00536d 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

语言

en	12
zh	6
de	2
it	2

国家/地区

ca	8
us	8
cn	6

演员

00536d	3

利益

类型

Not Defined	6
Programming Language Software	4
Image Processing Software	2
Web Server	2
Network Camera Software	2

供应商

Not Defined	8
IBM	2
AXIS	2
PhotoPost	2
Active	2

产品

eG Manager	2
ImageMagick	2
IBM HTTP Server	2
AXIS 2110 Network Camera	2
PhotoPost PHP Pro	2

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	EPSS	CTI	CVE
1	Checkmk UI 拒绝服务	2.7	2.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.03	CVE-2023-23549
2	Softing smartLink SW-HT 弱加密	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00087	0.00	CVE-2022-48193
3	PHP Date Extension parse_date.c php_parse_date 信息公开	6.4	6.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00777	0.00	CVE-2017-16642
4	ImageMagick png.c ReadOnePNGImage 内存损坏	5.4	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00060	0.00	CVE-2017-11539
5	PhotoPost PHP Pro showproduct.php SQL注入	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00276	0.04	CVE-2004-0250
6	Comments comments.php SQL注入	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.00
7	Black Tie Project Category ID categorie.php3 Path 信息公开	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00342	0.02	CVE-2002-0446
8	Dynacolor FCM-MB40 跨网站请求伪造	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00112	0.00	CVE-2019-13401
9	eG Manager 弱身份验证	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00659	0.04	CVE-2020-8591
10	NexusPHP modtask.php SQL注入	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00184	0.00	CVE-2017-12909
11	Active Auction House ItemInfo.asp SQL注入	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00685	0.00	CVE-2005-1029
12	WP Fastest Cache Plugin wpFastestCache.php rm_folder_recursively 权限升级	5.6	5.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02224	0.00	CVE-2019-6726
13	AXIS 2110 Network Camera editcgi.cgi 目录遍历	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01492	0.02	CVE-2004-2426
14	Oracle Fusion Middleware WebLogic Server 权限升级	9.0	9.0	$5k-$25k	$0-$5k	High	Not Defined	0.97573	0.02	CVE-2019-2725
15	Netgear D6300B Credential Storage nvram 弱加密	5.4	4.6	$5k-$25k	$0-$5k	Proof-of-Concept	Workaround	0.00000	0.00
16	Biscom Secure File Transfer AngularJS 权限升级	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00057	0.00	CVE-2017-5246
17	IBM HTTP Server 内存损坏	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00359	0.03	CVE-2015-4947
18	jQuery UI dialog 跨网站脚本	5.2	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00469	0.07	CVE-2016-7103
19	Citrix XenApp XML Service Interface 内存损坏	9.9	8.6	$25k-$100k	$0-$5k	Unproven	Official Fix	0.04580	0.03	CVE-2012-5161
20	Microsoft IIS 权限升级	9.9	9.9	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.08875	0.04	CVE-2010-1256

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	Identified	类型	可信度
1	8.208.9.98		00536d	2022-04-12	verified	高
2	54.39.74.124		00536d	2022-04-12	verified	高
3	XX.XXX.XX.XXX		Xxxxxx	2022-04-12	verified	高
4	XX.XXX.XXX.XX		Xxxxxx	2022-04-12	verified	高
5	XXX.XXX.X.XXX	xxx.xxxx-xxxxxx.xxx	Xxxxxx	2022-04-12	verified	高
6	XXX.XX.XXX.XXX	x-xxxx.x-xxxxxx.xxx	Xxxxxx	2022-04-12	verified	高

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	漏洞	访问向量	类型	可信度
1	T1006	CWE-22	Path Traversal	predictive	高
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	高
3	TXXXX	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	高
4	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
5	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
7	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
9	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	/data/nvram	predictive	中
2	File	categorie.php3	predictive	高
3	File	cgi-bin/	predictive	中
4	File	xxxxxx/xxx.x	predictive	中
5	File	xxx.xxxxxxx.xxxxxxxxxxxxxx?xxxxx=xxxxx&xxxxx=&xxxxxxxxx=xxxxxxxxx	predictive	高
6	File	xxxxxxxx.xxx	predictive	中
7	File	xxxxxxx.xxx	predictive	中
8	File	xxx/xxxx/xxx/xxxxx_xxxx.x	predictive	高
9	File	xxxxxxxx.xxx	predictive	中
10	File	xxxxxxx.xxx	predictive	中
11	File	xxxxxxxxxxx.xxx	predictive	高
12	File	xxxxxxxxxxxxxx.xxx	predictive	高
13	Argument	xxx	predictive	低
14	Argument	xxx	predictive	低
15	Argument	xxxxxxxxx	predictive	中
16	Argument	xxxxxxx xxxx	predictive	中
17	Argument	xxxxxx	predictive	低
18	Argument	xxx	predictive	低
19	Argument	xxxxxx	predictive	低
20	Input Value	../	predictive	低
21	Input Value	{{ }}	predictive	低
22	Network Port	xxxxxxxxxxxxxx xxxxxx	predictive	高

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Do you need the next level of professionalism?

Upgrade your account now!