PYSA 分析

IOB - Indicator of Behavior (1000)

时间轴

语言

ja162
en94
es90
ru86
ko78

国家/地区

us142
ru86
sv74
es72
it68

演员

活动

利益

时间轴

类型

供应商

产品

Microsoft Windows64
Google Android14
Apple iOS12
WordPress12
Unix12

漏洞

#漏洞BaseTemp0day今天修正CTIEPSSCVE
1Microsoft Windows WPAD 权限升级8.07.9$25k-$100k$0-$5kHighOfficial Fix0.580.34346CVE-2016-3213
2ISC BIND Inter-Process Communication 权限升级5.95.5$5k-$25k$0-$5kUnprovenOfficial Fix0.010.04711CVE-2016-2774
3ProFTPD mod_copy 权限升级8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.040.70009CVE-2019-12815
4Cisco ASA Identity Firewall 内存损坏8.17.9$25k-$100k$0-$5kNot DefinedOfficial Fix0.040.05785CVE-2016-6432
5Microsoft Windows LSA 信息公开6.45.9$25k-$100k$5k-$25kFunctionalOfficial Fix0.370.26327CVE-2021-36942
6Microsoft Windows WPAD Remote Code Execution8.58.4$25k-$100k$0-$5kHighOfficial Fix0.370.33687CVE-2016-3236
7Microsoft Windows Netlogon 权限升级7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.330.10071CVE-2016-3228
8Microsoft Azure Active Directory Connect 弱身份验证7.16.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.410.01150CVE-2021-36949
9CS-Cart install.php 权限升级7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.080.01213CVE-2007-0230
10Microsoft IIS IP/Domain Restriction 权限升级6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.950.29797CVE-2014-4078
11wp-code-highlightjs Plugin 跨网站请求伪造6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00954CVE-2019-12934
12pfSense File Name browser.php 跨网站脚本4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00885CVE-2022-42247
13Bluetooth Core Specification Pairing 权限升级3.13.1$0-$5k$0-$5kNot DefinedNot Defined0.090.00885CVE-2022-25837
14Mike Dubman Windows RSH daemon 内存损坏5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.06523CVE-2007-4005
15Microsoft Windows SMBv1 Server 信息公开6.15.8$25k-$100k$0-$5kNot DefinedOfficial Fix0.080.08761CVE-2017-0267
16libsamplerate Audio File src_sinc.c calc_output_single 内存损坏5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00954CVE-2017-7697
17Open WebMail openwebmail-read.pl 跨网站脚本4.34.1$0-$5k$0-$5kHighOfficial Fix0.080.01319CVE-2006-3233
18count.pl 目录遍历6.56.3$0-$5k$0-$5kNot DefinedUnavailable0.050.00000
19Netgear R7000P httpd 内存损坏5.55.3$5k-$25k$5k-$25kNot DefinedNot Defined0.010.00885CVE-2022-44188
20Apple iOS/iPadOS Kernel 内存损坏7.87.6$25k-$100k$5k-$25kHighOfficial Fix0.040.01363CVE-2022-32894

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (26)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-21, CWE-22, CWE-24, CWE-25, CWE-28Pathname Traversalpredictive
2T1040CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CWE-74Injectionpredictive
4T1059CWE-94, CWE-1321Cross Site Scriptingpredictive
5T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
6T1068CWE-250, CWE-264, CWE-269, CWE-284Execution with Unnecessary Privilegespredictive
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
8TXXXX.XXXCWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx Xxxxxxxxpredictive
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxxxxxxpredictive
10TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
11TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
13TXXXX.XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCWE-XXXxx Xxxxxxxxxpredictive
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
16TXXXXCWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx Xxxxpredictive
17TXXXX.XXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx Xxxxpredictive
18TXXXXCWE-XXXXxxxxxxx Xxxxxxxxx Xx X Xxxxxxxxxxx'x Xxxxx Xx Xxxxxpredictive
19TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
20TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
21TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
22TXXXX.XXXCWE-XXXXxxxxxxxpredictive
23TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictive
24TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictive
25TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx Xxxxxxxxxxpredictive
26TXXXX.XXXCWE-XXXXxxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (302)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File%PROGRAMFILES%\Cylance\Desktop\logpredictive
2File%PROGRAMFILES(X86)%\Teradici\PCoIP.exepredictive
3File.forwardpredictive
4File/addNotifyServletpredictive
5File/admin/sign/outpredictive
6File/admin/subnets/ripe-query.phppredictive
7File/ajax/networking/get_netcfg.phppredictive
8File/cgi-bin/supervisor/adcommand.cgipredictive
9File/cgi-bin/supervisor/PwdGrp.cgipredictive
10File/etc/gsissh/sshd_configpredictive
11File/etc/shadowpredictive
12File/face-recognition-php/facepay-master/camera.phppredictive
13File/goform/setmacpredictive
14File/goform/setSysAdmpredictive
15File/hrm/controller/employee.phppredictive
16File/hss/?page=product_per_brandpredictive
17File/hss/admin/?page=products/view_productpredictive
18File/loginpredictive
19File/templates/default/html/windows/right.phppredictive
20File/tmp/app/.envpredictive
21File/tmp/boa-temppredictive
22File/tools/developerConsoleOperations.jsppredictive
23File/uploadServletpredictive
24File/usr/sbin/httpdpredictive
25File/usr/ucb/mailpredictive
26File/vendorpredictive
27File/workspaceCleanuppredictive
28File/wp-admin/admin-ajax.phppredictive
29File5.2.9\syscrb.exepredictive
30File?userfiles&subdir=userfiles/images/flags/predictive
31FileAbstractController.phppredictive
32FileAbstractScheduleJob.javapredictive
33Fileaccount_change.phppredictive
34Fileadclick.phppredictive
35Filexxxxxxxx.xxxpredictive
36Filexxxxxxxx.xxxpredictive
37Filexxxxx.xxxpredictive
38Filexxxxx/xxxxx.xxxxxxxxx.xxxpredictive
39Filexxxxx/xxxxx.xxxxxpredictive
40Filexxxxx/xxxxxxxx/xxxx/xxx_xxxxx_xx_xxxx.xxxpredictive
41Filexxxxx/xxxxxxxxxxx.xxxpredictive
42Filexxxxx.xxxpredictive
43Filexxxxxxx_xxxxxxxxx_xxxx.xxxpredictive
44Filexxxxxxxxxxxx.xxxpredictive
45Filexxxxxxxxxxxxx.xxxpredictive
46Filexxxxx/xxx_xxxx.xpredictive
47Filexxxxxx.xpredictive
48Filexxxxxxx.xxxpredictive
49Filexxx-xxx/xxx_xxx_xxxxxx.xxxpredictive
50Filexxx-xxx/xxxxxxxx.xxxpredictive
51Filexxx-xxx/xxxxx/xxxxx.xxxpredictive
52Filexxxxxx-xxxxxxxx-xxxxxxxx.xxxxxxx.xxxpredictive
53Filexxxxxx/xxx.xpredictive
54Filexxxxxx/xxxx.xpredictive
55Filexxxxxxxpredictive
56Filexxxxxxxxxx/xxxxxxxx.xxxpredictive
57Filexxxx/xxxxx/xxxxxx.xxxpredictive
58Filexx.x/xxxxxxxx.xpredictive
59Filexxxxxxx.xxxpredictive
60Filexxxx_xxxx.xxxpredictive
61Filexxxx.xxxpredictive
62Filexxx.xxpredictive
63Filexxxxxxx/xxx/xxx/xxx/xxxxxx/xxx_xxxx.xpredictive
64Filexxxxxxx/xxx/xxxxxxxx/xxxxxxx/xxxxxxx/xxxxxxxx.xpredictive
65Filexxxxxxx/xxx/xxxxxxxx/xxxxxxxxx/xxxxxxxx/xxxxxxxx.xpredictive
66Filexxxx.xxxpredictive
67Filexxxxx.xxxpredictive
68Filexxxx/xxxxxxxxxx/xxxxxx-xxx.xpredictive
69Filexxxxxxx.xxxpredictive
70Filexxxxxxx.xxx/xxxxx.xxx/xxxxxxx.xxxpredictive
71Filexxxxxxxxxxxx.xxxpredictive
72Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictive
73Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictive
74Filexxxxxx.xxxxpredictive
75Filexx/xxxxxx/xxxxx.xpredictive
76Filexxxxxxx.xxxpredictive
77Filexxxxx.xxxpredictive
78Filexxxxxxxxxxxx_xxxx.xxxpredictive
79Filexxxxxxxxxxx.xpredictive
80Filexxxxxx.xxxpredictive
81Filexxxxxxxx/xxxx/xxxx.xxpredictive
82Filexxxxxx_xxxx_xxxxxx.xxxpredictive
83Filexxxxxx.xxxpredictive
84Filexxxxxxxxxxxxxxx.xxxxpredictive
85Filexxxxxxxxx.xxxpredictive
86Filexx/xxxx/xx.xpredictive
87Filexxx/xxxxxx.xxxpredictive
88Filexxxxx.xxxxpredictive
89Filexxxxx.xxxpredictive
90Filexxxxxx.xxxpredictive
91Filexxxxxxxxxx_xxx_xxxxxxpredictive
92Filexxxxxxx.xxxpredictive
93Filexxxx_xxxx.xxxpredictive
94Filexxxxxx.xxxxxxxxxx.xxpredictive
95Filexxxxxx.xpredictive
96Filexxxxx.xpredictive
97Filexxxxxx.xpredictive
98Filexxxx_xxx.xpredictive
99Filexxxx.xxxpredictive
100Filexxxxx.xxxpredictive
101Filexxxxx/xxxxxxxxxxxx.xxx?xxxxxxxxxxx=xxxxxxxxxxxxxxxxxpredictive
102Filexxx_xxx_xxxx.xxxpredictive
103Filexxxx.xpredictive
104Filexxxxxxxxxxxxxxxx.xxxx/xxxxxxxxxxxxxpredictive
105Filexxxxxx/xxxxxxx_xxxx.xxxpredictive
106Filexxxx=xxx:/xxxxxx/xxxxxxx.xxxxxx-xxxxxx/xxxxxxxx=xxxxx.xxxpredictive
107Filexxxx/xxxxxxx_xxxx.xpredictive
108Filexxxxxxx/xxxxx/xxxxxxx.xpredictive
109Filexxx_xxxxx_xxxx.xpredictive
110Filexxx_xxxxxxx.xxxpredictive
111Filexxxx.xxxpredictive
112Filexxxxx.xxxpredictive
113Filexxxxxxxx_xxxxxx.xxxpredictive
114Filexxx/xxxx/xxxx.xpredictive
115Filexxx/xxxxxx/xx_xxxxxx.xpredictive
116Filexxxx-xxx.xxpredictive
117Filexxxx-xxxxxx\xx\xxxxxx.xxxpredictive
118Filexxx/xxxxxxx/xxxxxxxxxxxxpredictive
119Filexxxxxxxxxxx-xxxx.xxpredictive
120Filexxxxxx.xpredictive
121Filexxxxxxxx.xxxxpredictive
122Filexxxxxx.xpredictive
123Filexxxxxxxx/xxx.xpredictive
124Filexxxxxxxxxxxxxx.xxxpredictive
125Filexxxxxxxx.xxxpredictive
126Filexxxxxxx.xxxpredictive
127Filexxxxxxx.xpredictive
128Filexxxx/xxxxx_xxx.xxxpredictive
129Filexxxxxxx.xxpredictive
130Filexxxxx.xxxpredictive
131Filexxxxxxx/xxxx/*predictive
132Filexxxxxxxx/xx/xxxxxxxxxxpredictive
133Filexxxx.xxxpredictive
134Filexxxxx.xxxpredictive
135Filexxxxxxxx.xxxpredictive
136Filexxxxxx_xxxxx.xxxpredictive
137Filexxx_xxxx_xxxxxxxxx.xxpredictive
138Filexxxxxxxx/xxxxxxxxxxxxxxx.xxxpredictive
139Filexxxxxx-xxxxxxxx.xxxpredictive
140Filexxxxxx.xxxpredictive
141Filexxxxxx/xxxxxxx/xxxxxxxx/xxxx/xxxxxxxxxxxxxxxxxxx.xxxxpredictive
142Filexxxxxxxx.xxx.xxxpredictive
143Filexxxxxxxx.xxxpredictive
144Filexxxx.xxxpredictive
145Filexxx.xxxxpredictive
146Filexxxxx.xxxxpredictive
147Filexxxxxx.xpredictive
148Filexxxx_xxxxx.xxxxpredictive
149Filexxx/xxxxxxxxx/xxxxx/xxxxxxx/predictive
150Filexxx/xxxxxxxxx.xpredictive
151Filexxx_xxxx.xpredictive
152Filexxxxxx/xxxx_xxxxxxx?xxxpredictive
153Filexxxxxxx.xxpredictive
154Filexxx_xxxxxxx.xxxpredictive
155Filexxx_xxxx_xxxxxx.xxxpredictive
156Filexxxxxxxxxxxxxx.xxxxxxx.xxxxxxx.xxxpredictive
157Filexxxx-xxxxxxxx.xxxpredictive
158Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictive
159Filexxxx-xxxxx.xxxpredictive
160Filexxxxx.xxxpredictive
161Filexxxx.xxxxpredictive
162Filexxxxxxxx.xxxpredictive
163Filexxxxxxxxxxxxxxxxx.xxxpredictive
164Filexxxxx/xxx_xxxxxx.xpredictive
165Filexxxxx/xxx_xxxxxxx.xpredictive
166Filexxxxxxxxxxx.xxxpredictive
167Filexxxx/xxxxxxxxx/xxxxx.xxxxx.xxxpredictive
168Filexxxxxx.xxxpredictive
169Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx-xxxxx.xxxpredictive
170Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictive
171Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxxxxx-xpredictive
172Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxx-xxxxxxxxx-xxpredictive
173Filexx-xxxxx/xxxxxx.xxx?xxxx=xxxx-xxxxxxxxxxx-xxxxpredictive
174Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
175Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictive
176Filexx-xxxxxxxxx.xxxpredictive
177Filexxx/xxxxxxx.xpredictive
178Library/xxx/xxx/xxxx/x.xxxpredictive
179Libraryxxxxxx.xxxpredictive
180Libraryx:/xxxxxxx xxxxx/xxxxx/xxxxxxx.xxxpredictive
181Libraryxxxxxx.xxxpredictive
182Libraryxxxxxx.xxxpredictive
183Libraryxxxxx.xxxpredictive
184Libraryxxxxx.xxxpredictive
185Libraryxxx/xxx_xxxxxxx.xxxxxxx.xxxpredictive
186Libraryxxx_xxxxpredictive
187Libraryxxxxxxxx.xxxpredictive
188Libraryxxxx.xxxpredictive
189Libraryxxxxxxx.xxxpredictive
190Libraryxxxxx.xxxpredictive
191Libraryxxxxxxxxxx.xxxpredictive
192Argument$xxx_xxxxxxxxpredictive
193Argument$_xxxxxx['xxxxx_xxxxxx']predictive
194Argument-xpredictive
195Argumentxxxxxxxx_xxxxpredictive
196Argumentxxxxxxpredictive
197Argumentxxxxpredictive
198Argumentxxxxx_xxxxxxxxpredictive
199Argumentxxxxxxx/xxxxxxxpredictive
200Argumentxxx_xxxpredictive
201Argumentxxxxxxxxxpredictive
202Argumentxxxx_xxxxpredictive
203Argumentxxxxxxxxpredictive
204Argumentxxxxxpredictive
205Argumentxxxxxpredictive
206Argumentxxxxxpredictive
207Argumentxxpredictive
208Argumentxxxpredictive
209Argumentxxxxxxxxxpredictive
210Argumentxxxx_xxpredictive
211Argumentxxxxxxxxxpredictive
212Argumentxxxxxxxxxx[xxxxxxxxx][]predictive
213Argumentxxxx_xxxpredictive
214Argumentxxxxpredictive
215Argumentxxxxxxxxxxxpredictive
216Argumentxxx/xxxxxxxpredictive
217Argumentxxxxpredictive
218Argumentxxxxxx_xxxx_xxxxxxxxpredictive
219Argumentxxxxx_xxxx/xxxxx_xxx/xxxxx_xxxx/xxxx_xxpredictive
220Argumentxxxxxxxxpredictive
221Argumentxxxxxxxxxxpredictive
222Argumentxxxxxxpredictive
223Argumentx_xxxxxpredictive
224Argumentxxxxxxxxpredictive
225Argumentxxxxpredictive
226Argumentxxxx_xxxxxxxxxx_xxxpredictive
227Argumentxxpredictive
228Argumentxxxxxxpredictive
229Argumentxxxpredictive
230Argumentxxxxxxxxx_xxx_xxxx_xxxx_xxxxxxxpredictive
231Argumentxxxxxpredictive
232Argumentxxxxxxxxxxxpredictive
233Argumentxxxxxxx_xxxpredictive
234Argumentxxxxxxxxxpredictive
235Argumentxxxx_xxxxxx_xxxxx/xxxx_xxxxxx_xxxx_xxxxxxpredictive
236Argumentxxxxxxxxxxxxxxxxxpredictive
237Argumentxxxxpredictive
238Argumentxxx_xxxxpredictive
239Argumentxxxxx_xxxxxxxpredictive
240Argumentxxxxpredictive
241Argumentxxxxxxx_xxx_xxxxxx_xxxxpredictive
242Argumentxxxxxxpredictive
243Argumentxxx_xxxxxxxx_x/xxx_xxxxxxxx_xpredictive
244Argumentxxxxpredictive
245Argumentxxxxxxxxxxpredictive
246Argumentxxxxpredictive
247Argumentxxxxx_xxxxpredictive
248Argumentxxxxpredictive
249Argumentxxxxxxxxpredictive
250Argumentxxxxxxxxpredictive
251Argumentxxxxpredictive
252Argumentxxxxxxxxxxxxxpredictive
253Argumentxxxxxpredictive
254Argumentxxxpredictive
255Argumentxxxxxxxpredictive
256Argumentxxxxxxxxxpredictive
257Argumentxxxxxxxpredictive
258Argumentxxxxxxxxxxpredictive
259Argumentxxxxxxxxpredictive
260Argumentxxxxxxxxpredictive
261Argumentxxxxxxxxpredictive
262Argumentxxxpredictive
263Argumentxxxxxxpredictive
264Argumentxxx_xxpredictive
265Argumentxxxxxx_xxxxxxxxpredictive
266Argumentxxxxxxxx_xxpredictive
267Argumentxxxpredictive
268Argumentxxxxpredictive
269Argumentxxxxxxxpredictive
270Argumentxxxxpredictive
271Argumentxxxxxxx_xxxx_xxx/xxxxxxx_xxxx_xxxpredictive
272Argumentxxxxxxpredictive
273Argumentxxxpredictive
274Argumentxx_xxpredictive
275Argumentxxxxxxxpredictive
276Argumentxxxxxxxxxpredictive
277Argumentxxxpredictive
278Argumentxxxxxpredictive
279Argumentxxpredictive
280Argumentxxxxxxxx-xxxxxxxxpredictive
281Argumentxxxxxxxxxpredictive
282Argumentxxxxpredictive
283Argumentxxxpredictive
284Argumentxxxx-xxxxxpredictive
285Argumentxxxxxxpredictive
286Argumentxxxxxxpredictive
287Argumentxxxxxxxxpredictive
288Argumentxxxxxxxxpredictive
289Argumentxxxx_xxpredictive
290Argumentxxxxxpredictive
291Argumentxxpredictive
292Argumentx-xxxxxxxxx-xxxpredictive
293Input Value%xx%xx%xxpredictive
294Input Value..predictive
295Input Value../predictive
296Input Value../../predictive
297Input Valuexxpredictive
298Input Valuexxx.xxx[xxxxx]predictive
299Patternxxxxpredictive
300Network Portxxx/xx (xxx)predictive
301Network Portxxx/xx (xxxxxx)predictive
302Network Portxxx/xxx (xxxxx)predictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!