3AM Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (35)

Lang

en	32
zh	2
ru	2

Land

us	34
nl	2

Skådespelare

LockBit	1
Cobalt Strike	1
UAC-0010	1
Scarab Ransomware	1
Phobos	1

Intressera

Typ

Not Defined	14
Content Management System	4
Network Camera Software	2

Säljare

Not Defined	10
Samsung	2
Xitex	2
Honeywell	2
WordPress	2

Produkt

SolusVM	2
OpenX	2
GetSimpleCMS	2
Samsung Memory Card & UFD Authentication Utility P ...	2
Xitex Xitex WebContent M1	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	LogicBoard CMS away.php Redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	3.17
2	Bitrix Site Manager redirect.php privilegier eskalering	5.3	4.7	$0-$5k	$0-$5k	Unproven	Unavailable	0.00113	0.03	CVE-2008-2052
3	Serendipity exit.php privilegier eskalering	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.48
4	GetSimpleCMS index.php Redirect	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00123	0.00	CVE-2019-9915
5	FLDS redir.php sql injektion	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00203	0.34	CVE-2008-5928
6	Login and Logout Redirect Plugin	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00046	0.03	CVE-2023-41648
7	WPMU Forminator Plugin privilegier eskalering	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00045	0.86	CVE-2024-28890
8	Honeywell ProWatch privilegier eskalering	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.03	CVE-2023-6179
9	SolusVM WHMCS privilegier eskalering	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00064	0.05	CVE-2022-42175
10	Openads adclick.php Remote Code Execution	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01871	0.72	CVE-2007-2046
11	MB connect line mymbCONNECT24/mbCONNECT24 redirect.php Redirect	6.2	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00084	0.04	CVE-2020-35560
12	WordPress AdServe adclick.php sql injektion	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00073	0.08	CVE-2008-0507
13	Xitex Xitex WebContent M1 redirect.do cross site scripting	4.3	4.2	$0-$5k	$0-$5k	High	Unavailable	0.00192	0.03	CVE-2008-1209
14	OpenX adclick.php Redirect	5.3	4.7	$0-$5k	$0-$5k	Unproven	Unavailable	0.00440	0.91	CVE-2014-2230
15	Samsung Memory Card & UFD Authentication Utility PC Software svag autentisering	7.6	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2023-41929
16	Crypto++ ECDSA Signature Generation FixedSizeAllocatorWithCleanup informationsgivning	5.0	5.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00046	0.00	CVE-2022-48570
17	AVM FRITZ!Box webcm privilegier eskalering	7.3	7.1	$0-$5k	$0-$5k	High	Workaround	0.95702	0.03	CVE-2014-9727
18	grunt Package load privilegier eskalering	5.8	5.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00851	0.07	CVE-2020-7729
19	Memcached process_bin_update minneskorruption	9.0	8.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.86732	0.03	CVE-2016-8705
20	AVTECH IP Camera/NVR/DVR PwdGrp.cgi privilegier eskalering	9.8	9.2	$5k-$25k	$0-$5k	High	Unavailable	0.00000	0.04

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Skådespelare	Identified	Typ	Förtroende
1	85.159.229.62	3AM	11/10/2023	verified	Hög
2	XXX.XXX.X.XXX	Xxx	11/10/2023	verified	Hög
3	XXX.XX.XXX.X	Xxx	11/10/2023	verified	Hög

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1		CAPEC-132	CWE-59, CWE-99, CWE-189, CWE-190, CWE-266, CWE-275, CWE-287, CWE-732	Unknown Vulnerability	predictive	Hög
2	T1059	CAPEC-10	CWE-74, CWE-94, CWE-707	Argument Injection	predictive	Hög
3	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
4	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
5	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
6	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Hög
7	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Hög
8	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
9	TXXXX.XXX	CAPEC-19	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/cgi-bin/supervisor/PwdGrp.cgi	predictive	Hög
2	File	/forum/away.php	predictive	Hög
3	File	adclick.php	predictive	Medium
4	File	xxxxx/xxxxx.xxx	predictive	Hög
5	File	xxx-xxx/xxxxx	predictive	Hög
6	File	xxxx.xxx	predictive	Medium
7	File	xxxxx.xxx	predictive	Medium
8	File	xxxxxxxx.xx	predictive	Medium
9	File	xxxxxxxx.xxx	predictive	Medium
10	Argument	xxxx	predictive	Låg
11	Argument	xxxx	predictive	Låg
12	Argument	xx	predictive	Låg
13	Argument	xxxxxxxx	predictive	Medium
14	Argument	xxx	predictive	Låg
15	Argument	xxx	predictive	Låg
16	Argument	xxx:xxxx	predictive	Medium

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Might our Artificial Intelligence support you?

Check our Alexa App!