Upstyle Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (126)

Язык

en	120
pl	2
it	2
fr	2

Страна

us	110
it	2
cn	2
fr	2

Акторы

Upstyle	3
Shuckworm	1
Cobalt Strike	1
Meterpreter	1
Sliver	1

Интерес

Тип

Not Defined	6
Backup Software	4
Application Server Software	2
Connectivity Software	2
Content Management System	2

Поставщик

Not Defined	10
IBM	4
Oracle	2
Fortinet	2
Apple	2

Продукт

IBM Spectrum Protect Plus	4
Oracle WebLogic Server	2
OpenSSH	2
MyCMS	2
Fortinet FortiWAN	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash раскрытие информации	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	Apache Tomcat ServletContext getResourcePaths обход каталога	5.9	5.4	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00178	0.03	CVE-2015-5174
3	Wheatblog add_comment.php межсайтовый скриптинг	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00154	0.00	CVE-2006-7002
4	Ultimate Member Plugin sql-инъекция	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00063	0.00	CVE-2024-1071
5	Fortinet FortiWAN JWT Token слабая аутентификация	9.3	9.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00050	0.00	CVE-2023-44252
6	Apple Safari WebKit повреждение памяти	6.3	6.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00456	0.00	CVE-2022-26717
7	Angular Comment межсайтовый скриптинг	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00077	0.20	CVE-2021-4231
8	Oracle WebLogic Server Centralized Thirdparty Jars эскалация привилегий	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.12726	0.00	CVE-2021-4104
9	Oppo Smart Phone oppo_charger.c charging_limit_current_write Privilege Escalation	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00060	0.00	CVE-2020-11832
10	IBM Spectrum Protect Plus VDAP Proxy раскрытие информации	5.3	5.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00053	0.00	CVE-2020-5022
11	IBM Spectrum Protect Plus эскалация привилегий	5.2	5.2	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00094	0.00	CVE-2020-5020
12	Innokas Yhtymä Oy Vital Signs Monitor VC150 HL7 Segment эскалация привилегий	3.7	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00066	0.00	CVE-2020-27260
13	mndpsingh287 WP File Manager Backup fm_backups раскрытие информации	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01622	0.00	CVE-2020-24312
14	OpenSSH Authentication Username раскрытие информации	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.10737	0.15	CVE-2016-6210
15	Oracle MICROS XBR Liferay эскалация привилегий	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01886	0.00	CVE-2015-7501
16	Liferay FCKeditor Configuration эскалация привилегий	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00075	0.02	CVE-2018-10795
17	Microsoft IIS Log File Permission раскрытие информации	5.3	4.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00042	0.05	CVE-2012-2531
18	PHP-Fusion register.php sql-инъекция	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00725	0.00	CVE-2005-3161
19	Softbiz FAQ Script add_comment.php sql-инъекция	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01302	0.02	CVE-2005-3938
20	MyCMS games.php эскалация привилегий	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00710	0.00	CVE-2007-3585

Кампании (1)

These are the campaigns that can be associated with the actor:

CVE-2024-3400

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Кампании	Identified	Тип	Уверенность
1	23.227.194.230	23-227-194-230.static.hvvc.us	Upstyle	CVE-2024-3400	18.04.2024	verified	Высокий
2	XX.XX.XX.XX	xxxxxxxxxxxxx.xxxxxx.xxx	Xxxxxxx	Xxx-xxxx-xxxx	18.04.2024	verified	Высокий
3	XXX.XX.XX.XXX		Xxxxxxx	Xxx-xxxx-xxxx	18.04.2024	verified	Высокий
4	XXX.XXX.XX.XXX		Xxxxxxx	Xxx-xxxx-xxxx	18.04.2024	verified	Высокий

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CWE-22	Path Traversal	predictive	Высокий
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Высокий
3	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Высокий
4	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
5	TXXXX.XXX	CWE-XXX	Xxxxxxxxxxxx	predictive	Высокий
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
7	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Высокий

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c	predictive	Высокий
2	File	add_comment.php	predictive	Высокий
3	File	xxxxxxx/xxxxxxx/xxxxxxx.xxxx?xxxx	predictive	Высокий
4	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Высокий
5	File	xx_xxxxxxx	predictive	Средний
6	File	xxxxx.xxx	predictive	Средний
7	File	xxxxxxxx.xxx	predictive	Средний
8	Argument	xxx_xx	predictive	Низкий
9	Argument	xxxxxxxx	predictive	Средний
10	Argument	xx	predictive	Низкий
11	Argument	xxxxxxxx	predictive	Средний

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!