Xpiro Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (85)

Временная шкала

Язык

en82
fr2
de2

Страна

us26
es8
vn2
in2
kr2

Акторы

Xpiro4
Ramnit2
TrickBot1
Zeus1

Деятельность

Интерес

Временная шкала

Тип

Not Defined24
Smartphone Operating System6
E-Commerce Management Software4
Content Management System4
Web Server4

Поставщик

Not Defined34
SAP8
Google8
Apache4
Apple2

Продукт

Google Android6
SAP Internet Graphics Server4
phpMyAdmin2
Apple iTunes2
woocommerce-exporter Plugin2

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemCTIEPSSCVE
1ThemeIsle Orbit Fox Plugin межсайтовый скриптинг4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00045CVE-2024-1323
2IBM PowerSC эскалация привилегий6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00073CVE-2023-50940
3Embed Calendly Plugin Shortcode межсайтовый скриптинг5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.030.00045CVE-2023-4995
4Tracker Software PDF-XChange Editor U3D File Parser раскрытие информации6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00000CVE-2023-42058
5Mozilla Firefox XLL Add-In File эскалация привилегий4.34.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00055CVE-2023-4581
6PHP Jabbers Yacht Listing Script Password Recovery раскрытие информации6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00091CVE-2023-40761
7OpenRapid RapidCMS run-movepass.php эскалация привилегий7.57.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.060.00063CVE-2023-4448
8Chamilo SVG File fileUpload.lib.php эскалация привилегий7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00088CVE-2023-34944
9Apache InLong эскалация привилегий6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00125CVE-2023-31206
10Nokia NetAct Configuration Dashboard Page XML External Entity6.46.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00069CVE-2023-26057
11Google Android PowerVR Kernel Driver PVRSRVBridgeRGXTDMSubmitTransfer повреждение памяти6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00043CVE-2021-0879
12Oracle MySQL Server Packaging раскрытие информации7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.00092CVE-2022-43551
13Mikrobi Babel redirect.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.030.00215CVE-2019-1010290
14Nextcloud App Password Protection слабая аутентификация4.14.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00053CVE-2023-28647
15Google Android unwinding.cc UnwindingWorker повреждение памяти5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2023-21018
16OTCMS apiRun.php AutoRun межсайтовый скриптинг4.44.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00062CVE-2023-1635
17Google Android повреждение памяти5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2023-21042
18SourceCodester Alphaware Simple E-Commerce System Payment summary.php эскалация привилегий6.15.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00200CVE-2023-0998
19ThingsBoard слабая аутентификация8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00337CVE-2023-26462
20Microsoft Dynamics 365 межсайтовый скриптинг5.44.9$5k-$25k$0-$5kUnprovenOfficial Fix0.020.00052CVE-2023-21573

IOC - Indicator of Compromise (27)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
13.217.206.46ec2-3-217-206-46.compute-1.amazonaws.comXpiro13.08.2022verifiedСредний
23.223.115.185ec2-3-223-115-185.compute-1.amazonaws.comXpiro06.11.2021verifiedСредний
313.107.42.23Xpiro18.07.2021verifiedВысокий
420.36.252.129Xpiro08.01.2022verifiedВысокий
520.42.73.29Xpiro13.02.2022verifiedВысокий
620.189.173.20Xpiro13.02.2022verifiedВысокий
7XX.XXX.XXX.XXXxxxx13.02.2022verifiedВысокий
8XX.XXX.XX.XXxx.xx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxx13.02.2022verifiedСредний
9XX.XX.XX.XXXXxxxx06.11.2021verifiedВысокий
10XX.XX.XX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxx13.02.2022verifiedВысокий
11XX.XX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxx13.02.2022verifiedВысокий
12XX.XXX.XXX.XXXXxxxx13.02.2022verifiedВысокий
13XX.XXX.XXX.XXXXxxxx13.02.2022verifiedВысокий
14XX.XX.XX.XXXxxxxxxxxx.xxx.xxxxxxx.xxXxxxx24.10.2021verifiedВысокий
15XX.XX.XXX.XXxxxx.xxxxxxxxx.xxxXxxxx24.10.2021verifiedВысокий
16XX.XX.XXX.XXxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxx13.02.2022verifiedВысокий
17XX.XXX.XXX.XXXXxxxx24.10.2021verifiedВысокий
18XX.XXX.XXX.XXxxxx.xxxxxxxxxx.xxxXxxxx13.02.2022verifiedВысокий
19XX.XXX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxx13.02.2022verifiedВысокий
20XXX.XX.XX.XXXxxxx08.01.2022verifiedВысокий
21XXX.XX.XX.XXXxxxx08.01.2022verifiedВысокий
22XXX.XXX.XX.XXXxxxx13.02.2022verifiedВысокий
23XXX.XX.XXX.XXXxxx-xxx-xx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxx13.08.2022verifiedСредний
24XXX.XX.XX.XXXxxxx13.02.2022verifiedВысокий
25XXX.XX.XX.XXXxxxx13.02.2022verifiedВысокий
26XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxx06.05.2022verifiedВысокий
27XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxx13.02.2022verifiedВысокий

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueУязвимостиВектор доступаТипУверенность
1T1006CWE-22Path TraversalpredictiveВысокий
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveВысокий
3T1059CWE-94Argument InjectionpredictiveВысокий
4T1059.007CWE-79Cross Site ScriptingpredictiveВысокий
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveВысокий
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveВысокий
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveВысокий
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveВысокий
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveВысокий
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveВысокий
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
13TXXXX.XXXCWE-XXXXxxxxxxxpredictiveВысокий
14TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
15TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveВысокий
16TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveВысокий
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/alphaware/summary.phppredictiveВысокий
2File/LoginAdminpredictiveСредний
3File/vloggers_merch/classes/Master.php?f=delete_inventorypredictiveВысокий
4Fileadmin/run-movepass.phppredictiveВысокий
5Filexxxxxx.xxxpredictiveСредний
6Filexxxxxxx/xxx/xxx-xxxx.xpredictiveВысокий
7Filexxxxxx.xxpredictiveСредний
8Filexxx/xxxxx.xxxxpredictiveВысокий
9Filexxxxxxxxxxxxx.xxxpredictiveВысокий
10Filexxxxxxxx.xxxpredictiveСредний
11Filexxx_xxxx.xpredictiveСредний
12Filexxxxxx-xxxxxxx.xxxpredictiveВысокий
13Filexxxxxxx.xxxpredictiveСредний
14Filexxxxxxxxx.xxpredictiveСредний
15Filexxxxxxxxx/xxx/xxx.xpredictiveВысокий
16Filexxxx.xxpredictiveНизкий
17Filexxxxxxxxxxxx.xxxpredictiveВысокий
18Library/xxxxxxxxxx.xxx.xxxpredictiveВысокий
19ArgumentxxxxxxpredictiveНизкий
20Argumentxxx_xxxxxx_xxxx_xxx_xxxxxx_xxxx/xxx_xxxxxx_xxxx_xxx_xxxxxx_xxxxxpredictiveВысокий
21ArgumentxxxxpredictiveНизкий
22ArgumentxxxxxxpredictiveНизкий
23ArgumentxxxxpredictiveНизкий
24Argumentxxxxxxxx/xxxxxxxxxpredictiveВысокий
25Argumentxxxxxxx_xxxxxxxpredictiveВысокий
26Argumentxx_xxxxpredictiveНизкий
27Argumentxxx_xxxxxxx_xxxxxxxx/xxx_xxxxxxx_xxxxxxxxpredictiveВысокий
28ArgumentxxxpredictiveНизкий
29ArgumentxxxxxxxxpredictiveСредний
30Input Value::$xxxxx_xxxxxxxxxxpredictiveВысокий
31Pattern|xx|predictiveНизкий
32Network Portxxx xxxxxx xxxxpredictiveВысокий

Ссылки (8)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Do you need the next level of professionalism?

Upgrade your account now!