Leviathan 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (35)

语言

en	16
it	16
sv	2
ko	2

国家/地区

us	26
ru	4
fr	2

演员

Leviathan	2
APT28	1
Zeus	1
Qakbot	1
Cobalt Strike	1

利益

类型

Operating System	4
Database Software	4
Not Defined	4
Virtualization Software	4
IP Phone Software	2

供应商

Not Defined	16
Red Hat	2
Microsoft	2
Linksys	2
Cisco	2

产品

Red Hat Enterprise Linux	2
Microsoft Access	2
Linksys Spa921	2
Cisco IP Phone 6800	2
Cisco IP Phone 7800	2

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	EPSS	CTI	CVE
1	Drupal SQL注入	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00135	0.00	CVE-2008-2999
2	Unisoc S8000 Telephony Service 拒绝服务	3.3	3.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00042	0.00	CVE-2022-48447
3	Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 拒绝服务	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00172	0.03	CVE-2023-20079
4	Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 权限升级	9.8	9.7	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.00287	0.00	CVE-2023-20078
5	iRZ RUH2 Firmware Patch 弱身份验证	6.7	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00226	0.00	CVE-2016-2309
6	Joomla SQL注入	6.3	6.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00142	0.02	CVE-2022-23797
7	Microsoft Access 内存损坏	7.0	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00232	0.00	CVE-2020-1582
8	libvirtd API virDomainSaveImageGetXMLDesc 权限升级	7.3	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00045	0.02	CVE-2019-10161
9	nginx 权限升级	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	5.13	CVE-2020-12440
10	Desiscripts Desi Short URL Script index.php 弱身份验证	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00933	0.00	CVE-2009-2642
11	Cisco FirePOWER Management Center Web UI 内存损坏	8.0	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00107	0.00	CVE-2019-12688
12	vsftpd deny_file 未知漏洞	3.7	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00312	0.04	CVE-2015-1419
13	phpMyAdmin 信息公开	6.1	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.18290	0.03	CVE-2019-6799
14	WallacePOS resetpassword.php 跨网站脚本	5.2	5.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00101	0.00	CVE-2017-7388
15	Linksys Spa921 拒绝服务	7.5	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.01834	0.00	CVE-2006-7121
16	Zabbix zabbix_agentd 信息公开	4.0	3.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00042	0.00	CVE-2007-6210
17	BEA WebLogic Mobility Server 弱身份验证	7.3	6.9	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.02056	0.00	CVE-2007-6384
18	Netop Remote Control Guest Client 内存损坏	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00063	0.02	CVE-2017-5216
19	Samsung Mobile Phone Application Installation bad_alloc 权限升级	4.9	4.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00055	0.02	CVE-2017-5217
20	Splunk Header 跨网站脚本	4.3	4.3	$0-$5k	$0-$5k	High	Not Defined	0.00213	0.05	CVE-2014-8380

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	Identified	类型	可信度
1	54.87.87.13	ec2-54-87-87-13.compute-1.amazonaws.com	Leviathan	2020-12-23	verified	中
2	54.242.66.219	ec2-54-242-66-219.compute-1.amazonaws.com	Leviathan	2020-12-23	verified	中
3	XX.XX.XXX.XXX		Xxxxxxxxx	2020-12-23	verified	高
4	XX.XX.XXX.XXX		Xxxxxxxxx	2020-12-23	verified	高
5	XX.XX.XXX.XXX		Xxxxxxxxx	2020-12-23	verified	高
6	XXX.XXX.XXX.XXX		Xxxxxxxxx	2020-12-17	verified	高

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	漏洞	访问向量	类型	可信度
1	T1006	CWE-22	Path Traversal	predictive	高
2	T1059	CWE-94	Argument Injection	predictive	高
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
8	TXXXX.XXX	CWE-XX	Xxxxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	encrypt.c	predictive	中
2	File	ept.c	predictive	低
3	File	xxxxx.xxx	predictive	中
4	File	xxxxx:xxxxxxxxxxx.xx	predictive	高
5	File	xxxx-xxx.xxx	predictive	中
6	File	xxxxxxxxxx-xxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxx	predictive	高
7	Argument	xxxxxxx	predictive	低
8	Argument	xxxxxxx_xx	predictive	中
9	Argument	xxx	predictive	低
10	Argument	xxxxx	predictive	低
11	Input Value	xxxxxx/**/xxxx.	predictive	高
12	Input Value	xxxxxxxxxx:xxxxxx("xxx xx xxxxxxxxxxx");	predictive	高

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!