SessionManager Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (25)

Временная шкала

Язык

en14
zh12

Страна

cn22
ir2
us2

Акторы

Gelsemium2
Cobalt Strike2

Деятельность

Интерес

Временная шкала

Тип

Not Defined12
WordPress Plugin2
Programming Language Software2
Web Browser2
Operating System2

Поставщик

Not Defined10
Huawei2
prototypejs2
Google2
Microsoft2

Продукт

Permalink Manager Lite Plugin2
Permalink Manager Pro Plugin2
Huawei SXXXX2
prototypejs Prototype JavaScript framework2
Google Chrome2

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemCTIEPSSCVE
1ZCMS ThinkPHP sql-инъекция6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.020.00209CVE-2020-19705
2sentry-sdk Session раскрытие информации5.65.6$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00090CVE-2023-28117
3IBM CTSS Text Editor Password раскрытие информации3.33.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00000
4Permalink Manager Lite Plugin межсайтовый скриптинг3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.040.00000CVE-2024-2738
5Michael Leithold DSGVO All in One for WP Plugin неизвестная уязвимость4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.050.00043CVE-2024-27967
6Google Chrome V8 Remote Code Execution6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00045CVE-2024-2625
7Huawei SXXXX XML Parser эскалация привилегий3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.030.00056CVE-2017-15346
8prototypejs Prototype JavaScript framework Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00406CVE-2008-7220
9NVIDIA GeForce Experience nvcontainer.exe эскалация привилегий7.06.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2020-5978
10Microsoft Windows Runtime Remote Code Execution8.17.4$100k и многое другое$5k-$25kUnprovenOfficial Fix0.000.47432CVE-2022-21971
11Parallels Plesk Panel index.htm межсайтовый скриптинг5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.010.00112CVE-2019-18793
12Discuz! admin.php межсайтовый скриптинг3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.020.00054CVE-2018-19464
13ZCMS sql-инъекция8.58.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00386CVE-2015-7346
14ZCMS межсайтовый скриптинг4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00058CVE-2019-9078
15Microsoft Windows Print Spooler Local Privilege Escalation7.56.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.020.96825CVE-2021-1675
16Jfinal CMS FileManagerController.java FileManager.rename эскалация привилегий6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000.00202CVE-2020-19155
17Redis BIT Command раскрытие информации7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01713CVE-2021-32761
18OpenLiteSpeed WebAdmin Console эскалация привилегий9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00244CVE-2020-5519
19FileZilla Server PORT эскалация привилегий4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.180.00052CVE-2015-10003
20ThinkPHP index.php sql-инъекция8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00173CVE-2018-10225

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
1202.182.123.185202.182.123.185.vultrusercontent.comSessionManager05.07.2022verifiedВысокий
2XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxxxxx05.07.2022verifiedВысокий

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueУязвимостиВектор доступаТипУверенность
1T1059.007CWE-79Cross Site ScriptingpredictiveВысокий
2TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
3TXXXXCWE-XXXxx XxxxxxxxxpredictiveВысокий
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (10)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1Fileadmin.phppredictiveСредний
2Fileindex.phppredictiveСредний
3Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveВысокий
4Filexxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveВысокий
5Filexxxxxxxxxxx.xxxpredictiveВысокий
6Filexxxxxx/xxxxxxx/xx-xx/xxxx/xxxxx.xxxpredictiveВысокий
7Filexxxx/xxx.xxx?xx=xxxxxxpredictiveВысокий
8ArgumentxxxxxxxxpredictiveСредний
9ArgumentxxxxxxxxpredictiveСредний
10Input ValuexxxxxxpredictiveНизкий

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Interested in the pricing of exploits?

See the underground prices here!