TA428 Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (150)

Язык

en	116
zh	22
es	4
ko	2
ar	2

Страна

cn	50
us	46
ir	2
es	2
fr	2

Акторы

TA428	8
Mirai	1
TA505	1
RedLine Stealer	1
Cobalt Strike	1

Интерес

Тип

Not Defined	46
Content Management System	16
WordPress Plugin	8
Operating System	8
Web Server	8

Поставщик

Not Defined	62
Microsoft	18
Google	6
Craft	2
Avast	2

Продукт

WordPress	8
Microsoft Windows	8
Microsoft IIS	4
responsive-menu Plugin	2
Redmine	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	CTI	EPSS	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash раскрытие информации	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
2	Microsoft IIS межсайтовый скриптинг	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.04	0.00548	CVE-2017-0055
3	Sir GNUboard sql-инъекция	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00112	CVE-2014-2339
4	Devilz Clanportal sql-инъекция	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.08	0.00684	CVE-2006-6339
5	WordPress WP_Query class-wp-query.php sql-инъекция	8.5	8.4	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.00318	CVE-2017-5611
6	Cisco ASA WebVPN Login Page logon.html межсайтовый скриптинг	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.07	0.00192	CVE-2014-2120
7	Microsoft Windows Registry Password раскрытие информации	3.7	3.6	$25k-$100k	$0-$5k	Not Defined	Workaround	0.02	0.00000
8	Brocade Fabric OS CLI Local Privilege Escalation	7.8	7.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00042	CVE-2022-33182
9	WordPress Password Reset wp-login.php mail эскалация привилегий	6.1	5.8	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.06	0.02827	CVE-2017-8295
10	PHP Everywhere Plugin Shortcode Privilege Escalation	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00108	CVE-2022-24663
11	Microsoft Windows ICMP Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00	0.02758	CVE-2023-23415
12	Microsoft Windows Win32k Local Privilege Escalation	7.8	7.1	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.04	0.00264	CVE-2023-29336
13	Google WebP libwebp повреждение памяти	7.5	7.4	$5k-$25k	$0-$5k	High	Official Fix	0.02	0.49095	CVE-2023-4863
14	RARLabs WinRAR ZIP Archive Remote Code Execution	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.40418	CVE-2023-38831
15	SourceCodester Doctors Appointment System login.php sql-инъекция	7.4	7.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.00064	CVE-2023-4219
16	Microsoft Excel Remote Code Execution	7.3	6.7	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00	0.00113	CVE-2023-33158
17	Microsoft Visual Studio неизвестная уязвимость	5.1	4.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00078	CVE-2023-28299
18	Microsoft Office Local Privilege Escalation	7.0	6.4	$0-$5k	$0-$5k	Unproven	Official Fix	0.02	0.00411	CVE-2023-33146
19	Th3-822 Rapidleech zip.php zip_go межсайтовый скриптинг	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00063	CVE-2021-4312
20	Google Chrome Blink эскалация привилегий	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	0.00133	CVE-2022-3315

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Identified	Тип	Уверенность
1	5.180.174.10		TA428	16.08.2022	verified	Высокий
2	45.63.27.162	45.63.27.162.vultrusercontent.com	TA428	16.08.2022	verified	Высокий
3	XX.XX.XXX.XXX	xx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxx	16.02.2024	verified	Высокий
4	XX.XXX.XXX.XXX		Xxxxx	16.08.2022	verified	Высокий
5	XX.XX.XXX.XXX	xxx-xxxxxxxx.xxx.xxx.xxx	Xxxxx	16.08.2022	verified	Высокий
6	XX.XXX.XXX.XX	xxxxxxxxxx.xx	Xxxxx	16.02.2024	verified	Высокий
7	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxx	16.02.2024	verified	Высокий
8	XXX.XXX.XXX.XXX	xxxxxxxxx.xxxxx.xxx	Xxxxx	16.08.2022	verified	Высокий
9	XXX.XXX.XX.XX	xxx-xxx-xx-xx.xx.xxxxxxxxxxxxxxxxx.xxx	Xxxxx	16.02.2024	verified	Высокий
10	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxx	16.08.2022	verified	Высокий

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CWE-22	Path Traversal	predictive	Высокий
2	T1040	CWE-319	Authentication Bypass by Capture-replay	predictive	Высокий
3	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Высокий
4	T1059	CWE-94	Argument Injection	predictive	Высокий
5	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Высокий
6	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
7	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
8	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Высокий
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Высокий
10	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
11	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Высокий
12	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
13	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Высокий
14	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxx Xxxx	predictive	Высокий
15	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
16	TXXXX.XXX	CWE-XXX	Xxxxxxxx	predictive	Высокий
17	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
18	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Высокий
19	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Высокий

IOA - Indicator of Attack (61)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/+CSCOE+/logon.html	predictive	Высокий
2	File	/api/addusers	predictive	Высокий
3	File	/debug/pprof	predictive	Средний
4	File	/forum/away.php	predictive	Высокий
5	File	/uncpath/	predictive	Средний
6	File	adclick.php	predictive	Средний
7	File	admin.cgi?action=%s	predictive	Высокий
8	File	xxxxxxxxxxx/xxxx/xxxxxxxxxx/xxxxxx.xxx	predictive	Высокий
9	File	xxxxx.xxx	predictive	Средний
10	File	xxxxxxxx.xxx	predictive	Средний
11	File	xxxxx/xxxxxxx.xxx	predictive	Высокий
12	File	xxxxxxx/xxxxxxx/xxx.xxx	predictive	Высокий
13	File	xxxxxx.xxx	predictive	Средний
14	File	xxxxxxxxxxx/xxxxxx/xxx.xxx	predictive	Высокий
15	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Высокий
16	File	xxxxxx.xxx	predictive	Средний
17	File	xxxx_xxx.xxx	predictive	Средний
18	File	xxx/xxxxxx.xxx	predictive	Высокий
19	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	Высокий
20	File	xxxxxxxxxx/xxx/xxxxxx_xxxx.xxx	predictive	Высокий
21	File	xxxxxxxxxxx/xx_xxxx.x	predictive	Высокий
22	File	xxx\xxxxxxx\xxxxxxxx\xxxxx.xxxxxxxxxxxxxxx.xxx	predictive	Высокий
23	File	xxxxx.xxx	predictive	Средний
24	File	xxx_xxxxxx_xxxxxx.xx	predictive	Высокий
25	File	xxxxxx/xxxxxxxxxxx.xxx?xxxx=xx&x=xxxxxxx	predictive	Высокий
26	File	xxx/xxxxx_xxxx.x	predictive	Высокий
27	File	xxxxxx/xxxxxxxxxx.xxx	predictive	Высокий
28	File	xxxxxxxxxxxxxx/xxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxx.xxxx	predictive	Высокий
29	File	xxxxxxxx_xxxx.xxx	predictive	Высокий
30	File	xxxxxxx.xxx/xxxxx.xxx	predictive	Высокий
31	File	xxxxxxxxxxx.xxx	predictive	Высокий
32	File	xxxxx.xxx	predictive	Средний
33	File	xxxxxxxxxxxxxxx.xxx	predictive	Высокий
34	File	xxx/xxx/xxx_xxxx/xxxx.x	predictive	Высокий
35	File	xxx/xxxxxxx.x	predictive	Высокий
36	File	xxxxxxxxxx.xxx	predictive	Высокий
37	File	xxxxxxxxxx.xxxx	predictive	Высокий
38	File	xx-xxxxx-xxxxxx.xxx	predictive	Высокий
39	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	Высокий
40	File	xx-xxxxx.xxx	predictive	Средний
41	Library	xxx-xx-xxx-xxxx-xxxx-xx-x-x.xxx	predictive	Высокий
42	Library	xxx_xxxx.xxx	predictive	Средний
43	Library	xxxxxxxxxxxxxxx.xxx	predictive	Высокий
44	Argument	xxxxxxx	predictive	Низкий
45	Argument	xxxxxxxx	predictive	Средний
46	Argument	xxxxx_xxxx	predictive	Средний
47	Argument	xxxxx_xxxx/xx_xxxxx_xxxxx_xx/xx_xxxxx_xxxxx_xxxxx_xxxx_xxxx/xxxxx_xxxxxxxxx_xxxx/xxxxxx_xxxxxx_xxxxx	predictive	Высокий
48	Argument	xxxxxxx	predictive	Низкий
49	Argument	xxxxxxxxxxxx	predictive	Средний
50	Argument	xxxx_xxx	predictive	Средний
51	Argument	xxxx	predictive	Низкий
52	Argument	xxxx	predictive	Низкий
53	Argument	xx	predictive	Низкий
54	Argument	xxxxx	predictive	Низкий
55	Argument	xxxxxxx_xxxx	predictive	Средний
56	Argument	xxxxxx	predictive	Низкий
57	Argument	xxxx	predictive	Низкий
58	Argument	xxxxxxxxx	predictive	Средний
59	Argument	xxxx->xxxxxxx	predictive	Высокий
60	Input Value	..	predictive	Низкий
61	Input Value	/../	predictive	Низкий

Ссылки (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Interested in the pricing of exploits?

See the underground prices here!