Boostwrite and RDFSniffer 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

时间轴

语言

en16
sv6

国家/地区

us18
ru2
ml2

演员

IcedID1
Gootkit1
ISFB1
Gozi1
SharkBot1

活动

利益

时间轴

类型

Not Defined14
Groupware Software2
Application Server Software2
Web Server2
Network Camera Software2

供应商

Microsoft4
Shenzhen Hichip Vision Technology2
ANNKE2
Not Defined2
Fujitsu2

产品

Shenzhen Hichip Vision Technology V62
Shenzhen Hichip Vision Technology V72
Shenzhen Hichip Vision Technology V82
Shenzhen Hichip Vision Technology V92
Shenzhen Hichip Vision Technology V102

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Microsoft Exchange Server Mail 内存损坏8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.310440.00CVE-2018-8302
2Delta Electronics ASDA-Soft Project File 内存损坏7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000690.00CVE-2022-1403
3Fujitsu ETERNUS CentricStor CS8000 grel.php grel_finfo 权限升级6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.007310.00CVE-2022-31795
4Oracle WebLogic Server Web Container 信息公开7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.962870.02CVE-2022-21371
5Palo Alto PAN-OS Web Interface 权限升级8.07.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001280.05CVE-2021-3058
6Schneider Electric EcoStruxure Building Operation WebStation Web Page Generation 跨网站脚本4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000780.00CVE-2020-28210
7Tiandy IP Cameras Service Port 3001 信息公开6.45.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.004790.02CVE-2017-15236
8Shenzhen Hichip Vision Technology V20 P2P Service 内存损坏8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.006270.04CVE-2020-9527
9Shenzhen Hichip Vision Technology V20 权限升级8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.001710.03CVE-2020-9529
10ANNKE SP1 HD Wireless Camera SSID 跨网站脚本5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000870.02CVE-2017-18483
11Mobotix IP Network Camera 跨网站脚本3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
12CeNova/Night OWL/Novo/Pulnix/QSee/Securus DVR download.rsp Credentials 权限升级7.57.4$0-$5k$0-$5kNot DefinedWorkaround0.004900.00CVE-2018-10676
13Dahua Web P2P Key 信息公开4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000440.04CVE-2020-9501
14AVTECH IP Camera/NVR/DVR PwdGrp.cgi 权限升级9.89.2$5k-$25k$0-$5kHighUnavailable0.000000.05
15Microsoft Exchange Server 权限升级8.07.9$5k-$25k$0-$5kHighOfficial Fix0.971380.06CVE-2020-0688
16Apple iCloud Foundation 权限升级4.44.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2020-10002
17Go Doc Dot Org Package 目录遍历8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.013260.03CVE-2018-12976
18Symantec Messaging Gateway 权限升级7.37.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000830.00CVE-2019-18379
19Cisco Embedded Device X.509 Certificate 弱身份验证5.75.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.003380.00CVE-2015-6358
20Orpak SiteOmat OrCU 权限升级8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005710.02CVE-2017-14853

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
1109.230.199.227reserved07.theonlygreeting.comBoostwrite and RDFSniffer2019-10-10verified

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2T1059CWE-94Argument Injectionpredictive
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/cgi-bin/supervisor/PwdGrp.cgipredictive
2Filedownload.rsppredictive
3Filexxxx.xxxpredictive
4Argumentxxx_xxxxx_xxxx_xxxxxxxpredictive
5Argumentxxxx/xx/xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Want to stay up to date on a daily basis?

Enable the mail alert feature now!