WindShift Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (83)

Язык

en	76
pt	4
pl	2
zh	2

Страна

us	52
ru	2
pl	2
tr	2
ch	2

Акторы

RedLine Stealer	3
Mirai	3
Remcos	3
Nanocore RAT	3
BitRAT	3

Интерес

Тип

Not Defined	30
Operating System	8
Remote Access Software	4
Web Server	4
WordPress Plugin	4

Поставщик

Not Defined	30
Microsoft	8
Sophos	2
Google	2
Acme	2

Продукт

Microsoft Windows	6
Backdoor.Win32.FTP.Lana.01.d	2
Sophos Intercept X Endpoint	2
Sophos Home	2
Google Chrome	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	Cisco SD-WAN CLI Privilege Escalation	8.1	8.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.05	CVE-2022-20818
2	Cisco IOS XE Self-Healing эскалация привилегий	7.3	7.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00042	0.06	CVE-2022-20855
3	Apple iOS ImageIO отказ в обслуживании	6.4	6.3	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.03533	0.00	CVE-2016-1811
4	Acme Mini HTTPd Terminal эскалация привилегий	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00303	0.04	CVE-2009-4490
5	Cisco SD-WAN CLI Privilege Escalation	8.1	8.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2022-20775
6	Apple iOS CommonCrypto раскрытие информации	5.4	5.3	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00181	0.00	CVE-2016-1802
7	Microsoft IIS межсайтовый скриптинг	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.05	CVE-2017-0055
8	Microsoft Word wwlib Remote Code Execution	8.0	7.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.45352	0.00	CVE-2023-21716
9	Linux Kernel TPM Device повреждение памяти	7.6	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2022-2977
10	D-Link Go-RT-AC750 gena.php эскалация привилегий	7.6	7.6	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00121	0.03	CVE-2022-36523
11	Multivendor Marketplace Solution for WooCommerce Order Status неизвестная уязвимость	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00053	0.00	CVE-2022-2657
12	taviso Lotus 1-2-3 Worksheet process_fmt повреждение памяти	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00068	0.00	CVE-2022-39843
13	image-tiler эскалация привилегий	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00194	0.00	CVE-2020-28451
14	Apple macOS Kernel раскрытие информации	3.3	3.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00062	0.00	CVE-2022-32817
15	Irfan Skiljan IrfanView ShowPlugInSaveOptions_W повреждение памяти	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00057	0.00	CVE-2020-23561
16	Microsoft Windows Defender Credential Guard Privilege Escalation	8.3	7.3	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00043	0.00	CVE-2022-34711
17	Microsoft Windows Kerberos Privilege Escalation	8.8	8.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00121	0.00	CVE-2022-30165
18	Microsoft Windows Kerberos AppContainer Privilege Escalation	8.9	8.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00043	0.00	CVE-2022-30164
19	Microsoft Windows Network File System Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.88909	0.04	CVE-2022-30136
20	Vmware Workspace ONE Access слабая аутентификация	9.8	9.1	$25k-$100k	$0-$5k	Functional	Official Fix	0.58483	0.00	CVE-2022-22972

Кампании (1)

These are the campaigns that can be associated with the actor:

WindShift

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Кампании	Identified	Тип	Уверенность
1	37.46.150.102		Hangover	WindShift	29.08.2021	verified	Высокий
2	45.133.1.133		Hangover	WindShift	29.08.2021	verified	Высокий
3	XXX.XXX.XX.XXX	xxx.xxxxxxxxxxx.xxx.xx	Xxxxxxxx	Xxxxxxxxx	29.08.2021	verified	Высокий
4	XXX.XXX.XX.XXX	xxxx.xx.xxxxxxxxxx.xxx	Xxxxxxxx	Xxxxxxxxx	29.08.2021	verified	Высокий
5	XXX.XX.XX.XXX	xxxx-xxxxx.xxxxxxx.xxxx	Xxxxxxxxx	Xxxxxxxxx	22.12.2020	verified	Высокий
6	XXX.XXX.XXX.XX	xxx-xxxx.xxxxx--xxxxxxx.xxx	Xxxxxxxx	Xxxxxxxxx	29.08.2021	verified	Высокий
7	XXX.XXX.XX.XXX		Xxxxxxxx	Xxxxxxxxx	29.08.2021	verified	Высокий

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Класс	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CAPEC-126	CWE-22, CWE-25	Path Traversal	predictive	Высокий
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Высокий
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Высокий
4	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Высокий
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
6	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Высокий
7	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
8	TXXXX	CAPEC-108	CWE-XX, CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
9	TXXXX	CAPEC-466	CWE-XXX	Xxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxx	predictive	Высокий
10	TXXXX.XXX	CAPEC-	CWE-XXX	Xxxxxxxx Xxxxxx Xxxx	predictive	Высокий
11	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
12	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Высокий

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	.procmailrc	predictive	Средний
2	File	/cgi-bin/wapopen	predictive	Высокий
3	File	/htdocs/upnpinc/gena.php	predictive	Высокий
4	File	/it-IT/splunkd/__raw/services/get_snapshot	predictive	Высокий
5	File	/xxxxxxx/xxxxx/xxxxx.xxx	predictive	Высокий
6	File	/xxxxxxx/	predictive	Средний
7	File	xxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.x	predictive	Высокий
8	File	xxxx/xxxxxxxxxxxx.xxx	predictive	Высокий
9	File	xxxxxxxx.xxx	predictive	Средний
10	File	xxx.xxx?xxx=xxxxx_xxxx	predictive	Высокий
11	File	xxxxxxxxxxxxxx/xxxxxxx.xxx	predictive	Высокий
12	File	xxxxxxxx.xxx	predictive	Средний
13	File	xx-xxxxxxxxxxx.xxx	predictive	Высокий
14	File	~/xx-xxxxxxxx.xxx	predictive	Высокий
15	Argument	$_xxxxxx['xxx_xxxx']	predictive	Высокий
16	Argument	--xxxx=xxx	predictive	Средний
17	Argument	xxxxxxxx	predictive	Средний
18	Argument	xxx	predictive	Низкий
19	Argument	xxxxxxxxxx	predictive	Средний
20	Argument	xxxxxxxx	predictive	Средний
21	Argument	xxxxx	predictive	Низкий
22	Argument	xxxxxx_xx	predictive	Средний
23	Argument	xxxx_xxxx	predictive	Средний
24	Argument	xxx	predictive	Низкий
25	Argument	xxx	predictive	Низкий
26	Argument	xxxxxxxx/xxxx	predictive	Высокий
27	Input Value	../..	predictive	Низкий

Ссылки (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!