TA544 Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (258)

Язык

en	254
ru	2
pl	2

Страна

co	236
us	12
ru	6
ua	2

Акторы

TA544	7
SpyEye	1
LokiBot	1
LokiLocker	1
Meterpreter	1

Интерес

Тип

Not Defined	62
Web Browser	44
Operating System	30
Multimedia Processing Software	16
Document Reader Software	16

Поставщик

Not Defined	42
Microsoft	32
Adobe	26
Mozilla	20
Google	16

Продукт

Mozilla Firefox	18
FFmpeg	16
Adobe Acrobat Reader	16
Google Chrome	16
Microsoft Windows	12

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	DZCP deV!L`z Clanportal config.php эскалация привилегий	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.81	CVE-2010-0966
2	LogicBoard CMS away.php Redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	3.28
3	TRENDnet TEW-652BRP Web Management Interface get_set.ccp межсайтовый скриптинг	3.6	3.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00054	0.04	CVE-2023-0639
4	TRENDnet TEW-652BRP Web Management Interface get_set.ccp эскалация привилегий	8.8	8.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00076	0.04	CVE-2023-0611
5	vim повреждение памяти	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00134	0.00	CVE-2022-3520
6	pdfkit URL эскалация привилегий	8.1	8.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.35296	0.02	CVE-2022-25765
7	Nginx Open Source/Plus/Ingress Controller Resolver повреждение памяти	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.58180	0.03	CVE-2021-23017
8	OAID Tengine Serializer Module повреждение памяти	5.5	5.1	$0-$5k	$0-$5k	Unproven	Not Defined	0.00051	0.00	CVE-2020-28759
9	MGB OpenSource Guestbook email.php sql-инъекция	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01302	0.81	CVE-2007-0354
10	Microsoft Edge/ChakraCore Scripting Engine повреждение памяти	6.0	5.9	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.02130	0.00	CVE-2019-0771
11	Gempar Script Toko Online shop_display_products.php sql-инъекция	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00100	0.02	CVE-2009-0296
12	Opt-X header.php эскалация привилегий	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.06075	0.03	CVE-2004-2368
13	BlueCMS sql-инъекция	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00212	0.00	CVE-2019-9594
14	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash раскрытие информации	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
15	TYPO3 spell-check-logic.php неизвестная уязвимость	4.8	4.3	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.05056	0.02	CVE-2006-6690
16	Microsoft Office повреждение памяти	7.8	7.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.70046	0.03	CVE-2016-7228
17	TIBCO Enterprise Messaging Service emsca неизвестная уязвимость	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00365	0.00	CVE-2018-12415
18	Apache Tomcat WebSocket Client слабая аутентификация	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01697	0.03	CVE-2018-8034
19	phpMyAdmin phpinfo.php раскрытие информации	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00142	0.00	CVE-2016-9848
20	Microsoft IIS IP/Domain Restriction эскалация привилегий	6.5	5.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00817	0.34	CVE-2014-4078

Кампании (1)

These are the campaigns that can be associated with the actor:

Zeus

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Кампании	Identified	Тип	Уверенность
1	62.109.29.101	imlejnnn.fvds.ru	TA544	Zeus	07.06.2021	verified	Высокий
2	69.55.49.159		TA544	Zeus	07.06.2021	verified	Высокий
3	XX.XXX.XX.XX	xx-xx-xxx-xx.xxxxxx.xxxxxxx.xxxx.xxx	Xxxxx	Xxxx	07.06.2021	verified	Высокий
4	XX.XXX.XXX.XXX		Xxxxx	Xxxx	07.06.2021	verified	Высокий
5	XX.XXX.XXX.XXX	xxx.xxxxxxx.xx	Xxxxx	Xxxx	07.06.2021	verified	Высокий
6	XX.XX.XXX.XX	xxxxxxxx.xxxxxxxxx.xxx	Xxxxx	Xxxx	07.06.2021	verified	Высокий
7	XX.XXX.XX.XX	xxx.xxx.xxx	Xxxxx	Xxxx	07.06.2021	verified	Высокий
8	XX.XXX.XXX.XXX	xxxxxx.xxxxxxxx.xxx	Xxxxx	Xxxx	07.06.2021	verified	Высокий
9	XXX.XXX.XX.XX	xx.xx.xxx.xxx.xxx.xxx.xx	Xxxxx	Xxxx	07.06.2021	verified	Высокий
10	XXX.XX.XXX.XXX	xxxxxx.xxx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxx	Xxxx	07.06.2021	verified	Высокий

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CWE-22	Path Traversal	predictive	Высокий
2	T1059	CWE-94	Argument Injection	predictive	Высокий
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Высокий
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
6	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Высокий
7	TXXXX	CWE-XXX, CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Высокий
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
9	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
10	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Высокий
11	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
12	TXXXX.XXX	CWE-XXX	Xxxxxxxx	predictive	Высокий
13	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
14	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Высокий

IOA - Indicator of Attack (95)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/forum/away.php	predictive	Высокий
2	File	/Tools/tools_admin.htm	predictive	Высокий
3	File	adm/krgourl.php	predictive	Высокий
4	File	admin.php	predictive	Средний
5	File	administers	predictive	Средний
6	File	catchsegv	predictive	Средний
7	File	classified.php	predictive	Высокий
8	File	coders/mat.c	predictive	Средний
9	File	data/gbconfiguration.dat	predictive	Высокий
10	File	default.asp	predictive	Средний
11	File	drivers/char/lp.c	predictive	Высокий
12	File	xxxxxxx/xxx/xxxxxx.x	predictive	Высокий
13	File	xxxxx.xxx	predictive	Средний
14	File	xxxxxxxx.x	predictive	Средний
15	File	x_xxxxxxx.x	predictive	Средний
16	File	xxx_xxx.xxx	predictive	Средний
17	File	xxx/xx/xxxxxxxxxxxxxxxxxx.xxx	predictive	Высокий
18	File	xxxxxx.xxx	predictive	Средний
19	File	xxxxxx.xxx	predictive	Средний
20	File	xxx/xxxxxx.xxx	predictive	Высокий
21	File	xxxxx.xxx	predictive	Средний
22	File	xxxxxxxx/xxxx/xxxx.xxx	predictive	Высокий
23	File	xx_xxxx_xxxxx_xxxxxxxx_xxxxxxxxxxxxxx.xxx	predictive	Высокий
24	File	xxxxxxxxxx/xxxxxx.x	predictive	Высокий
25	File	xxxxxxxxxx/xxx.x	predictive	Высокий
26	File	xxxxxxxxxx/xxxx.x	predictive	Высокий
27	File	xxxxxxxxxx/xxxxxxxx.x	predictive	Высокий
28	File	xxxxxxxxxx/xxxxxxxxxx.x	predictive	Высокий
29	File	xxxxxxxxxxx/xxx.x	predictive	Высокий
30	File	xxxxxxxxxxx/xxx.x	predictive	Высокий
31	File	xxxxxxxxxxx/xxx.x	predictive	Высокий
32	File	xxxxxxxxxxx/xxxx.x	predictive	Высокий
33	File	xxxxxxxxxxx/xxxxx.x	predictive	Высокий
34	File	xxxxxxxxxxx/xxxxxxxx.x	predictive	Высокий
35	File	xxxxxxx/xxxxxxx.x	predictive	Высокий
36	File	xxxxx.xxx	predictive	Средний
37	File	xxxx/xxx.x	predictive	Средний
38	File	xxx/xxx/xx_xxx.x	predictive	Высокий
39	File	xxxxxxxxxxxx.xxx	predictive	Высокий
40	File	xxx_xxxxxxx.x	predictive	Высокий
41	File	xxxxxx.xxx.xxx	predictive	Высокий
42	File	xxxxxxx.xxx	predictive	Средний
43	File	xxxxxxxx/xxxxxxxxxx.xxx	predictive	Высокий
44	File	xxxxxx/xxxxxxxxxx/xxx/xxxx.xxx	predictive	Высокий
45	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	Высокий
46	File	xxxxx-xxxxx-xxxxx.xxx	predictive	Высокий
47	File	xxx/xx_xxxx.x	predictive	Высокий
48	File	xxxxxx.xxx	predictive	Средний
49	File	xxxxxxx/xxxxx/xxxx.xxx?xxx=xxxx	predictive	Высокий
50	File	x_xxxxx.x	predictive	Средний
51	File	xxxxxxx_xxxxxxx.xxxxxxxx.xxxx_xxxxxxxx	predictive	Высокий
52	File	xxxxxxx/xxxx/xxxxxxxxxxxxxxxx.xxx	predictive	Высокий
53	File	xxxxxxx/xxxx/xxxxx.xxx	predictive	Высокий
54	File	xxxxxxxxx_xx.x	predictive	Высокий
55	Library	xx/xxx/xxxx_xxxxxx.xxx	predictive	Высокий
56	Library	xx/xxx/xxxxxxx.xxx	predictive	Высокий
57	Library	xxxxxx_xxx	predictive	Средний
58	Library	xxxxxxx	predictive	Низкий
59	Library	xxx/xxxxxx/xxxxx.xx	predictive	Высокий
60	Library	xxxxxxxxxx/xxx_xxxxx.x	predictive	Высокий
61	Library	xxxxx.xxx	predictive	Средний
62	Library	xxxxxxx.xxx	predictive	Средний
63	Library	xxxxxx.xxx	predictive	Средний
64	Argument	xxxxxxxx	predictive	Средний
65	Argument	xxxxx	predictive	Низкий
66	Argument	xxx_xx	predictive	Низкий
67	Argument	xxxxxx_xxx	predictive	Средний
68	Argument	xxxxxxxx_xxxx	predictive	Высокий
69	Argument	xxxxxx	predictive	Низкий
70	Argument	xxxxxx	predictive	Низкий
71	Argument	xxxxxxxxxxxxxxxxxxxxxx	predictive	Высокий
72	Argument	xx	predictive	Низкий
73	Argument	xxx	predictive	Низкий
74	Argument	x_xxxxxxxxxxxxxxxx	predictive	Высокий
75	Argument	xxxxxxxx	predictive	Средний
76	Argument	xxxxxxxx	predictive	Средний
77	Argument	xxxxxx	predictive	Низкий
78	Argument	xxxxxx	predictive	Низкий
79	Argument	xxxxx_xxxxxxx_xxxxx/xxxxx_xxxxxxx_xxxxx_xxx/xxxxx_xxxxxxx_xxxxxxx	predictive	Высокий
80	Argument	xxxxxx_xx	predictive	Средний
81	Argument	xxxx_xxx	predictive	Средний
82	Argument	xxxxxxxxxx	predictive	Средний
83	Argument	xxxxxx-xxxxx	predictive	Средний
84	Argument	xxxxxxxx/xxxxxxxx	predictive	Высокий
85	Argument	xxxxxxx	predictive	Низкий
86	Argument	xxxx_xx	predictive	Низкий
87	Input Value	xxxx	predictive	Низкий
88	Input Value	xxxxx	predictive	Низкий
89	Input Value	xxxxx/xxxxxxxx	predictive	Высокий
90	Input Value	xxxxx	predictive	Низкий
91	Input Value	xxxxx xxxxxxx xxxxxx	predictive	Высокий
92	Pattern	\|xx\|/[	predictive	Низкий
93	Network Port	xxxxxxxxxxxxxx xxxxxx	predictive	Высокий
94	Network Port	xxx/xx (xxx)	predictive	Средний
95	Network Port	xxx/xxxxx	predictive	Средний

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!