
18phpMyAdmin db_central_columns.php межсайтовый скриптинг4.44.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00208CVE-2018-7260
19cmsimple index.php обход каталога7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.06344CVE-2008-2650
20Django Media обход каталога5.35.3$5k-$25k$0-$5kNot DefinedNot Defined0.020.00626CVE-2009-2659

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueУязвимостиВектор доступаТипУверенность
1T1006CWE-22Path TraversalpredictiveВысокий
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveВысокий
3TXXXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveВысокий
4TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveВысокий
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveВысокий
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
8TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/appliance/users?action=editpredictiveВысокий
2Fileadmin/?n=tags&c=index&a=doSaveTagspredictiveВысокий
3Filecountrydetails.phppredictiveВысокий
4Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveВысокий
5Filexx_xxxxxxx_xxxxxxx.xxxpredictiveВысокий
6Filexxx/xxxxxxx/xxxxxxx.xpredictiveВысокий
7Filexxxx.xxxpredictiveСредний
8Filexxxxx.xxxpredictiveСредний
9Filexxx_xxxxx_xxx.xxxpredictiveВысокий
10Filexxxxx.xxxpredictiveСредний
11Libraryxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxx/xxxxxxxx.xxxpredictiveВысокий
12Argumentxxxxx_xxpredictiveСредний
13Argumentxxx_xxpredictiveНизкий
14Argumentxx_xxpredictiveНизкий
15ArgumentxxxpredictiveНизкий
16ArgumentxxpredictiveНизкий

Ссылки (4)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!