Peach Sandstorm Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (47)

Lang

en	32
zh	10
es	4
ru	2

Land

co	20
us	14
cn	10
fr	2

Skådespelare

Cobalt Strike	4
Peach Sandstorm	4
BianLian	2
Raccoon	1
Meduza Stealer	1

Intressera

Typ

Not Defined	18
Web Browser	2
Server Management Software	2
Virtualization Software	2
Application Server Software	2

Säljare

Not Defined	6
Microsoft	4
IBM	4
Interspire	4
Omeka	2

Produkt

Interspire Email Marketer	4
Omeka Classic	2
Sonus SBC 1000	2
Sonus SBC 2000	2
Sonus SBC SWe Lite	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Interspire Email Marketer Dynamiccontenttags.php sql injektion	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00087	0.07	CVE-2018-19551
2	Sales / Company Management System member_order.php sql injektion	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00153	0.00	CVE-2018-19925
3	Interspire Email Marketer Dynamiccontenttags.php sql injektion	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00087	0.00	CVE-2018-19549
4	All-in-One WP Migration Plugin class-ai1wm-backups.php kataloggenomgång	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00097	0.04	CVE-2022-1476
5	VMware vCenter Server/Cloud Foundation vSphere Client Privilege Escalation	8.0	7.9	$5k-$25k	$0-$5k	High	Official Fix	0.97299	0.09	CVE-2021-21972
6	Advanced Comment System admin.php sql injektion	8.5	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00230	0.02	CVE-2018-18619
7	Interspire Email Marketer Dynamiccontenttags.php sql injektion	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00087	0.02	CVE-2018-19553
8	SonicWALL SMA1000 HTTP Connection privilegier eskalering	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00238	0.03	CVE-2022-22282
9	Omeka Classic cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00110	0.00	CVE-2021-26799
10	AgileConfig JWT Secret svag kryptering	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00329	0.00	CVE-2022-35540
11	Apache Airflow UI privilegier eskalering	7.1	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.38251	0.02	CVE-2022-40127
12	Support Board Plugin sql injektion	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00151	0.00	CVE-2021-24741
13	GitLab Project Import privilegier eskalering	8.7	8.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.63436	0.07	CVE-2022-2185
14	cPanel cpsrvd cross site scripting	5.0	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00330	0.03	CVE-2023-29489
15	Labstack Echo Static privilegier eskalering	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02933	0.02	CVE-2022-40083
16	GitLab Community Edition/Enterprise Edition Runner Registration Token informationsgivning	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03278	0.05	CVE-2022-0735
17	Git Plugin Build privilegier eskalering	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01156	0.09	CVE-2022-36883
18	Z-BlogPHP action_crawler.php privilegier eskalering	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00319	0.04	CVE-2022-40357
19	Dialogic PowerMedia XMS Administrative Console default.db Password privilegier eskalering	6.5	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.06	CVE-2018-11634
20	Extreme EXOS File informationsgivning	3.4	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.03	CVE-2017-14327

Kampanjer (1)

These are the campaigns that can be associated with the actor:

Holmium

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Kampanjer	Identified	Typ	Förtroende
1	64.52.80.30		Peach Sandstorm		01/02/2024	verified	Hög
2	XX.X.XX.XX		Xxxxx Xxxxxxxxx	Xxxxxxx	19/10/2023	verified	Hög
3	XXX.XXX.XXX.XX	xxxxxxxxxxxxx.xxx	Xxxxx Xxxxxxxxx	Xxxxxxx	19/10/2023	verified	Hög
4	XXX.XX.XXX.XXX	xxxxxx-xxx-xx-xxx-xxx.xxxxxxxxx.xx	Xxxxx Xxxxxxxxx	Xxxxxxx	19/10/2023	verified	Hög
5	XXX.XX.XXX.XX	xxxx-xxxxxxxx.xxxxxxxxxx.xxx	Xxxxx Xxxxxxxxx	Xxxxxxx	19/10/2023	verified	Hög

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1		CAPEC-10	CWE-20, CWE-119, CWE-266, CWE-275, CWE-285, CWE-399, CWE-404, CWE-732, CWE-862, CWE-863, CWE-918	Unknown Vulnerability	predictive	Hög
2	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Hög
3	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxxxxx Xxxxxxxxx	predictive	Hög
4	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Hög
7	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
8	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
9	TXXXX.XXX	CAPEC-0	CWE-XXX, CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Hög

IOA - Indicator of Attack (18)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/var/www/xms/xmsdb/default.db	predictive	Hög
2	File	Dynamiccontenttags.php	predictive	Hög
3	File	internal/advanced_comment_system/admin.php	predictive	Hög
4	File	xxxxxx/xxxxxx_xxxxx.xxx	predictive	Hög
5	File	xxxxxxxx.xx	predictive	Medium
6	File	xx_xxxxx/xxxxxx/xxxxxxx/xxx/xxxxxx_xxxxxxx.xxx	predictive	Hög
7	Library	/xxxxxxx/xxxxx/xxx.xxx	predictive	Hög
8	Library	xxx/xxx/xxxx.xxxxx.xxx	predictive	Hög
9	Library	~/xxx/xxxxx/xxxxx-xxxxx-xxxxxxx.xxx	predictive	Hög
10	Argument	xxxxxxx[]	predictive	Medium
11	Argument	xxxxx/xxxxxx	predictive	Medium
12	Argument	xx	predictive	Låg
13	Argument	xxxx	predictive	Låg
14	Argument	xxx_xx	predictive	Låg
15	Argument	xxxxxxxxx	predictive	Medium
16	Argument	xxxxxx	predictive	Låg
17	Argument	xxxxxx_xxxx/xxxxxxxxxx/xxxx_xx/xxxxxxxxxxxx_xx/xxxxxxxxxxxx_xxxxxx_xxxx/xxxxxxxxx_xx	predictive	Hög
18	Argument	xxxx/x_xxxxx	predictive	Medium

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!