Sality 分析

IOB - Indicator of Behavior (40)

时间轴

语言

en28
de4
it2
es2
pl2

国家/地区

演员

活动

利益

时间轴

类型

供应商

产品

Adobe Acrobat Reader6
WordPress6
Iptanus File Upload Plugin2
Microsoft IIS2
Maianscriptworld Maian Recipe2

漏洞

#漏洞BaseTemp0day今天修正CTIEPSSCVE
1WordPress wp-trackback.php mb_convert_encoding 弱加密5.35.1$5k-$25k计算Not DefinedOfficial Fix0.040.03358CVE-2009-3622
2Dragon Path Bharti Airtel Routers Hardware BDT-121 Admin Page 跨网站脚本3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00053CVE-2022-28507
3YaPiG view.php 跨网站脚本4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.01368CVE-2005-1886
4WordPress wp-register.php 跨网站脚本4.34.2$5k-$25k$0-$5kHighUnavailable0.000.00322CVE-2007-5105
5MetInfo URL Redirector login.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.000.00107CVE-2017-11718
6phpRaid register.php 权限升级5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00000
7vu Mass Mailer Login Page redir.asp SQL注入7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00181CVE-2007-6138
8DZCP deV!L`z Clanportal config.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.310.00943CVE-2010-0966
9Symantec Endpoint Protection Manager SAP XML Parser XML External Entity7.36.6$5k-$25k$0-$5kHighOfficial Fix0.000.83177CVE-2013-5014
10Mozilla Firefox/Thunderbird/Firefox ESR NPAPI Plugin 跨网站请求伪造6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00419CVE-2019-11712
11Linux Kernel oom_kill.c __oom_reap_task_mm 内存损坏4.74.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00062CVE-2017-18202
12Node.js HTTP Header 拒绝服务6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.02355CVE-2018-12121
13TestLink Plugin summary.jelly 跨网站脚本4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00053CVE-2018-1000113
14Microsoft Windows Windows Media Player 信息公开2.52.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00157CVE-2017-11768
15W3C Jigsaw Host Header 跨网站脚本6.35.7$0-$5k计算Proof-of-ConceptOfficial Fix0.020.01034CVE-2002-1053
16Microsoft Windows Subsystem for Linux 权限升级6.45.8$25k-$100k计算Proof-of-ConceptOfficial Fix0.000.00213CVE-2018-0743
17Microsoft Windows DirectX 信息公开5.14.9$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00043CVE-2019-0837
18WordPress wpdb->prepare SQL注入8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00389CVE-2017-16510
19Microsoft Lync/Skype for Business Security Feature 权限升级7.06.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00284CVE-2018-8238
20Iptanus File Upload Plugin Shortcode 跨网站脚本6.05.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00185CVE-2018-9172

IOC - Indicator of Compromise (31)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
15.101.0.44Sality2022-04-12verified
220.53.203.50Sality2022-08-01verified
320.72.235.82Sality2022-08-01verified
420.81.111.85Sality2022-08-01verified
520.84.181.62Sality2022-08-01verified
620.103.85.33Sality2022-08-01verified
720.109.209.108Sality2022-08-01verified
8XX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxx2022-08-01verified
9XX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxx2022-08-01verified
10XX.XXX.XXX.XXXxxxxx2022-04-08verified
11XX.XX.XXX.XXXxxxxxxxxxxx.xxxxxxx-xxxx.xxx.xxxXxxxxx2022-04-12verified
12XX.XX.X.XXxxxxxxx.x.xxxxxxxxx.xxxXxxxxx2022-04-12verified
13XX.XXX.XXX.XXXxxxxx2022-04-08verified
14XX.XX.XXX.XXXxxxxxxxxx.xxxxxxxxxxx.xxxXxxxxx2022-04-08verified
15XX.XXX.XXX.XXXXxxxxx2022-04-12verified
16XX.XXX.XX.XXXxx-xxx-xx-xxx-xxxxxx.xxxxxxx.xxxXxxxxx2023-10-29verified
17XX.XXX.XXX.XXxx-xxxxx.xx.xxxxxxxxxxxxx.xxXxxxxx2022-04-12verified
18XX.XX.XXX.XXXxx-xx-xxx-xxx.xxxxx.xxx.xxXxxxxx2022-04-12verified
19XXX.XX.XX.XXxxxxxxxxxxx.x.xxxxxxxxx.xxxXxxxxx2022-04-12verified
20XXX.XXX.XXX.XXXxx-xxx-xxx.xxxxx.xxxXxxxxx2022-04-12verified
21XXX.XXX.XX.XXXxx-xxx-xxx-xx-xxx.xx.xxxxxxxxxxxx.xxxXxxxxx2022-04-12verified
22XXX.X.XXX.XXXXxxxxx2022-04-12verified
23XXX.XXX.XX.XXx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxx2022-04-12verified
24XXX.XX.XXX.Xxx-xxxxx.xxx.xx.xxXxxxxx2022-04-12verified
25XXX.XX.XX.XXXXxxxxx2022-04-08verified
26XXX.XX.XXX.XXXXxxxxx2022-04-08verified
27XXX.XX.XXX.XXXXxxxxx2022-04-08verified
28XXX.XXX.XX.XXXxxxx-x.xxxxxxxxxxxxXxxxxx2022-04-08verified
29XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxx.xxxx-xxxx.xxxXxxxxx2022-04-08verified
30XXX.XX.XX.XXxxxx.xxxxxxx.xxXxxxxx2022-04-08verified
31XXX.XX.XX.XXXxxx.xxxxxxx.xxXxxxxx2022-04-12verified

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1059CWE-94Argument Injectionpredictive
2T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
5TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
6TXXXXCWE-XXXxx Xxxxxxxxxpredictive
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
8TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (35)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/getcfg.phppredictive
2File/settings/avatarpredictive
3Filebin/icingapredictive
4Fileinc/config.phppredictive
5Fileindex.phppredictive
6Filexxxxxx/xxxxx.xxxpredictive
7Filexxxxxx.xxpredictive
8Filexx/xxx_xxxx.xpredictive
9Filexxx.xxxpredictive
10Filexxxxx.xxxpredictive
11Filexxxxxxxx.xxxpredictive
12Filexxxxxxxxxxxxxxxxxxx/xxxxxxx.xxxxxpredictive
13Filexxxxxxxxx.xxpredictive
14Filexxxx/xxxxxxxxxxxx.xpredictive
15Filexxxx.xxxpredictive
16Filexx-xxxxxxxx.xxxpredictive
17Filexx-xxxxxxxxx.xxxpredictive
18Argumentxxxxxxxxpredictive
19Argumentxxxxxxxxxpredictive
20Argumentxxxxxxxpredictive
21Argumentxxxxxxxxxxxpredictive
22Argumentxxxxxpredictive
23Argumentxxpredictive
24Argumentxxxxxxpredictive
25Argumentxxxxxxxxpredictive
26Argumentxxxxpredictive
27Argumentxxxxxxx_xxxpredictive
28Argumentxxxxxxxxpredictive
29Argumentxxxxxxxxxxxxxpredictive
30Argumentxxxx_xxxxxpredictive
31Argument_xxxxxxxpredictive
32Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictive
33Pattern|xx|xx|xx|predictive
34Network Portxxx/xxxx (xxxx) / xxx/xxxx (xxxxx)predictive
35Network Portxxx xxxxxx xxxxpredictive

参考 (6)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!