Boostwrite and RDFSniffer Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

Tidslinje

Lang

en18
sv4

Land

us14
se2
cn2
ru2
ml2

Skådespelare

IcedID1
Gootkit1
ISFB1
Gozi1
SharkBot1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined12
SCADA Software2
Network Camera Software2
Groupware Software2
Firewall Software2

Säljare

Shenzhen Hichip Vision Technology4
Microsoft4
Symantec2
Schneider Electric2
AVTECH2

Produkt

Shenzhen Hichip Vision Technology V64
Shenzhen Hichip Vision Technology V74
Shenzhen Hichip Vision Technology V84
Shenzhen Hichip Vision Technology V94
Shenzhen Hichip Vision Technology V104

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1Microsoft Exchange Server Mail minneskorruption8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.310440.00CVE-2018-8302
2Delta Electronics ASDA-Soft Project File minneskorruption7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000690.00CVE-2022-1403
3Fujitsu ETERNUS CentricStor CS8000 grel.php grel_finfo privilegier eskalering6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.007310.00CVE-2022-31795
4Oracle WebLogic Server Web Container informationsgivning7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.962870.02CVE-2022-21371
5Palo Alto PAN-OS Web Interface privilegier eskalering8.07.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001280.05CVE-2021-3058
6Schneider Electric EcoStruxure Building Operation WebStation Web Page Generation cross site scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000780.00CVE-2020-28210
7Tiandy IP Cameras Service Port 3001 informationsgivning6.45.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.004790.02CVE-2017-15236
8Shenzhen Hichip Vision Technology V20 P2P Service minneskorruption8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.006270.04CVE-2020-9527
9Shenzhen Hichip Vision Technology V20 privilegier eskalering8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.001710.03CVE-2020-9529
10ANNKE SP1 HD Wireless Camera SSID cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000870.02CVE-2017-18483
11Mobotix IP Network Camera cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
12CeNova/Night OWL/Novo/Pulnix/QSee/Securus DVR download.rsp Credentials privilegier eskalering7.57.4$0-$5k$0-$5kNot DefinedWorkaround0.004900.00CVE-2018-10676
13Dahua Web P2P Key informationsgivning4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000440.04CVE-2020-9501
14AVTECH IP Camera/NVR/DVR PwdGrp.cgi privilegier eskalering9.89.2$5k-$25k$0-$5kHighUnavailable0.000000.04
15Microsoft Exchange Server privilegier eskalering8.07.9$5k-$25k$0-$5kHighOfficial Fix0.971510.06CVE-2020-0688
16Apple iCloud Foundation privilegier eskalering4.44.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2020-10002
17Go Doc Dot Org Package kataloggenomgång8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.013260.03CVE-2018-12976
18Symantec Messaging Gateway privilegier eskalering7.37.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000830.00CVE-2019-18379
19Cisco Embedded Device X.509 Certificate svag autentisering5.75.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.003380.00CVE-2015-6358
20Orpak SiteOmat OrCU privilegier eskalering8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005710.02CVE-2017-14853

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
1109.230.199.227reserved07.theonlygreeting.comBoostwrite and RDFSniffer10/10/2019verifiedHög

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1CAPEC-10CWE-20, CWE-119, CWE-120, CWE-371, CWE-502, CWE-787, CWE-918Unknown VulnerabilitypredictiveHög
2T1006CAPEC-126CWE-22Path TraversalpredictiveHög
3TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxxxxx XxxxxxxxxpredictiveHög
4TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx XxxxxxxxxpredictiveHög
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
6TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
7TXXXXCAPEC-0CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
8TXXXX.XXXCAPEC-114CWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
9TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/cgi-bin/supervisor/PwdGrp.cgipredictiveHög
2Filedownload.rsppredictiveMedium
3Filexxxx.xxxpredictiveMedium
4Argumentxxx_xxxxx_xxxx_xxxxxxxpredictiveHög
5Argumentxxxx/xx/xxxxpredictiveMedium

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Interested in the pricing of exploits?

See the underground prices here!