Squirrelwaffle Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (318)

Временная шкала

Язык

en252
es60
de2
fr2
pt2

Страна

us224
es50
br24
mx4
ru4

Акторы

Squirrelwaffle3
Qakbot3
QBot2
Meterpreter1
Razy1

Деятельность

Интерес

Временная шкала

Тип

Not Defined122
Operating System22
Web Server18
Connectivity Software10
Content Management System10

Поставщик

Not Defined82
Microsoft24
Apache16
Fortinet10
Oracle8

Продукт

Microsoft Windows10
Apache HTTP Server10
OpenSSH6
phpMyAdmin6
Microsoft Office4

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash раскрытие информации5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2OpenSSH Authentication Username раскрытие информации5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.09CVE-2016-6210
3Microsoft Windows IGMP Header эскалация привилегий7.56.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.004250.00CVE-1999-0918
4Microsoft IIS межсайтовый скриптинг5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.26CVE-2017-0055
5Microsoft Office Excel повреждение памяти7.06.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.094670.02CVE-2018-8574
6nginx эскалация привилегий6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.73CVE-2020-12440
7Apple macOS Kernel Coldtro повреждение памяти7.87.6$5k-$25k$0-$5kHighOfficial Fix0.001490.00CVE-2022-32894
8Dahua DHI-HCVR7216A-S3 DVR Protocol слабое шифрование6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.001590.00CVE-2017-6432
9Joomla CMS User Registration эскалация привилегий7.77.5$5k-$25k$0-$5kHighOfficial Fix0.914240.07CVE-2016-8870
10Moment.js обход каталога6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003300.26CVE-2022-24785
11ASRock RGB Driver AsrDrv103.sys неизвестная уязвимость5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000440.00CVE-2020-15368
12IBM AIX эскалация привилегий7.87.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000440.02CVE-2017-1692
13SourceCodester Library Management System index.php sql-инъекция7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001140.04CVE-2022-2492
14Apache HTTP Server mod_reqtimeout отказ в обслуживании5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.016960.05CVE-2007-6750
15Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k и многое другое$5k-$25kUnprovenOfficial Fix0.001210.00CVE-2022-21857
16Discourse Messaging Bus обход каталога3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000710.00CVE-2021-43840
17Microsoft Windows MS-EFSRPC EfsRpcOpenFileRaw PetitPotam эскалация привилегий7.36.7$25k-$100k$0-$5kProof-of-ConceptWorkaround0.000000.03
18WordPress class-wp-object-cache.php stats межсайтовый скриптинг4.94.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.008770.05CVE-2020-11029
19DZCP deV!L`z Clanportal config.php эскалация привилегий7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.74CVE-2010-0966
20Grandstream GXP16xx VoIP SSH Configuration Interface эскалация привилегий9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.002700.03CVE-2018-17565

Кампании (1)

These are the campaigns that can be associated with the actor:

  • ProxyShell/ProxyLogon

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
123.111.163.24223-111-163-242.static.hvvc.usSquirrelwaffleProxyShell/ProxyLogon22.02.2022verifiedВысокий
224.55.112.61dynamic.libertypr.netSquirrelwaffle12.06.2022verifiedВысокий
324.229.150.5424.229.150.54.cmts-static.sm.ptd.netSquirrelwaffleProxyShell/ProxyLogon22.02.2022verifiedВысокий
445.46.53.140cpe-45-46-53-140.maine.res.rr.comSquirrelwaffle12.06.2022verifiedВысокий
547.22.148.6ool-2f169406.static.optonline.netSquirrelwaffle12.06.2022verifiedВысокий
6XX.XX.XXX.XXXxxx-xxx-xxx-xxx.xxx.xxxxxxxx.xxxXxxxxxxxxxxxxx12.06.2022verifiedВысокий
7XX.XXX.XXX.XXxxx-xxx-xxx-xxx.xxx.xxxxxxxx.xxxXxxxxxxxxxxxxx12.06.2022verifiedВысокий
8XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxxxxxxxxXxxxxxxxxx/xxxxxxxxxx22.02.2022verifiedВысокий
9XX.XX.XX.XXxxx-xx-xx-xx-xx.xx.xxx.xx.xxxXxxxxxxxxxxxxx12.06.2022verifiedВысокий
10XX.XXX.XXX.XXx-xx-xxx-xxx-xx.xxxx.xx.xxxxxxx.xxxXxxxxxxxxxxxxx12.06.2022verifiedВысокий
11XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xxxxx.xx.xxxXxxxxxxxxxxxxx12.06.2022verifiedВысокий
12XX.XX.XXX.XXXx-xx-xx-xxx-xxx.xxxx.xx.xxxxxxx.xxxXxxxxxxxxxxxxx12.06.2022verifiedВысокий
13XX.XXX.XXX.XXXxxxxxxxxxxx-xxx-x-xx-xxx.xxx-xxx.xxx.xxxxxxx.xxXxxxxxxxxxxxxx12.06.2022verifiedВысокий
14XX.XX.XXX.XXXxxxxxx-xx-xx-xxx-xxx.xxxxxxx.xxxxxx.xxXxxxxxxxxxxxxx12.06.2022verifiedВысокий
15XX.XX.XX.XXXxxx.xxxxxx-xx-xx.xxxxxxx.xxxxxx.xxXxxxxxxxxxxxxx12.06.2022verifiedВысокий
16XXX.XXX.XXX.XXXxxxxxxxxxxxxx12.06.2022verifiedВысокий
17XXX.XXX.XXX.XXxxxxx-xxxx.xxxxxxxxx.xxx.xxXxxxxxxxxxxxxxXxxxxxxxxx/xxxxxxxxxx22.02.2022verifiedВысокий
18XXX.XXX.XXX.XXxxx.xxxxxx.xxxXxxxxxxxxxxxxxXxxxxxxxxx/xxxxxxxxxx22.02.2022verifiedВысокий
19XXX.XX.XXX.XXxx.xxx.xx.xxx.xxx.xxx.xxxXxxxxxxxxxxxxx12.06.2022verifiedВысокий
20XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxx.xxx.xxxXxxxxxxxxxxxxx12.06.2022verifiedВысокий
21XXX.XX.XX.XXxxx-xx-xx-xx.xxxxxx.xxxxx.xxxXxxxxxxxxxxxxx12.06.2022verifiedВысокий
22XXX.XXX.XX.XXXxxxxxxxx.xxxxxxxxx.xxx.xxXxxxxxxxxxxxxx12.06.2022verifiedВысокий
23XXX.XXX.XX.XXxxx-xxx-xx-xx.xxx.xxxxxxxx.xxXxxxxxxxxxxxxx12.06.2022verifiedВысокий
24XXX.XX.XXX.XXXxxx-xxx-xx-xxx-xxx.xxxxxxxxxx-xxxxxxxx.xxx.xxXxxxxxxxxxxxxx12.06.2022verifiedВысокий
25XXX.XXX.XXX.XXXxxxxxxxxxxxxx22.02.2022verifiedВысокий

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueКлассУязвимостиВектор доступаТипУверенность
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveВысокий
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveВысокий
3T1059CAPEC-242CWE-94Argument InjectionpredictiveВысокий
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveВысокий
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveВысокий
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveВысокий
8TXXXXCAPEC-0CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveВысокий
9TXXXXCAPEC-0CWE-XXXXxxxxxxxxx XxxxxxpredictiveВысокий
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveВысокий
11TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
12TXXXX.XXXCAPEC-120CWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx XxxxxxxxpredictiveВысокий
13TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveВысокий
14TXXXX.XXXCAPEC-0CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveВысокий
15TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
16TXXXX.XXXCAPEC-0CWE-XXXxxxxxxxxxxxxpredictiveВысокий
17TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveВысокий
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (135)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File.procmailrcpredictiveСредний
2File/cgi-bin/ExportALLSettings.shpredictiveВысокий
3File/cgi-bin/ExportAllSettings.shpredictiveВысокий
4File/config/getuserpredictiveВысокий
5File/etc/passwdpredictiveСредний
6File/include/chart_generator.phppredictiveВысокий
7File/index.phppredictiveСредний
8File/mobilebroker/ServiceToBroker.svc/Json/ConnectpredictiveВысокий
9File/product_list.phppredictiveВысокий
10File/qsr_server/device/rebootpredictiveВысокий
11File/resource/file/api/save?auto=1predictiveВысокий
12File/snmpGetpredictiveСредний
13File/tmppredictiveНизкий
14File/uncpath/predictiveСредний
15File/wp-admin/admin-ajax.phppredictiveВысокий
16Fileadministrator/components/com_media/helpers/media.phppredictiveВысокий
17Filexxx_xxxxxxx/xxxxxxx/xxxxx/xxxxx_xxxxxxxx.xxxpredictiveВысокий
18Filexxxx/xxxxxxxx.xxxpredictiveВысокий
19Filexxxxxxxxx/xxxxxxxxxxxxxpredictiveВысокий
20Filexxxx-xxxx.xpredictiveСредний
21Filexxxx.xxxpredictiveСредний
22Filexxxxx/xxx.xpredictiveСредний
23Filex:\xxxxxxx xxxxx (xxx)\xxxxxxxxxxxxx\xxxxxx.xxxpredictiveВысокий
24Filexxxxx-xx-xxxxxx-xxxxx.xxxpredictiveВысокий
25Filexxxxxxx.xxxpredictiveСредний
26Filexxxxxxx_xx.xxxpredictiveВысокий
27Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveВысокий
28Filexxxx/xxxxxxxxxx/xxxxxxx/xxxxxxx.xxxxpredictiveВысокий
29Filexxxxxxx.xxxpredictiveСредний
30Filexxxxxxx/xxx/xxxxx/xxxxxxxxxxxxpredictiveВысокий
31Filexxxx.xxxpredictiveСредний
32Filexxxxxxxx.xxxpredictiveСредний
33Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveВысокий
34Filexxxxxxx.xxxpredictiveСредний
35Filexxxxxxxx/xxxx/xxxx.xxpredictiveВысокий
36Filexxxx-xxxx.xxpredictiveСредний
37Filexxxxxx.xxxpredictiveСредний
38Filexxx/xxxxxx.xxxpredictiveВысокий
39Filexxxxxxx.xxxpredictiveСредний
40Filexxxxxxxx/xxxxxxx/xxxxxxxx_xxxx.xxxpredictiveВысокий
41Filexxxxx.xxxpredictiveСредний
42Filexxxxx.xxxpredictiveСредний
43Filexxxxxxx.xxxpredictiveСредний
44Filexxx.x/xxxxxx.xpredictiveВысокий
45Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveВысокий
46Filexxxxxxxxx/xxxxxxx/xxxx/xxxxxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveВысокий
47Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictiveВысокий
48Filexxxxxxx/xxxx_xxx_xxxxx.xxxpredictiveВысокий
49Filexxxxx.xxxxpredictiveСредний
50Filexxx.xxxpredictiveНизкий
51Filexxxxxxxx_xxxxxx.xxxpredictiveВысокий
52Filexxxxxx/xxxxxxxxxx/xxx/xxxx.xxxpredictiveВысокий
53Filexxxxx_xxxxxx_xxx.xxxpredictiveВысокий
54Filexxxxx.xxxpredictiveСредний
55Filexxxxxxxxxx/xxxxxxxxxx_xxxx.xxx?xxxxxx=xxxxxxpredictiveВысокий
56Filexxxxxxxxxxxxxxxx.xxpredictiveВысокий
57Filexxxxxxx.xxxpredictiveСредний
58Filexxxxx.xxxxpredictiveСредний
59Filexxx-xxxx.xpredictiveСредний
60Filexxxxxxxxx.xxxpredictiveВысокий
61Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveВысокий
62Filexxxx-xxxxxxxx.xxxpredictiveВысокий
63Filexxxxx-xx-xxxxxx="xxxxxxxxx"/predictiveВысокий
64Filexxxx_xxxxxxxx.xxxpredictiveВысокий
65Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveВысокий
66Filexx/xxxxxx/xxxxxpredictiveВысокий
67Filexxxxxxxx.xxxpredictiveСредний
68Filexxxxxx.xxxpredictiveСредний
69Filexxxxxxxxxx.xxxpredictiveВысокий
70Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxx_xxxxxx_xxxxxxpredictiveВысокий
71Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveВысокий
72File\xxxxxxx\xxxxxxxxx\xxxxxxxxxxxxxxxxxxpredictiveВысокий
73File~/xxxxx.xxxpredictiveСредний
74Libraryxx/xxx/xxxx_xxxxxx.xxxpredictiveВысокий
75Libraryxxxxxxxxx.xxxpredictiveВысокий
76Libraryxxxxxxxxxxxxx.xxxpredictiveВысокий
77Libraryxxxxxx.xxxpredictiveСредний
78Libraryxxxxxxxx.xxxpredictiveСредний
79Libraryxxxxxxxxx.xxxpredictiveВысокий
80Libraryxxxxxxxxxxxxxxxxx.xxxpredictiveВысокий
81Argument--xxxxxxxpredictiveСредний
82Argument-xpredictiveНизкий
83Argumentx@xxxxpredictiveНизкий
84Argumentxxxxxxxx_xxxxpredictiveВысокий
85ArgumentxxxxxpredictiveНизкий
86ArgumentxxxxxxxxpredictiveСредний
87ArgumentxxxxxxxxxxpredictiveСредний
88ArgumentxxxpredictiveНизкий
89Argumentxxx_xxx_xxpredictiveСредний
90ArgumentxxxxxxxxxxxxxxxpredictiveВысокий
91ArgumentxxxpredictiveНизкий
92ArgumentxxxxpredictiveНизкий
93Argumentxxxx_xxxxpredictiveСредний
94ArgumentxxxxxpredictiveНизкий
95Argumentxxxx_xxxxxxxpredictiveСредний
96ArgumentxxpredictiveНизкий
97ArgumentxxxxxxxxxxxpredictiveСредний
98Argumentxxx_xxxpredictiveНизкий
99Argumentxxxxxxx_xxxpredictiveСредний
100ArgumentxxpredictiveНизкий
101ArgumentxxxxpredictiveНизкий
102ArgumentxxxxpredictiveНизкий
103ArgumentxxxxxxxxpredictiveСредний
104ArgumentxxxxxxxxpredictiveСредний
105Argumentxxxx[xxxxxxx]predictiveВысокий
106ArgumentxxxxxxxpredictiveНизкий
107ArgumentxxxxxxpredictiveНизкий
108ArgumentxxxxxpredictiveНизкий
109Argumentxx_xxxxpredictiveНизкий
110ArgumentxxxxxxxpredictiveНизкий
111Argumentxxxxx_xxxxxxpredictiveСредний
112ArgumentxxxxxxxxpredictiveСредний
113ArgumentxxxxxxxxxxpredictiveСредний
114ArgumentxxxxxxpredictiveНизкий
115Argumentxxxx_xxxpredictiveСредний
116ArgumentxxxxxxpredictiveНизкий
117Argumentxxxxxxx_xxpredictiveСредний
118Argumentxxxxx/xxxxxpredictiveСредний
119ArgumentxxxpredictiveНизкий
120ArgumentxxxxxxpredictiveНизкий
121ArgumentxxxxxxxxpredictiveСредний
122Argumentxxxxxxxx/xxxxpredictiveВысокий
123Argumentxxxxxxxx:xxxxxxxxpredictiveВысокий
124Argument_xxx_xxxxxxxxxxx_predictiveВысокий
125Input Value..%xxpredictiveНизкий
126Input Valuex</xx><xxxxxx>xxxxx(x)</xxxxxx>predictiveВысокий
127Input Value::$xxxxx_xxxxxxxxxxpredictiveВысокий
128Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveВысокий
129Input ValuexxxxxxxxpredictiveСредний
130Input Valuexxxxxxxxx:xxxxxxxxpredictiveВысокий
131Input Valuexxx.xxx[xxxxx]predictiveВысокий
132Network PortxxxpredictiveНизкий
133Network Portxxx/xx (xxx)predictiveСредний
134Network Portxxx/xxxx (xxx)predictiveВысокий
135Network Portxxx xxxxxx xxxxpredictiveВысокий

Ссылки (4)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!