eCh0raix Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (276)

Tidslinje

Lang

en230
ru44
jp2

Land

sc176
us24
pl22
ru20
li18

Skådespelare

eCh0raix3
Mirai3
Cobalt Strike2
Raccoon2
Miner1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined90
Firewall Software20
Database Administration Software16
Operating System14
Application Server Software8

Säljare

Not Defined98
Microsoft16
Cisco12
Siemens10
F58

Produkt

phpMyAdmin16
Microsoft Windows10
Cisco ASA8
F5 BIG-IP8
QNAP QTS4

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1spring-boot-actuator-logview LogViewEndpoint.view kataloggenomgång5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000490.05CVE-2023-29986
2Apache HTTP Server privilegier eskalering5.35.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000430.08CVE-2023-38709
3phpMyAdmin PMA_safeUnserialize privilegier eskalering9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.004330.00CVE-2016-9865
4phpMyAdmin cross site scripting3.53.4$0-$5k$0-$5kHighOfficial Fix0.003480.02CVE-2014-8958
5Jetty URI privilegier eskalering5.35.3$0-$5k$0-$5kNot DefinedOfficial Fix0.475550.00CVE-2021-34429
6Alt-N MDaemon Worldclient privilegier eskalering4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.06CVE-2021-27182
7phpMyAdmin ArbitraryServerRegexp Reuse privilegier eskalering9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.003660.04CVE-2016-6629
8phpMyAdmin Unserialization unserialize privilegier eskalering9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.009650.00CVE-2016-6620
9phpMyAdmin Central Column Query central_columns.lib.php sql injektion9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.003220.00CVE-2016-5703
10phpMyAdmin Git Information GitRevision.php Remote Code Execution9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.001900.02CVE-2019-19617
11phpMyAdmin Redirect privilegier eskalering4.34.1$5k-$25k$0-$5kHighOfficial Fix0.002470.02CVE-2014-9219
12phpMyAdmin import.php cross site scripting4.34.1$5k-$25k$0-$5kHighOfficial Fix0.001500.02CVE-2014-1879
13nginx privilegier eskalering6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.34CVE-2020-12440
14portable SDK for UPnP unique_service_name minneskorruption10.09.5$0-$5k$0-$5kHighOfficial Fix0.974450.00CVE-2012-5958
15ApolloTheme AP PageBuilder cross site scripting4.84.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000750.04CVE-2022-44897
16InfluxDB JWT Token handler.go svag autentisering8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.049130.02CVE-2019-20933
17Seltmann Content Management System index.php sql injektion7.67.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.001390.00CVE-2022-47740
18CKFinder File Name privilegier eskalering7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001550.04CVE-2019-15862
19Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
20Asus RT-AC2900 privilegier eskalering8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.085970.02CVE-2018-8826

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
12.37.149.230net-2-37-149-230.cust.vodafonedsl.iteCh0raix10/08/2022verifiedHög
264.42.152.46bern-wstd-gw.wireless.nmia.comeCh0raix10/08/2022verifiedHög
3XX.XXX.XX.XXxxx-xx-xxx-xx-xx.xx.xxx.xx.xxxXxxxxxxx10/08/2022verifiedHög
4XXX.XX.XXX.XXXxxxxxxx10/08/2022verifiedHög
5XXX.XXX.XX.XXXxxxxxxx10/08/2022verifiedHög
6XXX.XX.XX.XXxxxxxxxx.xxxxxxx.xxx.xxxxx-xxx.xx.xxXxxxxxxx10/08/2022verifiedHög
7XXX.XX.XX.XXxx.xx.xx.xxx.xx.xxx.xxXxxxxxxx10/08/2022verifiedHög
8XXX.XXX.XXX.XXXxx-xxxx.xxxxxxxxxxxxx.xxxXxxxxxxx10/08/2022verifiedHög
9XXX.XXX.XXX.XXXxxxxxxxx.xxxx.xxxxxx.xxxXxxxxxxx22/06/2022verifiedHög
10XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxxxxx17/07/2019verifiedHög

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSårbarheterÅtkomstvektorTypFörtroende
1T1006CWE-22, CWE-23Path TraversalpredictiveHög
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHög
3T1059CWE-94Argument InjectionpredictiveHög
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHög
5TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
7TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHög
8TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHög
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveHög
10TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHög
11TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
12TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
13TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictiveHög
14TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHög
15TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög
17TXXXX.XXXCWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHög
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (80)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/admin/sysmon.phppredictiveHög
2File/api/content/posts/commentspredictiveHög
3File/debug/pprofpredictiveMedium
4File/Home/GetAttachmentpredictiveHög
5File/index.phppredictiveMedium
6File/modules/projects/vw_files.phppredictiveHög
7File/opt/teradata/gsctools/bin/t2a.plpredictiveHög
8File/webman/info.cgipredictiveHög
9Fileaccount/gallery.phppredictiveHög
10Filexxxxxx.xxxpredictiveMedium
11Filexxxxx/xxxxxx.xxxpredictiveHög
12Filexxx-xxx/xxxx_xxx.xxxpredictiveHög
13Filexxxxxx.xpredictiveMedium
14Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
15Filexxxx/xxxxpredictiveMedium
16Filexxxxxx_xxx.xpredictiveMedium
17Filexxxxxxxxxxxxxx.xxpredictiveHög
18Filexxx_xxx.xxxpredictiveMedium
19Filexxx.xxxxxpredictiveMedium
20Filexx/xxxxxxx/xxx.xpredictiveHög
21Filexxxxxx.xxxpredictiveMedium
22Filexxx/xxxxxx.xxxpredictiveHög
23Filexxx/xx/xxxx/xxxx.xxxxx.xxxpredictiveHög
24Filexxxxx.xxxpredictiveMedium
25Filexxxxxx.xpredictiveMedium
26Filexxxxxxxx.xxxpredictiveMedium
27Filexxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxxxxxxx.xxxpredictiveHög
28Filexxxxxxxxxxxx/xxx.xpredictiveHög
29Filexxx_xxxxxxxxx.xpredictiveHög
30Filexxxxxxx.xxxpredictiveMedium
31Filexxx_xxxxx_xxxx.xpredictiveHög
32Filexxxxxxx/xxxxpredictiveMedium
33Filexxx/xxxxx.xxxxpredictiveHög
34Filexxxxxxx.xxxpredictiveMedium
35Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHög
36Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHög
37Filexxxxxxx.xxxpredictiveMedium
38Filexxxxxxxx_xxxxxxxxxxxx_xxxxxx.xxpredictiveHög
39Filexxx_xxxxx_xxxxxxxxx.xpredictiveHög
40Filexxxxxxxx/xxxxx/xxxxxxx.xxpredictiveHög
41Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictiveHög
42Filexxxxx.xxxpredictiveMedium
43Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHög
44Filexxxxxxxxxxxxxxx.xxxpredictiveHög
45Filexxxxxxxx/xxxxxxxxxxxx-xxxxxxxxxxpredictiveHög
46Filexxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxxpredictiveHög
47Filexxxx.xxxpredictiveMedium
48Filexxx xxxx xxxxxxxpredictiveHög
49Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHög
50Filexxxx.xxpredictiveLåg
51Libraryxxx-xx-xxx-xxxx-xxxx-xx-x-x.xxxpredictiveHög
52Libraryxxxxxxxxx/xxxxxxx_xxxxxxx.xxx.xxxpredictiveHög
53Argument-xpredictiveLåg
54ArgumentxxxxxxxxxxxxxxpredictiveHög
55ArgumentxxxxxxxxpredictiveMedium
56Argumentxxx_xxpredictiveLåg
57ArgumentxxxxpredictiveLåg
58ArgumentxxxxxpredictiveLåg
59Argumentxxxxxx/xxxxxxxpredictiveHög
60Argumentxxxxxxxx[xxxx_xxx]predictiveHög
61Argumentxxxxxxxx xxxx/xxxxxxxx xxxxxxxx/xxxxxxxx xxxxxxx xx/xxxxxxx/xxxxpredictiveHög
62Argumentxxxx/xxxxxx/xxxpredictiveHög
63ArgumentxxpredictiveLåg
64ArgumentxxxxxxxxpredictiveMedium
65ArgumentxxxxxxxxxxpredictiveMedium
66Argumentxxxx_xxx_xxxxxxxx_xxxpredictiveHög
67ArgumentxxxxxxxpredictiveLåg
68Argumentxxxxx/xxxxxxxxpredictiveHög
69ArgumentxxxxxpredictiveLåg
70Argumentxxxx_xxxxxxpredictiveMedium
71Argumentxx_xxx_xxxxxpredictiveMedium
72ArgumentxxxxxxxxxxxxxxxxpredictiveHög
73ArgumentxxxpredictiveLåg
74ArgumentxxxxxxxxpredictiveMedium
75ArgumentxxxxxxxxpredictiveMedium
76Input Value../predictiveLåg
77Input Value\xpredictiveLåg
78Network Portxxx/xxpredictiveLåg
79Network Portxxx/xxxpredictiveLåg
80Network Portxxx/xxxxpredictiveMedium

Referenser (4)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you want to use VulDB in your project?

Use the official API to access entries easily!