Winter Vivern Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (148)

Lang

en	110
ru	14
ja	4
es	4
pl	4

Land

us	58
ru	18
il	10
es	4
ee	4

Skådespelare

Winter Vivern	7
Mirai	5
RedLine Stealer	4
Cobalt Strike	4
Rhadamanthys	3

Intressera

Typ

Not Defined	56
Content Management System	12
Operating System	10
Smartphone Operating System	8
WordPress Plugin	8

Säljare

Not Defined	46
Microsoft	12
Google	8
Tenda	6
D-Link	4

Produkt

Microsoft Windows	8
Google Android	4
Samsung Smart Phone	4
plupload	2
Google Go	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Vmware Workspace ONE Access/Identity Manager Template privilegier eskalering	9.8	8.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.97436	0.04	CVE-2022-22954
2	nginx privilegier eskalering	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	3.62	CVE-2020-12440
3	binutils Table elf.c _bfd_elf_slurp_version_tables minneskorruption	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00048	0.00	CVE-2023-1972
4	Looknet FineShop index.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.00587	0.00	CVE-2006-3235
5	woocommerce-gutenberg-products-block sql injektion	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.09768	0.00	CVE-2021-32789
6	Microsoft Windows privilegier eskalering	5.7	5.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00083	0.02	CVE-2019-1074
7	BTCPay Server Payment Button Privilege Escalation	6.5	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00166	0.02	CVE-2021-29249
8	BTCPay Server POS Add Products cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00054	0.02	CVE-2021-29250
9	MikroTik RouterOS SMB minneskorruption	8.5	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.88065	0.02	CVE-2018-7445
10	cPanel cpsrvd cross site scripting	5.0	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00330	0.03	CVE-2023-29489
11	Next.js _error.js Redirect	5.0	4.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00062	0.00	CVE-2021-37699
12	OpenBSD OpenSSH PKCS 11 privilegier eskalering	7.4	7.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02999	0.07	CVE-2023-38408
13	Aquifer CMS index.asp cross site scripting	4.3	4.1	$0-$5k	Beräknande	Proof-of-Concept	Not Defined	0.00414	0.00	CVE-2006-0122
14	Netsweeper index.php svag autentisering	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.07788	0.00	CVE-2014-9611
15	Basti2web Book Panel books.php sql injektion	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00064	0.03	CVE-2009-4889
16	SourceCodester Online Clothing Store offer.php cross site scripting	4.8	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00220	0.00	CVE-2020-28139
17	Apache HTTP Server mod_proxy privilegier eskalering	7.4	7.3	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.00739	0.09	CVE-2023-25690
18	Citrix NetScaler ADC/NetScaler Gateway privilegier eskalering	9.8	9.6	$25k-$100k	$5k-$25k	High	Official Fix	0.91186	0.00	CVE-2023-3519
19	FluentForm Plugin sql injektion	4.7	4.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00076	0.02	CVE-2023-24410
20	wkhtmltopdf HTML File kataloggenomgång	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00480	0.04	CVE-2020-21365

Kampanjer (1)

These are the campaigns that can be associated with the actor:

CVE-2023-5631

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Kampanjer	Identified	Typ	Förtroende
1	37.252.5.133		Winter Vivern		22/03/2022	verified	Hög
2	37.252.9.123	gw.r-service.info	Winter Vivern		22/03/2022	verified	Hög
3	38.180.76.31		Winter Vivern	CVE-2023-5631	29/10/2023	verified	Hög
4	XX.XXX.XXX.XXX		Xxxxxx Xxxxxx		20/03/2024	verified	Hög
5	XX.XX.XXX.XXX		Xxxxxx Xxxxxx		20/03/2024	verified	Hög
6	XX.XX.XXX.XXX	xx.xx.xxx.xxx.xxxxxxx.xx	Xxxxxx Xxxxxx		05/04/2023	verified	Hög
7	XXX.XX.XX.XX		Xxxxxx Xxxxxx		05/04/2023	verified	Hög
8	XXX.XX.XXX.XXX	xxxxxxxx.xxxxxxxxxxx.xxx	Xxxxxx Xxxxxx		05/04/2023	verified	Hög
9	XXX.XX.XXX.XXX	xxxxxxxx.xxxxxxxxxxx.xxx	Xxxxxx Xxxxxx		05/04/2023	verified	Hög
10	XXX.XXX.XXX.XX		Xxxxxx Xxxxxx		22/03/2022	verified	Hög
11	XXX.XX.XXX.XX		Xxxxxx Xxxxxx		05/04/2023	verified	Hög

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1006	CAPEC-126	CWE-21, CWE-22	Path Traversal	predictive	Hög
2	T1040	CAPEC-102	CWE-319	Authentication Bypass by Capture-replay	predictive	Hög
3	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Hög
4	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Hög
5	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
7	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
8	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Hög
9	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Hög
10	TXXXX	CAPEC-184	CWE-XXX	Xxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxx	predictive	Hög
11	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
12	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
13	TXXXX.XXX	CAPEC-0	CWE-XXX	Xxxxxxxx Xxxxxx Xxxx	predictive	Hög
14	TXXXX	CAPEC-464	CWE-XXX	Xxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxxxxxxxxx Xx Xx Xxxxxxxxxxxx Xxxxx	predictive	Hög
15	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
16	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (70)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/admin/scripts/pi-hole/phpqueryads.php	predictive	Hög
2	File	/etc/gsissh/sshd_config	predictive	Hög
3	File	/goform/WifiBasicSet	predictive	Hög
4	File	/login/index.php	predictive	Hög
5	File	/out.php	predictive	Medium
6	File	/spip.php	predictive	Medium
7	File	/web/IndexController.java	predictive	Hög
8	File	/youthappam/editcategory.php	predictive	Hög
9	File	admin.php3	predictive	Medium
10	File	xxxxx.xxx?x=xxxxxx&x=xxxxxx&x=xxxxxx	predictive	Hög
11	File	xxxxx/xxx/xxxxxxxxxxxx	predictive	Hög
12	File	xxx/xxxxxxx.x	predictive	Hög
13	File	xxxxxxxxxxxx.xxx	predictive	Hög
14	File	xxx/xxx.x	predictive	Medium
15	File	xxxxxx.x	predictive	Medium
16	File	xxxxx.xxx	predictive	Medium
17	File	xxxxxxx/xxxxx.xxx?x=xxxx_xxxxx	predictive	Hög
18	File	xxxxxx.xxx	predictive	Medium
19	File	xxxxxxxx.x	predictive	Medium
20	File	xxxxxxxx/xxxx_xxxxxxxx.xxx	predictive	Hög
21	File	xxxxxxxxxxxxxx.xxx	predictive	Hög
22	File	xxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxx	predictive	Hög
23	File	xxxxx.xxx	predictive	Medium
24	File	xxxxx.xxx?xxxxxx=xxxxxxxxx_xxxxxxxxx/xxxxx	predictive	Hög
25	File	xxxxxxxxx.x	predictive	Medium
26	File	xxxxxxxx.xxx	predictive	Medium
27	File	xxx/xxxxxxxxx/xxxxx_xxxx.x	predictive	Hög
28	File	xxxx/xxxxx/xxxxxxx/xxxxxxxx.xx	predictive	Hög
29	File	xxxxxxx/xxxxx.xxxx.xxx	predictive	Hög
30	File	xxxxx.xxx	predictive	Medium
31	File	xxxxx/_xxxxx.xx	predictive	Hög
32	File	xxxxxx/xxxxx.xxx	predictive	Hög
33	File	xxxxxxxx/xxxxxxx/xxxxxxx.xxxxxxxxxxxxxxxxxxxxx.xxx	predictive	Hög
34	File	x/xxxxx.xxx	predictive	Medium
35	File	xxxxxx-xxxxxx.xxx	predictive	Hög
36	File	xxxx-xxxxxxxx.xxx	predictive	Hög
37	File	xxxxxx.xxx	predictive	Medium
38	File	xxxx/xxxxxx.xxxx	predictive	Hög
39	File	xxxxx/xxxxx.xxx?xxxxxx=xxxxx	predictive	Hög
40	File	xx/xxxxx/xxxxxxxx/xxxxxxxxxx-xxxx?xxxxxxxxx_xxxxxxxxx_xxxxxx[][xxxxxxxx]	predictive	Hög
41	File	xxxxxxxx/xxxxx/xxxxx.xxx	predictive	Hög
42	File	xxxx.xx	predictive	Låg
43	Argument	$x_xxxxxx[xxxxxxxx]	predictive	Hög
44	Argument	xxxxxx	predictive	Låg
45	Argument	xxxxxx	predictive	Låg
46	Argument	xxxxx	predictive	Låg
47	Argument	xxxxxxxxxxxxxxx	predictive	Hög
48	Argument	xxxxxxxx	predictive	Medium
49	Argument	xxxxxxxxx/xx/xxxxxxxx	predictive	Hög
50	Argument	x_xxx	predictive	Låg
51	Argument	xx	predictive	Låg
52	Argument	xx	predictive	Låg
53	Argument	xx/xxxxx	predictive	Medium
54	Argument	xx_xxxxx	predictive	Medium
55	Argument	xxxxxxx	predictive	Låg
56	Argument	xxx	predictive	Låg
57	Argument	xxxxx xxxxxx	predictive	Medium
58	Argument	xxxx	predictive	Låg
59	Argument	xxxxxxxx	predictive	Medium
60	Argument	xxxxxxxx_xxx	predictive	Medium
61	Argument	xxxxxxxx_xx	predictive	Medium
62	Argument	xxxx/xxxxxx/xxxxxxx/xxxxxxxxxx	predictive	Hög
63	Argument	xxxxxxx[]	predictive	Medium
64	Argument	xxxxx	predictive	Låg
65	Argument	xxxxxxx	predictive	Låg
66	Argument	x-xxxx-xxxxx	predictive	Medium
67	Input Value	.%xx.../.%xx.../	predictive	Hög
68	Input Value	x' xxxxx xxxxx(x) xxx 'xxxx'='xxxx	predictive	Hög
69	Pattern	x\|xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx\|x	predictive	Hög
70	Network Port	xxx/xxxxx	predictive	Medium

Referenser (6)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Do you need the next level of professionalism?

Upgrade your account now!