CryptoPHP 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (68)

时间轴

语言

en36
de26
fr6

国家/地区

us32
pl12
ru8
fr2
id2

演员

CryptoPHP4
APT371
Grizzly Steppe1

活动

利益

时间轴

类型

Not Defined16
Database Administration Software8
Programming Language Software4
Router Operating System2
Web Browser2

供应商

Not Defined18
SourceCodester10
Cisco2
Google2
PHPGurukul2

产品

SourceCodester Online Tours & Travels Management S ...10
phpMyAdmin8
Cisco IOS2
Cisco IOS XE2
Google Chrome2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1RDM Intuitive 650 TDB Controller Password 权限升级7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002060.03CVE-2016-4505
2Siemens EN100 Ethernet Module Web Server Memory 信息公开5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.005160.00CVE-2016-4785
3Siemens EN100 Ethernet Module Web Server 信息公开5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.005160.03CVE-2016-4784
4RDM Intuitive 650 TDB Controller 跨网站请求伪造6.15.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000690.00CVE-2016-4506
5Tiki Admin Password tiki-login.php 弱身份验证8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009364.01CVE-2020-15906
6Winn Winn GuestBook addPost 跨网站脚本4.34.1$0-$5k$0-$5kHighOfficial Fix0.003360.02CVE-2011-5026
7TikiWiki tiki-register.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010092.38CVE-2006-6168
8PrestaShop blocklayered-ajax.php 跨网站脚本4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002900.02CVE-2015-1175
9PHP _php_stream_scandir 内存损坏9.08.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.163000.05CVE-2012-2688
10GoAutoDial GoAdmin CE go_login.php SQL注入7.37.0$0-$5k$0-$5kHighOfficial Fix0.018060.00CVE-2015-2843
11PHP crypt 内存损坏10.09.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.013100.04CVE-2011-3268
12PHP cgi_main.c 权限升级7.36.6$25k-$100k$0-$5kHighOfficial Fix0.973630.05CVE-2012-1823
13phpMyAdmin setup.php 权限升级4.84.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.100580.03CVE-2010-3055
14SourceCodester Online Tours & Travels Management System s.php SQL注入7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001260.04CVE-2023-0561
15SourceCodester Online Tours & Travels Management System practice_pdf.php SQL注入5.55.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.001260.07CVE-2023-0560
16PHPGurukul Bank Locker Management System Login index.php SQL注入8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.022180.05CVE-2023-0562
17PHPGurukul Bank Locker Management System Assign Locker add-locker-form.php 跨网站脚本3.93.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.002990.04CVE-2023-0563
18SourceCodester Online Tours & Travels Management System booking_report.php SQL注入4.74.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000780.07CVE-2023-0531
19SourceCodester Online Tours & Travels Management System expense_report.php SQL注入4.74.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000780.05CVE-2023-0533
20SourceCodester Online Tours & Travels Management System disapprove_user.php SQL注入4.74.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000780.09CVE-2023-0532

IOC - Indicator of Compromise (44)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
150.17.195.149ec2-50-17-195-149.compute-1.amazonaws.comCryptoPHP2021-05-31verified
278.138.118.195CryptoPHP2021-05-31verified
378.138.118.196CryptoPHP2021-05-31verified
478.138.118.197CryptoPHP2021-05-31verified
578.138.118.198CryptoPHP2021-05-31verified
678.138.118.199CryptoPHP2021-05-31verified
778.138.118.200CryptoPHP2021-05-31verified
878.138.118.201CryptoPHP2021-05-31verified
978.138.118.202CryptoPHP2021-05-31verified
10XX.XXX.XXX.XXXXxxxxxxxx2021-05-31verified
11XX.XXX.XXX.XXXXxxxxxxxx2021-05-31verified
12XX.XXX.XXX.XXXXxxxxxxxx2021-05-31verified
13XX.XXX.XXX.XXXXxxxxxxxx2021-05-31verified
14XX.XXX.XXX.XXXXxxxxxxxx2021-05-31verified
15XX.XXX.XXX.XXXXxxxxxxxx2021-05-31verified
16XX.XXX.XXX.XXXXxxxxxxxx2021-05-31verified
17XX.XXX.XXX.XXXXxxxxxxxx2021-05-31verified
18XX.XXX.XXX.XXXXxxxxxxxx2021-05-31verified
19XX.XXX.XXX.XXXXxxxxxxxx2021-05-31verified
20XX.XXX.XXX.XXXxxxxxxxx2021-05-31verified
21XX.XXX.XXX.XXXxxxxxxxx2021-05-31verified
22XX.XXX.XXX.XXXXxxxxxxxx2021-05-31verified
23XX.XXX.XXX.XXXXxxxxxxxx2021-05-31verified
24XX.XXX.XXX.XXXXxxxxxxxx2021-05-31verified
25XX.XXX.XXX.XXXXxxxxxxxx2021-05-31verified
26XX.XXX.XXX.XXXXxxxxxxxx2021-05-31verified
27XX.XXX.XXX.XXXXxxxxxxxx2021-05-31verified
28XX.XXX.XXX.XXXXxxxxxxxx2021-05-31verified
29XX.XXX.XXX.XXXXxxxxxxxx2021-05-31verified
30XX.XXX.XXX.XXXXxxxxxxxx2021-05-31verified
31XX.XXX.XXX.XXXXxxxxxxxx2021-05-31verified
32XX.XXX.XXX.XXXXxxxxxxxx2021-05-31verified
33XX.XXX.XXX.XXXXxxxxxxxx2021-05-31verified
34XX.XXX.XXX.XXXXxxxxxxxx2021-05-31verified
35XX.XXX.XXX.XXXXxxxxxxxx2021-05-31verified
36XX.XXX.XXX.XXXXxxxxxxxx2021-05-31verified
37XXX.XXX.XXX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxxx2021-05-31verified
38XXX.XXX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxxx2021-05-31verified
39XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxxXxxxxxxxx2021-05-31verified
40XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxxXxxxxxxxx2021-05-31verified
41XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxxXxxxxxxxx2021-05-31verified
42XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxxXxxxxxxxx2021-05-31verified
43XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxxXxxxxxxxx2021-05-31verified
44XXX.X.XXX.XXXxxx-x-xxx-xxx.xxxxxx.xxXxxxxxxxx2021-05-31verified

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1059CWE-94Argument Injectionpredictive
2T1059.007CWE-79Cross Site Scriptingpredictive
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
5TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXXCWE-XXXxx Xxxxxxxxxpredictive
7TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
9TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (40)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/mics/j_spring_security_checkpredictive
2File/user/s.phppredictive
3Fileadd-locker-form.phppredictive
4Fileadmin/booking_report.phppredictive
5Fileadmin/disapprove_user.phppredictive
6Filexxxxx/xxxxxxx_xxxxxx.xxxpredictive
7Filexxxxx/xxxxxxxx_xxx.xxxpredictive
8Filexxxxxxxxxxxx-xxxx.xxxpredictive
9Filexxxxxxxx/xxxxxx.xxxpredictive
10Filexxxxxxxxxxx.xxxpredictive
11Filexx_xxxxx.xxxpredictive
12Filexxxxxx/xxxxx/xxxx_xxxxx.xxxpredictive
13Filexxxxxxxx/xxxxxxx.xxxpredictive
14Filexxxxx.xxxpredictive
15Filexxxxxxxxx/xxxxxx.xxxpredictive
16Filexxxxxx.xxxpredictive
17Filexxxx/xxx/xxx_xxxx.xpredictive
18Filexxxxx.xxxpredictive
19Filexxxxxxxx-xxxx.xxxpredictive
20Filexxxx-xxxxx.xxxpredictive
21Filexxxx-xxxxxxxx.xxxpredictive
22Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
23Argument$_xxxxxx['xxxxx_xxxxxx']predictive
24Argumentxxxxxxpredictive
25Argumentxxxxxpredictive
26Argumentxxxx_xxxxpredictive
27Argumentxxpredictive
28Argumentx_xxxxxxxxpredictive
29Argumentxxxxxxx_xxxxx_xxxxxxpredictive
30Argumentxxxxpredictive
31Argumentxxxxxxxxpredictive
32Argumentxxxxpredictive
33Argumentxxxxxxxxpredictive
34Argumentxx_xxxxpredictive
35Argumentxxxpredictive
36Argumentxxxxxxxxpredictive
37Argumentxxxx_xxxx/xxxx_xxxxpredictive
38Input Value-xpredictive
39Network Portxxx/xx (xxxxxx)predictive
40Network Portxxx/xx (xxx xxxxxxxx)predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Want to stay up to date on a daily basis?

Enable the mail alert feature now!