00536d Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

Tidslinje

Lang

en16
zh4
it2

Land

us10
ca8
cn4

Skådespelare

00536d3

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined8
Web Server4
Wireless LAN Software2
JavaScript Library2
File Transfer Software2

Säljare

Not Defined10
Microsoft2
Dynacolor2
Netgear2
IBM2

Produkt

Microsoft IIS2
eG Manager2
NexusPHP2
Dynacolor FCM-MB402
Netgear D6300B2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1Checkmk UI förnekande av tjänsten2.72.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.03CVE-2023-23549
2Softing smartLink SW-HT svag kryptering5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2022-48193
3PHP Date Extension parse_date.c php_parse_date informationsgivning6.46.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.007770.00CVE-2017-16642
4ImageMagick png.c ReadOnePNGImage minneskorruption5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000600.00CVE-2017-11539
5PhotoPost PHP Pro showproduct.php sql injektion9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002760.04CVE-2004-0250
6Comments comments.php sql injektion6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
7Black Tie Project Category ID categorie.php3 Path informationsgivning5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003420.02CVE-2002-0446
8Dynacolor FCM-MB40 förfalskning på begäran över webbplatsen6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001120.00CVE-2019-13401
9eG Manager svag autentisering8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.006590.04CVE-2020-8591
10NexusPHP modtask.php sql injektion8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001840.00CVE-2017-12909
11Active Auction House ItemInfo.asp sql injektion6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.006850.00CVE-2005-1029
12WP Fastest Cache Plugin wpFastestCache.php rm_folder_recursively privilegier eskalering5.65.6$0-$5k$0-$5kNot DefinedNot Defined0.022240.00CVE-2019-6726
13AXIS 2110 Network Camera editcgi.cgi kataloggenomgång5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.014920.02CVE-2004-2426
14Oracle Fusion Middleware WebLogic Server privilegier eskalering9.09.0$5k-$25k$0-$5kHighNot Defined0.975730.02CVE-2019-2725
15Netgear D6300B Credential Storage nvram svag kryptering5.44.6$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.00
16Biscom Secure File Transfer AngularJS privilegier eskalering5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000570.00CVE-2017-5246
17IBM HTTP Server minneskorruption6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.003590.03CVE-2015-4947
18jQuery UI dialog cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.004690.07CVE-2016-7103
19Citrix XenApp XML Service Interface minneskorruption9.98.6$25k-$100k$0-$5kUnprovenOfficial Fix0.045800.03CVE-2012-5161
20Microsoft IIS privilegier eskalering9.99.9$25k-$100k$5k-$25kNot DefinedNot Defined0.088750.04CVE-2010-1256

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
18.208.9.9800536d12/04/2022verifiedHög
254.39.74.12400536d12/04/2022verifiedHög
3XX.XXX.XX.XXXXxxxxx12/04/2022verifiedHög
4XX.XXX.XXX.XXXxxxxx12/04/2022verifiedHög
5XXX.XXX.X.XXXxxx.xxxx-xxxxxx.xxxXxxxxx12/04/2022verifiedHög
6XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxxx12/04/2022verifiedHög

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSårbarheterÅtkomstvektorTypFörtroende
1T1006CWE-22Path TraversalpredictiveHög
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHög
3TXXXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveHög
4TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHög
5TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHög
7TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
9TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/data/nvrampredictiveMedium
2Filecategorie.php3predictiveHög
3Filecgi-bin/predictiveMedium
4Filexxxxxx/xxx.xpredictiveMedium
5Filexxx.xxxxxxx.xxxxxxxxxxxxxx?xxxxx=xxxxx&xxxxx=&xxxxxxxxx=xxxxxxxxxpredictiveHög
6Filexxxxxxxx.xxxpredictiveMedium
7Filexxxxxxx.xxxpredictiveMedium
8Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveHög
9Filexxxxxxxx.xxxpredictiveMedium
10Filexxxxxxx.xxxpredictiveMedium
11Filexxxxxxxxxxx.xxxpredictiveHög
12Filexxxxxxxxxxxxxx.xxxpredictiveHög
13ArgumentxxxpredictiveLåg
14ArgumentxxxpredictiveLåg
15ArgumentxxxxxxxxxpredictiveMedium
16Argumentxxxxxxx xxxxpredictiveMedium
17ArgumentxxxxxxpredictiveLåg
18ArgumentxxxpredictiveLåg
19ArgumentxxxxxxpredictiveLåg
20Input Value../predictiveLåg
21Input Value{{ }}predictiveLåg
22Network Portxxxxxxxxxxxxxx xxxxxxpredictiveHög

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!