LeetHozer Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (197)

Tidslinje

Lang

en180
zh10
fr4
de2
es2

Land

us86
cn60
ce8
ua2

Skådespelare

Cobalt Strike12
NetSupportManager RAT11
Raccoon9
SideWinder8
Mirai8

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined66
Content Management System16
Firewall Software14
WordPress Plugin12
Router Operating System12

Säljare

Not Defined52
Microsoft18
Comcast8
Sophos6
QNAP6

Produkt

WordPress6
QNAP QTS6
Microsoft Windows6
cPanel4
Siemens SPPA-T3000 Application Server4

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.04CVE-2013-5033
2Palo Alto PAN-OS GlobalProtect Clientless VPN minneskorruption8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001120.03CVE-2021-3056
3WordPress sql injektion6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.00CVE-2022-21664
4VeronaLabs wp-statistics Plugin API Endpoint Blind sql injektion8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.00CVE-2019-13275
5Linksys WRT54GL Web Management Interface SysInfo1.htm informationsgivning4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.04CVE-2024-1406
6Teclib GLPI unlock_tasks.php sql injektion8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.121490.04CVE-2019-10232
7Sophos Firewall User Portal/Webadmin svag autentisering8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.974340.08CVE-2022-1040
8CutePHP CuteNews privilegier eskalering7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.021070.08CVE-2019-11447
9WordPress Object privilegier eskalering5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.004320.04CVE-2022-21663
10Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k och mer$0-$5kProof-of-ConceptOfficial Fix0.070840.04CVE-2022-26923
11QNAP QTS Media Library privilegier eskalering8.58.2$0-$5k$0-$5kHighOfficial Fix0.015750.03CVE-2017-13067
12RoundCube Webmail rcube_plugin_api.php kataloggenomgång8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.011630.00CVE-2020-12640
13Samurai Build File util.c canonpath minneskorruption6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000850.00CVE-2019-19795
14Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
15Phpsugar PHP Melody page_manager.php cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000830.00CVE-2017-15648
16RealNetworks RealServer Port 7070 Service förnekande av tjänsten7.57.3$0-$5k$0-$5kNot DefinedWorkaround0.021160.04CVE-2000-0272
17Microsoft Windows Themes informationsgivning5.95.6$25k-$100k$5k-$25kUnprovenOfficial Fix0.001280.04CVE-2024-21320
18Royal Elementor Addons and Templates Plugin privilegier eskalering8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.967230.03CVE-2023-5360
19Hikvision Intercom Broadcasting System ping.php privilegier eskalering7.57.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.901600.05CVE-2023-6895
20Hikvision Hybrid SAN Messages privilegier eskalering8.28.2$0-$5k$0-$5kNot DefinedNot Defined0.002030.02CVE-2023-28808

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
137.49.226.171LeetHozer11/02/2022verifiedHög
264.225.64.58LeetHozer11/02/2022verifiedHög
3XXX.XXX.XXX.XXXXxxxxxxxx11/02/2022verifiedHög
4XXX.XXX.XX.XXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxx11/02/2022verifiedHög
5XXX.XXX.XX.XXXxxxxx.xxxxxxx.xxxXxxxxxxxx11/02/2022verifiedHög
6XXX.XXX.XX.XXXXxxxxxxxx11/02/2022verifiedHög

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1CAPEC-10CWE-19, CWE-20, CWE-119, CWE-120, CWE-122, CWE-125, CWE-134, CWE-189, CWE-190, CWE-266, CWE-285, CWE-287, CWE-288, CWE-290, CWE-305, CWE-306, CWE-352, CWE-388, CWE-404, CWE-444, CWE-502, CWE-639, CWE-787, CWE-862, CWE-863, CWE-918, CWE-1188Unknown VulnerabilitypredictiveHög
2T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHög
3T1055CAPEC-10CWE-74, CWE-707Improper Neutralization of Data within XPath ExpressionspredictiveHög
4T1059CAPEC-10CWE-74, CWE-94, CWE-707Argument InjectionpredictiveHög
5TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx XxxxxxxxxpredictiveHög
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
7TXXXX.XXXCAPEC-191CWE-XXX, CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
8TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHög
10TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHög
11TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHög
12TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveHög
13TXXXX.XXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHög
14TXXXX.XXXCAPEC-114CWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
15TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
16TXXXX.XXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (90)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/api/RecordingList/DownloadRecord?file=predictiveHög
2File/apply.cgipredictiveMedium
3File/php/ping.phppredictiveHög
4File/rapi/read_urlpredictiveHög
5File/scripts/unlock_tasks.phppredictiveHög
6File/SysInfo1.htmpredictiveHög
7File/sysinfo_json.cgipredictiveHög
8File/system/user/modules/mod_users/controller.phppredictiveHög
9File/wp-admin/admin-post.php?es_skip=1&option_namepredictiveHög
10FileAjaxFileUploadHandler.axdpredictiveHög
11Filexxxxxxx/xxxx.xxxpredictiveHög
12Filexxxxxx/xxx.xpredictiveMedium
13Filexxxxxxxxx.xxx.xxxpredictiveHög
14Filexxxxx/xxxxx.xxxpredictiveHög
15Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
16Filexxxx_xxxxx.xxxpredictiveHög
17Filexxxxx.xxxpredictiveMedium
18Filexxxxxx.xxxpredictiveMedium
19Filexx/xx-xx.xpredictiveMedium
20Filexxx/xxxx_xxxx.xpredictiveHög
21Filexxxxxx/xxxxxxxxxxxpredictiveHög
22Filexxxx_xxxxxx.xpredictiveHög
23Filexxxx/xxxxxxx.xpredictiveHög
24Filexxx/xxxxxx.xxxpredictiveHög
25Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHög
26Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveHög
27Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHög
28Filexxxxxxxxxx.xxxpredictiveHög
29Filexxxxx.xxxpredictiveMedium
30Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHög
31Filexxx/xxx.xxxpredictiveMedium
32Filexxxx_xxxxxxx.xxxpredictiveHög
33Filexxxxxx.xpredictiveMedium
34Filexxxx.xxxpredictiveMedium
35Filexxxxx.xxxpredictiveMedium
36Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHög
37Filexxxxx_xxxxxx_xxx.xxxpredictiveHög
38Filexxxxxxxx.xxxpredictiveMedium
39Filexxxx.xxxpredictiveMedium
40Filexxxxx/xxxxx.xxxpredictiveHög
41Filexxxxxxxx.xxxpredictiveMedium
42Filexxxx-xxxxx.xxxpredictiveHög
43Filexxxxxxxxx.xxxpredictiveHög
44Filexxxx.xpredictiveLåg
45FilexxxxxxxxxxpredictiveMedium
46Filexxxx_xxx_xxx_xxxx.xxxpredictiveHög
47Filexxxxxxx/xxxxx.xxxpredictiveHög
48Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHög
49ArgumentxxxxxxpredictiveLåg
50Argumentxxxxxxx_xxxxpredictiveMedium
51Argumentxxxxxx_xxxxpredictiveMedium
52ArgumentxxxxxxxxpredictiveMedium
53ArgumentxxxpredictiveLåg
54ArgumentxxxxxxxxxxxxxxxxxpredictiveHög
55ArgumentxxxxxpredictiveLåg
56Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHög
57Argumentxxxxxx_xxpredictiveMedium
58ArgumentxxxpredictiveLåg
59ArgumentxxxxxxpredictiveLåg
60ArgumentxxxxxxpredictiveLåg
61ArgumentxxxxpredictiveLåg
62ArgumentxxxxpredictiveLåg
63ArgumentxxpredictiveLåg
64Argumentxxxxx_xxxxpredictiveMedium
65Argumentxxxxxxxx[xx]predictiveMedium
66ArgumentxxxxxxxpredictiveLåg
67Argumentxxxxxxxx_xxxxpredictiveHög
68Argumentxxx_xxxxpredictiveMedium
69Argumentxxxx_xxxxxpredictiveMedium
70ArgumentxxxxxxxxpredictiveMedium
71Argumentxxxx_xxpredictiveLåg
72Argumentxxxxxxx/xxxxxpredictiveHög
73Argumentxxxxxx_xxxpredictiveMedium
74Argumentxxxx_xxpredictiveLåg
75Argumentxxxxxxxx_xxxxxxxxpredictiveHög
76ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHög
77Argumentxxxx_xxpredictiveLåg
78ArgumentxxxpredictiveLåg
79ArgumentxxxxpredictiveLåg
80ArgumentxxxxxxxxpredictiveMedium
81Argumentxxxx/xx/xxxx/xxxpredictiveHög
82Input Value.%xx.../.%xx.../predictiveHög
83Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHög
84Input Valuexxxxxxx -xxxpredictiveMedium
85Input ValuexxxxxxxxxxpredictiveMedium
86Network PortxxxxpredictiveLåg
87Network PortxxxxpredictiveLåg
88Network Portxxxx xxxxpredictiveMedium
89Network Portxxx/xxxpredictiveLåg
90Network Portxxx/xxxxpredictiveMedium

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Interested in the pricing of exploits?

See the underground prices here!