Python Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (46)

Lang

en	38
zh	6
pl	2

Land

us	8
pl	2

Skådespelare

Python	5
FickerStealer	1
Beapy	1
Tsunami	1

Intressera

Typ

Not Defined	18
Continuous Integration Software	6
Network Camera Software	2
Operating System	2
Virtualization Software	2

Säljare

Not Defined	16
INEX	2
HTC	2
Artica	2
INSMA	2

Produkt

Jenkins	6
Unisoc T610	4
Unisoc T606	4
Unisoc T760	4
OTFCC	4

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	PHP Link Directory Administration Page index.html cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00374	0.56	CVE-2007-0529
2	VMware vSphere Replication privilegier eskalering	6.7	6.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00182	0.05	CVE-2021-21976
3	Oracle MySQL Server InnoDB privilegier eskalering	5.5	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00098	0.00	CVE-2018-3185
4	Jenkins Queue privilegier eskalering	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00054	0.02	CVE-2021-21670
5	NAS4Free exec.php privilegier eskalering	6.3	6.3	$0-$5k	$0-$5k	High	Not Defined	0.54670	0.04	CVE-2013-3631
6	Acer Quick Access QAAdminAgent.exe privilegier eskalering	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00096	0.04	CVE-2019-18670
7	Advanced SystemCare Ultimate Driver Monitor_win7_x64.sys privilegier eskalering	7.2	7.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00042	0.02	CVE-2018-9006
8	PeaZip Library dragdropfilesdll.dll privilegier eskalering	6.1	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2023-6891
9	Microsoft Windows Pragmatic General Multicast Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.01243	0.00	CVE-2023-36397
10	Vmware Spring for GraphQL informationsgivning	3.5	3.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00063	0.00	CVE-2023-34047
11	Jenkins Caption Parameter ExpandableDetailsNote cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00090	0.00	CVE-2023-43495
12	Jenkins Temporary Directory privilegier eskalering	7.1	7.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00055	0.03	CVE-2023-43496
13	Jenkins Stapler Web Framework privilegier eskalering	6.8	6.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00050	0.00	CVE-2023-43497
14	Jenkins MultipartFormDataParser privilegier eskalering	6.8	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00050	0.02	CVE-2023-43498
15	Jenkins Build Variable privilegier eskalering	3.9	3.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.02	CVE-2023-43494
16	SHIRASAGI kataloggenomgång	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00103	0.00	CVE-2023-39448
17	Artica Pandora FMS File Manager .htaccess privilegier eskalering	5.5	5.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00091	0.00	CVE-2021-36697
18	INEX IPX-Manager list.foil.php cross site scripting	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00063	0.00	CVE-2022-4559
19	OTFCC otfccdump+0x6c08a6 minneskorruption	6.0	6.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00065	0.00	CVE-2022-35043
20	Unisoc S8000 Sensor Driver minneskorruption	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00042	0.00	CVE-2022-39126

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Identified	Typ	Förtroende
1	23.21.126.66	ec2-23-21-126-66.compute-1.amazonaws.com	Python	24/07/2021	verified	Medium
2	45.79.77.20	li1176-20.members.linode.com	Python	13/04/2022	verified	Hög
3	54.221.253.252	ec2-54-221-253-252.compute-1.amazonaws.com	Python	24/07/2021	verified	Medium
4	54.225.66.103	ec2-54-225-66-103.compute-1.amazonaws.com	Python	24/07/2021	verified	Medium
5	54.225.220.115	ec2-54-225-220-115.compute-1.amazonaws.com	Python	24/07/2021	verified	Medium
6	XX.XXX.XXX.XX	xxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxx	24/07/2021	verified	Medium
7	XX.XXX.XX.XXX	xxx-xx-xxx-xx-xxx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxx	24/07/2021	verified	Medium
8	XX.XXX.XXX.XX	xxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxx	24/07/2021	verified	Medium
9	XX.XXX.XXX.XXX	xxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxx	24/07/2021	verified	Medium
10	XX.XXX.XXX.XXX	xxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxx	24/07/2021	verified	Medium
11	XX.XXX.XXX.XXX	xxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxx	24/07/2021	verified	Medium
12	XX.XX.XXX.XX	xx.xx	Xxxxxx	13/04/2022	verified	Hög
13	XXX.XX.X.XX		Xxxxxx	13/04/2022	verified	Hög
14	XXX.XXX.XXX.XXX		Xxxxxx	24/07/2021	verified	Hög
15	XXX.XXX.XXX.XXX		Xxxxxx	24/07/2021	verified	Hög
16	XXX.XXX.XXX.XXX		Xxxxxx	24/07/2021	verified	Hög
17	XXX.XXX.XXX.XXX		Xxxxxx	24/07/2021	verified	Hög
18	XXX.XXX.XXX.XXX		Xxxxxx	24/07/2021	verified	Hög
19	XXX.XXX.XXX.XXX		Xxxxxx	24/07/2021	verified	Hög
20	XXX.XXX.XXX.XXX		Xxxxxx	24/07/2021	verified	Hög
21	XXX.XX.XXX.XX		Xxxxxx	31/10/2022	verified	Hög
22	XXX.XXX.XXX.X	xxx.xxxx.xxx	Xxxxxx	31/10/2022	verified	Hög
23	XXX.XXX.XXX.XX	xxx.xxxx.xxx	Xxxxxx	31/10/2022	verified	Hög
24	XXX.XXX.XXX.XX	xxx.xxxx.xxx	Xxxxxx	31/10/2022	verified	Hög
25	XXX.XXX.XXX.XXX	xxx.xxxx.xxx	Xxxxxx	31/10/2022	verified	Hög

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1006	CWE-22	Path Traversal	predictive	Hög
2	T1040	CWE-319	Authentication Bypass by Capture-replay	predictive	Hög
3	T1059	CWE-94	Argument Injection	predictive	Hög
4	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
5	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
6	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
7	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Hög
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Hög
9	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
10	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Hög
11	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
12	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
13	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	.htaccess	predictive	Medium
2	File	/api/v1/bait/set	predictive	Hög
3	File	/release-x64/otfccdump+0x6b0b2c	predictive	Hög
4	File	/xxxxxxx-xxx/xxxxxxxxx+xxxxxxxx	predictive	Hög
5	File	xxxx.xxx	predictive	Medium
6	File	xxxxx.xxxx	predictive	Medium
7	File	xxxxxxxxxxxx.xxx	predictive	Hög
8	File	xxxxxxx.xx	predictive	Medium
9	File	xxxxxxxxx/xxxxx/xxxxxxxx/xxxx.xxxx.xxx	predictive	Hög
10	Library	xxxxxxxxxxxxxxxx.xxx	predictive	Hög
11	Library	xxxxx.xxx	predictive	Medium
12	Library	xxxxxxx_xxxx_xxx.xxx	predictive	Hög
13	Library	xxxxx.xxx	predictive	Medium
14	Argument	xxxx	predictive	Låg
15	Argument	xxxxxxx	predictive	Låg

Referenser (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!