Pykspa 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (541)

语言

es	434
en	102
fr	2
sv	2
de	2

国家/地区

es	484
us	32
cn	10
ce	8

演员

Pykspa	1
Ramnit	1

利益

类型

Not Defined	180
Operating System	30
SCADA Software	24
Smartphone Operating System	20
Firewall Software	18

供应商

Not Defined	100
Apple	32
Microsoft	30
Schneider Electric	16
Samsung	14

产品

Microsoft Windows	16
Apple macOS	14
Apple iOS	12
Apple iPadOS	10
Microsoft Exchange Server	10

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	EPSS	CTI	CVE
1	Keycloak Login 权限升级	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.06	CVE-2022-2232
2	Boa Terminal 权限升级	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02395	0.02	CVE-2009-4496
3	polkit pkexec 权限升级	8.8	8.1	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00046	0.04	CVE-2021-4034
4	SnakeYAML YAML File Parser 内存损坏	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00345	0.05	CVE-2022-38752
5	Facebook WhatsApp/WhatsApp Business/WhatsApp Desktop Call 内存损坏	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00097	0.02	CVE-2021-24042
6	HPE Arcsight Logger Stored 跨网站脚本	5.0	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00059	0.00	CVE-2019-3485
7	Technicolor TC7200.TH2v2 Credentials 权限升级	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00406	0.07	CVE-2018-20393
8	Facebook WhatsApp/WhatsApp Business Video Call 内存损坏	7.0	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00310	0.00	CVE-2020-1909
9	EmbedThis HTTP Library/Appweb httpLib.c authCondition 弱身份验证	7.7	7.5	$0-$5k	$0-$5k	High	Official Fix	0.00927	0.04	CVE-2018-8715
10	Zeus Zeus Web Server 内存损坏	10.0	9.0	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.15887	0.02	CVE-2010-0359
11	SnakeYAML Constructor 权限升级	8.1	8.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00811	0.04	CVE-2022-1471
12	Velneo vClient 弱身份验证	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00121	0.00	CVE-2021-45035
13	Zyxel USG/ZyWALL 弱身份验证	9.8	9.8	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.08015	0.02	CVE-2022-0342
14	Microsoft Exchange Server Remote Code Execution	7.3	7.0	$5k-$25k	$0-$5k	High	Official Fix	0.71652	0.08	CVE-2021-26857
15	Meta WhatsApp/WhatsApp Business Image Blurring 内存损坏	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00201	0.00	CVE-2021-24041
16	Acme Mini HTTPd Terminal 权限升级	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00303	0.04	CVE-2009-4490
17	OpenSSL Stitched Ciphersuite d1_pkt.c SSL_shutdown 信息公开	5.7	5.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00805	0.00	CVE-2019-1559
18	Zeus Zeus Web Server Admin Server 跨网站脚本	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00101	0.04	CVE-2010-0363
19	Keycloak Account Lockout 拒绝服务	3.6	3.4	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00043	0.10	CVE-2024-1722
20	Fortinet FortiOS SSL-VPN 内存损坏	9.8	9.6	$25k-$100k	$5k-$25k	High	Official Fix	0.01842	0.15	CVE-2024-21762

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	Identified	类型	可信度
1	40.255.0.62		Pykspa	2021-06-13	verified	高
2	XX.XX.XXX.XX	xxxxxx.xxxx-xxxxxx.xx	Xxxxxx	2021-06-13	verified	高
3	XXX.XX.XX.XX	xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxxxx	2021-06-13	verified	高
4	XXX.XX.XXX.XX	xxxxxxx.xxxxxxxxxx.xxx.xx	Xxxxxx	2021-06-13	verified	高
5	XXX.XXX.XXX.XX		Xxxxxx	2021-06-13	verified	高

TTP - Tactics, Techniques, Procedures (25)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	分类	漏洞	访问向量	类型	可信度
1		CAPEC-10	CWE-20, CWE-59, CWE-74, CWE-116, CWE-119, CWE-120, CWE-121, CWE-122, CWE-125, CWE-134, CWE-185, CWE-189, CWE-190, CWE-191, CWE-200, CWE-266, CWE-284, CWE-285, CWE-287, CWE-288, CWE-302, CWE-306, CWE-345, CWE-352, CWE-362, CWE-371, CWE-384, CWE-399, CWE-400, CWE-404, CWE-415, CWE-416, CWE-444, CWE-501, CWE-502, CWE-610, CWE-611, CWE-639, CWE-645, CWE-662, CWE-668, CWE-680, CWE-697, CWE-707, CWE-754, CWE-755, CWE-770, CWE-776, CWE-787, CWE-789, CWE-824, CWE-829, CWE-835, CWE-840, CWE-841, CWE-843, CWE-862, CWE-863, CWE-908, CWE-918	Unknown Vulnerability	predictive	高
2	T1006	CAPEC-126	CWE-21, CWE-22, CWE-23	Path Traversal	predictive	高
3	T1040	CAPEC-102	CWE-310, CWE-319	Authentication Bypass by Capture-replay	predictive	高
4	T1055	CAPEC-10	CWE-74, CWE-707	Improper Neutralization of Data within XPath Expressions	predictive	高
5	T1059	CAPEC-10	CWE-74, CWE-94, CWE-707, CWE-1321	Argument Injection	predictive	高
6	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
7	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
8	TXXXX.XXX	CAPEC-0	CWE-XXX, CWE-XXX	Xxx Xx Xxxx-xxxxx Xxxxxxxx	predictive	高
9	TXXXX.XXX	CAPEC-16	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	高
10	TXXXX.XXX	CAPEC-68	CWE-XXX, CWE-XXX	Xxx-xxx Xxxx Xxxxxxx Xxxx	predictive	高
11	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
12	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	高
13	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	高
14	TXXXX	CAPEC-0	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	高
15	TXXXX	CAPEC-184	CWE-XXX	Xxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxx	predictive	高
16	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	高
17	TXXXX.XXX	CAPEC-1	CWE-XXX, CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	高
18	TXXXX	CAPEC-102	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
19	TXXXX	CAPEC-466	CWE-XXX	Xxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxx	predictive	高
20	TXXXX.XXX	CAPEC-114	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
21	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
22	TXXXX.XXX	CAPEC-0	CWE-XX	Xxxxxxxxxxxxx	predictive	高
23	TXXXX	CAPEC-157	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高
24	TXXXX.XXX	CAPEC-112	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	高
25	TXXXX.XXX	CAPEC-19	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (122)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	/.ssh/authorized_keys	predictive	高
2	File	//etc/RT2870STA.dat	predictive	高
3	File	/cgi-bin/luci;stok=/locale	predictive	高
4	File	/cgi-bin/wapopen	predictive	高
5	File	/classes/Users.php?f=save	predictive	高
6	File	/HNAP1	predictive	低
7	File	/index.php	predictive	中
8	File	/mgmt/tm/util/bash	predictive	高
9	File	/opt/zimbra/jetty/webapps/zimbra/public	predictive	高
10	File	/setSystemAdmin	predictive	高
11	File	/sp/ListSp.php	predictive	高
12	File	/updown/upload.cgi	predictive	高
13	File	/usr/bin/pkexec	predictive	高
14	File	?x=xxxxxxxxx/xxxxxxxx/xxxxxxxx	predictive	高
15	File	xxx.x	predictive	低
16	File	xxxxx.x	predictive	低
17	File	xxx/xxxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxx	predictive	高
18	File	xxx/xxxxxxxxxx/xxxxxxxxxxxxxxx.xxx	predictive	高
19	File	xxx/xxxxxxxxx/xxxxxxx/xxxxxx-xxxxxx.xxx	predictive	高
20	File	xxx/xxxxx/xxxxxxxxx.xxx	predictive	高
21	File	xxx/xxxxxxxx/xxxxxxx_xxxxxx_xxxxxxx.xx	predictive	高
22	File	xxx_xxxxxxxxx.xxx	predictive	高
23	File	xxxx-xxxx.x	predictive	中
24	File	xxxx.xxx	predictive	中
25	File	xxxxxxxx/xx.x	predictive	高
26	File	xxxxx_xxxxxxxx.x	predictive	高
27	File	xxxxx	predictive	低
28	File	xxx-xxx/xx_xxxxxx_xxxxxx.xxx	predictive	高
29	File	xxxxxxxxxx.xxx	predictive	高
30	File	xxx/xxxxxxx/xx/xxxx/xxx/xxxxxxxxxxxxxxxxxx.xxxx	predictive	高
31	File	xxxxxx.xxx	predictive	中
32	File	x_xxxxxx	predictive	中
33	File	xxxxxx_x_x.xxx	predictive	高
34	File	xxxxx.x	predictive	低
35	File	xxxx_xxx_xxxx.xxx	predictive	高
36	File	xxxxxxxx.xxx	predictive	中
37	File	xxxxxxxxxx.xxx	predictive	高
38	File	xxx_xxxxxx.xxx	predictive	高
39	File	xxx/xxxxx.x	predictive	中
40	File	xxxx.x	predictive	低
41	File	xxxx/xxx	predictive	中
42	File	xxxx/xxxxxxx.xxxx	predictive	高
43	File	xxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxx	predictive	高
44	File	xxxxx.xxx	predictive	中
45	File	xxxxx.xxx/xxxxxxxxxx/xxx_xxxxxxxx	predictive	高
46	File	xxxxxxx.x	predictive	中
47	File	xxxxxxxxxx/xxxx.x	predictive	高
48	File	xxxx.xxxx	predictive	中
49	File	xxxxxxx.xxx	predictive	中
50	File	xx_xxxxxxxxxxxxxx.x	predictive	高
51	File	xxxxxxx/xxxx-xxxx/xxxxx/xxxxxxxxxx.xx	predictive	高
52	File	xxxxxxx.x	predictive	中
53	File	xxxxxx.xx	predictive	中
54	File	xxxxxxxxxxxxx.xxx	predictive	高
55	File	xxxxxxx/xxxxxxxx/xxxxxx-xxxxxx.x	predictive	高
56	File	xxxxx.x	predictive	低
57	File	xxxxxxxxxxxx.xxx	predictive	高
58	File	xxxxxx.x	predictive	中
59	File	xxxx_xxx_xx.x	predictive	高
60	File	xxx.x	predictive	低
61	File	xxxxxx.x	predictive	中
62	File	xxxx-xxxxxx.x	predictive	高
63	File	xxxxxxxxxxxxxxx/xxxxxxxxxxxx.xxx	predictive	高
64	File	xxx/xx_xxx.x	predictive	中
65	File	xxxxxxxxxxxxxxxx.xxxx	predictive	高
66	File	xxxx.xxx	predictive	中
67	File	xxxx/xxx/xxxx-xxxxx.xxx	predictive	高
68	File	xxxx.xxx	predictive	中
69	File	xxxxxxx.xxx	predictive	中
70	File	xxxxxxxx.xxx	predictive	中
71	File	xxxxxxxxxxxxxxxxxxxx.xxxx	predictive	高
72	File	xxxx/xxxx_xxxxxx.x	predictive	高
73	Library	/xxxxxxx/xxxxxxx.xxx	predictive	高
74	Library	xxxx/xxxxxxx.x	predictive	高
75	Library	xxxxxxxxx	predictive	中
76	Library	xxxxxxxx.xxx	predictive	中
77	Library	xxxxx.xxx	predictive	中
78	Library	xxxxxxx.xxx	predictive	中
79	Argument	-xx	predictive	低
80	Argument	xxxxxxx	predictive	低
81	Argument	xxxxxxx	predictive	低
82	Argument	xxxxxx	predictive	低
83	Argument	xxxxxxx	predictive	低
84	Argument	xxxxxxx	predictive	低
85	Argument	xxxxxxxxxx	predictive	中
86	Argument	xxxx_xxx	predictive	中
87	Argument	xxxxxxxxxxx	predictive	中
88	Argument	xxxxxxxxxxx	predictive	中
89	Argument	xxxxxxx	predictive	低
90	Argument	xxxxxx_xxxxxxxx	predictive	高
91	Argument	xxxxxxxxxxx xxxx/xxxxxxxxxxx xxxx/xxxxxxxxxxx xxxx/xxxxxxx/xxxxxxx/xxxxxxx/xxxxxxx/xxxxxx/xxxxxx/xxxxx xx/xxxxxxxxxx x xxx x xxxxxx xxxxxxxx/xxxxxxxxxx xxx xx xxxxxx xxxxxxxx/xxxxxxxxxx xxx+ xx xxxxxx xxxxxxxx	predictive	高
92	Argument	xxxxxxxxxx	predictive	中
93	Argument	xx	predictive	低
94	Argument	xx	predictive	低
95	Argument	xxx_xxxx	predictive	中
96	Argument	xxxxx	predictive	低
97	Argument	xxxxxxx_xxx_xxxxxx/xxxxxxxxxx_xxxxxxxxxx	predictive	高
98	Argument	xxxxxxxx	predictive	中
99	Argument	xxxxxxxxxxxx	predictive	中
100	Argument	xxxxxx_xxxx	predictive	中
101	Argument	xxxxxxx_xxxx	predictive	中
102	Argument	xxxxxx_xxxx_xxxx	predictive	高
103	Argument	xxxxxxxxx	predictive	中
104	Argument	xxxx	predictive	低
105	Argument	xxxxxxxxxxxxxxxxxxxxxxxx	predictive	高
106	Argument	xxxx_xxxxxx	predictive	中
107	Argument	xxxxxxxx	predictive	中
108	Argument	xxxx_xxxxxx_xxxx	predictive	高
109	Argument	xxxxxxxx	predictive	中
110	Argument	xxxxxxxx/xxxxxxxx	predictive	高
111	Argument	xxxxxxxxxxxx	predictive	中
112	Argument	xxxx	predictive	低
113	Argument	xxxxxxxxxxxxx	predictive	高
114	Argument	xxxxx	predictive	低
115	Argument	x-xxxxxxxxx-xxx	predictive	高
116	Argument	x-xxxx-xxxxx	predictive	中
117	Input Value	%xxxxxx+-x+x+xx.x.xx.xxx%xx%xx	predictive	高
118	Input Value	../..	predictive	低
119	Input Value	xxxx%xx%xxxxx%xx(xxxxxx%xxxxxx%xxxxxx%xx(xxxxxx(xxxxx(x)))xxxx)%xxxxx%xx%xxxxxx%xx=%xxxxxx	predictive	高
120	Network Port	xxx/xxxx	predictive	中
121	Network Port	xxx/xxxx	predictive	中
122	Network Port	xxx/xxxxx	predictive	中

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Interested in the pricing of exploits?

See the underground prices here!