AV Tech Support Scam Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (21)

Tidslinje

Lang

en16
ru6

Land

cn12
ru6
ua2
pl2

Skådespelare

AV Tech Support Scam2
IcedID1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined8
Firewall Software2
Programming Language Software2
Operating System2
Web Browser2

Säljare

Not Defined6
Tongda2
Sangfor2
FasterXML2
Linux2

Produkt

Tongda OA2
ITFlow2
Sangfor Next-Gen Application Firewall2
FasterXML jackson-databind2
Linux Kernel2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1mintplex-labs anything-llm POST privilegier eskalering7.97.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-0440
2QNAP QTS/QuTS hero/QuTScloud privilegier eskalering5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.003050.04CVE-2023-47218
3Tenda AC9 fromSetIpMacBind minneskorruption8.88.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.06CVE-2024-25748
4DedeCMS article_allowurl_edit.php privilegier eskalering6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000940.19CVE-2023-2928
5Sangfor Next-Gen Application Firewall loadfile.php informationsgivning4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.001130.08CVE-2023-30804
6Tongda OA delete.php sql injektion7.57.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000630.05CVE-2023-5019
7ITFlow settings.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.02CVE-2024-25344
8Huawei HarmonyOS/EMUI Wi-Fi Module svag autentisering4.34.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000430.04CVE-2022-48621
9FasterXML jackson-databind privilegier eskalering6.86.5$0-$5k$0-$5kNot DefinedOfficial Fix0.004310.06CVE-2021-20190
10LG Signage TV webOS privilegier eskalering6.86.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000430.04CVE-2024-1885
11SAP IDES Systems privilegier eskalering6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.03CVE-2024-22132
12Microsoft Windows Media Center MCL File ehshell.exe XML External Entity6.55.9$100k och mer$0-$5kProof-of-ConceptUnavailable0.000000.00
13Rarlab UnRAR Unpack kataloggenomgång6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.905490.00CVE-2022-30333
14Microsoft Intune Management Extension Remote Code Execution8.17.1$25k-$100k$0-$5kUnprovenOfficial Fix0.010070.00CVE-2021-31980
15DevExpress.XtraReports.UI privilegier eskalering5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.015020.00CVE-2021-36483
16MikroTik RouterOS bfd förnekande av tjänsten4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002090.00CVE-2020-20220
17Linux Kernel Array Access xfrm_user.c __xfrm_policy_unlink informationsgivning5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.03CVE-2019-15666
18Linksys WRT1900ACS Cookie Base64 svag kryptering6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000460.03CVE-2019-7311
19Google Chrome Blink privilegier eskalering5.85.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.001190.00CVE-2017-5027
20PCRE pcregrep informationsgivning5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.004690.00CVE-2015-8393

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
168.183.175.204AV Tech Support Scam10/01/2019verifiedHög
2XXX.XX.XXX.XXXx Xxxx Xxxxxxx Xxxx10/01/2019verifiedHög
3XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxxx.xxxxxxxx.xxxXx Xxxx Xxxxxxx Xxxx10/01/2019verifiedHög
4XXX.XXX.XXX.XXXXx Xxxx Xxxxxxx Xxxx10/01/2019verifiedHög
5XXX.XXX.XXX.XXXXx Xxxx Xxxxxxx Xxxx10/01/2019verifiedHög

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1CAPEC-10CWE-20, CWE-119, CWE-121, CWE-125, CWE-287, CWE-306, CWE-404, CWE-476, CWE-502, CWE-610, CWE-611, CWE-918Unknown VulnerabilitypredictiveHög
2T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHög
3TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxxxxx XxxxxxxxxpredictiveHög
4TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx XxxxxxxxxpredictiveHög
5TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
6TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
7TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveHög
8TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
9TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög

IOA - Indicator of Attack (10)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/nova/bin/bfdpredictiveHög
2Fileehshell.exepredictiveMedium
3Filexxxxxxx/xx/xxxxxx/xxxxx_xxxxxxxxxxxxx/xxxxxx.xxxpredictiveHög
4Filexxx/xxxx/xxxx_xxxx.xpredictiveHög
5Filexxxxxxxx.xxxpredictiveMedium
6Filexxxx_xxxx/xxxxxxxx.xxxpredictiveHög
7Filexxxxxxx/xxxx/xxxxxxx_xxxxxxxx_xxxx.xxxpredictiveHög
8Argument-xpredictiveLåg
9ArgumentxxxxxxxpredictiveLåg
10Argumentxxxxxxxxxxxxx_xxpredictiveHög

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Interested in the pricing of exploits?

See the underground prices here!