Socks Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (21)

Lang

de	16
en	6

Land

us	18

Skådespelare

TrickBot	1

Intressera

Typ

Not Defined	16
Software Library	2
Groupware Software	2
Operating System	2

Säljare

Not Defined	4
Intel	4
Horde	2
HashiCorp	2
Blue Prism	2

Produkt

Go SSH Library	2
Horde Groupware Webmail Edition	2
OpenDaylight Plugin	2
HashiCorp Vault	2
HashiCorp Vault Enterprise	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	HashiCorp Vault/Vault Enterprise privilegier eskalering	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00161	0.05	CVE-2022-36129
2	Blue Prism Enterprise privilegier eskalering	4.7	4.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00082	0.00	CVE-2022-36117
3	Devolutions SERVER Password List Entry privilegier eskalering	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00168	0.00	CVE-2021-23921
4	D-Link DIR-816 A2 dir_setWanWifi privilegier eskalering	6.3	6.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00559	0.00	CVE-2021-26810
5	Django django.views.static.serve Redirect	6.2	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00160	0.00	CVE-2017-7234
6	Xen Memory privilegier eskalering	6.9	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00101	0.00	CVE-2017-7228
7	Riverbed RIOS Bootloader privilegier eskalering	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00062	0.00	CVE-2017-7305
8	Riverbed RIOS Single-User Mode cli privilegier eskalering	6.7	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00077	0.00	CVE-2017-7307
9	OpenDaylight Plugin SDN Topology privilegier eskalering	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00338	0.00	CVE-2015-1612
10	OpenDaylight Plugin SDN Topology privilegier eskalering	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00288	0.02	CVE-2015-1611
11	Horde Groupware Webmail Edition Horde_Crypt privilegier eskalering	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.94773	0.03	CVE-2017-7413
12	Go SSH Library Host Key Remote Code Execution	7.7	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00237	0.03	CVE-2017-3204
13	Linux Kernel Filesystem policy.c fscrypt_process_policy privilegier eskalering	5.4	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00181	0.00	CVE-2016-10318
14	Intel Advanced Threat Defense Malware Detection privilegier eskalering	6.4	6.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00061	0.00	CVE-2015-8986
15	McAfee Advanced Threat Defense Malware Detection svag autentisering	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00117	0.00	CVE-2016-3983
16	McAfee Vulnerability Manager Enterprise Manager förfalskning på begäran över webbplatsen	8.8	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00086	0.00	CVE-2016-2199
17	Intel McAfee Vulnerability Manager Enterprise Manager Password svag kryptering	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00070	0.00	CVE-2015-8989
18	Intel McAfee Email Gateway File Extension Filter privilegier eskalering	6.9	6.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00054	0.00	CVE-2016-8005
19	Intel McAfee Host Intrusion Prevention Services Registry Key privilegier eskalering	5.7	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2016-8007
20	Intel Advanced Threat Defense ATD Detection privilegier eskalering	7.4	7.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00096	0.00	CVE-2015-8990

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Identified	Typ	Förtroende
1	23.20.239.12	ec2-23-20-239-12.compute-1.amazonaws.com	Socks	05/05/2022	verified	Medium
2	XXX.XX.XXX.XXX	x-xxxx.x-xxxxxx.xxx	Xxxxx	05/05/2022	verified	Hög
3	XXX.XXX.XX.XXX	xxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxx	Xxxxx	29/04/2022	verified	Hög

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1068	CAPEC-19	CWE-264, CWE-284	Execution with Unnecessary Privileges	predictive	Hög
2	T1202	CAPEC-136	CWE-77	Command Shell in Externally Accessible Directory	predictive	Hög
3	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Hög
4	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Hög
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Hög
7	TXXXX.XXX	CAPEC-	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Hög

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/goform/dir_setWanWifi	predictive	Hög
2	File	/xxx/xxx/xxx/xxx	predictive	Hög
3	File	xx/xxxxxx/xxxxxx.x	predictive	Hög
4	Argument	xxxxxxxxxxxxxxxxxxxx	predictive	Hög

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Do you know our Splunk app?

Download it now for free!