Socks Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (21)

Временная шкала

Язык

de14
en8

Страна

us16

Акторы

TrickBot1

Деятельность

Интерес

Временная шкала

Тип

Not Defined14
Groupware Software2
Virtualization Software2
Content Management System2
Endpoint Management Software2

Поставщик

Not Defined6
Intel4
Devolutions2
Horde2
HashiCorp2

Продукт

Devolutions SERVER2
Horde Groupware Webmail Edition2
Intel Advanced Threat Defense2
OpenDaylight Plugin2
HashiCorp Vault2

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemEPSSCTICVE
1HashiCorp Vault/Vault Enterprise эскалация привилегий7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001610.02CVE-2022-36129
2Blue Prism Enterprise эскалация привилегий4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.000820.00CVE-2022-36117
3Devolutions SERVER Password List Entry эскалация привилегий5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001680.00CVE-2021-23921
4D-Link DIR-816 A2 dir_setWanWifi эскалация привилегий6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.005590.00CVE-2021-26810
5Django django.views.static.serve Redirect6.26.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001600.00CVE-2017-7234
6Xen Memory эскалация привилегий6.96.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001010.02CVE-2017-7228
7Riverbed RIOS Bootloader эскалация привилегий4.44.4$0-$5k$0-$5kNot DefinedUnavailable0.000620.00CVE-2017-7305
8Riverbed RIOS Single-User Mode cli эскалация привилегий6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000770.00CVE-2017-7307
9OpenDaylight Plugin SDN Topology эскалация привилегий7.07.0$0-$5kРасчетNot DefinedNot Defined0.003380.00CVE-2015-1612
10OpenDaylight Plugin SDN Topology эскалация привилегий7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.002880.02CVE-2015-1611
11Horde Groupware Webmail Edition Horde_Crypt эскалация привилегий7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.947730.03CVE-2017-7413
12Go SSH Library Host Key Remote Code Execution7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002370.03CVE-2017-3204
13Linux Kernel Filesystem policy.c fscrypt_process_policy эскалация привилегий5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.001810.00CVE-2016-10318
14Intel Advanced Threat Defense Malware Detection эскалация привилегий6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.000610.00CVE-2015-8986
15McAfee Advanced Threat Defense Malware Detection слабая аутентификация7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001170.00CVE-2016-3983
16McAfee Vulnerability Manager Enterprise Manager неизвестная уязвимость8.88.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000860.00CVE-2016-2199
17Intel McAfee Vulnerability Manager Enterprise Manager Password слабое шифрование7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000700.00CVE-2015-8989
18Intel McAfee Email Gateway File Extension Filter эскалация привилегий6.96.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000540.00CVE-2016-8005
19Intel McAfee Host Intrusion Prevention Services Registry Key эскалация привилегий5.75.4$5k-$25kРасчетNot DefinedOfficial Fix0.000440.00CVE-2016-8007
20Intel Advanced Threat Defense ATD Detection эскалация привилегий7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.000960.00CVE-2015-8990

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
123.20.239.12ec2-23-20-239-12.compute-1.amazonaws.comSocks05.05.2022verifiedСредний
2XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxx05.05.2022verifiedВысокий
3XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxx29.04.2022verifiedВысокий

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueУязвимостиВектор доступаТипУверенность
1T1068CWE-264, CWE-284Execution with Unnecessary PrivilegespredictiveВысокий
2T1202CWE-77Command Shell in Externally Accessible DirectorypredictiveВысокий
3TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveВысокий
4TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveВысокий
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveВысокий
6TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveВысокий
7TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveВысокий

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/goform/dir_setWanWifipredictiveВысокий
2File/xxx/xxx/xxx/xxxpredictiveВысокий
3Filexx/xxxxxx/xxxxxx.xpredictiveВысокий
4ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveВысокий

Ссылки (3)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Do you know our Splunk app?

Download it now for free!