CryptoWire 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (19)

时间轴

语言

zh10
en10

国家/地区

cn18
us2

演员

APT411
Conti1
RecordBreaker1
FIN71
Mirai1

活动

利益

时间轴

类型

Not Defined12
Forum Software2
Groupware Software2
Web Server2

供应商

Not Defined8
Microsoft2
Wowza2
Apache2
Pulse Secure2

产品

phpBB2
Microsoft Exchange Server2
Discuz!2
Wowza Streaming Engine2
Apache HTTP Server2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1OPNsense Access Control 权限升级6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000510.00CVE-2018-18958
2Apple macOS Kernel 权限升级5.45.3$0-$5k$0-$5kHighOfficial Fix0.003400.00CVE-2023-38606
3Shenzhen Youkate Industrial Facial Love Cloud Payment System Account SystemMng.ashx 权限升级8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.27CVE-2023-6099
4EmpireCMS AdClass.php SQL注入6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001720.04CVE-2022-28585
5Apache HTTP Server HTTP/2 Request 权限升级6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.006060.00CVE-2020-9490
6Qualcomm Snapdragon Auto SIP sigcomp Message 内存损坏7.67.6$5k-$25k$5k-$25kNot DefinedOfficial Fix0.001880.00CVE-2020-3639
7OPNsense Login Page Redirect5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.001790.01CVE-2020-23015
8TOTOLINK A800R/A810R/A830R/A950RG/A3000RU/A3100R setWebWlanIdx 权限升级5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.017020.00CVE-2022-26208
9Cisco RV340/RV345 Web-based Management Interface 内存损坏4.74.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.002110.00CVE-2022-20753
10Wowza Streaming Engine Password File admin.password 弱加密3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2021-31539
11Cisco IOS/IOS XE DHCP Relay 权限升级9.89.7$25k-$100k$5k-$25kHighOfficial Fix0.051780.05CVE-2017-12240
12Freeware Advanced Audio Coder huff2.c huffcode 内存损坏4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000510.00CVE-2018-19890
13Open Whisper Signal 跨网站脚本5.25.2$5k-$25k$5k-$25kNot DefinedNot Defined0.001860.00CVE-2018-11101
14phpBB Admin Control Panel file_exists 权限升级5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.771890.00CVE-2018-19274
15phpBB 信息公开9.88.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002690.00CVE-2008-1766
16Microsoft Exchange Server Privilege Escalation8.87.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.012580.00CVE-2021-28482
17Discuz! admin.php 跨网站脚本3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000540.06CVE-2018-19464
18Pulse Secure Pulse Connect Secure End User Portal custompage.cgi 跨网站脚本3.63.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.00CVE-2017-17947

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
1194.156.98.51vm1867589.stark-industries.solutionsCryptoWire2024-03-19verified

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique分类漏洞访问向量类型可信度
1T1059.007CAPEC-209CWE-79Cross Site Scriptingpredictive
2T1068CAPEC-122CWE-269, CWE-284Execution with Unnecessary Privilegespredictive
3TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
4TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
5TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
6TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/SystemMng.ashxpredictive
2FileAdClass.phppredictive
3Filexxxxx.xxxpredictive
4Filexxxx/xxxxx.xxxxxxxxpredictive
5Filexxxxxxxxxx.xxxpredictive
6Filexxxxxxx/xxxxx.xpredictive
7Argumentxxxxxxxxxxxxpredictive
8Argumentxxxxxx/xxxxxx/xxxpredictive
9Argumentxxxxxxxxpredictive
10Argumentxxxpredictive
11Argumentxxxxxxxxxxpredictive
12Input Valuexxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Interested in the pricing of exploits?

See the underground prices here!