East Europe Unknown 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (244)

时间轴

语言

en152
zh56
ru16
pl6
es6

国家/地区

cn94
us78
ru40
ca10
pt4

演员

Curious Gorge5
Cobalt Strike2
BadBazaar2
RedLine Stealer2
Tofsee1

活动

利益

时间轴

类型

Not Defined84
Content Management System12
Operating System10
Web Server8
WordPress Plugin6

供应商

Not Defined88
Microsoft12
Apache10
IBM6
Foxit4

产品

Microsoft Windows6
Traefik6
PHPMailer4
ThinkPHP4
Foxit Reader4

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Ignite Realtime Openfire Administration Console 弱身份验证7.87.7$0-$5k$0-$5kNot DefinedOfficial Fix0.973840.00CVE-2023-32315
2Esoftpro Online Guestbook Pro ogp_show.php SQL注入7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.34CVE-2009-4935
3Joomla CMS com_easyblog SQL注入6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.48
4Apple Mac OS X TCP Timestamp 信息公开5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.002430.05CVE-2003-0882
5HP Router/Switch SNMP 信息公开3.73.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.002850.04CVE-2012-3268
6Esoftpro Online Guestbook Pro ogp_show.php 跨网站脚本4.34.2$0-$5k$0-$5kHighUnavailable0.002090.04CVE-2009-2441
7Plesk Obsidian Reflected 跨网站脚本5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001510.00CVE-2020-11583
8OpenVPN Access Server Web Portal 弱加密5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001510.04CVE-2022-33738
9Essential Addons for Elementor Plugin 权限升级8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.038930.02CVE-2023-32243
10Apache Struts ExceptionDelegator 权限升级8.88.4$5k-$25k$0-$5kHighOfficial Fix0.293160.02CVE-2012-0391
11Schneider Electric Vijeo Designer 目录遍历5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.00CVE-2021-22704
12Tiki Admin Password tiki-login.php 弱身份验证8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009364.85CVE-2020-15906
13OpenX adclick.php Redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.004401.16CVE-2014-2230
14MGB OpenSource Guestbook email.php SQL注入7.37.3$0-$5k$0-$5kHighUnavailable0.013021.43CVE-2007-0354
15Hscripts PHP File Browser Script index.php 目录遍历5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.001530.00CVE-2018-16549
16Matomo safemode.twig Path 信息公开4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000580.03CVE-2019-12215
17Microsoft IIS IP/Domain Restriction 权限升级6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.05CVE-2014-4078
18Microsoft Windows Win32k Privilege Escalation8.37.7$100k 以及更多$0-$5kFunctionalOfficial Fix0.001480.00CVE-2021-40449
19Sphinx 弱身份验证7.47.3$0-$5k$0-$5kNot DefinedWorkaround0.010380.03CVE-2019-14511
20vsftpd deny_file 未知漏洞3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003120.06CVE-2015-1419

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
15.188.108.119free.dsEast Europe Unknown2022-06-01verified
245.154.12.167East Europe Unknown2022-06-01verified
3XX.XXX.XXX.XXXxxx Xxxxxx Xxxxxxx2022-06-01verified
4XXX.XX.XXX.XXXxxx Xxxxxx Xxxxxxx2022-06-01verified
5XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxx.xxxXxxx Xxxxxx Xxxxxxx2022-05-11verified
6XXX.XXX.XX.XXXXxxx Xxxxxx Xxxxxxx2022-06-01verified

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-21, CWE-22Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94, CWE-1321Argument Injectionpredictive
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictive
10TXXXXCWE-XXXxx Xxxxxxxxxpredictive
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
12TXXXX.XXXCWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx Xxxxxxxxpredictive
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
15TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictive
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
17TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (115)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/cgi-bin/supervisor/PwdGrp.cgipredictive
2File/classes/Master.phppredictive
3File/classes/Master.php?f=delete_servicepredictive
4File/etc/postfix/sender_loginpredictive
5File/file/upload/1predictive
6File/filemanager/ajax_calls.phppredictive
7File/index.phppredictive
8File/Items/*/RemoteImages/Downloadpredictive
9File/members/view_member.phppredictive
10File/mhds/clinic/view_details.phppredictive
11File/owa/auth/logon.aspxpredictive
12File/rest/api/latest/projectvalidate/keypredictive
13File/restapi/v1/certificates/FFM-SSLInspectpredictive
14File/secure/QueryComponent!Default.jspapredictive
15File/xxxxxxx/xxxxxxxxx/%xxxxx%/xxxxxpredictive
16File/xxxxxxx/predictive
17File/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx/xxx/predictive
18File/xxxxxxx/xxx/xxxxxxx_xxx.xxxpredictive
19Filexxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictive
20Filexxxxxxx.xxxpredictive
21Filexxxxxxxxx.xxxpredictive
22Filexxxxx.xxxxxxxxx.xxxpredictive
23Filexxxxx/?xxxx=xxxx/xxxxxx_xxxxpredictive
24Filexxxx_xxxxx.xxxpredictive
25Filexxxxxxx.xxxpredictive
26Filexxxxxxx.xxxxpredictive
27Filexxxxxx.xxxpredictive
28Filexxx/xxx.xxxpredictive
29Filexxx-xxx/xxxxx_xxx_xxxpredictive
30Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxxpredictive
31Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
32Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictive
33Filexxxxxxx.xxxpredictive
34Filexxxxx.xxxpredictive
35Filexxx/xxxx/xxxx.xpredictive
36Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictive
37Filexxxxxxxxx.xxx.xxxpredictive
38Filexx_xxx_xx.xpredictive
39Filexxxxx.xxxxpredictive
40Filexxx/xxxxxx.xxxpredictive
41Filexxxxx.xxxpredictive
42Filexxxxxxxx/xx/xxxx.xxpredictive
43Filexxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxxpredictive
44Filexxxxxxx.xxxpredictive
45Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictive
46Filexxx/xxxxxpredictive
47Filexxxxx.xpredictive
48Filexxx_xxxx.xxxpredictive
49Filexxxxxxxx.xxxpredictive
50Filexxxxxx.xpredictive
51Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictive
52Filexxxxxxxxx.xxxpredictive
53Filexxxxxxxx.xxxpredictive
54Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictive
55Filexxxx.xxxpredictive
56Filexxxxxxxxxx.xxxpredictive
57Filexxxxxxxxxx_xxxxx.xxxxxxpredictive
58Filexxxxxx.xxxpredictive
59Filexxxxxxxxxxxxx.xxxxpredictive
60Filexxx_xxxxx.xxxpredictive
61Filexxxx.xxxpredictive
62Filexxxx-xxxxx.xxxpredictive
63Filexxx.xpredictive
64Filexxxxxx-xxxxxx.xxpredictive
65Filexxxxxxxx/predictive
66Library/_xxx_xxx/xxxxx.xxxpredictive
67Libraryxxx.xxxpredictive
68Libraryxxx/xxxxxx.xpredictive
69Argumentxxxxxxxxpredictive
70Argumentxxx_xxpredictive
71Argumentxxx_xxxxpredictive
72Argumentxxxxxxxxxpredictive
73Argumentxxxxxxxxxxxxxxxxpredictive
74Argumentxxxxpredictive
75Argumentxxxxxxxpredictive
76Argumentxxxxxxxxpredictive
77Argumentxxxxxxpredictive
78Argumentxxxxxpredictive
79Argumentxxxxpredictive
80Argumentxxxxxxxxpredictive
81Argumentxx_xxpredictive
82Argumentxxxxpredictive
83Argumentxxpredictive
84Argumentxxxxxxxpredictive
85Argumentxxxxxxxxpredictive
86Argumentxxxxpredictive
87Argumentxxxpredictive
88Argumentxxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxxpredictive
89Argumentxxxxpredictive
90Argumentxxxxxxxpredictive
91Argumentxxxxpredictive
92Argumentxxxxxxxxpredictive
93Argumentxxxxxxxxpredictive
94Argumentxxxxpredictive
95Argumentxxxxxxxxxxxxxpredictive
96Argumentxxx xxxpredictive
97Argumentxxxxxxxpredictive
98Argumentxxpredictive
99Argumentxxxxxxpredictive
100Argumentxxxxxxxxxxxpredictive
101Argumentxxxx_xxxxxpredictive
102Argumentxxxpredictive
103Argumentxxxxxxxxxxxxpredictive
104Argumentxxxpredictive
105Argumentxxxxxx[]predictive
106Argumentxxxpredictive
107Argumentxxxpredictive
108Argumentxxxxpredictive
109Argumentxxxxxxxxpredictive
110Argumentxxxxxpredictive
111Argumentx-xxxxxxxxx-xxxxxxpredictive
112Input Value../predictive
113Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictive
114Input Value\xxx\xxxpredictive
115Network Portxxx/xxx (xxxx)predictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Interested in the pricing of exploits?

See the underground prices here!