Windigo Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (12)

Язык

en	10
de	2

Страна

fr	6
de	6

Акторы

Windigo	1

Интерес

Тип

Programming Language Software	4
Firewall Software	2
Network Camera Software	2
Programming Tool Software	2
Not Defined	2

Поставщик

Not Defined	4
F5	2
AXIS	2
Interspire	2
Adobe	2

Продукт

F5 BIG-IP	2
AXIS 2110 Network Camera	2
Zend Framework	2
Interspire Email Marketer	2
PHP	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	Microsoft IIS IP/Domain Restriction эскалация привилегий	6.5	5.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00817	0.14	CVE-2014-4078
2	AXIS 2110 Network Camera virtualinput.cgi эскалация привилегий	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05684	0.02	CVE-2004-2425
3	Adobe ColdFusion раскрытие информации	3.7	3.6	$0-$5k	$0-$5k	High	Official Fix	0.96634	0.38	CVE-2013-0631
4	Adobe ColdFusion эскалация привилегий	8.5	8.4	$0-$5k	$0-$5k	High	Official Fix	0.97436	0.00	CVE-2018-15961
5	MODX Revolution Access Control phpthumb эскалация привилегий	5.9	5.7	$0-$5k	$0-$5k	High	Official Fix	0.62392	0.02	CVE-2018-1000207
6	Microsoft IIS межсайтовый скриптинг	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.14	CVE-2017-0055
7	Interspire Email Marketer Cookie init.php слабая аутентификация	8.5	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.20801	0.03	CVE-2017-14322
8	1st News 4 Professional products.php sql-инъекция	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00087	0.04	CVE-2008-4890
9	Zend Framework Zend_Db_Select sql-инъекция	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01922	0.02	CVE-2016-6233
10	F5 BIG-IP REST Authentication Timeout restjavad.0.log Log раскрытие информации	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2016-6249
11	PHP wddx_deserialize повреждение памяти	9.8	9.6	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.01704	0.02	CVE-2016-7413

Кампании (1)

These are the campaigns that can be associated with the actor:

Windigo

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Кампании	Identified	Тип	Уверенность
1	77.67.80.31		Windigo	Windigo	31.05.2021	verified	Высокий
2	XX.XXX.XX.X	xxxxxxxx.xxxxxxxxxxxx.xxx	Xxxxxxx	Xxxxxxx	31.05.2021	verified	Высокий
3	XX.XX.XXX.XX	xxxxxxxx.xx-xx-xx-xxx.xx	Xxxxxxx	Xxxxxxx	31.05.2021	verified	Высокий

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Класс	Уязвимости	Вектор доступа	Тип	Уверенность
1		CAPEC-10	CWE-119, CWE-287, CWE-416	Unknown Vulnerability	predictive	Высокий
2	T1059.007	CAPEC-10	CWE-74, CWE-79, CWE-707	Cross Site Scripting	predictive	Высокий
3	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
4	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Высокий
5	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
6	TXXXX.XXX	CAPEC-19	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Высокий

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/uncpath/	predictive	Средний
2	File	/var/log/restjavad.0.log	predictive	Высокий
3	File	xxxx.xxx	predictive	Средний
4	File	xxxxxxxx.xxx	predictive	Средний
5	File	xxxxxxxxxxxx.xxx	predictive	Высокий
6	Argument	xx	predictive	Низкий
7	Argument	xxx_xxxxxxxxxxx	predictive	Высокий
8	Input Value	[\x]*	predictive	Низкий

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Do you know our Splunk app?

Download it now for free!