Scar Анализ

IOB - Indicator of Behavior (16)

Временная шкала

Язык

en14
it2

Страна

us10
ru4
it2

Акторы

Деятельность

Интерес

Временная шкала

Тип

Поставщик

Продукт

TP-LINK TL-WR841N4
RARLAB WinRAR2
Linux Kernel2
TP-LINK TL-WR740N2
TP-LINK TL-WR841ND2

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemCTIEPSSCVE
1nginx HTTP/2 отказ в обслуживании6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.13197CVE-2018-16843
2Microsoft Windows Runtime Remote Code Execution8.17.4$100k и многое другое$5k-$25kUnprovenOfficial Fix0.000.40206CVE-2022-21971
3Joomla Usergroup Table эскалация привилегий4.64.6$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00103CVE-2021-26036
4Bitrix24 Web Application Firewall межсайтовый скриптинг5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.070.00113CVE-2020-13483
5Linux Kernel Netfilter x_tables.c повреждение памяти8.88.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.030.00256CVE-2021-22555
6Linux Kernel ptrace.c эскалация привилегий7.87.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.00052CVE-2019-13272
7HelpSystems Cobalt Strike Server Screenshot readCountedBytes Hotcobalt отказ в обслуживании3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00246CVE-2021-36798
8Cisco ASA/Firepower Threat Defense Network Address Translation эскалация привилегий5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00111CVE-2021-34790
9systemd unit-name.c alloca отказ в обслуживании6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00044CVE-2021-33910
10Hikvision Product Message эскалация привилегий5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.020.97493CVE-2021-36260
11RARLAB WinRAR повреждение памяти10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.00469CVE-2008-7144
12TP-LINK TL-WR740N Firmware Local Privilege Escalation5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00000
13TP-LINK TL-WR841N Web Service повреждение памяти8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.000.02223CVE-2019-17147
14Genymotion Desktop Clipboard раскрытие информации4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00419CVE-2021-27549
15Oracle Database Server OJVM эскалация привилегий9.99.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00165CVE-2017-10202

IOC - Indicator of Compromise (27)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
135.186.232.167167.232.186.35.bc.googleusercontent.comScar06.05.2022verifiedСредний
252.85.151.4server-52-85-151-4.iad89.r.cloudfront.netScar17.07.2021verifiedВысокий
352.85.151.59server-52-85-151-59.iad89.r.cloudfront.netScar17.07.2021verifiedВысокий
464.186.131.47Scar12.04.2022verifiedВысокий
567.228.31.225e1.1f.e443.ip4.static.sl-reverse.comScar12.04.2022verifiedВысокий
672.21.81.240Scar05.05.2022verifiedВысокий
7XX.XXX.XXX.XXxxxxxx.xx-xxx-xxx-xx.xxxxxxx.xxxx-xxxxxx.xxXxxx17.07.2021verifiedВысокий
8XX.XXX.XXX.XXXXxxx17.07.2021verifiedВысокий
9XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxxXxxx17.07.2021verifiedВысокий
10XX.XX.XXX.XXXxxxxxx-xx-xx-xxx-xxx.xxxxx.x.xxxxxxxxxx.xxxXxxx17.07.2021verifiedВысокий
11XXX.XXX.XX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxx05.05.2022verifiedВысокий
12XXX.XXX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxx06.05.2022verifiedВысокий
13XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxx06.05.2022verifiedВысокий
14XXX.XXX.XXX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxx05.05.2022verifiedВысокий
15XXX.XXX.XX.XXxx-xx-xxx.xxxxx.xxxXxxx06.05.2022verifiedВысокий
16XXX.XXX.XX.XXXxx-xx-xxxx.xxxxx.xxxXxxx06.05.2022verifiedВысокий
17XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxx06.05.2022verifiedВысокий
18XXX.XXX.X.XXXxxx17.07.2021verifiedВысокий
19XXX.XXX.X.XXxxxxxx.xxxxxxxxxxx.xxxXxxx17.07.2021verifiedВысокий
20XXX.XXX.XXX.XXXXxxx12.04.2022verifiedВысокий
21XXX.XX.XX.XXXxx-xx.xxxxxxxxxx.xxxXxxx06.05.2022verifiedВысокий
22XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxx06.05.2022verifiedВысокий
23XXX.XXX.XXX.XXxxxx.xxxxx.xxxXxxx05.05.2022verifiedВысокий
24XXX.XXX.XXX.XXxxxx.xxxxx.xxxXxxx05.05.2022verifiedВысокий
25XXX.XX.XXX.XXXxxx.xxxxx.xxx.xxXxxx05.05.2022verifiedВысокий
26XXX.XX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxx06.05.2022verifiedВысокий
27XXX.XX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxx06.05.2022verifiedВысокий

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueУязвимостиВектор доступаТипУверенность
1T1059.007CWE-79Cross Site ScriptingpredictiveВысокий
2TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
3TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveВысокий
4TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveВысокий
5TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1Filebasic/unit-name.cpredictiveВысокий
2Filecomponents/bitrix/mobileapp.list/ajax.php/predictiveВысокий
3Filexxxxxx/xxxxxx.xpredictiveВысокий
4Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveВысокий
5Argumentxxxxx[xxxxx][xx]predictiveВысокий

Ссылки (5)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!