Typeframe Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (64)

Язык

en	64

Страна

al	46
us	18

Акторы

Typeframe	1

Интерес

Тип

Not Defined	24
Operating System	10
Database Software	4
Web Server	4
Multimedia Player Software	2

Поставщик

Not Defined	26
Microsoft	4
Symantec	4
HP	2
VideoLAN	2

Продукт

HP HP-UX	2
Unity Editor	2
VideoLAN VLC Media Player	2
Procmail	2
Oracle Database	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	Symantec Messaging Gateway Charting ChartStream.java doGet обход каталога	6.5	6.0	$5k-$25k	$0-$5k	High	Official Fix	0.96232	0.00	CVE-2016-5312
2	WordPress REST API class-wp-rest-posts-controller.php эскалация привилегий	6.3	6.3	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.00198	0.04	CVE-2019-20043
3	Microsoft IIS межсайтовый скриптинг	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.17	CVE-2017-0055
4	Eagle Speed USB Modem Software ZDServ эскалация привилегий	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
5	Billion Router 7700NR4 Telnet Service слабая аутентификация	7.3	6.4	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00000	0.00
6	OTRS webscript.pl эскалация привилегий	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00298	0.00	CVE-2011-0456
7	wpa_supplicant Local Privilege Escalation	7.8	7.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00064	0.00	CVE-2016-4477
8	Corebos эскалация привилегий	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00056	0.03	CVE-2023-48029
9	VideoLAN VLC Media Player MKV File send повреждение памяти	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00218	0.00	CVE-2020-26664
10	Microsoft Windows Kernel-Mode Driver win32k.sys повреждение памяти	5.3	5.1	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00129	0.00	CVE-2015-2546
11	Check Point SmartConsole эскалация привилегий	6.5	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.02	CVE-2020-6024
12	vu Mass Mailer Login Page redir.asp sql-инъекция	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00181	0.17	CVE-2007-6138
13	Apple Mac OS X Server Wiki Server межсайтовый скриптинг	4.3	4.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00263	0.04	CVE-2009-2814
14	PHP File Permission rename эскалация привилегий	6.5	6.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00367	0.04	CVE-2019-9637
15	Microsoft Windows DNS Server Remote Code Execution	9.8	8.5	$100k и многое другое	$5k-$25k	Unproven	Official Fix	0.05193	0.00	CVE-2021-26897
16	BlackCat CMS ajax_save.php межсайтовый скриптинг	3.6	3.2	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00125	0.00	CVE-2021-27237
17	Elementor File Upload эскалация привилегий	8.6	8.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00136	0.02	CVE-2020-7055
18	DZCP deV!L`z Clanportal config.php эскалация привилегий	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.72	CVE-2010-0966
19	Cacti cmd.php popen sql-инъекция	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01823	0.00	CVE-2006-6799
20	GuildFTPd повреждение памяти	10.0	10.0	$0-$5k	$0-$5k	High	Not Defined	0.40297	0.00	CVE-2008-4572

Кампании (1)

These are the campaigns that can be associated with the actor:

Typeframe

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Кампании	Identified	Тип	Уверенность
1	59.90.93.97	static.bb.knl.59.90.93.97.bsnl.in	Lazarus	Typeframe	17.12.2020	verified	Высокий
2	80.91.118.45	ip-80-91-118-45.net.abissnet.al	Lazarus	Typeframe	17.12.2020	verified	Высокий
3	XX.X.XXX.XXX	xxxxxxxxxx.xxx.xx	Xxxxxxxxx		27.03.2022	verified	Высокий
4	XX.XXX.XXX.XXX	xxxx-xx-xxx-xxx-xxx.xxxxxxxx.xxx.xx.xxx	Xxxxxxxxx		27.03.2022	verified	Высокий
5	XXX.XXX.XX.XXX		Xxxxxxxxx		27.03.2022	verified	Высокий
6	XXX.XXX.XX.XX		Xxxxxxxxx		27.03.2022	verified	Высокий
7	XXX.XXX.XXX.X		Xxxxxxx	Xxxxxxxxx	17.12.2020	verified	Высокий

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CWE-22	Path Traversal	predictive	Высокий
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Высокий
3	TXXXX	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	Высокий
4	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Высокий
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
6	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Высокий
7	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
10	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Высокий

IOA - Indicator of Attack (31)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	.procmailrc	predictive	Средний
2	File	/etc/sudoers	predictive	Средний
3	File	/uncpath/	predictive	Средний
4	File	backend/preferences/ajax_save.php	predictive	Высокий
5	File	xxxxxxx.xxx	predictive	Средний
6	File	xxx.xxx	predictive	Низкий
7	File	xxx/xx/xxxxxxxxx/xxxxxxx/xxxxxxxxxxx.xxxx	predictive	Высокий
8	File	xxx.xxx	predictive	Низкий
9	File	xxx/xxxxxx.xxx	predictive	Высокий
10	File	xxxxx.xx	predictive	Средний
11	File	xx.xxx	predictive	Низкий
12	File	xxx/xxxxxx.x	predictive	Средний
13	File	xxxxxx	predictive	Низкий
14	File	xxxxx.xxx	predictive	Средний
15	File	xxxxxxxxx_xxx	predictive	Высокий
16	File	xxxx/xxxxxxxx/xxxxxxxx.xxxx	predictive	Высокий
17	File	xxxxxxxxx.xx	predictive	Средний
18	File	xx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxx	predictive	Высокий
19	Library	xxxxxx.xxx	predictive	Средний
20	Library	xxxxxxxxxxx.xxx	predictive	Высокий
21	Argument	xxxxxxxx	predictive	Средний
22	Argument	xxxxxxx xxxx	predictive	Средний
23	Argument	xxxxxxxxxx	predictive	Средний
24	Argument	xxxxxxxx	predictive	Средний
25	Argument	xxxxxx_xxxxxxx_xxxxxxx/xxxxxx_xxxxxxx_xxxx	predictive	Высокий
26	Argument	xx	predictive	Низкий
27	Argument	xxxx	predictive	Низкий
28	Input Value	../../xxx-xxx/xxx	predictive	Высокий
29	Input Value	xxxxxxxx	predictive	Средний
30	Input Value	\x\x	predictive	Низкий
31	Network Port	xxx/xx (xxxxxx)	predictive	Высокий

Ссылки (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Do you need the next level of professionalism?

Upgrade your account now!