Wirte Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (241)

Tidslinje

Lang

en194
fr16
de12
ru8
es6

Land

us170
gb6
cn4
ua4
me2

Skådespelare

Wirte3
RedLine Stealer2
Exchange Marauder1
Miner1
Mirai_ptea1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined86
Operating System16
Content Management System8
Firewall Software6
Word Processing Software6

Säljare

Not Defined62
Microsoft22
Dahua8
TOTOLINK4
F52

Produkt

Microsoft Windows10
vim4
MariaDB4
Dahua IPC-HDW1X2X4
Dahua IPC-HFW1X2X4

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning5.35.2$5k-$25kBeräknandeHighWorkaround0.020160.00CVE-2007-1192
2DataLife Engine addnews.html cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000580.02CVE-2018-14777
3Dahua IP Camera privilegier eskalering7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001010.00CVE-2017-7253
4Microsoft Windows Clipboard User Service Privilege Escalation7.26.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.07CVE-2022-21869
5eSyndicat Directory Software suggest-listing.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.49
6nginx privilegier eskalering6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.36CVE-2020-12440
7jforum User privilegier eskalering5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
8Smart Slider 3 Plugin Imported File privilegier eskalering7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000860.04CVE-2022-3357
9MariaDB privilegier eskalering6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.016620.03CVE-2021-27928
10MariaDB mysql-wsrep wsrep_sst_method privilegier eskalering6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.008580.02CVE-2020-15180
11Yii unserialize privilegier eskalering7.76.7$0-$5k$0-$5kNot DefinedOfficial Fix0.028220.00CVE-2020-15148
12Linux Kernel dfl-afu-region.c afu_mmio_region_get_by_offset minneskorruption6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.04CVE-2023-26242
13AssoCIateD Postman X.509 Certificate Validation svag autentisering5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.002450.03CVE-2018-17215
14WordPress kataloggenomgång5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.003260.05CVE-2023-2745
15ImageMagick privilegier eskalering7.06.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000430.05CVE-2023-34153
16ImageMagick OpenBlob privilegier eskalering8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.003860.03CVE-2023-34152
17Reolink RLC-410W Firmware Update Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.001490.00CVE-2021-40419
18Dahua IPC-HDBW2XXX/IPC-HFW2XXX/ASI7XXXX ONVIF svag autentisering7.87.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001350.01CVE-2022-30563
19Dahua DH-IPC-Hxxxxxxxxx Authentication svag autentisering7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.031480.00CVE-2017-7927
20Dahua IPC-HDW1X2X IP Address informationsgivning5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000840.02CVE-2019-9680

Kampanjer (1)

These are the campaigns that can be associated with the actor:

  • Middle East

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
145.129.96.174free.gmhost.hostingWirteMiddle East22/03/2022verifiedHög
245.129.97.207WirteMiddle East22/03/2022verifiedHög
3XX.XXX.X.XXxxxx.xxxxxx.xxxXxxxxXxxxxx Xxxx22/03/2022verifiedHög
4XX.XXX.XX.XXXxxxxXxxxxx Xxxx22/03/2022verifiedHög
5XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxx.xxxXxxxx21/12/2020verifiedMedium
6XXX.XX.XX.XXXxxxxxx-xxx-xxxxxxxxxx.xxxxxx.xx.xxXxxxx21/12/2020verifiedHög

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1T1006CAPEC-126CWE-22Path TraversalpredictiveHög
2T1040CAPEC-102CWE-294, CWE-319Authentication Bypass by Capture-replaypredictiveHög
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHög
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHög
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHög
9TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHög
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHög
11TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
12TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHög
13TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
14TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
15TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHög
16TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög
17TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHög
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (60)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/addnews.htmlpredictiveHög
2File/admin.php/pic/admin/type/pl_savepredictiveHög
3File/churchcrm/WhyCameEditor.phppredictiveHög
4File/example/editorpredictiveHög
5File/goform/aspFormpredictiveHög
6File/index.php?page=search/rentalspredictiveHög
7File/members/view_member.phppredictiveHög
8File/xxxx/xx/xxxx/xxxxpredictiveHög
9File/xxx_xxxx_xxxxxxx.xxxpredictiveHög
10File/xxxx.xxxpredictiveMedium
11File/xxxxxxxx/xxxxpredictiveHög
12File/xxx/xxx/xxxxxxx/predictiveHög
13Filexxxxx.xxxpredictiveMedium
14Filexxxxx.xxxpredictiveMedium
15Filexxx.xxxpredictiveLåg
16Filexxxxxxx.xpredictiveMedium
17Filexxxx/xxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHög
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
19Filexxxxxxxxx.xxxpredictiveHög
20Filexxxxxxx/xxxx/xxx-xxx-xxxxxx.xpredictiveHög
21Filexxxxxxx/xxx/xxx-xxxx.xpredictiveHög
22Filexxxx-xxxxx-xxxxxxxxx.xxxpredictiveHög
23Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHög
24Filexxx.xxx/xxx.xxxpredictiveHög
25Filexx.xxxpredictiveLåg
26Filexxxxx.xxxpredictiveMedium
27Filexxxxxxxx.xpredictiveMedium
28Filexxxxxxxx/xxxxxx/xxxxxx/_xxxxxxxxxxxx/_xxxxxxxx.xxxpredictiveHög
29Filexxxxxxxx.xpredictiveMedium
30Filexxxxxx.xpredictiveMedium
31Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHög
32Filexxx.xxxxxpredictiveMedium
33Filexxxxxx.xxpredictiveMedium
34Filexxxxxxx-xxxxxxx.xxxpredictiveHög
35Filexxxxx.xpredictiveLåg
36Filexxxxx/xxx_xxxxxx.xpredictiveHög
37Filexxx_xxx.xxxxpredictiveMedium
38Filexxx/xxx/xxxxxxxxxx/xxxx/xxxxx/xxxxxxxx.xxxpredictiveHög
39Filexxxxx-xxxxxx.xxxpredictiveHög
40Libraryxxxxx.xxxpredictiveMedium
41Libraryxxxxx.xxxpredictiveMedium
42ArgumentxxxxxxxxpredictiveMedium
43Argumentxxxxxx_xxxpredictiveMedium
44Argumentxxxxxxx-xxxxpredictiveMedium
45Argumentxxxxxx/xxxxxxxxxxpredictiveHög
46ArgumentxxxxpredictiveLåg
47ArgumentxxxxxpredictiveLåg
48ArgumentxxxxxxxxpredictiveMedium
49Argumentxxxx xxxxpredictiveMedium
50ArgumentxxxxxpredictiveLåg
51ArgumentxxxxxxpredictiveLåg
52ArgumentxxpredictiveLåg
53Argumentxxx_xxxxxxxpredictiveMedium
54Argumentxxxxxxxx_xxxxxx_xxxpredictiveHög
55ArgumentxxxxxxxxpredictiveMedium
56Argumentxxxxxxx/xxxxxpredictiveHög
57ArgumentxxxxxxxxxxxxxxxxxxxpredictiveHög
58ArgumentxxxxxpredictiveLåg
59Input ValuexxxxxxxxpredictiveMedium
60Network Portxxxxx xxx-xxxpredictiveHög

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Interested in the pricing of exploits?

See the underground prices here!