Zeppelin Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (14)

Язык

en	8
ru	6

Страна

ru	6
me	4
us	4

Акторы

FIN7	1
MuddyWater	1
Bandook	1
TrickBot	1
Zeppelin	1

Интерес

Тип

Not Defined	4
Remote Access Software	2
JavaScript Library	2
WordPress Plugin	2
Content Management System	2

Поставщик

Not Defined	10
SAP	2

Продукт

SAP BASIS	2
Backdoor.Win32.Redkod.d	2
301 Redirects - Easy Redirect Manager Plugin	2
Node.js	2
Social Login and Register Plugin	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	Backdoor.Win32.Redkod.d Service Port 4820 слабая аутентификация	7.3	6.4	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00000	0.00
2	simple-git listRemote Remote Code Execution	7.8	7.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01499	0.03	CVE-2022-25860
3	SAP BASIS эскалация привилегий	8.8	8.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00094	0.02	CVE-2022-41264
4	Node.js Module._load эскалация привилегий	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00091	0.03	CVE-2023-32002
5	pesign systemd Service эскалация привилегий	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.02	CVE-2022-3560
6	WordPress обход каталога	5.7	5.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00326	0.00	CVE-2023-2745
7	Social Login and Register Plugin слабая аутентификация	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01494	0.00	CVE-2023-2982
8	HCL Traveler Web Admin LotusTraveler.nsf межсайтовый скриптинг	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00054	0.00	CVE-2022-27561
9	301 Redirects - Easy Redirect Manager Plugin WordPress sql-инъекция	6.7	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00064	0.00	CVE-2021-24142
10	WordPress Editor раскрытие информации	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00463	0.04	CVE-2021-29450
11	WordPress Media Library Parser XML External Entity	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01059	0.02	CVE-2021-29447
12	10Web Photo Gallery Plugin model.php sql-инъекция	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00138	0.02	CVE-2021-24139

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Кампании	Identified	Тип	Уверенность
1	45.142.213.167	katitoons.com	Zeppelin		12.05.2022	verified	Высокий
2	XXX.XXX.XXX.XXX		Xxxxxxxx		12.05.2022	verified	Высокий

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CWE-22	Path Traversal	predictive	Высокий
2	T1059	CWE-94	Argument Injection	predictive	Высокий
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Высокий
4	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Высокий
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Высокий
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/etc/pki/pesign	predictive	Высокий
2	File	frontend/models/model.php	predictive	Высокий
3	File	xxxxxxxxxxxxx.xxx	predictive	Высокий
4	Argument	xxx_xxxxxx_x	predictive	Средний
5	Argument	xxxxxx xxxx	predictive	Средний

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!