WinRAR Zero-day Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (71)

Tidslinje

Lang

en60
it6
de4
es2

Land

us72

Skådespelare

WinRAR Zero-day4
FIN72
Silence1
XMRIG1
APT281

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined8
Log Management Software6
Content Management System4
Operating System2
E-Commerce Management Software2

Säljare

Not Defined10
WordPress2
Thomas R. Pasawicz2
Ubuntu2
University of Washington2

Produkt

AWStats4
WordPress AdServe2
Thomas R. Pasawicz HyperBook Guestbook2
Nagios XI2
Ubuntu Linux2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.68CVE-2010-0966
2DZCP deV!L`z Clanportal browser.php informationsgivning5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.79CVE-2007-1167
3Devilz Clanportal index.php sql injektion7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.007840.04CVE-2006-3347
4Plupload plupload.flash.swf cross site scripting6.15.9$0-$5k$0-$5kNot DefinedOfficial Fix0.010190.03CVE-2016-4566
5PHP FormMail Generator form.lib.php privilegier eskalering8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.003340.00CVE-2016-9492
6OpenCart password.php förfalskning på begäran över webbplatsen6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001120.00CVE-2018-13067
7Zen Cart record_company.php svag autentisering7.37.3$0-$5k$0-$5kHighNot Defined0.307050.00CVE-2009-2255
8AWStats awstats.pl Path informationsgivning5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001830.16CVE-2018-10245
9AWStats awstats.pl kataloggenomgång5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.004990.04CVE-2020-35176
10University of Washington IMAP Toolkit rsh Command imap4r1.c imap_open privilegier eskalering6.26.1$0-$5k$0-$5kHighOfficial Fix0.968700.06CVE-2018-19518
11Ubuntu Linux overlayfs privilegier eskalering8.47.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000000.00
12OpenWRT radio0.network1 förfalskning på begäran över webbplatsen6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.05CVE-2019-17367
13GNU Mailman Alias kataloggenomgång7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030560.05CVE-2015-2775
14GetSimple CMS index.php Reflected cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002660.00CVE-2017-1000057
15phpPgAds adclick.php okänd sårbarhet5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003170.52CVE-2005-3791
16YaBB yabb.pl cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.012400.04CVE-2004-2402
17Nagios XI Web Interface privilegier eskalering8.88.6$0-$5k$0-$5kHighOfficial Fix0.411240.00CVE-2019-15949
18Craft CMS Upload File privilegier eskalering7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.003270.00CVE-2018-3814
19vu Mass Mailer Login Page redir.asp sql injektion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002380.04CVE-2007-6138
20WordPress AdServe adclick.php sql injektion7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.04CVE-2008-0507

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
131.148.220.53WinRAR Zero-day27/03/2019verifiedHög
247.91.56.21WinRAR Zero-day27/03/2019verifiedHög
3XX.XX.XXX.XXXXxxxxx Xxxx-xxx27/03/2019verifiedHög
4XXX.XXX.XXX.XXXxx-xxxxxxxxxx.xxxXxxxxx Xxxx-xxx27/03/2019verifiedHög
5XXX.XX.XX.XXXxxxxxxxxxxxxxxxx.xxxXxxxxx Xxxx-xxx27/03/2019verifiedHög
6XXX.XXX.XXX.XXxxxxxxxxxxxxxx.xxxxxXxxxxx Xxxx-xxx27/03/2019verifiedHög

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHög
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHög
3TXXXXCAPEC-242CWE-XXXxxxxxxx XxxxxxxxxpredictiveHög
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHög
5TXXXXCAPEC-122CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHög
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/admin/index.phppredictiveHög
2File/upload/catalog/controller/account/password.phppredictiveHög
3Fileadclick.phppredictiveMedium
4Fileadmin/record_company.phppredictiveHög
5Filexxxxxxx.xxpredictiveMedium
6Filex-xxxxxx/xxxxxxx.xpredictiveHög
7Filexxx-xxx/xxxxxxx.xxpredictiveHög
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
9Filexxx/xxxxxx.xxxpredictiveHög
10Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHög
11Filexxxxx.xxxpredictiveMedium
12Filexxxxxxxx.xxxxx.xxxpredictiveHög
13Filexxxxxxx.xxx?xxx=xxxxxxxxpredictiveHög
14Filexxxxx.xxxpredictiveMedium
15Filexxxxxxxx/xxxxxx.xxxxxxxxpredictiveHög
16Filexxxx.xxpredictiveLåg
17Libraryxxxx.xxx.xxxpredictiveMedium
18Argument-xxxxxxxxxxxxxpredictiveHög
19ArgumentxxxxxxxxpredictiveMedium
20ArgumentxxxxxpredictiveLåg
21ArgumentxxxxxxpredictiveLåg
22ArgumentxxxxpredictiveLåg
23Argumentxxxxxxxxx/xxxxxxpredictiveHög
24ArgumentxxpredictiveLåg
25ArgumentxxxxxxxxpredictiveMedium
26Argumentxxxxxx_xxxxxxx_xxxxxpredictiveHög
27ArgumentxxxpredictiveLåg

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Interested in the pricing of exploits?

See the underground prices here!