Sednit 分析

IOB - Indicator of Behavior (94)

时间轴

语言

en76
de10
ru6
es2

国家/地区

us42
ru20
de6
kp2
it2

演员

活动

利益

时间轴

类型

供应商

产品

Apache HTTP Server6
Cisco ASA4
PHP4
IBM Sterling B2B Integrator Standard Edition2
Microsoft Word2

漏洞

#漏洞BaseTemp0day今天修正CTIEPSSCVE
1Apple macOS Sudo 内存损坏6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.97085CVE-2021-3156
2Microsoft IIS FastCGI 内存损坏7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.030.28264CVE-2010-2730
3Microsoft IIS 跨网站脚本5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
4Apache HTTP Server mod_cgid 拒绝服务5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.020.31292CVE-2014-0231
5Drupal SQL注入7.37.0$0-$5k$0-$5kHighOfficial Fix0.000.00135CVE-2008-2999
6Contest Gallery Photos and Files Plugin 跨网站请求伪造4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.040.00043CVE-2024-24887
7MariaDB init_expr_cache_tracker 内存损坏5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00095CVE-2022-32083
8TikiWiki tiki-register.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix6.400.01009CVE-2006-6168
9Django Admin Interface debug.py 跨网站脚本6.15.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.00370CVE-2016-6186
10Mendelson OFTP2 Upload Directory 目录遍历4.64.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00090CVE-2022-27906
11Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 拒绝服务7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00172CVE-2023-20079
12Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 权限升级9.89.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00327CVE-2023-20078
13Serendipity exit.php 权限升级6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00000
14Bitrix Site Manager redirect.php 权限升级5.34.7$0-$5k$0-$5kUnprovenUnavailable0.030.00113CVE-2008-2052
15OpenBB read.php SQL注入7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00250CVE-2005-1612
16PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.070.00348CVE-2015-4134
17eSyndicat Directory Software suggest-listing.php 跨网站脚本3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00000
18iRZ RUH2 Firmware Patch 弱身份验证6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00226CVE-2016-2309
19Joomla SQL注入6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00142CVE-2022-23797
20SnakeYAML YAML File 内存损坏3.13.0$0-$5k$0-$5kNot DefinedNot Defined0.000.00128CVE-2022-41854

活动 (1)

These are the campaigns that can be associated with the actor:

  • Sednit

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (46)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/+CSCOE+/logon.htmlpredictive
2File/etc/config/image_signpredictive
3File/home/httpd/cgi-bin/cgi.cgipredictive
4File/htdocs/web/getcfg.phppredictive
5File/uncpath/predictive
6Fileadmin/admin.shtmlpredictive
7Filexxxxx/xxxxxxxx.xxxpredictive
8Filexxxxx/xxxxxxxxx.xxxpredictive
9Filexxxx.xxxpredictive
10Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictive
11Filexxx/xxxx/xxxx.xpredictive
12Filexxx/xxxxxxxx/xxxx_xxxxx.xpredictive
13Filexxxx.xxxpredictive
14Filexxxxxxxxxxxxxx.xxxpredictive
15Filexxxxx.xxxpredictive
16Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictive
17Filexxxxxx.xpredictive
18Filexxx/xxxx/xxxx.xpredictive
19Filexxxxx:xxxxxxxxxxx.xxpredictive
20Filexxxx.xxxpredictive
21Filexxxxxxxx.xxxpredictive
22Filexxxxxxxx.xxxpredictive
23Filexx-xxxxxxx.xxxpredictive
24Filexxx.xxxpredictive
25Filexxxxxxxxxxx.xpredictive
26Filexxxxxx_xxxxxxxxxx_xxxxxxxx_xxxxxxx_xxxxxxxx.xpredictive
27Filexxxxxxx-xxxxxxx.xxxpredictive
28Filexxxx-xxxxxxxx.xxxpredictive
29Filexxx.xxxpredictive
30Filexxxxx/xxxxx.xxpredictive
31Filexxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxxpredictive
32Filexxxxxxx.xxxpredictive
33Argumentxxxxpredictive
34Argumentxxxxxxxxxpredictive
35Argumentxxxxxxxxpredictive
36Argumentxxxxxx/xxxxxpredictive
37Argumentxxxpredictive
38Argumentxxxpredictive
39Argumentxxxxxxxpredictive
40Argumentxxxpredictive
41Argumentxxxxxpredictive
42Argumentxxxpredictive
43Argumentxxxx_xxxxxxxxx/xxxx_xxxxxxxxpredictive
44Argumentx=/predictive
45Input Valuexxxxxx/**/xxxx.predictive
46Input Value…/.predictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!