Bouvet Island Unknown 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (17)

时间轴

语言

en16
fr2

国家/地区

us12
fr4
ru2

演员

Chthonic1
Gabon1

活动

利益

时间轴

类型

Not Defined6
Forum Software4
Customer Relationship Management System2
Operating System2
Web Server2

供应商

Not Defined6
Microsoft2
Thomas R. Pasawicz2
Pilotgroup2
Pivotal2

产品

Codoforum2
Smarty2
Microsoft Windows2
lighttpd2
Thomas R. Pasawicz HyperBook Guestbook2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2vsftpd deny_file 未知漏洞3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003120.02CVE-2015-1419
3Microsoft Windows Multimedia Library winmm.dll 内存损坏10.09.5$100k 以及更多$0-$5kHighOfficial Fix0.972810.04CVE-2012-0003
4Smarty 权限升级9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001940.00CVE-2010-4727
5Codoforum User Registration 跨网站脚本5.24.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.05CVE-2020-5842
6Pivotal RabbitMQ password 权限升级7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003430.00CVE-2016-9877
7Apache ActiveMQ Web-based Administration Console queue.jsp 跨网站脚本6.86.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.347760.03CVE-2018-8006
8Oracle MySQL Workbench 弱身份验证9.19.0$25k-$100k$0-$5kHighOfficial Fix0.153060.00CVE-2018-10933
9Intel Server Board/Compute Module Platform Sample/Silicon Reference firmware 权限升级5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000620.00CVE-2018-12204
10Unix SGID 权限升级6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.02
11Studio 42 elFinder elFinder.class.php zipdl 目录遍历7.87.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004340.00CVE-2018-9109
12Pilotgroup eLMS Pro subscribe.php 跨网站脚本4.34.3$0-$5k$0-$5kHighUnavailable0.002200.07CVE-2010-2356
13myPHPNuke print.php 跨网站脚本4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002200.01CVE-2008-4089
14WordPress Password Reset wp-login.php mail 权限升级6.15.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.028270.02CVE-2017-8295
15lighttpd Log File http_auth.c 权限升级7.57.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.011230.04CVE-2015-3200

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
131.28.161.170Bouvet Island Unknown2022-11-09verified
245.12.70.34actualise.get-eye.comBouvet Island Unknown2022-11-09verified
3XX.XX.XX.XXXxxxxx Xxxxxx Xxxxxxx2022-11-09verified
4XX.XX.XX.XXxxxxx Xxxxxx Xxxxxxx2023-02-06verified
5XXX.XXX.XXX.XXxxxxx Xxxxxx Xxxxxxx2022-11-09verified
6XXX.XX.XX.XXXxxxxx Xxxxxx Xxxxxxx2022-11-09verified
7XXX.XX.XXX.XXXxxxxx Xxxxxx Xxxxxxx2022-11-09verified
8XXX.XXX.XXX.XXXxxx.xxx.xxxxxx.xxxXxxxxx Xxxxxx Xxxxxxx2022-11-09verified

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1Filedata/gbconfiguration.datpredictive
2FileelFinder.class.phppredictive
3Filehttp_auth.cpredictive
4Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictive
5Filexxxxx.xxxpredictive
6Filexxxxx.xxxpredictive
7Filexxxxxxxxx.xxxpredictive
8Filexxxxxxxx/xxxxxxxxpredictive
9Filexx-xxxxx.xxxpredictive
10Libraryxxxxx.xxxpredictive
11Argument?xxxpredictive
12Argumentxxxxxx_xxpredictive
13Argumentxxxxpredictive
14Argumentxxxxxxxxxxxpredictive
15Argumentxxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you know our Splunk app?

Download it now for free!