Space Pirates Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (244)

Tidslinje

Lang

en174
zh54
es6
ja4
jp2

Land

cn142
us92
zw2
jp2

Skådespelare

Space Pirates11
Cobalt Strike5
pupy1
PlugX1
lightSpy1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined84
Content Management System12
Firewall Software12
Router Operating System6
Operating System6

Säljare

Not Defined86
Fortinet12
Apache6
Tencent4
Microsoft4

Produkt

Fortinet FortiOS10
WordPress6
KeyCloak4
PHP4
ProFTPD4

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning5.35.2$5k-$25kBeräknandeHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.97CVE-2010-0966
3PHP phpinfo cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.089850.04CVE-2006-0996
4WordPress URL Validator Redirect6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.005090.03CVE-2018-10101
5WordPress get_the_generator cross site scripting5.25.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.004510.00CVE-2018-10102
6PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.04CVE-2007-1287
7Grafana Dashboard privilegier eskalering6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.05CVE-2023-2801
8Google Chrome V8 Remote Code Execution6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.243800.02CVE-2020-16040
9WordPress Login Page Redirect6.26.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.007310.04CVE-2018-10100
10SquirrelMail compose.php Serialized privilegier eskalering9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.004560.02CVE-2020-14932
11GNU Screen socket.c ReceiveMsg privilegier eskalering4.94.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000620.02CVE-2023-24626
12SmarterTools SmarterStats Remote Code Execution9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.007770.03CVE-2011-2159
13Git Plugin Build privilegier eskalering6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.011560.09CVE-2022-36883
14MinDoc ZIP File privilegier eskalering5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000840.00CVE-2022-29637
15MinDoc attach_#.jpg privilegier eskalering7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000560.00CVE-2018-19114
16Wondershare Filmora NativePushService privilegier eskalering6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000520.01CVE-2023-31747
17Apache RocketMQ Broker kataloggenomgång6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000580.04CVE-2019-17572
18Nfec.de RechnungsZentrale authent.php4 sql injektion5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.015130.03CVE-2006-1954
19Synacor Zimbra Collaboration Suite WebEx Zimlet privilegier eskalering8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.706480.00CVE-2020-7796
20Basti2web Book Panel books.php sql injektion7.37.0$0-$5k$0-$5kHighOfficial Fix0.000640.05CVE-2009-4889

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
145.76.145.2245.76.145.22.vultrusercontent.comSpace Pirates28/07/2022verifiedHög
245.77.16.9145.77.16.91.vultrusercontent.comSpace Pirates28/07/2022verifiedHög
347.108.89.169Space Pirates28/07/2022verifiedHög
4103.27.109.234Space Pirates28/07/2022verifiedHög
5XXX.XXX.XXX.XXXXxxxx Xxxxxxx28/07/2022verifiedHög
6XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxx Xxxxxxx28/07/2022verifiedHög
7XXX.XX.XXX.XXXXxxxx Xxxxxxx28/07/2022verifiedHög
8XXX.XX.XXX.XXXXxxxx Xxxxxxx28/07/2022verifiedHög
9XXX.X.XXX.XXXxxxx Xxxxxxx28/07/2022verifiedHög
10XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxx Xxxxxxx28/07/2022verifiedHög
11XXX.XX.XX.XXXXxxxx Xxxxxxx28/07/2022verifiedHög
12XXX.XXX.XXX.XXXXxxxx Xxxxxxx28/07/2022verifiedHög
13XXX.XXX.XX.XXXXxxxx Xxxxxxx28/07/2022verifiedHög
14XXX.XXX.XXX.XXXXxxxx Xxxxxxx28/07/2022verifiedHög
15XXX.XXX.XXX.XXXXxxxx Xxxxxxx28/07/2022verifiedHög
16XXX.XXX.XXX.XXXXxxxx Xxxxxxx19/02/2024verifiedHög
17XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxx Xxxxxxx28/07/2022verifiedHög
18XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxx Xxxxxxx28/07/2022verifiedHög

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHög
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHög
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHög
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHög
5TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
6TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHög
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHög
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHög
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHög
12TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
13TXXXXCAPEC-CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
14TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHög
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
16TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
17TXXXXCAPEC-68CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (88)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/controller/Index.phppredictiveHög
2File/GetCSSashx/?CP=%2fwebconfigpredictiveHög
3File/includes/rrdtool.inc.phppredictiveHög
4File/login.phppredictiveMedium
5File/robots.txtpredictiveMedium
6File/rompredictiveLåg
7File/srv/www/htdocspredictiveHög
8Fileaa/../../uploads/blog/201811/attach_#.jpgpredictiveHög
9Fileabook_database.phppredictiveHög
10Fileadmin/killsourcepredictiveHög
11Filexxx_xxxxxx.xxxpredictiveHög
12Filexxxxxxxxxxx.xxxpredictiveHög
13Filexxxxxxx.xxxxpredictiveMedium
14Filexxx/xxx.xpredictiveMedium
15Filexxxxx.xxxpredictiveMedium
16Filexxxxxxxx.xxxpredictiveMedium
17Filexxxxxxxx/xxxxxxxxxx.xxxxpredictiveHög
18Filexxxxxxx.xxxpredictiveMedium
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
20Filexxxxxxxxx.xxxpredictiveHög
21Filexxxxxxx/xxxxxxxx.xxxpredictiveHög
22Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHög
23Filexxxx.xxxpredictiveMedium
24Filexxxxxxxxxxx.xxxpredictiveHög
25Filexxx/xxxxxx.xxxpredictiveHög
26Filexxxxxxx/xxx_xxxxx_xxxxxx.xxxpredictiveHög
27Filexxxxx.xxxpredictiveMedium
28Filexxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHög
29Filexxxx_xxxx.xxxpredictiveHög
30Filexxxxxx.xpredictiveMedium
31Filexxxx_xxxxxx.xxxpredictiveHög
32Filexxxxxxxxxxxx.xxxpredictiveHög
33Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHög
34Filexxxxxxxxxx.xxxpredictiveHög
35Filexxxxxxxx_xxxx.xxxpredictiveHög
36Filexxxxxxx.xpredictiveMedium
37Filexxxxxx.xxxpredictiveMedium
38Filexxxx.xxxpredictiveMedium
39Filexxxxxx/xxxxxx.xxxxx.xxxpredictiveHög
40Filexxxxxx.xpredictiveMedium
41Filexxx/xxxxxxxx.xpredictiveHög
42Filexxxxxxx_xxxxx.xxxpredictiveHög
43Filexxxxxxx.xxxpredictiveMedium
44Filexxx_xxxxxx.xxxpredictiveHög
45Filexxxx.xxxpredictiveMedium
46Filexxxxxx.xxxpredictiveMedium
47Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxx_xxxxxxxx_xxxxxxx&xxx=xxxxxxxx_xxxxxpredictiveHög
48Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHög
49Filexx-xxxxxxxx/xxxx.xxxpredictiveHög
50Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHög
51Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHög
52Filexx-xxxxx.xxxpredictiveMedium
53Filexx-xxxxxxxx.xxxpredictiveHög
54Filexxx/xxxx.xxxpredictiveMedium
55Filexx_xxxxx/xxxxxx/xxxxxxxxx/xxxxxx_xxxx.xxxpredictiveHög
56Libraryxxxxxxxxxx/xxxxx_xxx.xpredictiveHög
57Argumentxxx_xxpredictiveLåg
58ArgumentxxxxxxxxxxxpredictiveMedium
59ArgumentxxxxxxxxpredictiveMedium
60ArgumentxxxxxxxxpredictiveMedium
61ArgumentxxxxxxpredictiveLåg
62ArgumentxxxpredictiveLåg
63ArgumentxxxxxxxxxxpredictiveMedium
64ArgumentxxxpredictiveLåg
65Argumentxxxx_xxpredictiveLåg
66ArgumentxxxxxxpredictiveLåg
67ArgumentxxxxxxxxpredictiveMedium
68ArgumentxxpredictiveLåg
69ArgumentxxpredictiveLåg
70ArgumentxxxxpredictiveLåg
71ArgumentxxxxxxxxxxpredictiveMedium
72ArgumentxxxpredictiveLåg
73ArgumentxxxxxpredictiveLåg
74ArgumentxxxxxpredictiveLåg
75ArgumentxxxxxxxxpredictiveMedium
76Argumentxxxxxxx xxxxxpredictiveHög
77Argumentxxx_xxpredictiveLåg
78Argumentxxx_xxxxxpredictiveMedium
79ArgumentxxxpredictiveLåg
80ArgumentxxxpredictiveLåg
81ArgumentxxxxpredictiveLåg
82Argumentxxxx_xxxxxpredictiveMedium
83Argument\xxx\predictiveLåg
84Argument_xxxxxpredictiveLåg
85Argument_xxxxxx_xxxxxxx_xxxxpredictiveHög
86Input Value..predictiveLåg
87Input Value/xxxx.xxxpredictiveMedium
88Network Portxxx/xxxxxpredictiveMedium

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you need the next level of professionalism?

Upgrade your account now!