Farseer 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (152)

语言

en	116
ja	12
zh	12
de	8
es	2

国家/地区

us	60
cn	58
ca	6
de	4
gb	2

演员

Farseer	13
Cobalt Strike	3
NjRAT	2
LockBit	1
Carbanak	1

利益

类型

Not Defined	54
Content Management System	14
Firewall Software	12
Programming Language Software	8
Router Operating System	4

供应商

Not Defined	56
Cisco	10
Microsoft	8
Fortinet	6
Varnish	2

产品

Fortinet FortiOS	6
xrdp	4
PHP	4
phpMyAdmin	4
Varnish Cache	2

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	OpenSSL c_rehash 权限升级	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.09738	0.02	CVE-2022-1292
3	Tiki Wiki CMS Groupware tiki-jsplugin.php 权限升级	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03454	0.02	CVE-2010-4239
4	Microsoft Windows Print Spooler Privilege Escalation	8.1	7.4	$100k 以及更多	$5k-$25k	Unproven	Official Fix	0.00101	0.02	CVE-2022-21999
5	Microsoft Azure HDInsights Apache Hadoop 未知漏洞	3.9	3.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00051	0.00	CVE-2023-38188
6	Geddy index.js 目录遍历	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01347	0.03	CVE-2015-5688
7	Asus AsusWRT start_apply.htm 权限升级	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01350	0.02	CVE-2018-20334
8	EvoStream Media Server HTTP Request 内存损坏	7.4	6.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01265	0.04	CVE-2017-6427
9	DZCP deV!L`z Clanportal config.php 权限升级	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	1.07	CVE-2010-0966
10	Zulip Server Storage Backend 跨网站脚本	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00054	0.03	CVE-2018-9999
11	WUZHI CMS 跨网站请求伪造	6.5	6.4	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00192	0.00	CVE-2018-10312
12	WebCalendar settings.php 权限升级	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03093	0.02	CVE-2005-2717
13	Microsoft Windows iSCSI Target Service 信息公开	4.8	4.4	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00101	0.00	CVE-2023-24945
14	Microsoft Windows Netlogon Remote Code Execution	8.1	7.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00106	0.03	CVE-2023-28268
15	Microsoft Windows Kernel Privilege Escalation	8.1	7.4	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00048	0.04	CVE-2023-35359
16	Microsoft Windows Error Reporting Service Local Privilege Escalation	7.8	7.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00147	0.04	CVE-2023-36874
17	Flask 信息公开	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00142	0.02	CVE-2023-30861
18	WPS Hide Login Plugin Secret Login Page options.php 权限升级	6.9	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02933	0.04	CVE-2021-24917
19	Fortinet FortiOS/FortiProxy Command Line Interpreter Format String	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.08	CVE-2022-43953
20	Fortinet FortiOS CLI Command 目录遍历	6.8	6.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.06752	0.04	CVE-2022-41328

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	Identified	类型	可信度
1	43.224.33.130	43.224.33.130.vultr.com	Farseer	2020-12-22	verified	中
2	45.32.24.39	45.32.24.39.vultr.com	Farseer	2020-12-22	verified	中
3	45.32.25.107	45.32.25.107.vultr.com	Farseer	2021-08-29	verified	中
4	45.32.44.52	45.32.44.52.vultr.com	Farseer	2020-12-22	verified	中
5	XX.XX.XX.XX	xx.xx.xx.xx.xxxxx.xxx	Xxxxxxx	2020-12-22	verified	中
6	XX.XX.XX.XXX	xx.xx.xx.xxx.xxxxx.xxx	Xxxxxxx	2020-12-22	verified	中
7	XX.XX.XXX.XX	xx.xx.xxx.xx.xxxxx.xxx	Xxxxxxx	2021-08-29	verified	中
8	XX.XX.XXX.XXX	xx.xx.xxx.xxx.xxxxx.xxx	Xxxxxxx	2020-12-22	verified	中
9	XX.XX.XXX.X	xx.xx.xxx.x.xxxxx.xxx	Xxxxxxx	2020-12-22	verified	中
10	XX.XX.XX.XXX	xx.xx.xx.xxx.xxxxx.xxx	Xxxxxxx	2020-12-22	verified	中
11	XX.XXX.XX.XXX	xxxxxx.xxxx.xxxxxxxxxxx.xxx	Xxxxxxx	2020-12-22	verified	高
12	XX.XXX.XXX.XXX		Xxxxxxx	2020-12-22	verified	高
13	XX.XXX.XXX.XXX		Xxxxxxx	2020-12-22	verified	高
14	XXX.XX.XXX.XXX	xxx.xx.xxx.xxx.xxxxx.xxx	Xxxxxxx	2021-08-29	verified	中
15	XXX.XX.XXX.XXX		Xxxxxxx	2020-12-22	verified	高
16	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxx.xxx	Xxxxxxx	2020-12-22	verified	中
17	XXX.XXX.XXX.XX		Xxxxxxx	2021-08-29	verified	高

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	漏洞	访问向量	类型	可信度
1	T1006	CWE-21, CWE-22, CWE-36	Path Traversal	predictive	高
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	高
3	T1059	CWE-94	Argument Injection	predictive	高
4	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
6	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	高
7	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
8	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	高
9	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	高
10	TXXXX	CWE-XXX	Xxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxx	predictive	高
11	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
12	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	高
13	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
14	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
15	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (87)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	/.vnc/sesman_${username}_passwd	predictive	高
2	File	/admin/users.php?source=edit_user&id=1	predictive	高
3	File	/forum/away.php	predictive	高
4	File	/icingaweb2/navigation/add	predictive	高
5	File	/phppath/php	predictive	中
6	File	/rest/collectors/1.0/template/custom	predictive	高
7	File	/start_apply.htm	predictive	高
8	File	/uncpath/	predictive	中
9	File	/WEB-INF/web.xml	predictive	高
10	File	/wp-admin/options.php	predictive	高
11	File	xxxxx_xxxxxxxx.xxx	predictive	高
12	File	xxxxx/xxxx_xxxxx_xxxx.xxx	predictive	高
13	File	xxxxx.xxx	predictive	中
14	File	xxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	高
15	File	xxxxxxxx.xxx	predictive	中
16	File	xxx_xxxxxxx.xxx	predictive	高
17	File	xxx-xxx/xxxxxx.xxx	predictive	高
18	File	xxxxxx/xx.x	predictive	中
19	File	x_xxxxxx	predictive	中
20	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	高
21	File	xxxxxxxxxx.x	predictive	中
22	File	xxxxx_xxxxxxxxxxxx.xxx	predictive	高
23	File	xxxx.xxx	predictive	中
24	File	xxxx_xxxxxxx.xxx.xxx	predictive	高
25	File	xxxx_xxxx.x	predictive	中
26	File	xxxxxxxx.xxx	predictive	中
27	File	xxx/xxxxxx.xxx	predictive	高
28	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	高
29	File	xxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxx	predictive	高
30	File	xxxxx.xxx?x=xxxxxx&x=xx_xxxxx	predictive	高
31	File	xx/xxx/xxxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxx_xxxxx/_/xxxxxxx_xxx	predictive	高
32	File	xxx/xxx/xxxxx.xx	predictive	高
33	File	xxxxxxxxx/xxxxxxx/xxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxxxxxxxx.xxx	predictive	高
34	File	xxxxxxxxx/xxxxxx.xxx.xxx	predictive	高
35	File	xxxxx.xxxx	predictive	中
36	File	xxx/xxxx/xxxx_xxxxxxxxxx_xxxx.x	predictive	高
37	File	xxxxxxxxxxx-xxxx.xx	predictive	高
38	File	xxxxx/xxxxxxx.x	predictive	高
39	File	xxxxx.xxx	predictive	中
40	File	xxxxxx.x	predictive	中
41	File	xxxxxxxx_xxxxxx.xxx	predictive	高
42	File	xxxxxxxxxxx.xx	predictive	高
43	File	xxxxx.xxx	predictive	中
44	File	xxxxxx_xxxxxx.xx	predictive	高
45	File	xxxx/xxx/xxx_xxxx.x	predictive	高
46	File	xxxxxxxxx/xxxxxx.x	predictive	高
47	File	xxxxxxxx.xxx	predictive	中
48	File	xxxxx.xxx	predictive	中
49	File	xxxx-xxxxxxxx.xxx	predictive	高
50	File	xxxxxx/xxxxxxxxxxxx	predictive	高
51	File	xxx.xxx	predictive	低
52	File	xx-xxxxx/xxxxx.xxx?xxxx=xxx-xxxxx&xxxxxx=xxxx-xxxxx	predictive	高
53	File	xx-xx-xxxxxx.xxx	predictive	高
54	Library	xxx/xxx/xxxxx.xx	predictive	高
55	Library	xxx/xxxx.x	predictive	中
56	Argument	$_xxxxxx['xxxxx_xxxxxx']	predictive	高
57	Argument	${xxx}	predictive	低
58	Argument	/.xxx/xxxxxx_${xxxxxxxx}_xxxxxx	predictive	高
59	Argument	xxxxxxx xx/xxxxxxx xxxx	predictive	高
60	Argument	xxxxxx	predictive	低
61	Argument	xxxxxxxx	predictive	中
62	Argument	xxxxxx	predictive	低
63	Argument	xxx	predictive	低
64	Argument	xxx_xxxx	predictive	中
65	Argument	xxxx/xxxx	predictive	中
66	Argument	xx_xxxxx	predictive	中
67	Argument	xxxx	predictive	低
68	Argument	xxxxx	predictive	低
69	Argument	xx	predictive	低
70	Argument	xxxxxxxx	predictive	中
71	Argument	xxxxxx_xxxxx	predictive	中
72	Argument	xxxx	predictive	低
73	Argument	xxxxx_xx	predictive	中
74	Argument	xxxxxxxx	predictive	中
75	Argument	xxxx_xxxx	predictive	中
76	Argument	xxxx_xx	predictive	低
77	Argument	xxxxxx_xxxxxxxx_xx	predictive	高
78	Argument	xxx	predictive	低
79	Argument	xxxxxxxx	predictive	中
80	Argument	xxx	predictive	低
81	Argument	xxxx-xxxxx	predictive	中
82	Argument	xxxxxxxx	predictive	中
83	Input Value	-x	predictive	低
84	Input Value	.%xx.../.%xx.../	predictive	高
85	Input Value	..%xx	predictive	低
86	Network Port	xxx/xx (xxxxxx)	predictive	高
87	Network Port	xxx/xx (xxx xxxxxxxx)	predictive	高

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!