Farseer Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (152)

Tidslinje

Lang

en116
zh12
es10
ja6
de4

Land

cn68
us54
de4
es4
ru4

Skådespelare

Farseer14
Cobalt Strike4
NjRAT2
Vicious Panda1
Purple Fox1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined46
Operating System12
Content Management System10
Firewall Software6
Database Administration Software6

Säljare

Not Defined44
Microsoft16
Cisco6
Asus4
Apache4

Produkt

Microsoft Windows8
phpMyAdmin6
Linksys WVBR02
Phoenix Broadband PowerAgent SC3 BMS2
Veritas Backup Exec2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2OpenSSL c_rehash privilegier eskalering5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.106490.04CVE-2022-1292
3Tiki Wiki CMS Groupware tiki-jsplugin.php privilegier eskalering8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.034540.04CVE-2010-4239
4Microsoft Windows Print Spooler Privilege Escalation8.17.7$25k-$100k$5k-$25kHighOfficial Fix0.001010.34CVE-2022-21999
5Microsoft Azure HDInsights Apache Hadoop okänd sårbarhet3.93.6$5k-$25k$0-$5kUnprovenOfficial Fix0.000510.00CVE-2023-38188
6Geddy index.js kataloggenomgång5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.013470.03CVE-2015-5688
7Asus AsusWRT start_apply.htm privilegier eskalering8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.013500.07CVE-2018-20334
8EvoStream Media Server HTTP Request minneskorruption7.46.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.012650.04CVE-2017-6427
9DZCP deV!L`z Clanportal config.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.29CVE-2010-0966
10Zulip Server Storage Backend cross site scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.03CVE-2018-9999
11WUZHI CMS förfalskning på begäran över webbplatsen6.56.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.001920.00CVE-2018-10312
12WebCalendar settings.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030930.00CVE-2005-2717
13Microsoft Windows iSCSI Target Service informationsgivning4.84.4$5k-$25k$0-$5kUnprovenOfficial Fix0.000950.00CVE-2023-24945
14Microsoft Windows Netlogon Remote Code Execution8.17.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.001530.03CVE-2023-28268
15Microsoft Windows Kernel Privilege Escalation8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.000480.04CVE-2023-35359
16Microsoft Windows Error Reporting Service Local Privilege Escalation7.87.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.001470.04CVE-2023-36874
17Flask informationsgivning6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001420.02CVE-2023-30861
18WPS Hide Login Plugin Secret Login Page options.php privilegier eskalering6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.029330.07CVE-2021-24917
19Fortinet FortiOS/FortiProxy Command Line Interpreter Format String7.17.0$0-$5kBeräknandeNot DefinedOfficial Fix0.000420.08CVE-2022-43953
20Fortinet FortiOS CLI Command kataloggenomgång6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.067520.00CVE-2022-41328

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
143.224.33.13043.224.33.130.vultr.comFarseer22/12/2020verifiedMedium
245.32.24.3945.32.24.39.vultr.comFarseer22/12/2020verifiedMedium
345.32.25.10745.32.25.107.vultr.comFarseer29/08/2021verifiedMedium
445.32.44.5245.32.44.52.vultr.comFarseer22/12/2020verifiedMedium
5XX.XX.XX.XXxx.xx.xx.xx.xxxxx.xxxXxxxxxx22/12/2020verifiedMedium
6XX.XX.XX.XXXxx.xx.xx.xxx.xxxxx.xxxXxxxxxx22/12/2020verifiedMedium
7XX.XX.XXX.XXxx.xx.xxx.xx.xxxxx.xxxXxxxxxx29/08/2021verifiedMedium
8XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxx.xxxXxxxxxx22/12/2020verifiedMedium
9XX.XX.XXX.Xxx.xx.xxx.x.xxxxx.xxxXxxxxxx22/12/2020verifiedMedium
10XX.XX.XX.XXXxx.xx.xx.xxx.xxxxx.xxxXxxxxxx22/12/2020verifiedMedium
11XX.XXX.XX.XXXxxxxxx.xxxx.xxxxxxxxxxx.xxxXxxxxxx22/12/2020verifiedHög
12XX.XXX.XXX.XXXXxxxxxx22/12/2020verifiedHög
13XX.XXX.XXX.XXXXxxxxxx22/12/2020verifiedHög
14XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxx.xxxXxxxxxx29/08/2021verifiedMedium
15XXX.XX.XXX.XXXXxxxxxx22/12/2020verifiedHög
16XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxx.xxxXxxxxxx22/12/2020verifiedMedium
17XXX.XXX.XXX.XXXxxxxxx29/08/2021verifiedHög

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1CAPEC-10CWE-19, CWE-20, CWE-73, CWE-74, CWE-93, CWE-113, CWE-119, CWE-121, CWE-125, CWE-134, CWE-185, CWE-189, CWE-287, CWE-305, CWE-306, CWE-352, CWE-369, CWE-399, CWE-404, CWE-415, CWE-416, CWE-444, CWE-476, CWE-502, CWE-610, CWE-611, CWE-664, CWE-693, CWE-697, CWE-704, CWE-787, CWE-833, CWE-835, CWE-862, CWE-863, CWE-1018Unknown VulnerabilitypredictiveHög
2T1006CAPEC-126CWE-21, CWE-22, CWE-36Path TraversalpredictiveHög
3T1055CAPEC-10CWE-74, CWE-707Improper Neutralization of Data within XPath ExpressionspredictiveHög
4T1059CAPEC-10CWE-74, CWE-94, CWE-707Argument InjectionpredictiveHög
5TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx XxxxxxxxxpredictiveHög
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
7TXXXX.XXXCAPEC-191CWE-XXX, CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
8TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHög
10TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHög
11TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHög
12TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveHög
13TXXXX.XXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHög
14TXXXXCAPEC-0CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
15TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
16TXXXX.XXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (87)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/.vnc/sesman_${username}_passwdpredictiveHög
2File/admin/users.php?source=edit_user&id=1predictiveHög
3File/forum/away.phppredictiveHög
4File/icingaweb2/navigation/addpredictiveHög
5File/phppath/phppredictiveMedium
6File/rest/collectors/1.0/template/custompredictiveHög
7File/start_apply.htmpredictiveHög
8File/uncpath/predictiveMedium
9File/WEB-INF/web.xmlpredictiveHög
10File/wp-admin/options.phppredictiveHög
11Filexxxxx_xxxxxxxx.xxxpredictiveHög
12Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHög
13Filexxxxx.xxxpredictiveMedium
14Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHög
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxx_xxxxxxx.xxxpredictiveHög
17Filexxx-xxx/xxxxxx.xxxpredictiveHög
18Filexxxxxx/xx.xpredictiveMedium
19Filex_xxxxxxpredictiveMedium
20Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
21Filexxxxxxxxxx.xpredictiveMedium
22Filexxxxx_xxxxxxxxxxxx.xxxpredictiveHög
23Filexxxx.xxxpredictiveMedium
24Filexxxx_xxxxxxx.xxx.xxxpredictiveHög
25Filexxxx_xxxx.xpredictiveMedium
26Filexxxxxxxx.xxxpredictiveMedium
27Filexxx/xxxxxx.xxxpredictiveHög
28Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHög
29Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictiveHög
30Filexxxxx.xxx?x=xxxxxx&x=xx_xxxxxpredictiveHög
31Filexx/xxx/xxxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxx_xxxxx/_/xxxxxxx_xxxpredictiveHög
32Filexxx/xxx/xxxxx.xxpredictiveHög
33Filexxxxxxxxx/xxxxxxx/xxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHög
34Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveHög
35Filexxxxx.xxxxpredictiveMedium
36Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictiveHög
37Filexxxxxxxxxxx-xxxx.xxpredictiveHög
38Filexxxxx/xxxxxxx.xpredictiveHög
39Filexxxxx.xxxpredictiveMedium
40Filexxxxxx.xpredictiveMedium
41Filexxxxxxxx_xxxxxx.xxxpredictiveHög
42Filexxxxxxxxxxx.xxpredictiveHög
43Filexxxxx.xxxpredictiveMedium
44Filexxxxxx_xxxxxx.xxpredictiveHög
45Filexxxx/xxx/xxx_xxxx.xpredictiveHög
46Filexxxxxxxxx/xxxxxx.xpredictiveHög
47Filexxxxxxxx.xxxpredictiveMedium
48Filexxxxx.xxxpredictiveMedium
49Filexxxx-xxxxxxxx.xxxpredictiveHög
50Filexxxxxx/xxxxxxxxxxxxpredictiveHög
51Filexxx.xxxpredictiveLåg
52Filexx-xxxxx/xxxxx.xxx?xxxx=xxx-xxxxx&xxxxxx=xxxx-xxxxxpredictiveHög
53Filexx-xx-xxxxxx.xxxpredictiveHög
54Libraryxxx/xxx/xxxxx.xxpredictiveHög
55Libraryxxx/xxxx.xpredictiveMedium
56Argument$_xxxxxx['xxxxx_xxxxxx']predictiveHög
57Argument${xxx}predictiveLåg
58Argument/.xxx/xxxxxx_${xxxxxxxx}_xxxxxxpredictiveHög
59Argumentxxxxxxx xx/xxxxxxx xxxxpredictiveHög
60ArgumentxxxxxxpredictiveLåg
61ArgumentxxxxxxxxpredictiveMedium
62ArgumentxxxxxxpredictiveLåg
63ArgumentxxxpredictiveLåg
64Argumentxxx_xxxxpredictiveMedium
65Argumentxxxx/xxxxpredictiveMedium
66Argumentxx_xxxxxpredictiveMedium
67ArgumentxxxxpredictiveLåg
68ArgumentxxxxxpredictiveLåg
69ArgumentxxpredictiveLåg
70ArgumentxxxxxxxxpredictiveMedium
71Argumentxxxxxx_xxxxxpredictiveMedium
72ArgumentxxxxpredictiveLåg
73Argumentxxxxx_xxpredictiveMedium
74ArgumentxxxxxxxxpredictiveMedium
75Argumentxxxx_xxxxpredictiveMedium
76Argumentxxxx_xxpredictiveLåg
77Argumentxxxxxx_xxxxxxxx_xxpredictiveHög
78ArgumentxxxpredictiveLåg
79ArgumentxxxxxxxxpredictiveMedium
80ArgumentxxxpredictiveLåg
81Argumentxxxx-xxxxxpredictiveMedium
82ArgumentxxxxxxxxpredictiveMedium
83Input Value-xpredictiveLåg
84Input Value.%xx.../.%xx.../predictiveHög
85Input Value..%xxpredictiveLåg
86Network Portxxx/xx (xxxxxx)predictiveHög
87Network Portxxx/xx (xxx xxxxxxxx)predictiveHög

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!