Strider Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (52)

Lang

en	38
it	6
de	4
es	2
pl	2

Land

it	18
us	8
de	4
es	2
ru	2

Skådespelare

Sauron	3
Strider	3
Mirai	1

Intressera

Typ

Not Defined	20
Content Management System	4
Virtualization Software	2
Operating System	2
Chip Software	2

Säljare

Not Defined	20
Apache	4
VMware	2
Microsoft	2
Qualcomm	2

Produkt

VMware ESXi	2
VMware Workstation	2
VMware Fusion	2
Microsoft Windows	2
socialMPN	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Van Ons WP GDPR Compliance Plugin $wpdb->prepare privilegier eskalering	8.5	8.2	$0-$5k	$0-$5k	High	Official Fix	0.97274	0.00	CVE-2018-19207
2	IBM Cognos Controller Web UI cross site scripting	4.8	4.8	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00050	0.00	CVE-2019-4136
3	lshell privilegier eskalering	8.1	8.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00348	0.01	CVE-2016-6902
4	lshell privilegier eskalering	8.1	8.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00352	0.01	CVE-2016-6903
5	OpenBSD OpenSSH PKCS 11 privilegier eskalering	7.4	7.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02999	0.07	CVE-2023-38408
6	Linux Kernel dr_domain.c dr_domain_init_resources privilegier eskalering	5.5	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00043	0.00	CVE-2023-23006
7	PHPStore Wholesales track.php sql injektion	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00366	0.02	CVE-2008-5493
8	cpCommerce document.php sql injektion	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00064	0.02	CVE-2009-1345
9	e107 CMS secure_img_render.php privilegier eskalering	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02337	0.04	CVE-2004-2041
10	PHPOutsourcing IdeaBox include.php privilegier eskalering	7.3	6.4	$0-$5k	$0-$5k	Unproven	Unavailable	0.17410	0.04	CVE-2008-5199
11	socialMPN article.php sql injektion	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00129	0.05	CVE-2005-2031
12	Coppermine Photo Gallery init.inc.php privilegier eskalering	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.08307	0.05	CVE-2004-1988
13	Pmachine lib.inc.php privilegier eskalering	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02869	0.04	CVE-2003-1086
14	Bitrix24 Web Application Firewall cross site scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00113	0.07	CVE-2020-13483
15	PrestaShop Authentication svag autentisering	8.5	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00231	0.02	CVE-2020-4074
16	Trojan-Spy.Win32.WebCenter.a Service Port 80 web.exe informationsgivning	5.3	4.9	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00000	0.00
17	Oracle Argus Safety Letters informationsgivning	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00054	0.00	CVE-2021-2110
18	VMware ESXi/Workstation/Fusion XHCI USB Controller informationsgivning	4.4	4.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00060	0.00	CVE-2020-3965
19	NVIDIA Windows GPU Display Driver DirectX 11 User Mode Driver x.dll informationsgivning	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.05	CVE-2020-5965
20	Apple iOS/iPadOS WebRTC minneskorruption	6.0	5.8	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00042	0.00	CVE-2019-2050

Kampanjer (1)

These are the campaigns that can be associated with the actor:

ProjectSauron

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Kampanjer	Identified	Typ	Förtroende
1	37.252.125.88		Strider	ProjectSauron	20/12/2020	verified	Hög
2	54.209.129.218	ec2-54-209-129-218.compute-1.amazonaws.com	Strider	ProjectSauron	20/12/2020	verified	Medium
3	66.228.52.133	li294-133.members.linode.com	Strider	ProjectSauron	20/12/2020	verified	Hög
4	XX.X.XXX.XXX	xxxxxxxxxxx.xx.xx	Xxxxxxx	Xxxxxxxxxxxxx	20/12/2020	verified	Hög
5	XX.XXX.XX.XXX		Xxxxxxx	Xxxxxxxxxxxxx	20/12/2020	verified	Hög
6	XXX.XXX.XX.XX		Xxxxxxx	Xxxxxxxxxxxxx	20/12/2020	verified	Hög
7	XXX.X.XXX.XXX	xxxxxx.xxx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxx	Xxxxxxxxxxxxx	20/12/2020	verified	Hög
8	XXX.XX.XX.XXX	xxxxxxx-xx-xx-xxx.xxxxxx.xxxxxxx.xx	Xxxxxxx	Xxxxxxxxxxxxx	20/12/2020	verified	Hög
9	XXX.XXX.XX.XX	xxxxxxx.xxx	Xxxxxxx	Xxxxxxxxxxxxx	20/12/2020	verified	Hög
10	XXX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxxxxxxxx	20/12/2020	verified	Hög
11	XXX.XXX.XXX.XXX	xxxxxxxxxxxxx.xxxxxxxxxx.xxxx	Xxxxxxx	Xxxxxxxxxxxxx	20/12/2020	verified	Hög

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1		CAPEC-10	CWE-20, CWE-73, CWE-119, CWE-125, CWE-252, CWE-253, CWE-287, CWE-400, CWE-404, CWE-416	Unknown Vulnerability	predictive	Hög
2	T1006	CAPEC-127	CWE-425	Path Traversal	predictive	Hög
3	T1055	CAPEC-10	CWE-74, CWE-707	Improper Neutralization of Data within XPath Expressions	predictive	Hög
4	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxxxxx Xxxxxxxxx	predictive	Hög
5	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
7	TXXXX.XXX	CAPEC-191	CWE-XXX, CWE-XXX, CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Hög
8	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
9	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Hög
10	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
11	TXXXX.XXX	CAPEC-38	CWE-XXX, CWE-XXX	Xxxxxxxx Xxxxxx Xxxx	predictive	Hög
12	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
13	TXXXX	CAPEC-112	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Hög

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	.procmailrc	predictive	Medium
2	File	article.php	predictive	Medium
3	File	BC_Logon.swf	predictive	Medium
4	File	C:\Windows\SysWOW64\webcenter\web.exe	predictive	Hög
5	File	xxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/	predictive	Hög
6	File	xxxxxxxx.xxx	predictive	Medium
7	File	xxxxxxx/xxx/xxxxxxxx/xxxxxxxx/xxxx/xxxx/xxxxxxxx/xx_xxxxxx.x	predictive	Hög
8	File	xxxxxxx.xxx	predictive	Medium
9	File	xxxxx.xxx	predictive	Medium
10	File	xxxx.xxx.xxx	predictive	Medium
11	File	xxxxxxx/xxxx.x	predictive	Hög
12	File	xxxxxxx/xxxxxxx/xxx_xxxxxxx.x	predictive	Hög
13	File	xxxxxx_xxx_xxxxxx.xxx	predictive	Hög
14	File	xxxxx.xxx	predictive	Medium
15	File	xx-xxxxxxxx/xxxxxxxxx.xxx	predictive	Hög
16	Library	x:\xxxxxxx\xxxxxxxx\xxxxxxxxxxx\xxxxxxxxxxxxxx\xxxxxxxx.xxx_xxxxx_xxxxxxxxxxxxxxxx\xxxxx\xxxxxxxxxxx.xxx	predictive	Hög
17	Library	xxx/xxxx/xxxxxxxxxxxxxxxxxxx.xxxxx.xxx	predictive	Hög
18	Library	xxxxxxxx/x.xxx	predictive	Hög
19	Library	xx/xxx.xxx.xxx	predictive	Hög
20	Argument	xxxxxxxx_xxxx	predictive	Hög
21	Argument	xxx_x_xxx	predictive	Medium
22	Argument	xxxxxx_xxxxx_xxx	predictive	Hög
23	Argument	xxxxxxxx	predictive	Medium
24	Argument	xx	predictive	Låg
25	Argument	xx_xxxxxxxx	predictive	Medium
26	Argument	xxxxx[xxxxx][xx]	predictive	Hög
27	Argument	xxxx_xxx_xxxx_xxxx	predictive	Hög
28	Argument	xx_xxxx	predictive	Låg
29	Argument	xxx	predictive	Låg
30	Input Value	xxxxxxx	predictive	Låg

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!