LightBasin 分析

IOB - Indicator of Behavior (54)

时间轴

语言

en38
zh10
ar4
de2

国家/地区

cn30
us12
ir4
gb4

演员

活动

利益

时间轴

类型

供应商

产品

Huawei SXXXX4
Toshiba Home Gateway HEM-GW16A2
Toshiba Home Gateway HEM-GW26A2
Cachet2
DokuWiki2

漏洞

#漏洞BaseTemp0day今天修正CTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2Toshiba Home Gateway HEM-GW16A/Home Gateway HEM-GW26A Access Restriction 权限升级6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00084CVE-2018-16197
3Scadaengine BACnet OPC Client csv 内存损坏10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.63388CVE-2010-4740
4Microsoft IIS FTP Command 信息公开5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.00361CVE-2012-2532
5ImageMagick pcx.c ReadPCXImage 拒绝服务5.45.1$0-$5k计算Not DefinedOfficial Fix0.000.00252CVE-2017-12432
6e-Quick Cart shopprojectlogin.asp SQL注入6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00000
7SAS Intrnet DS2CSF Macro 权限升级5.55.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00830CVE-2021-41569
8TikiWiki tiki-register.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix6.690.01009CVE-2006-6168
9Apache OFBiz 目录遍历3.53.5$5k-$25k$5k-$25kNot DefinedNot Defined0.020.11945CVE-2022-47501
10Onedev HTTP Header git-prereceive-callback 弱身份验证8.18.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00218CVE-2022-39205
11Microsoft IIS HTTP 1.0 Request IP Address 信息公开3.13.0$5k-$25k$0-$5kHighOfficial Fix0.030.00360CVE-2000-0649
12Mikrotik RouterOS SNMP 信息公开8.07.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.080.00307CVE-2022-45315
13HubSpot Plugin Proxy REST Endpoint 权限升级5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00104CVE-2022-1239
14Huawei ACXXXX/SXXXX SSH Packet 权限升级7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00246CVE-2014-8572
15GIT Client Path 权限升级8.58.4$5k-$25k计算HighOfficial Fix0.020.95465CVE-2014-9390
16codemirror Regular Expression 权限升级5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01484CVE-2020-7760
17Microsoft Windows IIS Remote Code Execution7.67.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.040.00107CVE-2022-30209
18Huawei SXXXX XML Parser 权限升级3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.030.00056CVE-2017-15346
19Openfind MailGates Email 权限升级8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00866CVE-2020-12782
20Microsoft Exchange Server 信息公开6.35.5$5k-$25k$0-$5kUnprovenOfficial Fix0.030.50267CVE-2021-33766

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (24)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/DbXmlInfo.xmlpredictive
2File/deviceIPpredictive
3File/git-prereceive-callbackpredictive
4File/xxx/xxxxxxxxxx.xxxpredictive
5Filexxxxxxxxxxxxx.xxxpredictive
6Filexxxx/xxxxxxxxxxxx.xxxpredictive
7Filexxxx.xpredictive
8Filexxxxxx/xxx.xpredictive
9Filexxxpredictive
10Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
11Filexxx/xxx.xxpredictive
12Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictive
13Filex_xxxxxxxx_xxxxxpredictive
14Filexxx.xxxpredictive
15Filexxxxxxx.xxxpredictive
16Filexxxxxxxxxxxxxxxx.xxxpredictive
17Filexxxx-xxxxxxxx.xxxpredictive
18Libraryxx.xxxpredictive
19Libraryxxxxxxxx.xxxpredictive
20Argumentxxxxx_xxpredictive
21Argumentx_xxxxxxxxpredictive
22Argumentxxxxxxxxxpredictive
23Argumentx-xxxxxxxxx-xxxpredictive
24Argumentx-xxxx-xxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!