Scarlet Mimic Анализ

IOB - Indicator of Behavior (101)

Временная шкала

Язык

en98
zh4

Страна

us84
cn14
th2
gb2

Акторы

Деятельность

Интерес

Временная шкала

Тип

Поставщик

Продукт

Google Android4
tabs-responsive Plugin2
ClipBucket2
WaveMaker Studio2
Apache HTTP Server2

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemCTIEPSSCVE
1mcart.xls Module mcart_xls_import.php sql-инъекция7.17.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00465CVE-2015-8356
2EasyCom PHP API повреждение памяти8.57.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.37042CVE-2017-5358
3DZCP deV!L`z Clanportal config.php эскалация привилегий7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.520.00943CVE-2010-0966
4PbootCMS SingleController.php sql-инъекция8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00221CVE-2018-18450
5PoDoFo PDF File PdfXRefStreamParserObject.cpp ParseStream повреждение памяти5.45.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00075CVE-2018-5295
6Landing Pages Plugin эскалация привилегий8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.02034CVE-2015-5227
7Piwik Controller.php saveLayout эскалация привилегий6.35.9$0-$5k$0-$5kFunctionalOfficial Fix0.020.00000
8Moxa AWK-3131A Web Application отказ в обслуживании7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00176CVE-2016-8723
9Image Sharing Script postComment.php Stored межсайтовый скриптинг3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00000
10Linux Kernel tmpfs System posix_acl.c simple_set_acl эскалация привилегий4.94.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00042CVE-2017-5551
11Netgear R8000 Password Recovery passwordrecovered.cgi раскрытие информации6.76.7$5k-$25k$0-$5kHighNot Defined0.020.97402CVE-2017-5521
12libtorrent GZIP Response puff.cpp construct эскалация привилегий5.95.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00397CVE-2016-7164
13Tongda OA 2017 delete.php sql-инъекция6.96.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.070.00063CVE-2024-1252
14Ecommerce Online Store Kit shop.php sql-инъекция9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.03763CVE-2004-0300
15D-Link DIR-823G HNAP1 эскалация привилегий5.55.3$5k-$25k$5k-$25kNot DefinedNot Defined0.020.00321CVE-2021-43474
16Juniper ScreenOS SSH/Telnet слабая аутентификация9.88.8$25k-$100k$0-$5kHighOfficial Fix0.020.97054CVE-2015-7755
17WarHound WarHound General Shopping Cart item.asp sql-инъекция7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00463CVE-2006-6206
18Adobe Magento Customers Module эскалация привилегий5.04.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00090CVE-2021-28567
19Google Android SimpleDecodingSource.cpp doRead эскалация привилегий9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00120CVE-2021-39623
20Royal TS Tunnel Authentication раскрытие информации5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00735CVE-2020-13872

Кампании (1)

These are the campaigns that can be associated with the actor:

  • Uyghurs

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
15.54.19.17ppp005054019017.access.hol.grScarlet Mimic23.12.2020verifiedВысокий
245.32.112.18245.32.112.182.vultrusercontent.comScarlet MimicUyghurs23.09.2022verifiedВысокий
3XX.XXX.XXX.XXXXxxxxxx Xxxxx20.12.2020verifiedВысокий
4XX.XX.XX.XXXXxxxxxx Xxxxx20.12.2020verifiedВысокий
5XX.XXX.XXX.XXXXxxxxxx Xxxxx23.12.2020verifiedВысокий
6XX.XXX.XXX.XXXxxxxxx.xxxxxxxxx.xxxXxxxxxx Xxxxx23.12.2020verifiedВысокий
7XXX.XXX.XXX.XXXxxxxxx Xxxxx22.12.2020verifiedВысокий
8XXX.XXX.XXX.XXXXxxxxxx Xxxxx23.12.2020verifiedВысокий
9XXX.XX.XXX.XXXXxxxxxx XxxxxXxxxxxx23.09.2022verifiedВысокий

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueУязвимостиВектор доступаТипУверенность
1T1006CWE-22Path TraversalpredictiveВысокий
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveВысокий
3T1059CWE-94Argument InjectionpredictiveВысокий
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveВысокий
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
6TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveВысокий
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveВысокий
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveВысокий
9TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveВысокий
10TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
11TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
12TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveВысокий

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File.htaccesspredictiveСредний
2File/ajax-files/postComment.phppredictiveВысокий
3File/cgi-bin/passpredictiveВысокий
4File/cgi-bin/wapopenpredictiveВысокий
5File/general/attendance/manage/ask_duty/delete.phppredictiveВысокий
6File/passwordrecovered.cgipredictiveВысокий
7File/plugins/Dashboard/Controller.phppredictiveВысокий
8Filexxxxx/xxxxx_xxx_xxxxxx.xxxpredictiveВысокий
9Filexxxxx/xxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx/xxxxx.xxpredictiveВысокий
10Filexxxx\xxxxx\xxxxxxxxxx\xxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictiveВысокий
11Filexxxxxxxx.xxxpredictiveСредний
12Filexxxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveВысокий
13Filexxxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxxpredictiveВысокий
14Filexxxxxxx\xxxxxxxxxx\xxxxx\xxxxxx.xxxpredictiveВысокий
15Filexxxxxx/xxxx.xpredictiveВысокий
16Filexxx.xxxxxxx.xxxpredictiveВысокий
17Filexxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxx.xxxxpredictiveВысокий
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveВысокий
19Filexxxx/xxxxxxxxxx/xxxxxx-xxx.xpredictiveВысокий
20Filexxxxxxxxx/xxxxxxx/xxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveВысокий
21Filexxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictiveВысокий
22Filexx/xxxxx_xxx.xpredictiveВысокий
23Filexxx/xxx.xxxpredictiveСредний
24Filexxx/xxxxxx.xxxpredictiveВысокий
25Filexxxxxxx.xxxpredictiveСредний
26Filexxxx.xxxpredictiveСредний
27Filexxxxxxx.xxxpredictiveСредний
28Filexxxxx.xxxpredictiveСредний
29Filexxxxxxxxx.xxxpredictiveВысокий
30Filexxxx_xxxxxxxxxx.xxxpredictiveВысокий
31Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveВысокий
32Filexxxx.xxxpredictiveСредний
33Filexxxx.xxxpredictiveСредний
34Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveВысокий
35Filexxxxxx/xxxxxx_xxxxxxxxxxx.xxxpredictiveВысокий
36Filexxxxxxxxxxxx.xxxpredictiveВысокий
37Filexx-xxxxx/xxxx.xxxpredictiveВысокий
38Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveВысокий
39Argumentxxx_xxxx_xxpredictiveСредний
40ArgumentxxxxxxxxpredictiveСредний
41Argumentxxxxxxx xxxxpredictiveСредний
42Argumentxxxxxxxxx->xxxxxxxxxpredictiveВысокий
43ArgumentxxxxxxxxxxpredictiveСредний
44ArgumentxxpredictiveНизкий
45Argumentxx/xxx/xxxxxpredictiveСредний
46ArgumentxxxxxxxxxxxpredictiveСредний
47ArgumentxxxxxpredictiveНизкий
48ArgumentxxxxxxpredictiveНизкий
49ArgumentxxxxxxxxpredictiveСредний
50Argumentxxxx_xxxxxpredictiveСредний
51ArgumentxxxxxxxxxxpredictiveСредний
52ArgumentxxxxpredictiveНизкий
53Argumentxxxxxxxxx/xxxxxxxpredictiveВысокий
54ArgumentxxxpredictiveНизкий
55ArgumentxxxxxxxxpredictiveСредний
56Argumentxxx_xxxxxx_xxxxxxx_xx_xxxpredictiveВысокий
57Input Value'xx x=xpredictiveНизкий
58Input Value../..predictiveНизкий
59Input ValuexxxxpredictiveНизкий
60Input Value<xxx xxx=x xxxxxxx=xxxxxx(x)>predictiveВысокий
61Input Valuexxxxxxxx.+xxxpredictiveВысокий
62Input Valuexxxxxxxxx/xxxxxxxxxpredictiveВысокий
63Input Value{{ }}predictiveНизкий

Ссылки (5)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!