Sality Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (40)

Lang

en	32
de	2
ru	2
pl	2
es	2

Land

us	16
ru	8
pt	4
es	2

Skådespelare

Sality	2
SmokeLoader	1
StealthWorker	1
Cobalt Strike	1
RisePro	1

Intressera

Typ

Not Defined	10
Document Reader Software	6
Smartphone Operating System	2
Operating System	2
WordPress Plugin	2

Säljare

Not Defined	8
Adobe	6
Microsoft	4
Google	2
Iptanus	2

Produkt

Adobe Acrobat Reader	6
Google Android	2
Microsoft Windows	2
Iptanus File Upload Plugin	2
W3C Jigsaw	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	WordPress wp-trackback.php mb_convert_encoding svag kryptering	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03358	0.04	CVE-2009-3622
2	Dragon Path Bharti Airtel Routers Hardware BDT-121 Admin Page cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00053	0.08	CVE-2022-28507
3	YaPiG view.php cross site scripting	4.3	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01368	0.00	CVE-2005-1886
4	WordPress wp-register.php cross site scripting	4.3	4.2	$5k-$25k	$0-$5k	High	Unavailable	0.00322	0.00	CVE-2007-5105
5	MetInfo URL Redirector login.php	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00107	0.00	CVE-2017-11718
6	phpRaid register.php privilegier eskalering	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.02
7	vu Mass Mailer Login Page redir.asp sql injektion	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00181	0.25	CVE-2007-6138
8	DZCP deV!L`z Clanportal config.php privilegier eskalering	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.89	CVE-2010-0966
9	Symantec Endpoint Protection Manager SAP XML Parser XML External Entity	7.3	6.6	$5k-$25k	$0-$5k	High	Official Fix	0.83177	0.00	CVE-2013-5014
10	Mozilla Firefox/Thunderbird/Firefox ESR NPAPI Plugin förfalskning på begäran över webbplatsen	6.5	6.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00419	0.00	CVE-2019-11712
11	Linux Kernel oom_kill.c __oom_reap_task_mm minneskorruption	4.7	4.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00062	0.03	CVE-2017-18202
12	Node.js HTTP Header förnekande av tjänsten	6.4	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02355	0.00	CVE-2018-12121
13	TestLink Plugin summary.jelly cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00053	0.00	CVE-2018-1000113
14	Microsoft Windows Windows Media Player informationsgivning	2.5	2.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00184	0.02	CVE-2017-11768
15	W3C Jigsaw Host Header cross site scripting	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01034	0.02	CVE-2002-1053
16	Microsoft Windows Subsystem for Linux privilegier eskalering	6.4	5.8	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00213	0.00	CVE-2018-0743
17	Microsoft Windows DirectX informationsgivning	5.1	4.9	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00043	0.00	CVE-2019-0837
18	WordPress wpdb->prepare sql injektion	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00389	0.04	CVE-2017-16510
19	Microsoft Lync/Skype for Business Security Feature privilegier eskalering	7.0	6.7	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00284	0.03	CVE-2018-8238
20	Iptanus File Upload Plugin Shortcode cross site scripting	6.0	5.4	$0-$5k	Beräknande	Proof-of-Concept	Official Fix	0.00185	0.00	CVE-2018-9172

IOC - Indicator of Compromise (31)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Identified	Typ	Förtroende
1	5.101.0.44		Sality	12/04/2022	verified	Hög
2	20.53.203.50		Sality	01/08/2022	verified	Hög
3	20.72.235.82		Sality	01/08/2022	verified	Hög
4	20.81.111.85		Sality	01/08/2022	verified	Hög
5	20.84.181.62		Sality	01/08/2022	verified	Hög
6	20.103.85.33		Sality	01/08/2022	verified	Hög
7	20.109.209.108		Sality	01/08/2022	verified	Hög
8	XX.XXX.XX.XXX	xxx-xxx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxxxxx	01/08/2022	verified	Hög
9	XX.XXX.XX.XXX	xxx-xxx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxxxxx	01/08/2022	verified	Hög
10	XX.XXX.XXX.XX		Xxxxxx	08/04/2022	verified	Hög
11	XX.XX.XXX.XXX	xxxxxxxxxxx.xxxxxxx-xxxx.xxx.xxx	Xxxxxx	12/04/2022	verified	Hög
12	XX.XX.X.XX	xxxxxxx.x.xxxxxxxxx.xxx	Xxxxxx	12/04/2022	verified	Hög
13	XX.XXX.XXX.XX		Xxxxxx	08/04/2022	verified	Hög
14	XX.XX.XXX.XXX	xxxxxxxxx.xxxxxxxxxxx.xxx	Xxxxxx	08/04/2022	verified	Hög
15	XX.XXX.XXX.XXX		Xxxxxx	12/04/2022	verified	Hög
16	XX.XXX.XX.XXX	xx-xxx-xx-xxx-xxxxxx.xxxxxxx.xxx	Xxxxxx	29/10/2023	verified	Hög
17	XX.XXX.XXX.XX	xx-xxxxx.xx.xxxxxxxxxxxxx.xx	Xxxxxx	12/04/2022	verified	Hög
18	XX.XX.XXX.XXX	xx-xx-xxx-xxx.xxxxx.xxx.xx	Xxxxxx	12/04/2022	verified	Hög
19	XXX.XX.XX.XX	xxxxxxxxxxx.x.xxxxxxxxx.xxx	Xxxxxx	12/04/2022	verified	Hög
20	XXX.XXX.XXX.XXX	xx-xxx-xxx.xxxxx.xxx	Xxxxxx	12/04/2022	verified	Hög
21	XXX.XXX.XX.XXX	xx-xxx-xxx-xx-xxx.xx.xxxxxxxxxxxx.xxx	Xxxxxx	12/04/2022	verified	Hög
22	XXX.X.XXX.XXX		Xxxxxx	12/04/2022	verified	Hög
23	XXX.XXX.XX.XX	x.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxxxx	12/04/2022	verified	Hög
24	XXX.XX.XXX.X	xx-xxxxx.xxx.xx.xx	Xxxxxx	12/04/2022	verified	Hög
25	XXX.XX.XX.XXX		Xxxxxx	08/04/2022	verified	Hög
26	XXX.XX.XXX.XXX		Xxxxxx	08/04/2022	verified	Hög
27	XXX.XX.XXX.XXX		Xxxxxx	08/04/2022	verified	Hög
28	XXX.XXX.XX.XXX	xxxx-x.xxxxxxxxxxxx	Xxxxxx	08/04/2022	verified	Hög
29	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx.xxxxxx.xxxx-xxxx.xxx	Xxxxxx	08/04/2022	verified	Hög
30	XXX.XX.XX.XX	xxxx.xxxxxxx.xx	Xxxxxx	08/04/2022	verified	Hög
31	XXX.XX.XX.XXX	xxx.xxxxxxx.xx	Xxxxxx	12/04/2022	verified	Hög

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1059	CWE-94	Argument Injection	predictive	Hög
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Hög
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
4	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Hög
5	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Hög
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
8	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Hög

IOA - Indicator of Attack (35)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/getcfg.php	predictive	Medium
2	File	/settings/avatar	predictive	Hög
3	File	bin/icinga	predictive	Medium
4	File	inc/config.php	predictive	Hög
5	File	index.php	predictive	Medium
6	File	xxxxxx/xxxxx.xxx	predictive	Hög
7	File	xxxxxx.xx	predictive	Medium
8	File	xx/xxx_xxxx.x	predictive	Hög
9	File	xxx.xxx	predictive	Låg
10	File	xxxxx.xxx	predictive	Medium
11	File	xxxxxxxx.xxx	predictive	Medium
12	File	xxxxxxxxxxxxxxxxxxx/xxxxxxx.xxxxx	predictive	Hög
13	File	xxxxxxxxx.xx	predictive	Medium
14	File	xxxx/xxxxxxxxxxxx.x	predictive	Hög
15	File	xxxx.xxx	predictive	Medium
16	File	xx-xxxxxxxx.xxx	predictive	Hög
17	File	xx-xxxxxxxxx.xxx	predictive	Hög
18	Argument	xxxxxxxx	predictive	Medium
19	Argument	xxxxxxxxx	predictive	Medium
20	Argument	xxxxxxx	predictive	Låg
21	Argument	xxxxxxxxxxx	predictive	Medium
22	Argument	xxxxx	predictive	Låg
23	Argument	xx	predictive	Låg
24	Argument	xxxxxx	predictive	Låg
25	Argument	xxxxxxxx	predictive	Medium
26	Argument	xxxx	predictive	Låg
27	Argument	xxxxxxx_xxx	predictive	Medium
28	Argument	xxxxxxxx	predictive	Medium
29	Argument	xxxxxxxxxxxxx	predictive	Hög
30	Argument	xxxx_xxxxx	predictive	Medium
31	Argument	_xxxxxxx	predictive	Medium
32	Input Value	xxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxx	predictive	Hög
33	Pattern	\|xx\|xx\|xx\|	predictive	Medium
34	Network Port	xxx/xxxx (xxxx) / xxx/xxxx (xxxxx)	predictive	Hög
35	Network Port	xxx xxxxxx xxxx	predictive	Hög

Referenser (6)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Do you need the next level of professionalism?

Upgrade your account now!