LeetHozer 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (197)

时间轴

语言

en176
zh12
es4
fr4
de2

国家/地区

us98
cn48
ru4
gb2
ce2

演员

Cobalt Strike13
NetSupportManager RAT12
Raccoon10
SideWinder8
RecordBreaker8

活动

利益

时间轴

类型

Not Defined92
WordPress Plugin16
Router Operating System12
Firewall Software10
Content Management System8

供应商

Not Defined64
Microsoft10
Hikvision6
Computrols4
Comcast4

产品

WordPress6
Microsoft SQL Server4
MantisBT4
Computrols CBAS4
Microsoft Exchange Server4

漏洞

#漏洞BaseTemp0day今天修正CTIEPSSCVE
1Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00251CVE-2013-5033
2Palo Alto PAN-OS GlobalProtect Clientless VPN 内存损坏8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00112CVE-2021-3056
3WordPress SQL注入6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00467CVE-2022-21664
4VeronaLabs wp-statistics Plugin API Endpoint Blind SQL注入8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00250CVE-2019-13275
5Linksys WRT54GL Web Management Interface SysInfo1.htm 信息公开4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00046CVE-2024-1406
6Teclib GLPI unlock_tasks.php SQL注入8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.040.12149CVE-2019-10232
7Sophos Firewall User Portal/Webadmin 弱身份验证8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.97434CVE-2022-1040
8CutePHP CuteNews 权限升级7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.02365CVE-2019-11447
9WordPress Object 权限升级5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00334CVE-2022-21663
10Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k 以及更多$0-$5kProof-of-ConceptOfficial Fix0.000.07920CVE-2022-26923
11QNAP QTS Media Library 权限升级8.58.2$0-$5k$0-$5kHighOfficial Fix0.000.01394CVE-2017-13067
12RoundCube Webmail rcube_plugin_api.php 目录遍历8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01163CVE-2020-12640
13Samurai Build File util.c canonpath 内存损坏6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.070.00085CVE-2019-19795
14Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
15Phpsugar PHP Melody page_manager.php 跨网站脚本5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00083CVE-2017-15648
16RealNetworks RealServer Port 7070 Service 拒绝服务7.57.3$0-$5k$0-$5kNot DefinedWorkaround0.030.02116CVE-2000-0272
17Microsoft Windows Themes 信息公开5.95.6$25k-$100k$5k-$25kUnprovenOfficial Fix0.040.00073CVE-2024-21320
18Royal Elementor Addons and Templates Plugin 权限升级8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.96723CVE-2023-5360
19Hikvision Intercom Broadcasting System ping.php 权限升级7.57.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.90160CVE-2023-6895
20Hikvision Hybrid SAN Messages 权限升级8.28.2$0-$5k$0-$5kNot DefinedNot Defined0.060.00091CVE-2023-28808

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
137.49.226.171LeetHozer2022-02-11verified
264.225.64.58LeetHozer2022-02-11verified
3XXX.XXX.XXX.XXXXxxxxxxxx2022-02-11verified
4XXX.XXX.XX.XXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxx2022-02-11verified
5XXX.XXX.XX.XXXxxxxx.xxxxxxx.xxxXxxxxxxxx2022-02-11verified
6XXX.XXX.XX.XXXXxxxxxxxx2022-02-11verified

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22, CWE-23Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxxpredictive
11TXXXXCWE-XXXxx Xxxxxxxxxpredictive
12TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
15TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (90)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/api/RecordingList/DownloadRecord?file=predictive
2File/apply.cgipredictive
3File/php/ping.phppredictive
4File/rapi/read_urlpredictive
5File/scripts/unlock_tasks.phppredictive
6File/SysInfo1.htmpredictive
7File/sysinfo_json.cgipredictive
8File/system/user/modules/mod_users/controller.phppredictive
9File/wp-admin/admin-post.php?es_skip=1&option_namepredictive
10FileAjaxFileUploadHandler.axdpredictive
11Filexxxxxxx/xxxx.xxxpredictive
12Filexxxxxx/xxx.xpredictive
13Filexxxxxxxxx.xxx.xxxpredictive
14Filexxxxx/xxxxx.xxxpredictive
15Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
16Filexxxx_xxxxx.xxxpredictive
17Filexxxxx.xxxpredictive
18Filexxxxxx.xxxpredictive
19Filexx/xx-xx.xpredictive
20Filexxx/xxxx_xxxx.xpredictive
21Filexxxxxx/xxxxxxxxxxxpredictive
22Filexxxx_xxxxxx.xpredictive
23Filexxxx/xxxxxxx.xpredictive
24Filexxx/xxxxxx.xxxpredictive
25Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictive
26Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictive
27Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictive
28Filexxxxxxxxxx.xxxpredictive
29Filexxxxx.xxxpredictive
30Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictive
31Filexxx/xxx.xxxpredictive
32Filexxxx_xxxxxxx.xxxpredictive
33Filexxxxxx.xpredictive
34Filexxxx.xxxpredictive
35Filexxxxx.xxxpredictive
36Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictive
37Filexxxxx_xxxxxx_xxx.xxxpredictive
38Filexxxxxxxx.xxxpredictive
39Filexxxx.xxxpredictive
40Filexxxxx/xxxxx.xxxpredictive
41Filexxxxxxxx.xxxpredictive
42Filexxxx-xxxxx.xxxpredictive
43Filexxxxxxxxx.xxxpredictive
44Filexxxx.xpredictive
45Filexxxxxxxxxxpredictive
46Filexxxx_xxx_xxx_xxxx.xxxpredictive
47Filexxxxxxx/xxxxx.xxxpredictive
48Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictive
49Argumentxxxxxxpredictive
50Argumentxxxxxxx_xxxxpredictive
51Argumentxxxxxx_xxxxpredictive
52Argumentxxxxxxxxpredictive
53Argumentxxxpredictive
54Argumentxxxxxxxxxxxxxxxxxpredictive
55Argumentxxxxxpredictive
56Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictive
57Argumentxxxxxx_xxpredictive
58Argumentxxxpredictive
59Argumentxxxxxxpredictive
60Argumentxxxxxxpredictive
61Argumentxxxxpredictive
62Argumentxxxxpredictive
63Argumentxxpredictive
64Argumentxxxxx_xxxxpredictive
65Argumentxxxxxxxx[xx]predictive
66Argumentxxxxxxxpredictive
67Argumentxxxxxxxx_xxxxpredictive
68Argumentxxx_xxxxpredictive
69Argumentxxxx_xxxxxpredictive
70Argumentxxxxxxxxpredictive
71Argumentxxxx_xxpredictive
72Argumentxxxxxxx/xxxxxpredictive
73Argumentxxxxxx_xxxpredictive
74Argumentxxxx_xxpredictive
75Argumentxxxxxxxx_xxxxxxxxpredictive
76Argumentxxxxxxxxxxxxxxxxxxxxxpredictive
77Argumentxxxx_xxpredictive
78Argumentxxxpredictive
79Argumentxxxxpredictive
80Argumentxxxxxxxxpredictive
81Argumentxxxx/xx/xxxx/xxxpredictive
82Input Value.%xx.../.%xx.../predictive
83Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictive
84Input Valuexxxxxxx -xxxpredictive
85Input Valuexxxxxxxxxxpredictive
86Network Portxxxxpredictive
87Network Portxxxxpredictive
88Network Portxxxx xxxxpredictive
89Network Portxxx/xxxpredictive
90Network Portxxx/xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you want to use VulDB in your project?

Use the official API to access entries easily!