Amnesia Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

Lang

en	16

Land

gb	6
us	4
ru	2
in	2
nl	2

Skådespelare

Amnesia	1
GoGoogle	1

Intressera

Typ

WordPress Plugin	6
Network Management Software	2
Asset Management Software	2
Chat Software	2
Not Defined	2

Säljare

Not Defined	14
Crocoblock	2

Produkt

PRTG Network Monitor	2
GLPI	2
Rocket.Chat Server	2
Crocoblock JetEngine	2
Yoast SEO Plugin	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	WordPress Post press-this.php privilegier eskalering	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00054	0.03	CVE-2011-1762
2	Elementor Website Builder Plugin AJAX Action module.php privilegier eskalering	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.96197	0.02	CVE-2022-1329
3	Crocoblock JetEngine Form Data Privilege Escalation	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00201	0.00	CVE-2021-41844
4	Crocoblock JetEngine Custom Forms cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00066	0.00	CVE-2021-38607
5	WPBakery XSS Protection Mechanism kses_remove_filters privilegier eskalering	5.9	5.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00058	0.02	CVE-2020-28650
6	Yoast SEO Plugin Term Description privilegier eskalering	9.0	8.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00244	0.02	CVE-2019-13478
7	Rocket.Chat Server NoSQL sql injektion	8.5	8.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00369	0.04	CVE-2017-1000493
8	vBulletin moderation.php sql injektion	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00284	0.01	CVE-2016-6195
9	PRTG Network Monitor addusers privilegier eskalering	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00093	0.00	CVE-2018-19411
10	PRTG Network Monitor login.htm privilegier eskalering	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00288	0.04	CVE-2018-19410
11	Samba smbd _netr_ServerPasswordSet okänd sårbarhet	6.5	5.7	$0-$5k	$0-$5k	High	Official Fix	0.97400	0.00	CVE-2015-0240
12	OpenSSH Authentication Username informationsgivning	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.10737	0.19	CVE-2016-6210
13	QNAP Music Station privilegier eskalering	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00274	0.00	CVE-2017-13069
14	QNAP NAS cgi.cgi minneskorruption	5.9	5.4	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.00000	0.05
15	Download Manager Redirect	6.2	5.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00233	0.00	CVE-2017-2217
16	GLPI informationsgivning	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00703	0.00	CVE-2011-2720

Kampanjer (1)

These are the campaigns that can be associated with the actor:

TVT Digital DVR Devices

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Kampanjer	Identified	Typ	Förtroende
1	93.174.95.38		Amnesia	TVT Digital DVR Devices	30/08/2021	verified	Hög

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	Hög
2	T1068	CAPEC-19	CWE-264, CWE-284	Execution with Unnecessary Privileges	predictive	Hög
3	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
4	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Hög
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
7	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/api/addusers	predictive	Hög
2	File	/home/httpd/cgi-bin/cgi.cgi	predictive	Hög
3	File	/xxxxxx/xxxxx.xxx	predictive	Hög
4	File	xxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxx	predictive	Hög
5	File	xx-xxxxx/xxxxx-xxxx.xxx	predictive	Hög
6	File	~/xxxx/xxx/xxxxxxx/xxxxxxxxxx/xxxxxx.xxx	predictive	Hög
7	Argument	xxxxxxxx	predictive	Medium
8	Argument	xxxxxxx	predictive	Låg

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Do you know our Splunk app?

Download it now for free!