Persian Stalker Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (129)

Tidslinje

Lang

en128
de2

Land

us32
hu26
pw10
ws4
de2

Skådespelare

MyKings1
Persian Stalker1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined50
Web Server10
Network Camera Software8
WordPress Plugin8
Operating System4

Säljare

Not Defined26
Apple10
XiongMai6
Hikvision4
Mobotix4

Produkt

Apple macOS4
Apple watchOS4
Drobo 5N2 NAS4
XiongMai uc-httpd4
W3 Total Cache Plugin4

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1Citrix NetScaler ADC/NetScaler Gateway OpenID openid-configuration ns_aaa_oauthrp_send_openid_config CitrixBleed minneskorruption8.38.2$25k-$100k$0-$5kHighOfficial Fix0.968690.05CVE-2023-4966
2Hanwha Techwin Smartcam svag autentisering8.58.5$0-$5kBeräknandeNot DefinedNot Defined0.002790.03CVE-2018-6299
3Omron CX-One CX-Programmer Password Storage informationsgivning5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2015-0988
4XiongMai IP Camera/DVR NetSurveillance Web Interface minneskorruption8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003720.09CVE-2017-16725
5Wowza Streaming Engine Installer privilegier eskalering8.38.3$0-$5k$0-$5kNot DefinedNot Defined0.000800.04CVE-2019-7656
6Allegro RomPager Embedded Web Server rom-0 informationsgivning5.34.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.04
7Boa Webserver GET wapopen kataloggenomgång6.46.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.735400.09CVE-2017-9833
8CeNova/Night OWL/Novo/Pulnix/QSee/Securus DVR download.rsp Credentials privilegier eskalering7.57.4$0-$5k$0-$5kNot DefinedWorkaround0.004900.00CVE-2018-10676
9XiongMai uc-httpd kataloggenomgång7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.005000.00CVE-2017-7577
10AVTECH IP Camera/NVR/DVR PwdGrp.cgi privilegier eskalering9.89.2$5k-$25k$0-$5kHighUnavailable0.000000.04
11thttpd WebService informationsgivning5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.02
12Bitrix Site Manager redirect.php privilegier eskalering5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.03CVE-2008-2052
13Simple Posts Ticker Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.03CVE-2023-4646
14mkdocs Dev-Server kataloggenomgång4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.034610.00CVE-2021-40978
15Adobe Acrobat Reader informationsgivning4.94.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.002350.00CVE-2023-38248
16KramerAV VIA Connect/VIA Go Screen privilegier eskalering8.38.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2023-33469
17Microsoft .NET/Visual Studio förnekande av tjänsten6.86.2$5k-$25k$0-$5kUnprovenOfficial Fix0.000630.04CVE-2023-38178
18WebBoss.io CMS cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.03CVE-2023-39096
19Apple macOS WebKit minneskorruption7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001280.00CVE-2023-38611

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
1145.239.65.25ns3081843.ip-145-239-65.euPersian Stalker09/11/2018verifiedHög
2XXX.XXX.XXX.XXxxxxxx Xxxxxxx09/11/2018verifiedHög

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1CAPEC-10CWE-20, CWE-59, CWE-73, CWE-119, CWE-120, CWE-121, CWE-125, CWE-131, CWE-189, CWE-190, CWE-287, CWE-345, CWE-352, CWE-369, CWE-371, CWE-404, CWE-416, CWE-476, CWE-617, CWE-749, CWE-787, CWE-843, CWE-862, CWE-863, CWE-943, CWE-1018Unknown VulnerabilitypredictiveHög
2T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHög
3T1059CAPEC-10CWE-74, CWE-94, CWE-707Argument InjectionpredictiveHög
4T1059.007CAPEC-10CWE-74, CWE-79, CWE-80, CWE-707Cross Site ScriptingpredictiveHög
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
6TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
7TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
8TXXXXCAPEC-1CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHög
9TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveHög
10TXXXX.XXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHög
11TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
12TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHög
13TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
14TXXXX.XXXCAPEC-0CWE-XXXxxxxxxxxxxxxpredictiveHög
15TXXXX.XXXCAPEC-0CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHög
16TXXXX.XXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (43)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/admin/index.htmlpredictiveHög
2File/cgi-bin/luci/admin/network/wireless/statuspredictiveHög
3File/cgi-bin/supervisor/PwdGrp.cgipredictiveHög
4File/cgi-bin/wapopenpredictiveHög
5File/DroboAccess/enable_userpredictiveHög
6File/xxxxx/xxx/xxxxx.xxxpredictiveHög
7File/xxxxx/xxx/.xxxx-xxxxx/xxxxxx-xxxxxxxxxxxxxpredictiveHög
8File/xxx-xpredictiveLåg
9File/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx/xxx/predictiveHög
10File/xxxxxxxxx/xx-xxxxx/xxxxx.xxxpredictiveHög
11Filexxxxxxxxxxxxxxx.xxxpredictiveHög
12Filexxxx.xpredictiveLåg
13Filexxx-xxx/xxxxxxxx.xxxxpredictiveHög
14Filexxx-xxx/xxxx-xxxpredictiveHög
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxxxxxx/xxx/xxx/xxxx_xxx.xpredictiveHög
17Filexxxxxxx.xpredictiveMedium
18Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHög
19Filexxxx/xxxxx.xxxpredictiveHög
20Filexxx/xxx/xxxx_xxxxxxxx.xpredictiveHög
21Filexxxxxxxx.xxxpredictiveMedium
22Filexxxxxxxx/xxxxxxxxpredictiveHög
23Filexxx/xxx/xxx-xxx/xxxx.xxxpredictiveHög
24Libraryxxxxxxxxxx.xxxpredictiveHög
25ArgumentxxxxpredictiveLåg
26ArgumentxxxxxxxxxxpredictiveMedium
27Argumentxxx_xxxxx_xxxx_xxxxxxxpredictiveHög
28ArgumentxxxxpredictiveLåg
29ArgumentxxxxpredictiveLåg
30ArgumentxxxxxpredictiveLåg
31ArgumentxxxxxxxxpredictiveMedium
32Argumentxxxxxxx_xxpredictiveMedium
33ArgumentxxxxxxpredictiveLåg
34Argumentxxxxxxx_xxxxxpredictiveHög
35ArgumentxxxxxxxxxxxxxxxxxxxpredictiveHög
36ArgumentxxxxxxxxxxxxpredictiveMedium
37ArgumentxxxxxxxxpredictiveMedium
38Input Value..predictiveLåg
39Input Value../..predictiveLåg
40Input Value/%xxpredictiveLåg
41Input Value/..predictiveLåg
42Network Portxxx/xxxxpredictiveMedium
43Network Portxxx xxxxxx xxxxpredictiveHög

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!