Strider Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (52)

Язык

en	42
de	4
it	4
es	2

Страна

us	14
it	10
de	4
es	2

Акторы

Sauron	4
Strider	3
Mirai	1

Интерес

Тип

Not Defined	18
Operating System	4
Virtualization Software	2
Network Camera Software	2
Photo Gallery Software	2

Поставщик

Not Defined	16
IBM	6
VMware	2
SV3C	2
Coppermine	2

Продукт

VMware ESXi	2
VMware Workstation	2
VMware Fusion	2
SV3C L-SERIES HD CAMERA	2
Coppermine Photo Gallery	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	CTI	EPSS	CVE
1	Van Ons WP GDPR Compliance Plugin $wpdb->prepare эскалация привилегий	8.5	8.2	$0-$5k	$0-$5k	High	Official Fix	0.00	0.97274	CVE-2018-19207
2	IBM Cognos Controller Web UI межсайтовый скриптинг	4.8	4.8	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00	0.00050	CVE-2019-4136
3	lshell эскалация привилегий	8.1	8.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01	0.00348	CVE-2016-6902
4	lshell эскалация привилегий	8.1	8.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01	0.00352	CVE-2016-6903
5	OpenBSD OpenSSH PKCS 11 эскалация привилегий	7.4	7.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.02999	CVE-2023-38408
6	Linux Kernel dr_domain.c dr_domain_init_resources эскалация привилегий	5.5	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00043	CVE-2023-23006
7	PHPStore Wholesales track.php sql-инъекция	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.03	0.00366	CVE-2008-5493
8	cpCommerce document.php sql-инъекция	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.02	0.00064	CVE-2009-1345
9	e107 CMS secure_img_render.php эскалация привилегий	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.04	0.03019	CVE-2004-2041
10	PHPOutsourcing IdeaBox include.php эскалация привилегий	7.3	6.4	$0-$5k	$0-$5k	Unproven	Unavailable	0.05	0.17410	CVE-2008-5199
11	socialMPN article.php sql-инъекция	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00129	CVE-2005-2031
12	Coppermine Photo Gallery init.inc.php эскалация привилегий	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05	0.09075	CVE-2004-1988
13	Pmachine lib.inc.php эскалация привилегий	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.02869	CVE-2003-1086
14	Bitrix24 Web Application Firewall межсайтовый скриптинг	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.07	0.00113	CVE-2020-13483
15	PrestaShop Authentication слабая аутентификация	8.5	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00231	CVE-2020-4074
16	Trojan-Spy.Win32.WebCenter.a Service Port 80 web.exe раскрытие информации	5.3	4.9	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00	0.00000
17	Oracle Argus Safety Letters раскрытие информации	4.3	4.1	$5k-$25k	Расчет	Not Defined	Official Fix	0.00	0.00054	CVE-2021-2110
18	VMware ESXi/Workstation/Fusion XHCI USB Controller раскрытие информации	4.4	4.2	$0-$5k	Расчет	Not Defined	Official Fix	0.00	0.00060	CVE-2020-3965
19	NVIDIA Windows GPU Display Driver DirectX 11 User Mode Driver x.dll раскрытие информации	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.05	0.00044	CVE-2020-5965
20	Apple iOS/iPadOS WebRTC повреждение памяти	6.0	5.8	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	0.00042	CVE-2019-2050

Кампании (1)

These are the campaigns that can be associated with the actor:

ProjectSauron

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Кампании	Identified	Тип	Уверенность
1	37.252.125.88		Strider	ProjectSauron	20.12.2020	verified	Высокий
2	54.209.129.218	ec2-54-209-129-218.compute-1.amazonaws.com	Strider	ProjectSauron	20.12.2020	verified	Средний
3	66.228.52.133	li294-133.members.linode.com	Strider	ProjectSauron	20.12.2020	verified	Высокий
4	XX.X.XXX.XXX	xxxxxxxxxxx.xx.xx	Xxxxxxx	Xxxxxxxxxxxxx	20.12.2020	verified	Высокий
5	XX.XXX.XX.XXX		Xxxxxxx	Xxxxxxxxxxxxx	20.12.2020	verified	Высокий
6	XXX.XXX.XX.XX		Xxxxxxx	Xxxxxxxxxxxxx	20.12.2020	verified	Высокий
7	XXX.X.XXX.XXX	xxxxxx.xxx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxx	Xxxxxxxxxxxxx	20.12.2020	verified	Высокий
8	XXX.XX.XX.XXX	xxxxxxx-xx-xx-xxx.xxxxxx.xxxxxxx.xx	Xxxxxxx	Xxxxxxxxxxxxx	20.12.2020	verified	Высокий
9	XXX.XXX.XX.XX	xxxxxxx.xxx	Xxxxxxx	Xxxxxxxxxxxxx	20.12.2020	verified	Высокий
10	XXX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxxxxxxxx	20.12.2020	verified	Высокий
11	XXX.XXX.XXX.XXX	xxxxxxxxxxxxx.xxxxxxxxxx.xxxx	Xxxxxxx	Xxxxxxxxxxxxx	20.12.2020	verified	Высокий

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CWE-425	Path Traversal	predictive	Высокий
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Высокий
3	T1059	CWE-94	Argument Injection	predictive	Высокий
4	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Высокий
5	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
6	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Высокий
7	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
9	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
10	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxx Xxxx	predictive	Высокий
11	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
12	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Высокий

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	.procmailrc	predictive	Средний
2	File	article.php	predictive	Средний
3	File	BC_Logon.swf	predictive	Средний
4	File	C:\Windows\SysWOW64\webcenter\web.exe	predictive	Высокий
5	File	xxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/	predictive	Высокий
6	File	xxxxxxxx.xxx	predictive	Средний
7	File	xxxxxxx/xxx/xxxxxxxx/xxxxxxxx/xxxx/xxxx/xxxxxxxx/xx_xxxxxx.x	predictive	Высокий
8	File	xxxxxxx.xxx	predictive	Средний
9	File	xxxxx.xxx	predictive	Средний
10	File	xxxx.xxx.xxx	predictive	Средний
11	File	xxxxxxx/xxxx.x	predictive	Высокий
12	File	xxxxxxx/xxxxxxx/xxx_xxxxxxx.x	predictive	Высокий
13	File	xxxxxx_xxx_xxxxxx.xxx	predictive	Высокий
14	File	xxxxx.xxx	predictive	Средний
15	File	xx-xxxxxxxx/xxxxxxxxx.xxx	predictive	Высокий
16	Library	x:\xxxxxxx\xxxxxxxx\xxxxxxxxxxx\xxxxxxxxxxxxxx\xxxxxxxx.xxx_xxxxx_xxxxxxxxxxxxxxxx\xxxxx\xxxxxxxxxxx.xxx	predictive	Высокий
17	Library	xxx/xxxx/xxxxxxxxxxxxxxxxxxx.xxxxx.xxx	predictive	Высокий
18	Library	xxxxxxxx/x.xxx	predictive	Высокий
19	Library	xx/xxx.xxx.xxx	predictive	Высокий
20	Argument	xxxxxxxx_xxxx	predictive	Высокий
21	Argument	xxx_x_xxx	predictive	Средний
22	Argument	xxxxxx_xxxxx_xxx	predictive	Высокий
23	Argument	xxxxxxxx	predictive	Средний
24	Argument	xx	predictive	Низкий
25	Argument	xx_xxxxxxxx	predictive	Средний
26	Argument	xxxxx[xxxxx][xx]	predictive	Высокий
27	Argument	xxxx_xxx_xxxx_xxxx	predictive	Высокий
28	Argument	xx_xxxx	predictive	Низкий
29	Argument	xxx	predictive	Низкий
30	Input Value	xxxxxxx	predictive	Низкий

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!