Esfury Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (109)

Tidslinje

Lang

en106
de4

Land

us46
ca2
gb2
de2

Skådespelare

Chthonic2
Expiro1
Liberty Front Press1
Esfury1
Razy1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined52
Content Management System8
Programming Language Software4
Web Server4
Document Reader Software2

Säljare

Not Defined24
SourceCodester24
Microsoft4
vu2
Chengdu2

Produkt

SourceCodester Online Exam System6
WordPress6
PHP4
TikiWiki2
SourceCodester File Tracker Manager System2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1TikiWiki tiki-register.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010091.78CVE-2006-6168
2Phplinkdirectory PHP Link Directory conf_users_edit.php förfalskning på begäran över webbplatsen6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.00CVE-2011-0643
3SourceCodester Online Exam System GET Parameter updateCourse.php sql injektion7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.04CVE-2023-2642
4SourceCodester Online Internship Management System POST Parameter login.php sql injektion8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.04CVE-2023-2641
5OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment förnekande av tjänsten6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.04CVE-2023-2618
6OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment förnekande av tjänsten5.65.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.09CVE-2023-2617
7SourceCodester Online Reviewer System GET Parameter user-update.php sql injektion6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.00CVE-2023-2596
8SourceCodester Billing Management System POST Parameter ajax_service.php sql injektion7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.00CVE-2023-2595
9SourceCodester Food Ordering Management System Registration sql injektion8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.04CVE-2023-2594
10SourceCodester Multi Language Hotel Management Software POST Parameter ajax.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000620.00CVE-2023-2565
11jja8 NewBingGoGo cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.04CVE-2023-2560
12External Media without Import Plugin external-media-without-import.php print_media_new_panel cross site scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.04CVE-2017-20183
13SourceCodester Online Tours & Travels Management System disapprove_delete.php exec sql injektion7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.04CVE-2023-2619
14PHP-Login POST Parameter class.loginscript.php checkLogin sql injektion8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000590.04CVE-2016-15031
15PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.59CVE-2007-0529
16TikiWiki tiki-index.php kataloggenomgång7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.014140.30CVE-2007-5684
17AWStats Config awstats.pl cross site scripting4.34.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005870.04CVE-2006-3681
18vu Mass Mailer Login Page redir.asp sql injektion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001810.17CVE-2007-6138
19LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.42
20Suricata Rule kataloggenomgång6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.02CVE-2023-35852

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
15.79.71.205Esfury28/04/2022verifiedHög
25.79.71.225Esfury28/04/2022verifiedHög
335.229.93.4646.93.229.35.bc.googleusercontent.comEsfury28/04/2022verifiedMedium
4XX.XXX.XXX.Xx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxx28/04/2022verifiedMedium
5XX.XX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxx28/04/2022verifiedHög
6XX.XXX.XX.XXxxxxx.xxXxxxxx28/04/2022verifiedHög
7XX.XXX.XX.XXxxxxx.xxXxxxxx28/04/2022verifiedHög
8XX.XXX.XX.XXxxxxx.xxXxxxxx28/04/2022verifiedHög
9XXX.XX.XX.XXXXxxxxx28/04/2022verifiedHög
10XXX.XX.XX.XXXXxxxxx28/04/2022verifiedHög
11XXX.XXX.XXX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxx28/04/2022verifiedHög
12XXX.XXX.XX.XXXxxxx-x.xxxxxxxxxxxxXxxxxx28/04/2022verifiedHög
13XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxxx28/04/2022verifiedHög

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSårbarheterÅtkomstvektorTypFörtroende
1T1006CWE-22Path TraversalpredictiveHög
2T1059CWE-94Argument InjectionpredictiveHög
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHög
4T1068CWE-264, CWE-269Execution with Unnecessary PrivilegespredictiveHög
5TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHög
6TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHög
7TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHög
9TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHög
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveHög
11TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
12TXXXX.XXXCWE-XXXXxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHög
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHög
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
15TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
16TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (111)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/admin/budget/manage_budget.phppredictiveHög
2File/admin/edit_subject.phppredictiveHög
3File/admin/save_teacher.phppredictiveHög
4File/admin/service.phppredictiveHög
5File/building/backmgr/urlpage/mobileurl/configfile/jx2_config.inipredictiveHög
6File/cas/logoutpredictiveMedium
7File/changeimage.phppredictiveHög
8File/dosen/datapredictiveMedium
9File/forum/away.phppredictiveHög
10File/jurusan/datapredictiveHög
11File/kelas/datapredictiveMedium
12File/kelasdosen/datapredictiveHög
13File/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05predictiveHög
14File/mahasiswa/datapredictiveHög
15File/xxxxx/xxxxxxx/xxxx/xxxxx.xxxpredictiveHög
16File/xxxxxxxxx/xxxxxx.xxxpredictiveHög
17File/xxxxxxxx/xxxxxx/xxxxxx/xxxxxx/xxxxxx/xxxxx/xxxx-xxxxxx.xxxpredictiveHög
18File/xxxx_xxxxx.xxx?xxxxxxxxx=xxxxxxxpredictiveHög
19File/xxxxxxxx-xxxx/xxx_xx/xxxxxx.xxxxpredictiveHög
20File/xxxxxxx/predictiveMedium
21File/xx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveHög
22Filexxxxx/predictiveLåg
23Filexxxxx/?xxxx=xxxxxxxxxx/xxxxxx_xxxxxxxxpredictiveHög
24Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHög
25Filexxxxx/xxxxx.xxxpredictiveHög
26Filexxxxx/xxxxxxxx_xxxxx_xxxx.xxxpredictiveHög
27Filexxxxxxxxxx/xxxxx/xxxxxxx_xxxxx/xxxxxxxxxxxx.xxxpredictiveHög
28Filexxxxx_xxx.xxx?xxxxxx=xxxpredictiveHög
29Filexxxx.xxxpredictiveMedium
30Filexxxx_xxxxxxx.xxxpredictiveHög
31Filexxxxxxx.xxpredictiveMedium
32Filex:\xxxxxxx xxxxx (xxx)\xxxxxxxx\xxx\xxxxxx.xxxpredictiveHög
33Filexxx.xpredictiveLåg
34Filexxxxxxx/xxxxxx.xxx?x=xxxx_xxxxxxxpredictiveHög
35Filexxxxx.xxxpredictiveMedium
36Filexxxxxxxx.xxxpredictiveMedium
37Filexxxxxxxxxx_xxxxxx.xxxpredictiveHög
38Filexxxxxxxx.xxxpredictiveMedium
39Filexxxxxxxxxxxxx.xxxpredictiveHög
40Filexxxxxxxx-xxxxx-xxxxxxx-xxxxxx.xxxpredictiveHög
41Filexxxxxxxxxxx.xxxpredictiveHög
42Filexxxxxxxxxxxx.xxxpredictiveHög
43Filexx_xxxxxxx.xxxpredictiveHög
44Filexxxxxxxxxxxxxxxx.xxxpredictiveHög
45Filexxxxxxxxxx.xxxxx.xxxpredictiveHög
46Filexxxxxxxxxxxxxxxxx.xxxpredictiveHög
47Filexxxxx.xxxxpredictiveMedium
48Filexxxxx/xxxx.xxxpredictiveHög
49Filexxxxx/xxxxxxx/xxxxx.xxxxxxxxxxx.xxxpredictiveHög
50Filexxxxxx_xxxxxxx.xxxpredictiveHög
51Filexxxx.xxxxxxxxxx.xxxpredictiveHög
52Filexxxxxx.xpredictiveMedium
53Filexxxxx-xxxx.xxxpredictiveHög
54Filexxxxxx/xxxxxxx/xxxxxxx_xxx_xxxxxx_xxxxxx.xxxpredictiveHög
55Filexxxxx.xxxpredictiveMedium
56Filexxxxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveHög
57Filexxxx/xxx/xxx_xxxx.xpredictiveHög
58Filexxxxxxx_xxxxxxxxxxxxx.xxxpredictiveHög
59Filexxxx_xxxx.xxxpredictiveHög
60Filexxxxxxxx.xxxpredictiveMedium
61Filexxxx-xxxxx.xxxpredictiveHög
62Filexxxx-xxxxxxxx.xxxpredictiveHög
63Filexxxxx/xxxx_xxxx.xxxpredictiveHög
64Filexxxx_xxxxxx.xxxpredictiveHög
65Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx-xxxxx.xxxpredictiveHög
66Filexxxxxxx.xxxxpredictiveMedium
67Argument$_xxxxxx['xxxxx_xxxxxx']predictiveHög
68Argumentxxxxxxxx_xxxxpredictiveHög
69ArgumentxxxxxxpredictiveLåg
70ArgumentxxxxxxxxpredictiveMedium
71ArgumentxxxxxxxxxxpredictiveMedium
72Argumentxx_xxpredictiveLåg
73Argumentxxxxxx_xxpredictiveMedium
74Argumentxxxx_xxpredictiveLåg
75Argumentxxxxxxx[x][xxxx]predictiveHög
76Argumentxxxxxxxxx_xxxxpredictiveHög
77ArgumentxxxxxxpredictiveLåg
78Argumentxxxx_xxxxxxxxpredictiveHög
79ArgumentxxxxxpredictiveLåg
80ArgumentxxxxxxxxpredictiveMedium
81ArgumentxxxxxxpredictiveLåg
82Argumentxxxxxxxx/xxxxxxx/xxxxxxxpredictiveHög
83ArgumentxxpredictiveLåg
84Argumentxxx_xxxxxxxxpredictiveMedium
85ArgumentxxxxxpredictiveLåg
86ArgumentxxxxxxxpredictiveLåg
87ArgumentxxxxpredictiveLåg
88ArgumentxxxxxxxxxxpredictiveMedium
89ArgumentxxxxpredictiveLåg
90ArgumentxxxxxxpredictiveLåg
91Argumentxxx_xxxxxxxxpredictiveMedium
92ArgumentxxxxpredictiveLåg
93ArgumentxxxxxxxxpredictiveMedium
94ArgumentxxxxxxxpredictiveLåg
95ArgumentxxxxxxxpredictiveLåg
96Argumentxxxx/xxxxpredictiveMedium
97ArgumentxxxxxxpredictiveLåg
98ArgumentxxxpredictiveLåg
99Argumentxxx/xxxxx/xxxxx/xxxxxx/xxxx-xxxxpredictiveHög
100ArgumentxxxxxxxxpredictiveMedium
101Argumentxxxxxxxx-xxxx-xxpredictiveHög
102Argumentxxxxxxxx/xxxxxxxxpredictiveHög
103ArgumentxxxxxxxxpredictiveMedium
104Argumentxxxx_xxpredictiveLåg
105Input Value-xpredictiveLåg
106Input ValuexxxxxxpredictiveLåg
107Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveHög
108Input ValuexxxxxpredictiveLåg
109Input ValuexxxxxxpredictiveLåg
110Network Portxxx/xx (xxx xxxxxxxx)predictiveHög
111Network Portxxx xxxxxx xxxxpredictiveHög

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you need the next level of professionalism?

Upgrade your account now!