Satori Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (177)

Временная шкала

Язык

en158
es16
fr4

Страна

us98
ru28
es12
se8
io6

Акторы

Satori5
FIN63
Ostap3
Satori / Okiru3
FIN73

Деятельность

Интерес

Временная шкала

Тип

Not Defined66
Programming Language Software12
Content Management System12
Automation Software4
Mail Client Software4

Поставщик

Not Defined58
Cisco10
Oracle10
DZCP4
VMware4

Продукт

Cisco Registered Envelope Service10
PHP6
DZCP deV!L`z Clanportal4
Google Chrome4
phpMyAdmin4

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php эскалация привилегий7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.190.00943CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash раскрытие информации5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
3Online Book Store admin_add.php эскалация привилегий6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.03533CVE-2020-19113
4Campcodes Online Thesis Archiving System manage_user.php sql-инъекция7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00073CVE-2023-2149
5GFI Kerio Control Login Page DOM-Based межсайтовый скриптинг6.16.0$0-$5k$0-$5kFunctionalNot Defined0.040.00200CVE-2019-16414
6OpenSSH Authentication Username раскрытие информации5.34.8$5k-$25k$0-$5kHighOfficial Fix0.020.10737CVE-2016-6210
7Microsoft IIS межсайтовый скриптинг5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.00548CVE-2017-0055
8Progress MOVEit Automation Web Admin Application межсайтовый скриптинг5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00435CVE-2020-12677
9phpMyAdmin grab_globals.lib.php обход каталога4.84.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.050.02334CVE-2005-3299
10Redis redis-cli повреждение памяти7.16.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.00584CVE-2018-12326
11Wazzum Wazzum Dating Software profile_view.php sql-инъекция7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00064CVE-2009-0293
12LimeSurvey File Upload обход каталога7.16.9$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00248CVE-2018-1000659
13Apache HTTP Server ap_some_auth_required эскалация привилегий3.73.2$25k-$100k$0-$5kUnprovenOfficial Fix0.090.00522CVE-2015-3185
14Synacor Zimbra Collaboration XML External Entity8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00441CVE-2016-9924
15Samba Shared Library is_known_pipename SambaCry эскалация привилегий9.89.4$100k и многое другое$0-$5kHighOfficial Fix0.000.97264CVE-2017-7494
16MikroTik RouterOS Winbox/HTTP Interface эскалация привилегий7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00055CVE-2023-30799
17Oracle WebLogic Server jQuery межсайтовый скриптинг6.16.0$5k-$25kРасчетNot DefinedOfficial Fix0.020.00660CVE-2015-9251
18Technitium DNS Server NS Record эскалация привилегий5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00054CVE-2021-43105
19PHP phpinfo межсайтовый скриптинг4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.02101CVE-2007-1287
20Danneo CMS sql-инъекция7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00135CVE-2009-3118

Кампании (1)

These are the campaigns that can be associated with the actor:

  • CVE-2014-8361 / CVE 2017-17215

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
195.211.123.69Satori12.02.2022verifiedВысокий
295.215.62.169169-62-215-95.cust.briod.netSatori11.02.2022verifiedВысокий
3123.207.251.95Satori11.02.2022verifiedВысокий
4XXX.XXX.XXX.XXXXxxxxx12.02.2022verifiedВысокий
5XXX.XX.XX.XXXXxxxxx12.02.2022verifiedВысокий
6XXX.XXX.XX.XXXxxxxxXxx-xxxx-xxxx / Xxx Xxxx-xxxxx02.09.2021verifiedВысокий
7XXX.XXX.XXX.XXXXxxxxx11.02.2022verifiedВысокий
8XXX.XX.XX.XXXXxxxxxXxx-xxxx-xxxx / Xxx Xxxx-xxxxx02.09.2021verifiedВысокий
9XXX.XX.XXX.XXXxxxx.xxxxxXxxxxx11.02.2022verifiedВысокий
10XXX.XXX.XX.XXXXxxxxxXxx-xxxx-xxxx / Xxx Xxxx-xxxxx02.09.2021verifiedВысокий
11XXX.XXX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxxxx.xxxXxxxxxXxx-xxxx-xxxx / Xxx Xxxx-xxxxx02.09.2021verifiedВысокий
12XXX.X.XX.XXXXxxxxx12.02.2022verifiedВысокий

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueУязвимостиВектор доступаТипУверенность
1T1006CWE-22Path TraversalpredictiveВысокий
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveВысокий
3T1059CWE-94Argument InjectionpredictiveВысокий
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveВысокий
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveВысокий
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveВысокий
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveВысокий
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveВысокий
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
11TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveВысокий
12TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
13TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveВысокий
14TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveВысокий
15TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveВысокий
16TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (86)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/admin/user/manage_user.phppredictiveВысокий
2File/anony/mjpg.cgipredictiveВысокий
3File/plainpredictiveНизкий
4File/public/login.htmpredictiveВысокий
5File/uncpath/predictiveСредний
6File/wbms/classes/Master.php?f=delete_clientpredictiveВысокий
7File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveВысокий
8Fileadmin_add.phppredictiveВысокий
9Fileawstats.plpredictiveСредний
10Filebooks.phppredictiveСредний
11Filex-xxxxxx/xxxxxxx.xpredictiveВысокий
12Filexxxx/xxxxxx/xxxxxx/xxxxxxxxxxxxxx.xxxxpredictiveВысокий
13Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveВысокий
14Filexxxxx/xxxxxxxx.xxxpredictiveВысокий
15Filexxxxxxxxx.xxxpredictiveВысокий
16Filexxxxxxxxxxxxxxxxx.xxxpredictiveВысокий
17Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveВысокий
18Filexxxxx_xxx_xxxxx.xxxpredictiveВысокий
19Filexxxx_xxxxxxx.xxx.xxxpredictiveВысокий
20Filexxx/xxxxxx.xxxpredictiveВысокий
21Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveВысокий
22Filexxxxxxxx/xxxxxxx.xxxpredictiveВысокий
23Filexxxxx.xxxpredictiveСредний
24Filexxxxx.xxx?xx=xxxxxxx&xxx=xxxpredictiveВысокий
25Filexxxx_xxxx.xxxpredictiveВысокий
26Filexxxxxx/xxxxxx/xxxx.xpredictiveВысокий
27Filexxxxxxxxx/xxxxxxx.xpredictiveВысокий
28Filexxxxxxxxx.xxxpredictiveВысокий
29Filexxxxx/?xxxxxx=xxxxxxx&xxxxpredictiveВысокий
30Filexxx_xxxxx_xxxxx.xpredictiveВысокий
31Filexxxxxxxx.xxxxxpredictiveВысокий
32Filexxxxxxx.xxxpredictiveСредний
33Filexxxxxxx.xxxpredictiveСредний
34Filexxxxxxxx.xxxpredictiveСредний
35Filexxxxxxx_xxxxxxx.xxxpredictiveВысокий
36Filexxxxxxx_xxxx.xxxpredictiveВысокий
37Filexxxxx_xxxxxxx.xxxpredictiveВысокий
38Filexxxxxxxxx.xxxxpredictiveВысокий
39Filexxxxx.xxxpredictiveСредний
40Filexxxxx-xxxx.xxxpredictiveВысокий
41Filexxxxxxxxx.xxxpredictiveВысокий
42Filexxxxxxxx/xxxxxx.xxxxxxxxpredictiveВысокий
43Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveВысокий
44Filexx-xxxxx.xxxpredictiveСредний
45Filexxxxxxx.xxxpredictiveСредний
46Library/xxx/xxxxx/xxxxxxxxx.xxpredictiveВысокий
47Libraryxxx.xxxpredictiveНизкий
48Libraryxxxxx/xxxxxx/xxx/xxxxx/xxxxx.xxxxx_xx.xxxpredictiveВысокий
49Libraryxxx/xxx/xxxx/predictiveВысокий
50Libraryxx-xxxxxxx/xxxxxxx/xxxxxx/xxx_xxxx.xxxpredictiveВысокий
51Argument-xpredictiveНизкий
52Argument-xxxxxxxxxxxxxpredictiveВысокий
53Argument-xpredictiveНизкий
54ArgumentxxxxxxxxpredictiveСредний
55ArgumentxxxxxxpredictiveНизкий
56ArgumentxxxpredictiveНизкий
57Argumentxxxx_xxpredictiveНизкий
58ArgumentxxxxxxxpredictiveНизкий
59ArgumentxxxxxxpredictiveНизкий
60ArgumentxxxxxxxxxxxpredictiveСредний
61Argumentxxxxxxxxx_xxxxxx_xxxxpredictiveВысокий
62ArgumentxxxxpredictiveНизкий
63ArgumentxxxxpredictiveНизкий
64ArgumentxxxxxxxxpredictiveСредний
65ArgumentxxpredictiveНизкий
66ArgumentxxxpredictiveНизкий
67ArgumentxxxxxxpredictiveНизкий
68ArgumentxxxxxxxpredictiveНизкий
69ArgumentxxxpredictiveНизкий
70ArgumentxxxxxxxxxpredictiveСредний
71ArgumentxxxxxpredictiveНизкий
72ArgumentxxxxpredictiveНизкий
73ArgumentxxxxxpredictiveНизкий
74ArgumentxxxxpredictiveНизкий
75ArgumentxxxxxxxxpredictiveСредний
76ArgumentxxxxxxxpredictiveНизкий
77ArgumentxxxpredictiveНизкий
78Argumentxxxxx_xxxx/xxxxx_xxxxxx/xxx_xxxx/xxx_xxxxxx/xxxxxxxxpredictiveВысокий
79Argumentxxxx_xxpredictiveНизкий
80ArgumentxxxxxxpredictiveНизкий
81Argumentxxxxxxxx/xxxxxxxxpredictiveВысокий
82Input Value../predictiveНизкий
83Network Portxxx/xxxpredictiveНизкий
84Network Portxxx/xxxxpredictiveСредний
85Network Portxxx/xxx (xxx)predictiveВысокий
86Network Portxxx xxxxxx xxxxpredictiveВысокий

Ссылки (4)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!