Orchard Analys

IOB - Indicator of Behavior (852)

Tidslinje

Lang

en780
zh28
de14
fr12
es4

Land

us592
cn38
ru2
es2
ir2

Skådespelare

Aktiviteter

Intressera

Tidslinje

Typ

Säljare

Produkt

Microsoft Windows20
Google Chrome14
Unisoc T61012
Unisoc T60612
Unisoc T76012

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DZCP deV!L`z Clanportal config.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.690.00954CVE-2010-0966
3jforum User privilegier eskalering5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.010.00289CVE-2019-7550
4jforum cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00106CVE-2012-5337
5JForum Login privilegier eskalering6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00136CVE-2012-5338
6MGB OpenSource Guestbook email.php sql injektion7.37.3$0-$5k$0-$5kHighUnavailable0.270.02462CVE-2007-0354
7School Club Application System cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.00072CVE-2022-1288
8Serendipity exit.php privilegier eskalering6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00000
9LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.830.00000
10Cute Http File Server Search cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.160.00075CVE-2023-4118
11Joomla CMS sql injektion7.37.0$5k-$25k$0-$5kHighOfficial Fix0.020.97564CVE-2015-7297
12Xintian Smart Table Integrated Management System AddUpdateRole.aspx sql injektion6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.140.00077CVE-2023-4712
13Microsoft Windows Server Service privilegier eskalering8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.71469CVE-2022-30216
14Kamailio SIP Message build_res_buf_from_sip_req privilegier eskalering8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.83213CVE-2018-14767
15HTC One/Sense Mail Client svag autentisering4.84.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00133CVE-2013-10001
16Samsung Smartphone RPMB ldfw minneskorruption5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00044CVE-2022-23431
17Apache HTTP Server mod_lua Multipart Parser r:parsebody minneskorruption8.58.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.08326CVE-2021-44790
18OpenBSD OpenSSH X11 Forwarding privilegier eskalering9.89.1$25k-$100k$0-$5kUnprovenOfficial Fix0.010.00365CVE-2016-1908
19Linux Foundation Xen EFLAGS Register SYSENTER privilegier eskalering6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00062CVE-2013-1917
20phpPgAds adclick.php okänd sårbarhet5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.130.00317CVE-2005-3791

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
145.61.185.36Orchard05/08/2022verifiedHög
245.61.185.231Orchard05/08/2022verifiedHög
3XX.XX.XXX.XXXxxxxxx05/08/2022verifiedHög
4XX.XX.XXX.XXxxxxxx06/08/2022verifiedHög
5XX.XX.XXX.XXXXxxxxxx05/08/2022verifiedHög
6XXX.XXX.XXX.XXXXxxxxxx05/08/2022verifiedHög

TTP - Tactics, Techniques, Procedures (26)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSårbarheterÅtkomstvektorTypFörtroende
1T1006CWE-21, CWE-22, CWE-23Path TraversalpredictiveHög
2T1040CWE-294, CWE-319Authentication Bypass by Capture-replaypredictiveHög
3T1055CWE-74InjectionpredictiveHög
4T1059CWE-94, CWE-1321Argument InjectionpredictiveHög
5T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHög
6T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHög
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHög
8TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHög
9TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
10TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
11TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHög
12TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHög
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHög
14TXXXXCWE-XXXxx XxxxxxxxxpredictiveHög
15TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHög
16TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
17TXXXXCWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHög
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHög
19TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHög
20TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
21TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHög
22TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
23TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög
24TXXXX.XXXCWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHög
25TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög
26TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveHög

IOA - Indicator of Attack (228)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/admin.php/news/admin/lists/zhuanpredictiveHög
2File/admin/bookings/view_details.phppredictiveHög
3File/admin/edit.phppredictiveHög
4File/admin/maintenance/view_designation.phppredictiveHög
5File/admin/profile/save_profilepredictiveHög
6File/admin/reports.phppredictiveHög
7File/api/v1/chat.getThreadsListpredictiveHög
8File/App_Resource/UEditor/server/upload.aspxpredictiveHög
9File/bin/shpredictiveLåg
10File/cgi-bin/luci/api/diagnosepredictiveHög
11File/cgi-bin/R19.9/easy1350.plpredictiveHög
12File/classes/conf/db.properties&config=filemanager.config.jspredictiveHög
13File/coders/palm.cpredictiveHög
14File/collection/allpredictiveHög
15File/dcim/rack/predictiveMedium
16File/EditEventTypes.phppredictiveHög
17File/endpoint/add-user.phppredictiveHög
18File/etc/groupspredictiveMedium
19File/file/upload/1predictiveHög
20File/formSetPortTrpredictiveHög
21File/forum/away.phppredictiveHög
22File/goform/wlanPrimaryNetworkpredictiveHög
23File/index.php?module=help_pages/pages&entities_id=24predictiveHög
24File/index.php?zone=settingspredictiveHög
25File/it-IT/splunkd/__raw/services/get_snapshotpredictiveHög
26File/nova/bin/userpredictiveHög
27File/novel-admin/src/main/java/com/java2nb/common/controller/FileController.javapredictiveHög
28File/xxxxx/xxx/.xxxx-xxxxx/xxxxxx-xxxxxxxxxxxxxpredictiveHög
29File/xxxxx-xxxx-xxxxxxx/predictiveHög
30File/xxxxxx/xxxxx/xxxxxxx/xxxxxx.xxxxpredictiveHög
31File/xxxxxxxx/xxxpredictiveHög
32File/xxxx/xxx/x/xxxxxxpredictiveHög
33File/xxxx/xxxxx/predictiveMedium
34File/xxx/xxx/xxx/xxx_xxxxxx.xpredictiveHög
35File/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHög
36File/xxxxxx/xxxxxxx.xxpredictiveHög
37File/xxxpredictiveLåg
38File/xxxxxxx/predictiveMedium
39File/xxxxxxpredictiveLåg
40File/xxxxxxxpredictiveMedium
41File/xxx/xxxx/xxxxxpredictiveHög
42File/xxxxxxxx_xxxxx/xxxxxxx/xxxxxx.xxx?x=xxxxxx_xxxxxxxxpredictiveHög
43Filexxx/xxxx_xxxx.xxxpredictiveHög
44Filexxxxxxxxxxxxxxx.xxxxpredictiveHög
45Filexxxxxxx.xxxpredictiveMedium
46Filexxx_xxxxxxx.xxxpredictiveHög
47Filexxxxx.xxx?xxxx=xxxx-xxxxxpredictiveHög
48Filexxxxx/xxxxxxxxxxxxx/xxxxxx.xxxpredictiveHög
49Filexxxxx/xxxxx.xxxpredictiveHög
50Filexxxxx_xxxxxxx.xxxpredictiveHög
51Filexxxx/xxxxxxxxx.xxxpredictiveHög
52Filexxxxxxxxxxxxxxx.xxxpredictiveHög
53Filexxxxxxxxxxx.xxxpredictiveHög
54Filexxx/xxxxxx/xxxx.xxpredictiveHög
55Filexxx\xxxxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHög
56Filex/xx/xxxxx/xxxxxxxx.xpredictiveHög
57Filex:\xxxxxxx xxxxx (xxx)\xxxxxxxxxxxxx\xxxxxx.xxxpredictiveHög
58Filexxxxxxxxxxxxxx.xxxpredictiveHög
59Filexxxxxxxxx.xxxpredictiveHög
60Filexxxxxx.xxxpredictiveMedium
61Filexxxxxxx/xxxxx-xxx-xxxxxxxx.xxxpredictiveHög
62Filexxx.xxxxxxx.xxxxxx.xxx.xxxxxxxxxxxxx.xxxxpredictiveHög
63Filexxxxxxx_xxx.xxxpredictiveHög
64Filexxxxxxxxxxx.xpredictiveHög
65Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
66Filexxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHög
67Filexxxxxxxxxxxxxxx.xxxxpredictiveHög
68Filexxxx_xxx.xxxpredictiveMedium
69Filexxxx/xxxxx.xxpredictiveHög
70Filexxxxxxxxxxx.xxxpredictiveHög
71Filexxxxxxx/xxx/xxxx/xxxx.xpredictiveHög
72Filexxxxx.xxxpredictiveMedium
73Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHög
74Filexxxx.xxxpredictiveMedium
75Filexxxxxxxx/xxxx.xxpredictiveHög
76Filexxxx_xxxxxxx.xpredictiveHög
77Filexxx.xxxpredictiveLåg
78Filexxxx.xxxpredictiveMedium
79Filexxxxxxxxxx.xxxpredictiveHög
80Filexxxxxxxxx.xxxpredictiveHög
81Filexxxxxxxxxxxxxxxxx.xxxpredictiveHög
82Filexxx/xxxxxx.xxxpredictiveHög
83Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHög
84Filexxx/xxxxxxx/xxxxxxxxxxxxx/xxxxx.xxxpredictiveHög
85Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictiveHög
86Filexxxxx.xxxpredictiveMedium
87Filexxxxxx/xxxxxx/xxx_x.xxxpredictiveHög
88Filexx_xxxxx.xxxpredictiveMedium
89Filexxx/xxx_xxxxxxx_xx.xpredictiveHög
90Filexxx/xxxxxxx/xxxx/xxxxxxx_xxxx.xxpredictiveHög
91Filexxx/xxxxxxxxxx/xxxxxxx/xxxxxxx_xxxxxxxxx.xxpredictiveHög
92Filexxxxxxxxxxxx.xxpredictiveHög
93Filexxxxxxxxxxxxxx.xxxpredictiveHög
94Filexxxxxxxxxxxxxxxx.xpredictiveHög
95Filexxxxxxx.xxxxxxx.xxxpredictiveHög
96Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxx_xxxxxxx.xxxpredictiveHög
97Filexxxxxxxx.xxxpredictiveMedium
98Filexxx_xxxx.xxxpredictiveMedium
99Filexxxxxxx.xxxxpredictiveMedium
100Filexxxxx/xxxxxxxxxxx/xxxxxxxxxx_xxxxxxxxxxx.xxxpredictiveHög
101Filexxxxxxx/x/x?xxxx=x&xxxxx=x&predictiveHög
102Filexxxxxxxxx.xxxpredictiveHög
103Filexxxxx.xxxpredictiveMedium
104Filexxxxx.xxxpredictiveMedium
105Filexxxxxxxxxx.xxxpredictiveHög
106Filexxxxxxxx.xxxpredictiveMedium
107Filexxxxxxxx.xxx?xxxx=xxxxxxxxxxxpredictiveHög
108Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHög
109Filexxxxxx.xpredictiveMedium
110Filexxxx_xxxxxx.xxxpredictiveHög
111Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHög
112Filexxx.xxxxx/xxxxxxx/xxxxxx_xxxxx.xxxpredictiveHög
113Filexxxxxxxxxx/xxxx_xxxxxxxxxx.xpredictiveHög
114Filexxxx-xxx/xxxxxxxx.xxx?xxxx=xxxxxxxxx_xxxxxxx.xxxpredictiveHög
115Filexxxx-xxx/xxxxxxxx.xxx?xxxx=xxx_xxxxxxxx.xxxpredictiveHög
116Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHög
117Filexxxx.xxxpredictiveMedium
118Filexxxxxxxxxxxxx.xxpredictiveHög
119Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHög
120Filexxxx-xxxxx.xxxpredictiveHög
121Filexxxx/xxxxxxxxxxxxxxxx.xxpredictiveHög
122Filexxxxxx_xxxxxxxxxxxxx_xxxx.xxxpredictiveHög
123Filexxxxxx.xpredictiveMedium
124Filexxx-xxxxx.xxxpredictiveHög
125Filexxxxxx/xxxxxxxxxxx/xxxx_xxxxxx.xxxpredictiveHög
126Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHög
127Filexx-xxxxxxxxxxx.xxxpredictiveHög
128Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHög
129Filexx-xxxxxxxx.xxxpredictiveHög
130File\xxxxx\xxxxxxxxx_xxxx.xxxpredictiveHög
131File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxx.xxxpredictiveHög
132File~/xxxxxxxx/xxxxxxxx/xxxxxx/xxxx/xxxx/xxxxxxxx.xxxpredictiveHög
133File~/xxx-xxx-xxxx.xxxpredictiveHög
134File~/xxxxpredictiveLåg
135Library/xxx/xxx/xxxxxx/xxxxx/xxxxxxxxxx.xxxxx.xxxpredictiveHög
136Libraryxx_xxxxxx.xxxpredictiveHög
137Libraryxxxxxx.xxxpredictiveMedium
138Libraryxxxxxxxxxxxxxx.xxxpredictiveHög
139Libraryxxxxxx.xxpredictiveMedium
140Libraryxxxxxxxxxxxxxxx.xxxpredictiveHög
141Libraryxxxxxxx.xxxpredictiveMedium
142Argument$_xxxxxx["xxx_xxxx"]predictiveHög
143ArgumentxxxxxxpredictiveLåg
144Argumentxxx xxxxxxxxpredictiveMedium
145Argumentxxxxxxxxxxxxxxxx.xxxxxxxxxxxpredictiveHög
146ArgumentxxxxxxxxpredictiveMedium
147ArgumentxxxxxxxxpredictiveMedium
148Argumentxxxxx_xxxxxxxxxxxpredictiveHög
149Argumentxxxxxxx_xxxxxx_xxxxx[x]predictiveHög
150Argumentxxxxxxx-xxxxxpredictiveHög
151ArgumentxxxxxpredictiveLåg
152ArgumentxxxxxxxxpredictiveMedium
153ArgumentxxxxxxxpredictiveLåg
154Argumentxxxxxxxxxxx_xxx_xxxxpredictiveHög
155Argumentxxxxxxx/xxxxxxx/xxxxxxx_xxxxxxxxxx/xxxxxxx_xxxxxx/xxxxxxxx/xxxx_xxxxxpredictiveHög
156ArgumentxxxxxxxpredictiveLåg
157Argumentxxxxxxx_xxxx_xxxxpredictiveHög
158ArgumentxxpredictiveLåg
159ArgumentxxxxxxxxpredictiveMedium
160ArgumentxxxxxxxpredictiveLåg
161Argumentx-xxxxpredictiveLåg
162Argumentxx_xxxxpredictiveLåg
163ArgumentxxxxxxpredictiveLåg
164Argumentxxx_xxxx_xxxxpredictiveHög
165ArgumentxxxxpredictiveLåg
166Argumentxxxx/xxxxxpredictiveMedium
167Argumentxxxxxx_xxxpredictiveMedium
168Argumentxxxxx_xxxxpredictiveMedium
169Argumentxxxxx xxxxxxxpredictiveHög
170ArgumentxxxxxxxxxpredictiveMedium
171ArgumentxxpredictiveLåg
172Argumentxxxx_xxxxxpredictiveMedium
173ArgumentxxxxxxxxpredictiveMedium
174ArgumentxxpredictiveLåg
175Argumentxx/xxxxpredictiveLåg
176ArgumentxxxpredictiveLåg
177ArgumentxxxxxxxxpredictiveMedium
178ArgumentxxpredictiveLåg
179Argumentxxxxxxxxxxxxxx.xxxxxxxxxxxxxpredictiveHög
180ArgumentxxxxxxpredictiveLåg
181Argumentxxxxxxx_xxpredictiveMedium
182ArgumentxxxxxxxxxxxxxxpredictiveHög
183ArgumentxxxxxxpredictiveLåg
184ArgumentxxxxxxxxxxpredictiveMedium
185Argumentxxxxxx xxx xxxxxx(x)predictiveHög
186ArgumentxxxxpredictiveLåg
187ArgumentxxxxpredictiveLåg
188ArgumentxxxxxxxxpredictiveMedium
189ArgumentxxpredictiveLåg
190ArgumentxxxxxxxpredictiveLåg
191ArgumentxxxxxxxpredictiveLåg
192ArgumentxxxxpredictiveLåg
193ArgumentxxxxxxxxpredictiveMedium
194Argumentxxxxxxx_xxxxpredictiveMedium
195ArgumentxxxxxxxxpredictiveMedium
196Argumentxxxx-xxxxxxxpredictiveMedium
197ArgumentxxxxxpredictiveLåg
198Argumentxx-xxxxxxpredictiveMedium
199Argumentxxxxxxxxxxxx_xxxxxxxxxpredictiveHög
200ArgumentxxxxxxxxpredictiveMedium
201ArgumentxxxxxxxxxxpredictiveMedium
202ArgumentxxxxxxxpredictiveLåg
203Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHög
204ArgumentxxxxxxxxpredictiveMedium
205ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveHög
206ArgumentxxxxxxpredictiveLåg
207Argumentxxxx_xxxxpredictiveMedium
208Argumentxxxxxxxxxxxx/xxxxxxxxxxxxxxxxpredictiveHög
209ArgumentxxxpredictiveLåg
210ArgumentxxxpredictiveLåg
211Argumentxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxpredictiveHög
212ArgumentxxxxpredictiveLåg
213ArgumentxxxxxpredictiveLåg
214ArgumentxxpredictiveLåg
215ArgumentxxxxxpredictiveLåg
216ArgumentxxxxxxxxxxxpredictiveMedium
217ArgumentxxxpredictiveLåg
218ArgumentxxxpredictiveLåg
219Argumentxxxx_xxxxxpredictiveMedium
220Argumentxx_xxxxpredictiveLåg
221Argument[xxxx]=xxxxx.xxxpredictiveHög
222Argument主题predictiveLåg
223Input Value%xx%xx%xxxxx%xxxxx=x%xxxxxxxxx=xxxxx(x)%xxpredictiveHög
224Input Value<xxxxxxxx>\xpredictiveMedium
225Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveHög
226Input Value><xxxxxx>xxxxx(x)</xxxxxx>predictiveHög
227Input Valuexxx://xxxxxx/xxxx=xxxxxxx.xxxxxx-xxxxxx/xxxxxxxx=xxxxx_xxxxxpredictiveHög
228Network Portxxx/xxxxpredictiveMedium

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!