TunnelVision Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (45)

Временная шкала

Язык

en40
fr2
it2
pl2

Страна

us32
mx8
gb6

Акторы

TunnelVision4
Mint Sandstorm2

Деятельность

Интерес

Временная шкала

Тип

Not Defined12
Content Management System6
Programming Language Software4
Application Server Software4
Feedback Software2

Поставщик

Not Defined14
Oracle4
Umbraco2
Maran2
YITH2

Продукт

Five Star Review Script2
Umbraco CMS2
Maran PHP Shop2
PHP2
Smartstore2

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash раскрытие информации5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2SAP NetWeaver MigrationService эскалация привилегий9.29.2$5k-$25k$5k-$25kNot DefinedNot Defined0.000770.02CVE-2021-21481
3WordPress межсайтовый скриптинг5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003640.02CVE-2022-21662
4WordPress WP_Query sql-инъекция6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.935360.14CVE-2022-21661
5Microsoft Windows RDP эскалация привилегий8.87.7$25k-$100k$5k-$25kUnprovenOfficial Fix0.001210.00CVE-2021-1669
6DZCP deV!L`z Clanportal config.php эскалация привилегий7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.34CVE-2010-0966
7SourceCodester Petrol Pump Management Software service_crud.php эскалация привилегий4.74.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.10CVE-2024-2059
8Cacti Request Parameter remote_agent.php эскалация привилегий8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.965280.00CVE-2022-46169
9All in One SEO Plugin REST API Endpoint эскалация привилегий6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.024070.04CVE-2021-25036
10YITH WooCommerce Gift Cards Premium Plugin Shopping Cart php эскалация привилегий7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.134510.00CVE-2021-3120
11WordPress wp-publications Plugin Archive bibtexbrowser.php обход каталога7.87.6$0-$5k$0-$5kNot DefinedOfficial Fix0.005290.03CVE-2021-38360
12WP Import Export Plugin class-wpie-general.php wpie_process_file_download эскалация привилегий6.46.3$0-$5k$0-$5kNot DefinedNot Defined0.001610.00CVE-2022-0236
13Cisco Small Business RV345 повреждение памяти9.99.7$5k-$25k$5k-$25kHighOfficial Fix0.962500.05CVE-2022-20699
14WordPress Object эскалация привилегий5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.004320.04CVE-2022-21663
15Oracle GlassFish Open Source Edition Demo Feature слабая аутентификация8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001870.03CVE-2018-14324
16Microsoft Exchange Server Privilege Escalation8.88.3$25k-$100k$0-$5kHighOfficial Fix0.965140.04CVE-2021-42321
17F5 BIG-IP TMUI Privilege Escalation8.88.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.001590.00CVE-2021-22988
18Microsoft SharePoint Server Privilege Escalation8.87.7$25k-$100k$0-$5kUnprovenOfficial Fix0.282920.00CVE-2021-31181
19Umbraco CMS Installation обход каталога5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.003710.06CVE-2020-5811
20Dnsmasq helper.c create_helper раскрытие информации3.73.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003470.00CVE-2019-14834

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
151.89.135.142ip142.ip-51-89-135.euTunnelVision25.02.2022verifiedВысокий
251.89.169.198ip198.ip-51-89-169.euTunnelVision25.02.2022verifiedВысокий
3XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxXxxxxxxxxxxx25.02.2022verifiedВысокий
4XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxXxxxxxxxxxxx25.02.2022verifiedВысокий
5XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxxxxxxxxx25.02.2022verifiedВысокий
6XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxxxxxxxxx25.02.2022verifiedВысокий
7XXX.XX.XXX.XXxxxxxxxxxxx25.02.2022verifiedВысокий

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueКлассУязвимостиВектор доступаТипУверенность
1CAPEC-13CWE-73, CWE-119, CWE-121, CWE-266, CWE-285, CWE-287, CWE-352, CWE-404, CWE-862, CWE-863Unknown VulnerabilitypredictiveВысокий
2T1006CAPEC-126CWE-22Path TraversalpredictiveВысокий
3T1055CAPEC-10CWE-74, CWE-707Improper Neutralization of Data within XPath ExpressionspredictiveВысокий
4TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxxxxx XxxxxxxxxpredictiveВысокий
5TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx XxxxxxxxxpredictiveВысокий
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
7TXXXX.XXXCAPEC-191CWE-XXX, CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveВысокий
8TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveВысокий
9TXXXX.XXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveВысокий
10TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
11TXXXX.XXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (33)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/admin/app/service_crud.phppredictiveВысокий
2File/cgi-bin/user/Config.cgipredictiveВысокий
3File/etc/sudoerspredictiveСредний
4File/src/helper.cpredictiveВысокий
5Filexxxxx.xxx/xxxx/xxx/xxxxx/predictiveВысокий
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveВысокий
7Filexxxxxx.xxxpredictiveСредний
8Filexxx/xxxxxx.xxxpredictiveВысокий
9Filexxxxx_xxx.xxxpredictiveВысокий
10FilexxxpredictiveНизкий
11Filexxxx.xxxpredictiveСредний
12Filexxxxxxxxx.xxxpredictiveВысокий
13Filexxxxxx_xxxxx.xxxpredictiveВысокий
14Filexxxx.xxxpredictiveСредний
15Filexxxxxx/xxxxx.xxx/xxxx/xxxxpredictiveВысокий
16Filexxxxxxxxx.xxxpredictiveВысокий
17Filexxxxxx/xxxxx/xxxx_xxx.xxxpredictiveВысокий
18File~/xxxxxxxxxxxxx.xxxpredictiveВысокий
19File~/xxxxxxxx/xxxxxxx/xxxxx-xxxx-xxxxxxx.xxxpredictiveВысокий
20ArgumentxxxxxxxxpredictiveСредний
21ArgumentxxxpredictiveНизкий
22Argumentxxxx/xxxxxxxpredictiveСредний
23Argumentxxxx_xxpredictiveНизкий
24ArgumentxxxxxxxxpredictiveСредний
25ArgumentxxxxpredictiveНизкий
26ArgumentxxxxxpredictiveНизкий
27ArgumentxxxxxxxpredictiveНизкий
28Argumentx_xxxxpredictiveНизкий
29Argumentxxxxx_xxpredictiveСредний
30ArgumentxxxxxxxxpredictiveСредний
31Input Valuexxxxxx=xxx&xxxxxxxx=xxxxxxx.*predictiveВысокий
32Input ValuexxxxxpredictiveНизкий
33Input Valuexxxxxxxxx xxxxxpredictiveВысокий

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Interested in the pricing of exploits?

See the underground prices here!