BadBazaar Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (260)

Lang

en	176
zh	66
fr	16
de	2

Land

cn	106
us	100
fr	12
de	12
ca	6

Skådespelare

BadBazaar	10
Cobalt Strike	7
pupy	3
Curious Gorge	2
Sliver	2

Intressera

Typ

Not Defined	54
Operating System	14
Content Management System	10
Router Operating System	8
Web Browser	8

Säljare

Not Defined	68
Microsoft	14
Cisco	8
Google	8
Apple	4

Produkt

Microsoft Windows	10
Google Chrome	6
MediaWiki	4
Apache HTTP Server	4
OpenSSH	4

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Tiki Admin Password tiki-login.php svag autentisering	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00936	2.02	CVE-2020-15906
2	Ignite Realtime Openfire Administration Console svag autentisering	7.8	7.7	$0-$5k	$0-$5k	High	Official Fix	0.97409	0.04	CVE-2023-32315
3	Synacor Zimbra Collaboration mboximport kataloggenomgång	4.7	4.5	$0-$5k	$0-$5k	High	Official Fix	0.94758	0.00	CVE-2022-27925
4	Google Chrome WebGPU minneskorruption	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00465	0.03	CVE-2022-2007
5	Google Chrome Compositing informationsgivning	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00233	0.03	CVE-2022-2010
6	Google Chrome WebGL informationsgivning	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00240	0.02	CVE-2022-2008
7	Apple Mac OS X TCP Timestamp informationsgivning	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00243	0.00	CVE-2003-0882
8	cPanel Filter API privilegier eskalering	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00094	0.00	CVE-2017-18433
9	OpenVPN Access Server Web Portal svag kryptering	5.6	5.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00151	0.05	CVE-2022-33738
10	Essential Addons for Elementor Plugin privilegier eskalering	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03893	0.02	CVE-2023-32243
11	WordPress WP_Query sql injektion	6.3	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.93536	0.04	CVE-2022-21661
12	Nginx Autoindex Module minneskorruption	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00845	0.07	CVE-2017-20005
13	Liferay Portal Velocity Template privilegier eskalering	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00330	0.02	CVE-2010-5327
14	Freeware Advanced Audio Decoder sbr_hfadj.c calculate_gain minneskorruption	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00246	0.00	CVE-2018-20196
15	WordPress WP_Query class-wp-query.php sql injektion	8.5	8.4	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00318	0.00	CVE-2017-5611
16	Linksys E2000 position.js svag autentisering	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00053	0.04	CVE-2024-27497
17	phpMyAdmin SearchController sql injektion	8.0	7.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00745	0.00	CVE-2020-26935
18	Atlassian JIRA Server/Data Center QueryComponent!Default.jspa informationsgivning	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00628	0.04	CVE-2020-14179
19	Microsoft Windows Cloud Files Mini Filter Driver Local Privilege Escalation	7.8	7.5	$25k-$100k	$5k-$25k	High	Official Fix	0.00043	0.05	CVE-2023-36036
20	Freemius SDK Plugin fs_request_get cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.04	CVE-2023-33999

IOC - Indicator of Compromise (15)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Identified	Typ	Förtroende
1	45.63.89.238	45.63.89.238.vultrusercontent.com	BadBazaar	20/09/2023	verified	Hög
2	45.133.238.92		BadBazaar	20/09/2023	verified	Hög
3	45.154.12.132		BadBazaar	20/09/2023	verified	Hög
4	XX.XXX.XX.XXX		Xxxxxxxxx	20/09/2023	verified	Hög
5	XX.XXX.XX.XXX		Xxxxxxxxx	20/09/2023	verified	Hög
6	XX.XXX.XX.XXX	xx-xx.xxxxxxxxxxxxxxx.xxx	Xxxxxxxxx	20/09/2023	verified	Hög
7	XX.XXX.XXX.XXX		Xxxxxxxxx	20/09/2023	verified	Hög
8	XX.XXX.XXX.XXX	xx.xxx.xxx.xxx.xxxxxx.xxxx.xxx	Xxxxxxxxx	20/09/2023	verified	Hög
9	XXX.XX.XXX.XXX		Xxxxxxxxx	20/09/2023	verified	Hög
10	XXX.XX.XXX.XXX		Xxxxxxxxx	20/09/2023	verified	Hög
11	XXX.XXX.XX.XXX	xxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxxxx	20/09/2023	verified	Hög
12	XXX.XXX.XX.XXX		Xxxxxxxxx	20/09/2023	verified	Hög
13	XXX.XX.XX.XX		Xxxxxxxxx	20/09/2023	verified	Hög
14	XXX.XXX.XXX.XX		Xxxxxxxxx	20/09/2023	verified	Hög
15	XXX.XXX.XX.XX	xxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxx	20/09/2023	verified	Hög

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1006	CAPEC-126	CWE-21, CWE-22	Path Traversal	predictive	Hög
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Hög
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Hög
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
6	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Hög
7	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
8	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Hög
9	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Hög
10	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
11	TXXXX	CAPEC-102	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
12	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
13	TXXXX	CAPEC-112	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Hög
14	TXXXX.XXX	CAPEC-59	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Hög
15	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (78)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/ajax/device_entities.php?entity_type=netscalervsvr	predictive	Hög
2	File	/cgi-bin/supervisor/PwdGrp.cgi	predictive	Hög
3	File	/current_action.php?action=reboot	predictive	Hög
4	File	/etc/postfix/sender_login	predictive	Hög
5	File	/file/upload/1	predictive	Hög
6	File	/filemanager/ajax_calls.php	predictive	Hög
7	File	/Items/*/RemoteImages/Download	predictive	Hög
8	File	/login.php	predictive	Medium
9	File	/opt/zimbra/jetty/webapps/zimbra/public	predictive	Hög
10	File	/xxxxxx/xxxxxxxxxxxxxx!xxxxxxx.xxxx	predictive	Hög
11	File	xxxxxxx/xxxxxxxxxxxxxxxxxx.xxx	predictive	Hög
12	File	xxxxxx.xxx	predictive	Medium
13	File	xxxxxxx/xxxxxxx/xxxxxx.xxx	predictive	Hög
14	File	xxxx_xxxx.xxx	predictive	Hög
15	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Hög
16	File	xxxx/xxxxxxxx.xxxx.xxxxxxx.xxx	predictive	Hög
17	File	xxxxxx.xxx	predictive	Medium
18	File	xxx/xxxxxx/xxxxxx/xxxxxxxxxxx/xxx.xxx	predictive	Hög
19	File	xxxxxxx_x.x	predictive	Medium
20	File	xxxxxxxxx.xxx.xxx	predictive	Hög
21	File	xx_xxx_xx.x	predictive	Medium
22	File	xxxxxxxxxx.xxxx	predictive	Hög
23	File	xxx/xxxxxx.xxx	predictive	Hög
24	File	xxxxx.xxx	predictive	Medium
25	File	xxxxxxxxxx.xxx	predictive	Hög
26	File	xxxxxxxxxx/xxx/xxxxxx_xxxx.xxx	predictive	Hög
27	File	xxxxxxxx_xxxxxxx.xxxxx.xxx	predictive	Hög
28	File	xxxxxxx/xxx_xxxxx.x	predictive	Hög
29	File	xxxxxxxx.x	predictive	Medium
30	File	xxxxx_xx.xxxx	predictive	Hög
31	File	xxx/xxxx/xx_xxxxxxxx.x	predictive	Hög
32	File	xxxxx.x	predictive	Låg
33	File	xxxxxxxx.xxx	predictive	Medium
34	File	xxxxxx.x	predictive	Medium
35	File	xxxxxxxxx_xxxxx.xxxxx.xxx	predictive	Hög
36	File	xxxxxxxxx/xxxxxxxxxxxx	predictive	Hög
37	File	xxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxx	predictive	Hög
38	File	xxxxxxxx.xx	predictive	Medium
39	File	xxxx.xxx	predictive	Medium
40	File	xxxxxxx_xxxxxxx.xxx	predictive	Hög
41	File	xxxx-xxxxx.xxx	predictive	Hög
42	File	xxxxx_xxxxx.xxx	predictive	Hög
43	File	xxxxx.xxxx	predictive	Medium
44	File	xxxx.xxx	predictive	Medium
45	File	xxxxxxx.xxx	predictive	Medium
46	File	xxxxxxx.xxx	predictive	Medium
47	File	xx-xxxxx-xxxxxx.xxx	predictive	Hög
48	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	Hög
49	File	xx-xxxxxxxx/xxxx.xxx	predictive	Hög
50	Library	xxx.xxx	predictive	Låg
51	Argument	xxxxxxxx	predictive	Medium
52	Argument	xxxxx_xxxx	predictive	Medium
53	Argument	xxx	predictive	Låg
54	Argument	xxx	predictive	Låg
55	Argument	xxxxxx_xx[]	predictive	Medium
56	Argument	xxx	predictive	Låg
57	Argument	xxxxxxxxxxxxxxxxx	predictive	Hög
58	Argument	xxx	predictive	Låg
59	Argument	xxxxxxxx	predictive	Medium
60	Argument	xxxxxxxxxxxx	predictive	Medium
61	Argument	xxxx	predictive	Låg
62	Argument	xx	predictive	Låg
63	Argument	xxxxxxxx	predictive	Medium
64	Argument	xxxxx	predictive	Låg
65	Argument	xxxxx_xxx	predictive	Medium
66	Argument	xxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxx	predictive	Hög
67	Argument	xxxxxxxx	predictive	Medium
68	Argument	xxxxxx	predictive	Låg
69	Argument	xx	predictive	Låg
70	Argument	xxxxxx_xxxx	predictive	Medium
71	Argument	xxxx_xxxxx	predictive	Medium
72	Argument	xxxxx_xxxx	predictive	Medium
73	Argument	xxxxxxxxxxxx	predictive	Medium
74	Argument	\xxxxxx\	predictive	Medium
75	Input Value	%xxxxxx+-x+x+xx.x.xx.xxx%xx%xx	predictive	Hög
76	Input Value	..	predictive	Låg
77	Input Value	\xxx\xxx	predictive	Medium
78	Network Port	xxx/xxx (xxxx)	predictive	Hög

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Might our Artificial Intelligence support you?

Check our Alexa App!