TA577 Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (166)

Tidslinje

Lang

en144
fr16
es4
pl2

Land

us94
nl20
fr16
co10
tr8

Skådespelare

TA5775
Cobalt Strike2
Bumblebee1
Ave Maria1
IcedID1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined48
WordPress Plugin12
Content Management System10
Forum Software4
Web Server4

Säljare

Not Defined46
Microsoft8
Apache6
SourceCodester4
SAP2

Produkt

Microsoft IIS4
PHPWind4
MobilePublisherPHP2
MercuryBoard2
SAP Production Planning2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1phpPgAds adclick.php okänd sårbarhet5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003170.46CVE-2005-3791
2PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.12CVE-2015-4134
3OpenX adclick.php Redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.004400.15CVE-2014-2230
4Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning5.35.2$5k-$25kBeräknandeHighWorkaround0.020160.00CVE-2007-1192
5PHPWind goto.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002540.04CVE-2015-4135
6E-topbiz Viral DX 1 adclick.php sql injektion7.37.3$0-$5k$0-$5kHighUnavailable0.000870.05CVE-2008-2867
7Cisco Linksys Router tmUnblock.cgi privilegier eskalering9.89.2$25k-$100k$0-$5kHighWorkaround0.000000.00
8Boa Terminal privilegier eskalering5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.023950.05CVE-2009-4496
9Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.04CVE-2017-0055
10ActionApps tv_email.php3 privilegier eskalering6.56.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.219560.07CVE-2006-2686
11vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001060.05CVE-2018-6200
12vu Mass Mailer Login Page redir.asp sql injektion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002380.04CVE-2007-6138
13Spidersales viewCart.asp sql injektion9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002190.03CVE-2004-0348
14Microsoft IIS File Name Tilde privilegier eskalering6.55.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.968170.04CVE-2005-4360
15XenForo privilegier eskalering8.67.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.04
16Qamar Sheeraz & Nasir Ahmad Mega Addons for Elementor Plugin privilegier eskalering5.45.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-32515
17Microsoft Outlook Remote Code Execution7.46.8$5k-$25k$0-$5kUnprovenOfficial Fix0.000790.00CVE-2024-21378
18NopCommerce Redirect6.26.1$0-$5k$0-$5kNot DefinedNot Defined0.000910.09CVE-2022-26954
19ZhongBangKeJi CRMEB openfile informationsgivning3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-1703
20keerti1924 PHP-MYSQL-User-Login-System signup.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-1700

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
186.250.12.217lfbn-tou-1-665-217.w86-250.abo.wanadoo.frTA57731/05/2023verifiedHög
292.154.17.149laubervilliers-656-1-150-149.w92-154.abo.wanadoo.frTA57731/05/2023verifiedHög
3XXX.XX.XXX.XXXxxxx01/02/2024verifiedHög
4XXX.XXX.XX.XXXxxx-xxx-xxx-xx-xxx.xxxxx.xxx.xx.xxxXxxxx31/05/2023verifiedHög
5XXX.XXX.XXX.XXXxxxx01/02/2024verifiedHög
6XXX.XXX.XX.XXXxxx.xxxxxxxx.xxxXxxxx01/02/2024verifiedHög
7XXX.XXX.XXX.XXXxxxxxx-xxx-xxx-xxx-xxx.xxxxxx.xxx.xxx.xxXxxxx31/05/2023verifiedHög

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1T1006CAPEC-126CWE-22, CWE-36Path TraversalpredictiveHög
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHög
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHög
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHög
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
7TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHög
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHög
10TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHög
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHög
12TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
14TXXXXCAPEC-20CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (89)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/Account/login.phppredictiveHög
2File/adminapi/system/file/openfilepredictiveHög
3File/b2b-supermarket/shopping-cartpredictiveHög
4File/listplace/user/ticket/createpredictiveHög
5File/modules/profile/index.phppredictiveHög
6File/nova/bin/dot1xpredictiveHög
7File/services/config/config.xmlpredictiveHög
8File/signup.phppredictiveMedium
9File/uncpath/predictiveMedium
10File?r=recruit/interview/export&interviews=xpredictiveHög
11Fileadclick.phppredictiveMedium
12Filexxxxx.xxxpredictiveMedium
13Filexxxxx/xxxxxx_xxxxxx_xxxxxxx/xxxxx-xxx-xxxxx.xxxpredictiveHög
14Filexxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxxx.xxxpredictiveHög
15Filexxxxxxx.xxpredictiveMedium
16Filexxxxx.xxxpredictiveMedium
17Filexxx_xxxxxxxxx.xxxpredictiveHög
18Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHög
19Filexxx-xxx/xxxxxxpredictiveHög
20Filexxxxxx\xxx.xpredictiveMedium
21Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
22Filexxxx.xxxpredictiveMedium
23Filexxxxxx-xxxxxxxx.xxxpredictiveHög
24Filexxxxxxx/xx/xxxxxxxx/xxxxxx/xxxxxx.xxxpredictiveHög
25Filexxxx.xxxpredictiveMedium
26Filexxxxxx.xxxpredictiveMedium
27Filexxxxxxxxxxxxx.xxxpredictiveHög
28Filexxxx_xxxx.xpredictiveMedium
29Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictiveHög
30Filexxxxx.xxxxpredictiveMedium
31Filexxxxx.xxxpredictiveMedium
32Filexxxxx.xxpredictiveMedium
33Filexxxxxxxx.xxpredictiveMedium
34Filexxxxx.xxxpredictiveMedium
35Filexxxxxxxxxx.xxxpredictiveHög
36Filexxxxxxxxxxxx.xxxpredictiveHög
37Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHög
38Filexxxxxx-xxxxxxx-xxxx.xxxpredictiveHög
39Filexxxxx/xxxxxxxx.xxxpredictiveHög
40Filexxxxxxxxx.xxxpredictiveHög
41Filexx_xxxxx.xxxxpredictiveHög
42Filexx/xxxxxx/xxxxxxx/xxx.xxpredictiveHög
43Filexxxx-xxxxxxxx.xxxpredictiveHög
44Filexxxxxxxx.xxxpredictiveMedium
45Filexx-xxxxx/xxxx.xxxpredictiveHög
46Filexx-xxxxxxxxxxx.xxxpredictiveHög
47Filexx-xxxxx-xxxxx-xxxxxxxx.xxxpredictiveHög
48Filexxxx.xxpredictiveLåg
49Argument$_xxxxxxpredictiveMedium
50ArgumentxxxxxxxpredictiveLåg
51ArgumentxxxpredictiveLåg
52ArgumentxxxxxxxxpredictiveMedium
53ArgumentxxxxxpredictiveLåg
54ArgumentxxxxxxpredictiveLåg
55Argumentxxx_xxpredictiveLåg
56ArgumentxxxpredictiveLåg
57ArgumentxxxxxxpredictiveLåg
58ArgumentxxxxxxxpredictiveLåg
59Argumentxxxxxxxxxxx_xxx_xxxxpredictiveHög
60ArgumentxxxxpredictiveLåg
61Argumentxxxxxxxx[xxxxxxx_xx]predictiveHög
62Argumentxxxxx xxxx/xxxx xxxxpredictiveHög
63Argumentxxxx xxxxpredictiveMedium
64Argumentxxxxxxx[xx_xxx_xxxx]predictiveHög
65ArgumentxxxxxxxxxxpredictiveMedium
66ArgumentxxxxxpredictiveLåg
67ArgumentxxxxxxxpredictiveLåg
68ArgumentxxxxxxxxpredictiveMedium
69Argumentxxxxxx_xxpredictiveMedium
70ArgumentxxxxxxxxxpredictiveMedium
71ArgumentxxxxxxxxpredictiveMedium
72ArgumentxxxxxpredictiveLåg
73Argumentxxxx_xxpredictiveLåg
74ArgumentxxxxxxxxxxxpredictiveMedium
75ArgumentxxxpredictiveLåg
76ArgumentxxxxpredictiveLåg
77ArgumentxxxxxxpredictiveLåg
78ArgumentxxxxxxxxpredictiveMedium
79Argumentxxxx->xxxxxxxpredictiveHög
80Argumentx-xxxxxxxxx-xxx/xxxxxx-xxpredictiveHög
81Argumentxx-xxxxxx_xxxxpredictiveHög
82Argument_xxxxxxpredictiveLåg
83Input Value%xxpredictiveLåg
84Input Value.xxxpredictiveLåg
85Input Value::$xxxxx_xxxxxxxxxxpredictiveHög
86Input Value<xxxxxx>xxxxx("xxx")</xxxxxx>predictiveHög
87Network Portxxxx/xxxxxpredictiveMedium
88Network Portxxx/xxxxpredictiveMedium
89Network Portxxx xxxxxx xxxxpredictiveHög

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you know our Splunk app?

Download it now for free!