Bobik Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (158)

Tidslinje

Lang

en156
es2

Land

de32
us6
es2
fr2
ca2

Skådespelare

Bobik2
Mirai1
Bashlite1
Sliver1
RedLine Stealer1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined68
WordPress Plugin28
Operating System6
E-Commerce Management Software6
Photo Gallery Software4

Säljare

Not Defined44
Tenda6
D-Link6
Apache4
IBM4

Produkt

Linux Kernel4
code-projects Simple School Management System4
Qualcomm AQT10004
Qualcomm QCA63914
Qualcomm QCA64204

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1Tiki Admin Password tiki-login.php svag autentisering8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009364.82CVE-2020-15906
2LizardByte Sunshine Device Pairing svag autentisering6.16.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.06CVE-2024-31221
3Vinchin Backup & Recovery syncNtpTime Privilege Escalation7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.001630.02CVE-2024-22899
4Jan De Graaff Com Simpleboard File Upload image_upload.php privilegier eskalering7.36.9$0-$5k$0-$5kProof-of-ConceptUnavailable0.024350.03CVE-2008-6814
5Tenda AC8 AdvSetMacMtuWan fromAdvSetMacMtuWan minneskorruption8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000002.87CVE-2024-4066
6Netgear R6250/R6400/R6700/R7000/R7100LG/R7300/R7900/R8000 URL förfalskning på begäran över webbplatsen8.07.9$5k-$25k$0-$5kHighOfficial Fix0.974640.38CVE-2016-6277
7Adobe ColdFusion informationsgivning3.73.6$0-$5k$0-$5kHighOfficial Fix0.966340.38CVE-2013-0631
8Adobe ColdFusion Directory cfcexplorer.cfc privilegier eskalering4.84.6$0-$5k$0-$5kHighOfficial Fix0.937310.48CVE-2013-0629
9nginx privilegier eskalering6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.58CVE-2020-12440
10EZVIZ CS-C6-21WFR-8 Davinci Application svag autentisering3.73.6$0-$5k$0-$5kNot DefinedNot Defined0.000002.34CVE-2024-4063
11Mitel MiCollab SAS Portal sql injektion6.36.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000790.05CVE-2020-25608
12Contact Form 7 Plugin privilegier eskalering6.76.6$0-$5k$0-$5kNot DefinedNot Defined0.001610.05CVE-2023-6449
13Microsoft .NET Framework informationsgivning6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.012590.16CVE-2024-29059
14Microsoft Authenticator Local Privilege Escalation6.35.8$0-$5k$0-$5kUnprovenOfficial Fix0.000500.04CVE-2024-21390
15Juniper Junos OS/Junos OS Evolved privilegier eskalering4.14.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.06CVE-2024-21615
16Mautic privilegier eskalering6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.03CVE-2022-25776
17Jordy Meow AI Engine Plugin privilegier eskalering8.68.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2023-51409
18Traefik Request Header privilegier eskalering6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2024-28869
19Jcodex WooCommerce Checkout Field Editor Plugin förfalskning på begäran över webbplatsen4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-31262
20rtCamp Transcoder Plugin förfalskning på begäran över webbplatsen4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.06CVE-2024-31305

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
12.57.122.82Bobik19/03/2024verifiedHög
2XX.XXX.XX.XXXxxxx-xx-xxx-xx-xxx.xxxxxxx.xxxxXxxxx19/03/2024verifiedHög

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1CAPEC-10CWE-20, CWE-73, CWE-119, CWE-120, CWE-121, CWE-122, CWE-189, CWE-190, CWE-266, CWE-285, CWE-287, CWE-352, CWE-362, CWE-377, CWE-379, CWE-384, CWE-400, CWE-404, CWE-416, CWE-444, CWE-502, CWE-610, CWE-611, CWE-639, CWE-674, CWE-680, CWE-755, CWE-787, CWE-862, CWE-863, CWE-918, CWE-1391Unknown VulnerabilitypredictiveHög
2T1006CAPEC-126CWE-22Path TraversalpredictiveHög
3T1040CAPEC-102CWE-310, CWE-319Authentication Bypass by Capture-replaypredictiveHög
4T1059CAPEC-10CWE-74, CWE-94, CWE-707Argument InjectionpredictiveHög
5T1059.007CAPEC-10CWE-74, CWE-79, CWE-707Cross Site ScriptingpredictiveHög
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
7TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
8TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHög
10TXXXXCAPEC-1CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHög
11TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHög
12TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveHög
13TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
14TXXXX.XXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHög
15TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHög
16TXXXX.XXXCAPEC-114CWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
17TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHög
18TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
19TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög
20TXXXX.XXXCAPEC-0CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHög
21TXXXX.XXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (72)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/admin/ajax.php?action=confirm_orderpredictiveHög
2File/admin/book_add.phppredictiveHög
3File/admin/borrow_add.phppredictiveHög
4File/admin/config_Anticrack.phppredictiveHög
5File/admin/manage-pages.phppredictiveHög
6File/admin/sys_sql_query.phppredictiveHög
7File/api/snapshot and /api/get_log_filepredictiveHög
8File/b2b-supermarket/catalog/all-productspredictiveHög
9File/xxxxxxxxx/xxxxpredictiveHög
10File/xxxx/xxxxxxx_xxxxxxxxxxx_xxxx.xxxpredictiveHög
11File/xxxxxxx/xxxxx/xxxxx/xxxxxx_xxxxxxx.xxxpredictiveHög
12File/xxxxxx/xxxxxxxxxxxxxxxpredictiveHög
13File/xxxxxx/xxxxxxxxxxxxpredictiveHög
14File/xxxxxxx/xxxxxxxxxxx.xxxpredictiveHög
15File/xxxx/xxxxxxxxxx.xxxpredictiveHög
16File/xxxxxxxx/xxxxxxxx.xxxpredictiveHög
17Filexxxx/xxxxx.xxxxx.xxxx.xxxpredictiveHög
18Filexx/xxxxxx_xxx.xxxpredictiveHög
19Filexxx.xpredictiveLåg
20Filexxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxx.xxxpredictiveHög
21Filexxxxxxxxxxxxxx.xxxpredictiveHög
22Filexxxxxx/xxxxxx.xxpredictiveHög
23Filexxxxxxx/xxxx/xxxxxx/xxxxxx.xxxpredictiveHög
24Filexxxxx_xxxxxx.xxxpredictiveHög
25Filexxxxxx/xxxxxx/xxx/xxxx/xxxxxxx.xxpredictiveHög
26Filexxxxxxxxx_xxxx_xxxxxx.xxxpredictiveHög
27Filexxxxxxxx_xxxxxx.xxxpredictiveHög
28Filexxxxx/xxxxxxxx/xxx/xxx_xxxxx.xxxpredictiveHög
29Filexxxxxxx/xxxxx-xx-xxxxxxx-xxxxxxpredictiveHög
30Filexxxxxx/xxxxxx.xxxpredictiveHög
31Filexxxxxx/xxxxx.xxxpredictiveHög
32Filexxxxxx-xxxxxxx.xxxpredictiveHög
33Filexxxxx.xxxpredictiveMedium
34Filexxxx_xxxx_xxx.xxxpredictiveHög
35Filexxxxxxxx_xxxx.xxxpredictiveHög
36Filexxxx-xxxxx.xxxpredictiveHög
37Filexxxx_xxxxxxx.xxxpredictiveHög
38Argumentxxxx_xxxxxx_xxxxxxxpredictiveHög
39ArgumentxxxxxpredictiveLåg
40ArgumentxxxxxxxxpredictiveMedium
41Argumentxxxxxxxx_xxpredictiveMedium
42ArgumentxxxxxxxxpredictiveMedium
43Argumentxxxxxxx-xxxxxxpredictiveHög
44Argumentxxxxxx_xxxpredictiveMedium
45ArgumentxxxxxxxxxxpredictiveMedium
46Argumentxxxxxx_xxx_xxpredictiveHög
47Argumentxxxxxxxx_xxxxpredictiveHög
48Argumentxxxx_xxxxxxpredictiveMedium
49ArgumentxxxxxxxpredictiveLåg
50Argumentxxxx_xxxxxxxxpredictiveHög
51ArgumentxxpredictiveLåg
52ArgumentxxxxxxxpredictiveLåg
53ArgumentxxxxxxxxpredictiveMedium
54Argumentxxxxxxxx/xxxxxxpredictiveHög
55Argumentxxxx/xxxxxxxpredictiveMedium
56ArgumentxxxxxxxxxxpredictiveMedium
57ArgumentxxxpredictiveLåg
58ArgumentxxxpredictiveLåg
59ArgumentxxxxpredictiveLåg
60ArgumentxxxxpredictiveLåg
61Argumentxxxxxx_xxxxpredictiveMedium
62ArgumentxxxxxxxxxxxpredictiveMedium
63Argumentxxxxx_xxxxxxxpredictiveHög
64ArgumentxxxxxxxpredictiveLåg
65Argumentxxxxxxxx/xxxxxxxxpredictiveHög
66Argumentxxxx_xxpredictiveLåg
67Argumentxxxxxx/xxxxxxxx/xxxxxxxxx/xxx/xxxxxxxxxxx/xxxxxxxxxxpredictiveHög
68Argumentxxxxxxx_xx_xxxpredictiveHög
69Argumentx-xxxxxxxxx-xxxpredictiveHög
70Input Value%xx%xx%xx%xxxxx%xxxxx%xxx+xxxxxxx%xxxxxxx%xxxxxxxxxx.xxxxxx%xx%xxpredictiveHög
71Input Value;[xxxxxxx]predictiveMedium
72Input Valuexxx=/&xxxpredictiveMedium

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!