NetDooka Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (127)

Tidslinje

Lang

en128

Land

de128

Skådespelare

NetDooka1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined62
Content Management System16
WordPress Plugin10
Cloud Software4
Web Browser4

Säljare

Not Defined38
Aruba10
Cisco8
Google6
Kentico4

Produkt

Aruba AirWave Management Platform6
Google Chrome4
Cisco SD-WAN4
json-schema2
Tenable Nessus AMI2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1Panasonic AiSEG2 Header svag autentisering9.29.2$5k-$25k$0-$5kNot DefinedNot Defined0.000530.00CVE-2023-28727
2Panasonic AiSEG2 privilegier eskalering8.48.4$5k-$25k$5k-$25kNot DefinedNot Defined0.001860.02CVE-2023-28726
3Aruba ClearPass OnGuard Agent privilegier eskalering7.87.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000420.00CVE-2023-25590
4Aruba AOS-CX Network Analytics Engine Privilege Escalation7.77.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.001710.02CVE-2023-1168
5Aruba ClearPass Policy Manager Web-based Management Interface privilegier eskalering7.17.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000890.02CVE-2023-25594
6Netgear Orbi Router RBR750 HTTP Request privilegier eskalering8.48.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000970.05CVE-2022-37337
7Hsycms Add Category Module cate.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001860.10CVE-2023-1349
8Sage XRT Business Exchange Add Currencies/Payment Order/Transfer History sql injektion7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.000710.00CVE-2022-34324
9TRENDnet TEW755AP wizard_ipv6 minneskorruption7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.001900.00CVE-2022-46583
10Elvexys StreamX HTML Component kataloggenomgång5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000670.00CVE-2022-4778
11Mozilla Thunderbird WebGL minneskorruption6.46.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.002080.00CVE-2022-46880
12Aruba EdgeConnect Enterprise Web Management Interface Privilege Escalation8.08.0$5k-$25k$5k-$25kNot DefinedNot Defined0.001370.00CVE-2022-44533
13Aruba Networks ArubaOS PAPI privilegier eskalering9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.003210.02CVE-2022-37897
14House Rental System view-property.php sql injektion7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002230.10CVE-2022-4274
15SimplePress Plugin cross site scripting5.65.6$0-$5k$0-$5kNot DefinedNot Defined0.000500.02CVE-2022-4027
16Mozilla Firefox window.print förnekande av tjänsten4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001030.00CVE-2022-42929
17Juniper Junos OS/Junos OS Evolved RPD tävlingsvillkor5.95.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000950.00CVE-2022-22225
18Academy Learning Management System cross site scripting4.84.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002120.02CVE-2022-38553
19Modern Campus Omni CMS login-page sql injektion8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.001580.06CVE-2022-40766
20XPDF AcroForm.cc minneskorruption5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000510.00CVE-2022-36561

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
1195.201.81.165static.165.81.201.195.clients.your-server.deNetDooka20/04/2023verifiedHög

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1CAPEC-10CWE-20, CWE-74, CWE-99, CWE-119, CWE-120, CWE-121, CWE-189, CWE-287, CWE-288, CWE-345, CWE-352, CWE-354, CWE-362, CWE-367, CWE-404, CWE-416, CWE-459, CWE-502, CWE-610, CWE-611, CWE-707, CWE-862, CWE-863, CWE-1236Unknown VulnerabilitypredictiveHög
2T1006CAPEC-126CWE-22Path TraversalpredictiveHög
3T1040CAPEC-102CWE-310, CWE-319Authentication Bypass by Capture-replaypredictiveHög
4T1055CAPEC-10CWE-74, CWE-707Improper Neutralization of Data within XPath ExpressionspredictiveHög
5TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxxxxx XxxxxxxxxpredictiveHög
6TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx XxxxxxxxxpredictiveHög
7TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
8TXXXX.XXXCAPEC-191CWE-XXX, CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
9TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
10TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveHög
11TXXXX.XXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHög
12TXXXXCAPEC-37CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
13TXXXX.XXXCAPEC-114CWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
14TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHög
15TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
16TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög
17TXXXX.XXXCAPEC-0CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHög
18TXXXX.XXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (34)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/api/ZRMacClone/mac_addr_clonepredictiveHög
2File/controller/publishHotel.php&amppredictiveHög
3File/fuelCM/fuel/pages/edit/1?lang=englishpredictiveHög
4File/interface/main/backup.phppredictiveHög
5File/view-property.phppredictiveHög
6File/xx-xxxxx/xxxxx-xxxx.xxxpredictiveHög
7File/xxxx/xxxxxxxx.xxpredictiveHög
8Filexxx/xxxxx/xxxxxx/xxxxx/xxxxx.xxxpredictiveHög
9Filexxxxxxxxxx\xxxx.xxxpredictiveHög
10Filexxxx/xxpredictiveLåg
11Filexxxxxxxx/xxxxx-xxxx-xxxxxxxx.xxxpredictiveHög
12Filexxxxxxxxxxxxxx.xxxpredictiveHög
13Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHög
14File\xxxxx\xxxxxxxxxxxpredictiveHög
15ArgumentxxxxpredictiveLåg
16ArgumentxxxxxxxxxxxpredictiveMedium
17ArgumentxxxxxxxpredictiveLåg
18ArgumentxxxxpredictiveLåg
19Argumentxxxxx/xxxxxxxpredictiveHög
20Argumentxxxxxxx/xxxxxpredictiveHög
21ArgumentxxxxpredictiveLåg
22ArgumentxxxxxxxxpredictiveMedium
23ArgumentxxxxxpredictiveLåg
24Argumentxxxxxxxx_xxpredictiveMedium
25Argumentxxxxxx_xxxxpredictiveMedium
26ArgumentxxxxxxxxpredictiveMedium
27ArgumentxxxxxxxxxxpredictiveMedium
28ArgumentxxxxxxpredictiveLåg
29ArgumentxxxpredictiveLåg
30ArgumentxxxxxxxpredictiveLåg
31Argumentxxxxxxxxx_xxxxx_xxxxxxx_xpredictiveHög
32ArgumentxxxxxpredictiveLåg
33ArgumentxxxxxpredictiveLåg
34Argumentx-xxxxxxxxx-xxxpredictiveHög

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you want to use VulDB in your project?

Use the official API to access entries easily!