Bitter 分析

IOB - Indicator of Behavior (632)

时间轴

语言

en544
de34
es18
fr8
it8

国家/地区

us324
tr28
co26
gb26
ru20

演员

活动

利益

时间轴

类型

供应商

产品

Apache HTTP Server14
Microsoft Windows12
Google Android8
Joomla CMS8
Microsoft IIS6

漏洞

#漏洞BaseTemp0day今天修正CTIEPSSCVE
1LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable3.210.00000
2MGB OpenSource Guestbook email.php SQL注入7.37.3$0-$5k$0-$5kHighUnavailable0.450.01302CVE-2007-0354
3FLDS redir.php SQL注入7.37.3$0-$5k$0-$5kHighUnavailable0.070.00203CVE-2008-5928
4vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.300.00141CVE-2018-6200
5TikiWiki tiki-register.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix6.220.01009CVE-2006-6168
6Serendipity exit.php 权限升级6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00000
7Bitrix Site Manager redirect.php 权限升级5.34.7$0-$5k$0-$5kUnprovenUnavailable0.030.00113CVE-2008-2052
8PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.070.00348CVE-2015-4134
9Microsoft IIS 跨网站脚本5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
10Apple Mac OS X Server Wiki Server SQL注入5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix1.170.00339CVE-2015-5911
11My Link Trader out.php SQL注入6.35.7$0-$5k计算Proof-of-ConceptNot Defined0.020.00000
12GetSimpleCMS index.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.050.00123CVE-2019-9915
13WordPress AdServe adclick.php SQL注入7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.100.00073CVE-2008-0507
14PHPWind goto.php 跨网站脚本4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.050.00254CVE-2015-4135
15Popup Builder Plugin 目录遍历6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00088CVE-2021-25082
16Interspire Email Marketer Dynamiccontenttags.php SQL注入7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00087CVE-2018-19551
17phpPgAds adclick.php 未知漏洞5.35.3$0-$5k$0-$5kNot DefinedNot Defined1.170.00317CVE-2005-3791
18Vunet VU Web Visitor Analyst redir.asp SQL注入7.37.1$0-$5k$0-$5kHighWorkaround0.120.00119CVE-2010-2338
19MiCODUS MV720 GPS Tracker 权限升级6.36.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00054CVE-2022-34150
20Sales / Company Management System member_order.php SQL注入8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00153CVE-2018-19925

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (26)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-21, CWE-22Path Traversalpredictive
2T1040CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CWE-88, CWE-94Argument Injectionpredictive
5T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
6T1068CWE-250, CWE-264, CWE-269, CWE-284Execution with Unnecessary Privilegespredictive
7TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
11TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXX.XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCWE-XXXxx Xxxxxxxxxpredictive
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
15TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
16TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
17TXXXXCWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictive
18TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictive
19TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
20TXXXX.XXXCWE-XXXXxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx Xxxxxxxxpredictive
21TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
22TXXXX.XXXCWE-XXXXxxxxxxxpredictive
23TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
24TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictive
25TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
26TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (279)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File.htaccesspredictive
2File/acms/classes/Master.php?f=delete_cargopredictive
3File/admin.php/news/admin/topic/savepredictive
4File/admin/comn/service/update.jsonpredictive
5File/admin/moduleinterface.phppredictive
6File/classes/master.php?f=delete_orderpredictive
7File/dev/shmpredictive
8File/dl/dl_print.phppredictive
9File/etc/gsissh/sshd_configpredictive
10File/forms/nslookupHandlerpredictive
11File/forum/away.phppredictive
12File/getcfg.phppredictive
13File/h/autoSaveDraftpredictive
14File/index.phppredictive
15File/librarian/bookdetails.phppredictive
16File/modules/profile/index.phppredictive
17File/news.dtl.phppredictive
18File/ofcms/company-c-47predictive
19File/out.phppredictive
20File/patient/appointment.phppredictive
21File/protocol/iscgwtunnel/uploadiscgwrouteconf.phppredictive
22File/ptms/?page=userpredictive
23File/systemrw/predictive
24File/uncpath/predictive
25File/upload/file.phppredictive
26File/usr/sbin/httpdpredictive
27File/util/print.cpredictive
28File/web/MCmsAction.javapredictive
29File/wp-admin/admin-ajax.phppredictive
30File/wp-content/plugins/woocommerce/templates/emails/plain/predictive
31File5.2.9\syscrb.exepredictive
32Fileabc-pcie.cpredictive
33Fileaccounts/payment_history.phppredictive
34Fileadclick.phppredictive
35Filexxxxx.xxxpredictive
36Filexxxxx.xxx/xxxxx/xxxxxxxxx/xxxxx/xxxxx/xxxxxx.xxxxpredictive
37Filexxxxx/xxxxxxxx.xxx.xxxpredictive
38Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictive
39Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxpredictive
40Filexxxxx/xxxxx.xxxpredictive
41Filexxxxx/xxxxxx.xxx/xxxxxx.xxx.xxxpredictive
42Filexxxxxx/predictive
43Filexxxxx-xxx.xpredictive
44Filexx_xxxxx_xxxxx.xxxpredictive
45Filexxxxxxxx.xxxpredictive
46Filexxxxxxxx.xxxpredictive
47Filexxx-xxxx.xxxpredictive
48Filexxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxx.xxxpredictive
49Filexxxxxxxx.xxxpredictive
50Filexxxxx.xxxpredictive
51Filexxxxxxxxx/xxxxxxxx/xxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictive
52Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
53Filexxxxxxxxx.xpredictive
54Filexxxx\xx_xx.xxxpredictive
55Filexxxxxxx.xxxpredictive
56Filexxxxxxx/xxx/xx/xxxxxxxxxx.xpredictive
57Filexxxxxxxxxxxxxxxxxx.xxxpredictive
58Filexxxxx.xxxpredictive
59Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictive
60Filexxxxxxxx.xxxpredictive
61Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
62Filexxxx.xxxpredictive
63Filexxx/xxx/xxx_xxxxxxxx.xpredictive
64Filexxxx_xxxxx.xxxpredictive
65Filexxxxxxx_x.xpredictive
66Filexxxxxxx.xxxpredictive
67Filexxxxxxx-xxxxxx/xxxxxxxx/xxxxx/xxxxxxxx/xxxxxxx_xxxxxxx.xxxpredictive
68Filexxxx.xxxpredictive
69Filexxxxx_xxxxxxxx.xxxpredictive
70Filexxxxxxxxxxxxxxxxxxx.xxxxpredictive
71Filexxxxxxxxxxxxxxxxxxx.xxxxpredictive
72Filexxxxxxx/xxxxxxx.xxx.xxxpredictive
73Filexxxxxxxx/xxxxx/xxxxx/xxxxxxxxxxx.xxxpredictive
74Filexxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictive
75Filexxxxx.xxxpredictive
76Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictive
77Filexxxxx.xxx?xx=xxxxxxx&xxx=xxxpredictive
78Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictive
79Filexxxx.xxxpredictive
80Filexxxxxxxxx/xxxxxxxxx/xxxxxxxxx_xxxxx_xxx.xxxpredictive
81Filexxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxxpredictive
82Filexxxxxxxxxx.xxxpredictive
83Filexxxxxx.xxx/xxxxxx.xxxpredictive
84Filexxxxxxxx/xxxx_xxxx.xpredictive
85Filexxxxx.xxxpredictive
86Filexxxx/xxxxx.xxxpredictive
87Filexxx_xxxxxx_xxxxxx.xxpredictive
88Filexxxxxx/xxxxxx_xxxx.xxxpredictive
89Filexxxxxx/xxxxxx_xxxxx.xxxpredictive
90Filexxxxxxxxx.xxxpredictive
91Filexxxxxx/xxxxxxxx/xxx.xxxpredictive
92Filexxxxxxxxxxxxxxx.xxxpredictive
93Filexxx_xxx_xxxxxx.xpredictive
94Filexxx_xxxxx_xxxx.xpredictive
95Filexxxxxxxxx.xxxpredictive
96Filexxx/xxxxxxxxx/x_xxxxxx.xpredictive
97Filexxxxxxxxxxxxxxxx.xxxpredictive
98Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
99Filexxx_xxxx.xxxpredictive
100Filexxxx.xxxpredictive
101Filexxxxxx/xxx_xxxxxx/xpredictive
102Filexxxxxxxxxxxx.xxxpredictive
103Filexxxxxxxxxxxxxxxxxx.xxxpredictive
104Filexxxxxxx/xx_xxxxx_xxxx/xxxx.xxxpredictive
105Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictive
106Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictive
107Filexxxxxxx.xxxpredictive
108Filexxxx.xxxpredictive
109Filexxxxxxxx_xxx_xxxxxxxxxx.xxxpredictive
110Filexxxxxxxxxxxxxx.xxxpredictive
111Filexxxxxxxx.xpredictive
112Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictive
113Filexxxxxxx.xxxpredictive
114Filexxxxx.xxxpredictive
115Filexxxxx.xxxpredictive
116Filexxxxxxxx.xxpredictive
117Filexxxxxxxx.xxxpredictive
118Filexxxxxxxxxx.xxxpredictive
119Filexxxxxxxx.xxxpredictive
120Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictive
121Filexxxxxxxxxxx.xxxxpredictive
122Filexxx.xxxpredictive
123Filexxxxxx.xxpredictive
124Filexxxxxxxxxxxx.xxxpredictive
125Filexxxxxxxx.xxxpredictive
126Filexxxx.xxxpredictive
127Filexxxxxxxxxxxxxxxx.xxxpredictive
128Filexxxxxxxxxxxxxx.xxxpredictive
129Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
130Filexxx/xxxxxx/xxxxx/xxx.xxpredictive
131Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
132Filexx_xxxx/xx_xxxxxx.xpredictive
133Filexxx.xxxpredictive
134Filexxxxx_xxxxx.xxxpredictive
135Filexxx_xxxxxxxx.xpredictive
136Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
137Filexxxxxx_xxxxxxxx.xxxpredictive
138Filexxxxxx/xxx/xx/xxx.xpredictive
139Filexxxxxxx-xxxxxxx.xxxpredictive
140Filexxxxxxxxxxxxxxxxxx.xxxpredictive
141Filex_xxxxxx.xxxpredictive
142Filexxxxxxxx/xxxxxxxxx.xxxxxxx_xxxxxxxxx.xxxpredictive
143Filexxxxxxxxx/xxxxxxxxx/xxxx-xxx.xxx.xxxpredictive
144Filexxxx-xxxpredictive
145Filexxxx-xxxxx.xxxpredictive
146Filexxxx-xxxxxxxx.xxxpredictive
147Filexxxxxxx/xxxxx.xxxpredictive
148Filexxxxxxxxxxx_xxxxxx_xxxx.xxxx.xxxpredictive
149Filexxx.xxxpredictive
150Filexxxxxx.xxxpredictive
151Filexxxxxxx/xxxx/xxxxxxx_xxxxxxxx_xxxx.xxxpredictive
152Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxxxx_xxxx.xxxpredictive
153Filexxx.xxxpredictive
154Filexxxxxxxx/xxxxxxxxpredictive
155Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictive
156Filexxxxxxx.xpredictive
157Filexxxxx/xxxxx.xxpredictive
158Filexx\xxxxxxx\xxxx-xxxx.xxxpredictive
159Filexxxxxx/xx/xxxx.xxxpredictive
160Filexxxxxxxx.xxxpredictive
161Filexxxxxx/xxxxxxxxxxxxx.xxxpredictive
162Filexxxxxx_xxxxxx.xxxpredictive
163Filexxxxxxxxx.xxxpredictive
164Filexx-xxxxx/xxxxx-xxxx.xxxpredictive
165File_xxxxxx/xxxxxxxx.xpredictive
166Library/_xxx_xxx/xxxxx.xxxpredictive
167Libraryxxxxxxx.xxpredictive
168Libraryx:/xxxxxxx xxxxx/xxxxx/xxxxxxx.xxxpredictive
169Libraryxxxxxx[xxxxxx_xxxxpredictive
170Libraryxxx/xxx/xxxx.xxxxx.xxxpredictive
171Argument$_xxxxxxx["xxx"]predictive
172Argument-xpredictive
173Argumentxxxxxxpredictive
174Argumentxxxxxxxpredictive
175Argumentxxx_xxxxxxxxxxpredictive
176Argumentxxxxxxxx_x/xxxxxxxx_xpredictive
177Argumentxxxxx_xxxx/xxx_xxxx/xxxx_xxpredictive
178Argumentxxxxxxx[]predictive
179Argumentxxxxxxxxxpredictive
180Argumentxxxpredictive
181Argumentxxxxxxxxxpredictive
182Argumentxxxxxxxxxxpredictive
183Argumentxxxxxxxx[xxxxxxx]predictive
184Argumentxxxxxpredictive
185Argumentxxx_xxpredictive
186Argumentxxxpredictive
187Argumentxxxxxxxxxxxxxxxpredictive
188Argumentxxxxxxxxxpredictive
189Argumentxxxxxxxxxpredictive
190Argumentxxxxxx[xxxxxx_xxxx]predictive
191Argumentxxxxxxxxx[x]predictive
192Argumentxxxxxx x xxx xxxxxxxxxxpredictive
193Argumentxx-xxx-xpredictive
194Argumentxxxxxxxxxxxpredictive
195Argumentx_xxxxxx.xxxx_xxxxxpredictive
196Argumentx_xxpredictive
197Argumentxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxpredictive
198Argumentxxxxpredictive
199Argumentxxxxxxxpredictive
200Argumentxxxxx/xxxxxxxxpredictive
201Argumentxxxxx/xxxxxxpredictive
202Argumentxxxxxx_xxxx_xxxxxxxxpredictive
203Argumentxxxxxx/xxxxxxxxxxxx/xxxxpredictive
204Argumentxxxxxxxxxpredictive
205Argumentxxxxxxxx-xxxxxxpredictive
206Argumentxxxxxxxxxpredictive
207Argumentxxxxxpredictive
208Argumentxxxxxxxxxpredictive
209Argumentxxxxxxxxxpredictive
210Argumentxxxxpredictive
211Argumentxxxxxxxxpredictive
212Argumentxxxxpredictive
213Argumentxxpredictive
214Argumentxx/xxxxpredictive
215Argumentxxxx/xxx/xxxxxxxx/xxxxx/xxxx/xxxxpredictive
216Argumentxxxpredictive
217Argumentxxxpredictive
218Argumentxxxxxpredictive
219Argumentxxxxxxxxxpredictive
220Argumentxxxxpredictive
221Argumentxxxx/xxxxxx_xxxxpredictive
222Argumentxxxxpredictive
223Argumentxxxxxxpredictive
224Argumentxx_xxxxxxxxxxxpredictive
225Argumentxxxxxxxpredictive
226Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictive
227Argumentxxxxpredictive
228Argumentxxxxpredictive
229Argumentxxxxxxxxpredictive
230Argumentxxxxxxxxxxxxxxpredictive
231Argumentxxpredictive
232Argumentxxxxxpredictive
233Argumentxxxxpredictive
234Argumentxxxxxxxxpredictive
235Argumentxxxxxxxxpredictive
236Argumentxxxxpredictive
237Argumentxxxx_xxxpredictive
238Argumentxxxxx_xxxx_xxxxpredictive
239Argumentxxxxxpredictive
240Argumentxxxxxxpredictive
241Argumentxxxxxxx_xx/xxxx_xxpredictive
242Argumentxxxxxxxxxxpredictive
243Argumentx_xxpredictive
244Argumentxxxxxxxxpredictive
245Argumentxxxxxxpredictive
246Argumentxxxxxpredictive
247Argumentxxxxxx xxxxpredictive
248Argumentxxxxxx_xxxxxxpredictive
249Argumentxxxxpredictive
250Argumentxxxx_xxxxpredictive
251Argumentxxxxxxxxxxxpredictive
252Argumentxxxpredictive
253Argumentxxxxxxxxxpredictive
254Argumentxxxxxxpredictive
255Argumentxxxxxxpredictive
256Argumentxxxxxx($xxx)predictive
257Argumentxxxpredictive
258Argumentxxxxxpredictive
259Argumentxxxxxpredictive
260Argumentxxxxpredictive
261Argumentxxxx/x_xxxxxpredictive
262Argumentxxxpredictive
263Argumentxxxxxxxxpredictive
264Argumentxxxxxxxxpredictive
265Argumentxxxx xxxxpredictive
266Argumentxxxxxxxxpredictive
267Argumentxxxx_xxxxxpredictive
268Argumentxxxxxpredictive
269Argumentxxxxxpredictive
270Argumentx-xxxxxxxxx-xxxpredictive
271Input Value'"<xxxxxx>xxxxx(/xxxx.xx/)</xxxxxx>predictive
272Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictive
273Input Value.%xx.../.%xx.../predictive
274Input Value../predictive
275Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictive
276Input Valuexxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxxpredictive
277Input Value|xxx${xxx}predictive
278Network Portxxxxxpredictive
279Network Portxxxxxpredictive

参考 (6)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!