Packrat 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (85)

语言

en	62
pt	18
es	6

国家/地区

br	48
cl	4
gb	2
es	2
ru	2

演员

Packrat	5
Banjori	1

利益

类型

Not Defined	10
Smartphone Operating System	10
Operating System	6
Office Suite Software	4
Network Encryption Software	4

供应商

Not Defined	14
Microsoft	10
Google	10
Fortinet	2
Nextcloud	2

产品

Google Android	10
Microsoft Office	4
OpenSSL	4
Dropbear SSH	4
Fortinet FortiMail	2

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	CTI	EPSS	CVE
1	Dropbear SSH 权限升级	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.02911	CVE-2016-7406
2	OpenSSL Non-prime Moduli BN_mod_sqrt 拒绝服务	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.01342	CVE-2022-0778
3	VMware ESXi Host Client Stored 跨网站脚本	5.2	4.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00076	CVE-2017-4940
4	HP Integrated Lights-Out IPMI Protocol 权限升级	8.2	8.0	$5k-$25k	$0-$5k	High	Workaround	0.02	0.27196	CVE-2013-4786
5	Apache HTTP Server mod_reqtimeout 拒绝服务	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.06	0.01696	CVE-2007-6750
6	Linux Kernel Socket Buffer virtio_bt.c 拒绝服务	5.7	5.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00045	CVE-2022-26878
7	Microsoft Windows LSA 信息公开	6.4	5.9	$25k-$100k	$5k-$25k	Functional	Official Fix	0.03	0.85287	CVE-2021-36942
8	Dropbear SSH dbclient/server Memory 信息公开	4.4	4.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01	0.00042	CVE-2016-7409
9	Dropbear SSH dropbearconvert 权限升级	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00956	CVE-2016-7407
10	phpMyAdmin grab_globals.lib.php 目录遍历	4.8	4.4	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.02334	CVE-2005-3299
11	Ietf MD5 弱加密	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.01224	CVE-2004-2761
12	Sun Solaris Authentication 弱身份验证	9.8	9.6	$5k-$25k	$0-$5k	High	Workaround	0.02	0.01297	CVE-1999-0502
13	TP-LINK TL-WR840N 内存损坏	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00092	CVE-2022-26642
14	HP Intelligent Management Center tftpserver.exe 权限升级	10.0	9.5	$25k-$100k	计算	Not Defined	Official Fix	0.00	0.05750	CVE-2011-1853
15	Microsoft Windows SMB Processor EducatedScholar 拒绝服务	7.3	7.0	$5k-$25k	$0-$5k	High	Official Fix	0.06	0.97288	CVE-2009-3103
16	avahi socket.c 拒绝服务	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.07514	CVE-2011-1002
17	OpenSSL EC 信息公开	3.1	3.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00272	CVE-2021-4160
18	Linux Kernel KVM 权限升级	7.6	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00056	CVE-2021-3653
19	Fortinet FortiMail 目录遍历	6.4	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00093	CVE-2021-24013
20	Fortinet FortiMail Identity-Based Encryption Service 弱加密	4.0	3.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00060	CVE-2021-26099

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	Identified	类型	可信度
1	46.246.89.246	joana.homework.space	Packrat	2020-12-24	verified	高
2	50.62.133.49	ip-50-62-133-49.ip.secureserver.net	Packrat	2020-12-24	verified	高
3	XXX.XXX.X.XX	xxxxxxxx.xxxxxx.xxx.xx	Xxxxxxx	2020-12-24	verified	高
4	XXX.XXX.XX.XX	xxxxxxxx.xxxxxx.xxx.xx	Xxxxxxx	2020-12-24	verified	高
5	XXX.XXX.XXX.XXX	xxxxxxxx.xxxxxx.xxx.xx	Xxxxxxx	2020-12-24	verified	高
6	XXX.XX.XXX.XXX	xxx-xx-xxx-xxx.xxx.xxxxxxxx.xx	Xxxxxxx	2020-12-24	verified	高
7	XXX.XXX.XXX.XXX	xxxxxxxx-xxxxxx-xxx-xxx-xxx.xxxxxxxxxxxxx.xxx	Xxxxxxx	2020-12-24	verified	高
8	XXX.XXX.XXX.XX	xx-xxx-xxx-xxx-xx.xx.xxxxxxxxxxxx.xxx	Xxxxxxx	2020-12-24	verified	高
9	XXX.XX.XXX.XXX	xx-xxx-xx-xxx-xxx.xx.xxxxxxxxxxxx.xxx	Xxxxxxx	2020-12-24	verified	高

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	漏洞	访问向量	类型	可信度
1	T1006	CWE-22	Path Traversal	predictive	高
2	T1059	CWE-94	Argument Injection	predictive	高
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	高
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
7	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
9	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	api/sms_check.php	predictive	高
2	File	avahi-core/socket.c	predictive	高
3	File	chmextract.c	predictive	中
4	File	xxxxxxx/xxxxxxxxx/xxxxxx_xx.x	predictive	高
5	File	xxxx_xxxxxxx.xxx.xxx	predictive	高
6	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	高
7	File	xxxxx.xxx	predictive	中
8	File	xxxxxx_xxx.x	predictive	中
9	File	xxxxx-xxx.x	predictive	中
10	File	xxxxxxxxxx.xxx	predictive	高
11	Library	xxxxxxxx.xxx	predictive	中
12	Argument	-x	predictive	低
13	Argument	xxxx	predictive	低
14	Argument	xxx_xxx	predictive	低
15	Argument	xxxxx	predictive	低
16	Argument	xxxxxxxx	predictive	中
17	Argument	xxxxxxxx	predictive	中
18	Argument	xxxx	predictive	低
19	Argument	xxxxxxxx/xxxx	predictive	高
20	Argument	x_xx_xxxxxxxxxxxxxxxx	predictive	高

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Interested in the pricing of exploits?

See the underground prices here!