FakeCrack Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (259)

Tidslinje

Lang

en238
ru10
zh4
ja2
de2

Land

us66
cn30
tr24
ru2
es2

Skådespelare

FTP Info Stealer5
Cobalt Strike4
RedLine Stealer2
BazarBackdoor2
Asylum Ambuscade2

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined116
Content Management System28
Operating System16
WordPress Plugin14
Bug Tracking Software8

Säljare

Not Defined114
Microsoft10
Adobe6
GitLab6
Google6

Produkt

DeDeCMS6
GitLab Enterprise Edition6
Asus RT-AC86U6
GitLab Community Edition4
Google Android4

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1DeDeCMS Backend file_class.php privilegier eskalering6.46.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.10CVE-2023-7212
2Microsoft Office Word Remote Code Execution7.06.2$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.013500.00CVE-2023-28311
3Microsoft Exchange Server ProxyShell Remote Code Execution9.58.7$25k-$100k$5k-$25kHighOfficial Fix0.973190.05CVE-2021-34473
4ThinkPHP privilegier eskalering8.58.4$0-$5k$0-$5kHighOfficial Fix0.974550.00CVE-2019-9082
5SmarterTools SmarterMail kataloggenomgång6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.04CVE-2019-7213
6cumin Server Certificate Validator svag autentisering7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000900.05CVE-2013-0264
7kyivstarteam react-native-sms-user-consent SmsUserConsentModule.kt registerReceiver Local Privilege Escalation5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.14CVE-2021-4438
8Campcodes House Rental Management System ajax.php sql injektion6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.14CVE-2024-3719
9Linux Kernel BlueZ jlink.c jlink_init förnekande av tjänsten3.63.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.09CVE-2022-3637
10Huawei HG8245H URL informationsgivning7.47.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001670.06CVE-2017-15328
11DeDeCMS co_do.php sql injektion8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001900.02CVE-2018-19061
12DedeCMS selectimages.php cross site scripting4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000460.03CVE-2023-49493
13DeDeCMS select_images_post.php privilegier eskalering7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.019580.00CVE-2018-20129
14DedeCMS article_allowurl_edit.php privilegier eskalering6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000940.19CVE-2023-2928
15DeDeCMS downmix.inc.php Path informationsgivning5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.024220.02CVE-2018-6910
16Plesk Obsidian Login Page privilegier eskalering5.85.7$0-$5k$0-$5kNot DefinedNot Defined0.001740.00CVE-2023-24044
17Tenda AC10U fromAddressNat minneskorruption6.46.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000860.43CVE-2024-0927
18Xen Orchestra privilegier eskalering6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000580.03CVE-2021-36383
19Tiki Admin Password tiki-login.php svag autentisering8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009365.03CVE-2020-15906
20Unisoc T760/T770/T820/S8000 Sim Service privilegier eskalering5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2023-42655

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
137.221.67.219FakeCrack30/07/2022verifiedHög
245.135.134.211mail.hhllk.cnFakeCrack30/07/2022verifiedHög
3XX.XXX.XXX.XXXXxxxxxxxx30/07/2022verifiedHög
4XX.XXX.XXX.XXXxxxxxxxxxxxxxxxxxx.xxxXxxxxxxxx30/07/2022verifiedHög
5XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxx30/07/2022verifiedMedium
6XXX.XXX.XXX.XXxxxxxxxxx.xx.xxXxxxxxxxx30/07/2022verifiedHög
7XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxx.xxxXxxxxxxxx30/07/2022verifiedHög

TTP - Tactics, Techniques, Procedures (25)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1CAPEC-10CWE-19, CWE-20, CWE-59, CWE-73, CWE-119, CWE-120, CWE-121, CWE-125, CWE-134, CWE-189, CWE-190, CWE-200, CWE-266, CWE-284, CWE-285, CWE-287, CWE-290, CWE-306, CWE-345, CWE-346, CWE-352, CWE-354, CWE-362, CWE-388, CWE-399, CWE-400, CWE-401, CWE-404, CWE-416, CWE-476, CWE-610, CWE-611, CWE-636, CWE-639, CWE-668, CWE-787, CWE-829, CWE-862, CWE-863, CWE-908, CWE-918, CWE-926, CWE-942Unknown VulnerabilitypredictiveHög
2T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHög
3T1040CAPEC-102CWE-310, CWE-319Authentication Bypass by Capture-replaypredictiveHög
4T1055CAPEC-10CWE-74, CWE-707Improper Neutralization of Data within XPath ExpressionspredictiveHög
5T1059CAPEC-10CWE-74, CWE-88, CWE-94, CWE-707Argument InjectionpredictiveHög
6TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx XxxxxxxxxpredictiveHög
7TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
8TXXXX.XXXCAPEC-191CWE-XXX, CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
9TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
10TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHög
11TXXXXCAPEC-0CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHög
12TXXXX.XXXCAPEC-147CWE-XXX, CWE-XXX, CWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHög
13TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHög
14TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveHög
15TXXXX.XXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHög
16TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
17TXXXXCAPEC-37CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
18TXXXXCAPEC-466CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHög
19TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHög
20TXXXX.XXXCAPEC-142CWE-XXXXxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx XxxxxxxxpredictiveHög
21TXXXX.XXXCAPEC-114CWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
22TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHög
23TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
24TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög
25TXXXX.XXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (123)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/acms/classes/Master.php?f=delete_cargopredictiveHög
2File/admin.php/news/admin/topic/savepredictiveHög
3File/admin/comn/service/update.jsonpredictiveHög
4File/api/files/predictiveMedium
5File/cgi-bin/touchlist_sync.cgipredictiveHög
6File/dev/shmpredictiveMedium
7File/dl/dl_print.phppredictiveHög
8File/getcfg.phppredictiveMedium
9File/ofcms/company-c-47predictiveHög
10File/usr/sbin/httpdpredictiveHög
11File/util/print.cpredictiveHög
12File/web/MCmsAction.javapredictiveHög
13Fileabc-pcie.cpredictiveMedium
14Fileaccounts/payment_history.phppredictiveHög
15Filexxxxx.xxx/xxxxx/xxxxxxxxx/xxxxx/xxxxx/xxxxxx.xxxxpredictiveHög
16Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxpredictiveHög
17Filexxxx.xxxpredictiveMedium
18Filexxxxxxx/xxx/xxxx/xxxx/xx/xxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxpredictiveHög
19Filexxxxxxxx.xxxpredictiveMedium
20Filexxx-xxxx.xxxpredictiveMedium
21Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveHög
22Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
23Filexxxx_xxxxx.xxxpredictiveHög
24Filexxxxxxxxx.xpredictiveMedium
25Filexxxx\xx_xx.xxxpredictiveHög
26Filexxxxxxx.xxxpredictiveMedium
27Filexxxxxxx/xxx/xxx-xxx.xpredictiveHög
28Filexxxxxxx/xxx/xx/xxxxxxxxxx.xpredictiveHög
29Filexxxxxxxx.xxxpredictiveMedium
30Filexxxx_xxxxx.xxxpredictiveHög
31Filexxxxxxx_x.xpredictiveMedium
32Filexxxxx_xxxxxxxx.xxxpredictiveHög
33Filexxxxxx_xx.xpredictiveMedium
34Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHög
35Filexxxxxxx/xxxxxxx.xxx.xxxpredictiveHög
36Filexxxxx.xxxpredictiveMedium
37Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHög
38Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictiveHög
39Filexxxxxxxxx/xxxxxxxxx/xxxxxxxxx_xxxxx_xxx.xxxpredictiveHög
40Filexxxxxxxx/xxxx_xxxx.xpredictiveHög
41Filexxx_xxxxxx_xxxxxx.xxpredictiveHög
42Filexxxx_xxxxxxxx_xxxxxxx.xxxpredictiveHög
43Filexxxxxx/xxxxxxxx/xxx.xxxpredictiveHög
44Filexxx_xxxxx.xpredictiveMedium
45Filexxxxxxx/xxxxx.xpredictiveHög
46Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveHög
47Filexxxxxxxxxxxxxxxx.xxxpredictiveHög
48Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHög
49Filexxx_xxxxxxx.xpredictiveHög
50Filexxx/xxxxxx/xxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHög
51Filexxxxxxx/xx_xxxxx_xxxx/xxxx.xxxpredictiveHög
52Filexxxxxxx.xxxpredictiveMedium
53Filexxxxx.xxxpredictiveMedium
54Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHög
55Filexxxxxxx.xxxpredictiveMedium
56Filexxxxxxxxxxxx.xxxpredictiveHög
57Filexxxx.xxxpredictiveMedium
58Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHög
59Filexx_xxxx/xx_xxxxxx.xpredictiveHög
60Filexxx_xxxxxxxx.xpredictiveHög
61Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHög
62Filexxxxxx/xxx/xx/xxx.xpredictiveHög
63Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHög
64Filexxxxxxxxx/xxxxxxxxx/xxxx-xxx.xxx.xxxpredictiveHög
65Filexxxx-xxxxx.xxxpredictiveHög
66Filexxxxxxx/xxxxx.xxxpredictiveHög
67Filexxxxxxxxxxx_xxxxxx_xxxx.xxxx.xxxpredictiveHög
68Filexxxxx/xxx/xxxxxxx/xxxxxx.xxxpredictiveHög
69Filexxxxxx.xxxpredictiveMedium
70Filexxxxxxx/xxxx/xxxxxxx_xxxxxxxx_xxxx.xxxpredictiveHög
71Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxxxx_xxxx.xxxpredictiveHög
72Filexxxxxxxx/xxxxxxxxpredictiveHög
73Filexxxxx/xxxxx.xxpredictiveHög
74Filexxxxx.xxxpredictiveMedium
75Filexxxxxx/xx/xxxx.xxxpredictiveHög
76Filexxxxxxxxx.xxxpredictiveHög
77Libraryxxxxx.xxxpredictiveMedium
78Libraryxxx/xx/xxxxx/xxxxxxxxxx/xxxx.xxpredictiveHög
79Argument$_xxxxxxx["xxx"]predictiveHög
80Argumentxx_xxxxx_xxx_xxxxpredictiveHög
81ArgumentxxxxxxxpredictiveLåg
82Argumentxxx_xxxxxxxxxxpredictiveHög
83Argumentxxxxxxxx_x/xxxxxxxx_xpredictiveHög
84Argumentxxxxxx_xxxxpredictiveMedium
85ArgumentxxxxxxxxxpredictiveMedium
86ArgumentxxxpredictiveLåg
87ArgumentxxxxxxxxxxxxxxxpredictiveHög
88ArgumentxxxxxxxxxpredictiveMedium
89ArgumentxxxxxxxxxpredictiveMedium
90Argumentxxxxxx x xxx xxxxxxxxxxpredictiveHög
91Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHög
92Argumentxxxxx/xxxxxxxxpredictiveHög
93Argumentxxxxxx_xxxx_xxxxxxxxpredictiveHög
94Argumentxxxxxx/xxxxxxxxxxxx/xxxxpredictiveHög
95ArgumentxxxxxxxxxpredictiveMedium
96ArgumentxxxxpredictiveLåg
97ArgumentxxxxpredictiveLåg
98ArgumentxxpredictiveLåg
99ArgumentxxxxxxxxxpredictiveMedium
100ArgumentxxxpredictiveLåg
101ArgumentxxxpredictiveLåg
102ArgumentxxxxxxxxxpredictiveMedium
103ArgumentxxpredictiveLåg
104ArgumentxxxxpredictiveLåg
105ArgumentxxxxxxpredictiveLåg
106ArgumentxxxxxxxpredictiveLåg
107ArgumentxxxxxxxxpredictiveMedium
108ArgumentxxxxxpredictiveLåg
109Argumentx_xxpredictiveLåg
110Argumentxxxxxx xxxxpredictiveMedium
111ArgumentxxxxpredictiveLåg
112Argumentxxxx_xxpredictiveLåg
113ArgumentxxxxpredictiveLåg
114ArgumentxxxxxxxxxpredictiveMedium
115ArgumentxxxxxxxxpredictiveMedium
116ArgumentxxxxxxxxpredictiveMedium
117ArgumentxxxxxxxxpredictiveMedium
118ArgumentxxxxxpredictiveLåg
119ArgumentxxxxxpredictiveLåg
120Input Value../predictiveLåg
121Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHög
122Input Valuexxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxxpredictiveHög
123Network Portxxx/xxxpredictiveLåg

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you need the next level of professionalism?

Upgrade your account now!