Arid Viper 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (400)

语言

en	370
de	10
ru	8
pl	4
es	2

国家/地区

us	348
de	16
ru	16
pl	4
fr	4

演员

Arid Viper	9
RecordBreaker	2
Raccoon	2
Vidar	2
Cobalt Strike	2

利益

类型

Not Defined	30
Content Management System	8
Programming Language Software	6
Web Browser	4
Connectivity Software	2

供应商

Not Defined	32
Apple	4
Microsoft	4
Facebook	2
Apache	2

产品

SPIP	4
OpenSSH	2
Facebook WhatsApp	2
Apple macOS	2
GetSimpleCMS	2

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	EPSS	CTI	CVE
1	jforum User 权限升级	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00289	0.05	CVE-2019-7550
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
3	DZCP deV!L`z Clanportal config.php 权限升级	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.70	CVE-2010-0966
4	Dreaxteam Xt-News add_comment.php 跨网站脚本	4.3	4.2	$0-$5k	$0-$5k	High	Unavailable	0.00599	0.07	CVE-2006-6746
5	Enigma2 Coppermine Bridge e2_header.inc.php 权限升级	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.10026	0.00	CVE-2006-6864
6	IBM WebSphere Service Registry/Repository Access Restriction 权限升级	4.3	4.1	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00162	0.00	CVE-2014-6160
7	Big Webmaster Big Webmaster Guestbook Script addguest.cgi 跨网站脚本	4.3	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00615	0.04	CVE-2006-2231
8	LogicBoard CMS away.php Redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	2.19
9	Joomla CMS remember.php 权限升级	5.4	4.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.03044	0.00	CVE-2013-3242
10	Joomla CMS Media Manager 目录遍历	8.5	8.2	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.78316	0.04	CVE-2019-10945
11	Pligg cloud.php SQL注入	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.41
12	Apple macOS 弱身份验证	5.6	5.4	$5k-$25k	$0-$5k	High	Official Fix	0.02181	0.02	CVE-2023-41991
13	Oracle Java SE JSSE 未知漏洞	7.4	7.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00111	0.04	CVE-2023-21930
14	ICQ fetch 权限升级	10.0	9.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00346	0.00	CVE-2011-0487
15	WebP Converter for Media Plugin passthru.php Redirect	4.9	4.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00106	0.00	CVE-2021-25074
16	CasaOS API 权限升级	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01187	0.04	CVE-2022-24193
17	jQuery 跨网站脚本	4.3	3.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00306	0.03	CVE-2011-4969
18	Oracle Retail Central Office Security 跨网站脚本	6.2	6.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00384	0.02	CVE-2021-41184
19	InsydeH2O SMM HandleProtocol 拒绝服务	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2021-41839
20	PHP zip Extension php_zip.c 内存损坏	9.8	9.3	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.06326	0.03	CVE-2016-5773

活动 (1)

These are the campaigns that can be associated with the actor:

Hamas

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	活动	Identified	类型	可信度
1	54.255.143.112	ec2-54-255-143-112.ap-southeast-1.compute.amazonaws.com	Arid Viper		2020-12-24	verified	中
2	91.199.147.84	s726618.srvape.com	Arid Viper	Hamas	2023-10-30	verified	高
3	94.131.98.3	stockdc1.com	Arid Viper	Hamas	2023-10-30	verified	高
4	95.164.18.204	vm1554543.stark-industries.solutions	Arid Viper	Hamas	2023-10-30	verified	高
5	XX.XXX.XX.XX	xxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxx	Xxxx Xxxxx	Xxxxx	2023-10-30	verified	高
6	XXX.XX.XXX.XX	xxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxx	Xxxx Xxxxx	Xxxxx	2023-10-30	verified	高
7	XXX.XX.XXX.XX	xxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxx	Xxxx Xxxxx	Xxxxx	2023-10-30	verified	高
8	XXX.XXX.XX.XX	xx.xx.xxx.xxx.xxxxxxxxxx.xxx.xxxxxxxxx.xxx	Xxxx Xxxxx		2020-12-24	verified	高
9	XXX.XX.XX.XXX		Xxxx Xxxxx	Xxxxx	2023-10-30	verified	高
10	XXX.XX.XXX.XXX	xxx.xxxxxxxx.xxx	Xxxx Xxxxx	Xxxxx	2023-10-30	verified	高
11	XXX.XXX.XXX.XX	xxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxx	Xxxx Xxxxx	Xxxxx	2023-10-30	verified	高
12	XXX.XXX.XXX.XX	xxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxx	Xxxx Xxxxx	Xxxxx	2023-10-30	verified	高
13	XXX.XX.XX.XXX	xxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxx Xxxxx		2020-12-24	verified	高
14	XXX.XX.XX.XXX	xxxxxxxxx.xxx.xx	Xxxx Xxxxx		2020-12-24	verified	高
15	XXX.XXX.XXX.XX	xxx.xxxxxxxxx.xxx	Xxxx Xxxxx		2020-12-24	verified	高
16	XXX.X.XX.XXX	xxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxx	Xxxx Xxxxx	Xxxxx	2023-10-30	verified	高
17	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxx.xxxxxxxxxxxx.xx	Xxxx Xxxxx		2020-12-24	verified	高
18	XXX.XXX.XXX.X	xxxxxx.xxxxxxxxxxxxx.xxx	Xxxx Xxxxx		2020-12-24	verified	高

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	分类	漏洞	访问向量	类型	可信度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	高
3	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
4	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
6	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	高
7	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	高
8	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
9	TXXXX.XXX	CAPEC-459	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
10	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (50)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	/forum/away.php	predictive	高
2	File	addguest.cgi	predictive	中
3	File	add_comment.php	predictive	高
4	File	admin/index.php	predictive	高
5	File	api_jsonrpc.php	predictive	高
6	File	cloud.php	predictive	中
7	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	高
8	File	xx_xxxxxx.xxx.xxx	predictive	高
9	File	xxxxxx/xxx/xxxxxxx.xxx	predictive	高
10	File	xxxxx.xxx	predictive	中
11	File	xxxxx/xxxxx_xxxxx_x	predictive	高
12	File	xxxxxx.x	predictive	中
13	File	xx.xxx	predictive	低
14	File	xxxx/xxx_xxxx_xxxxx.x	predictive	高
15	File	xxx/xxxxxx.xxx	predictive	高
16	File	xxxxx.xxx	predictive	中
17	File	xxxxxxxxxxx.xxx	predictive	高
18	File	xxxxxx/xxxxxx/xxxx.x	predictive	高
19	File	xxxxxxxx.xxx	predictive	中
20	File	xxxxxxx_xxx.xxx	predictive	高
21	File	xxxxx/xxxxx.xxx.xxx	predictive	高
22	File	xxxxxxxx.xxx	predictive	中
23	File	xxx_xxx.x	predictive	中
24	File	xxxxxxx/xxxxxx/xxxxxxxx/xxxxxxxx.xxx	predictive	高
25	File	xxxxxxxxxxxx.xxx	predictive	高
26	File	xxxxx/xxxxxxxxxxx/xxxxx.xxx	predictive	高
27	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	高
28	File	xxx.x	predictive	低
29	File	xxxx-xxxx.x	predictive	中
30	File	xxxxx/xxxxxxxx.xxx	predictive	高
31	File	xx/xx/xxxxx	predictive	中
32	Argument	xxxxxxxx	predictive	中
33	Argument	xxxxxxxx	predictive	中
34	Argument	xxxxxxxxxx	predictive	中
35	Argument	xxxxxxxxxxxx/xxxxxxx	predictive	高
36	Argument	xxxx/xxxx	predictive	中
37	Argument	xxxxxxxxx	predictive	中
38	Argument	xxxx_xxx	predictive	中
39	Argument	xxxxxx	predictive	低
40	Argument	xxxxxxxxxxx	predictive	中
41	Argument	xxx_xxxx_xxxxxxxx	predictive	高
42	Argument	xxxxx xxxx/xxxx xxxx	predictive	高
43	Argument	xxxxxx	predictive	低
44	Argument	xx	predictive	低
45	Argument	xx_xxxx	predictive	低
46	Argument	xxxx_xxx	predictive	中
47	Argument	xxxxxxxx	predictive	中
48	Argument	xxxxxxx_xxxxx_xxxxx_xxxxxxx=xxxxx	predictive	高
49	Argument	xxxxxxxx_xxx	predictive	中
50	Argument	xxx	predictive	低

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!