SpeakUp 分析

IOB - Indicator of Behavior (109)

时间轴

语言

en106
fr2
pl2

国家/地区

演员

活动

利益

时间轴

类型

供应商

产品

PrestaShop4
Microsoft Windows4
Google Android4
Net Controller Trojan2
wolfSSL wolfMQTT2

漏洞

#漏洞BaseTemp0day今天修正CTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k$0-$5kHighWorkaround0.030.01806CVE-2007-1192
2Rittal PDU-3C002DEC/CMCIII-PU-9333E0FB 权限升级7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00243CVE-2020-11953
3SmarterTools SmarterMail Email Stored 跨网站脚本5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00084CVE-2019-7211
4Backdoor.Win32.Psychward.b Service Port 8888 弱身份验证7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.000.00000
5Echelon SmartServer 1/SmartServer 2/i.LON 100/i.LON 600 弱身份验证8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00205CVE-2018-8859
6Cybozu Garoon 权限升级5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00076CVE-2022-27661
7GitLab Community Edition/Enterprise Edition Rrunner Jobs API 权限升级4.34.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00079CVE-2022-2227
8Barco TransForm N Control Room Management Suite Web Application 跨网站脚本3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00075CVE-2022-26974
9BigBlueButton Chat Message 信息公开5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00071CVE-2022-29232
10wolfSSL BASE64 PEM File Decoding 信息公开2.22.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00063CVE-2021-24116
11Google Go IP Address net.ParseCIDR 权限升级7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00172CVE-2021-29923
12Camunda Modeler IPC Message writeFile 权限升级7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.020.00711CVE-2021-28154
13cocoapods-downloader 权限升级6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00131CVE-2022-21223
14Deno 权限升级8.68.5$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00197CVE-2022-24783
15Rockwell Automation ISaGRAF Runtime 权限升级5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00045CVE-2020-25184
16Cost Calculator Plugin Cost Calculator Post's Layout 目录遍历5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00065CVE-2021-24820
17Zabbix SAML 弱身份验证8.28.2$0-$5k$0-$5kNot DefinedNot Defined0.040.96928CVE-2022-23131
18Shared Groovy Libraries Plugin 权限升级5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00087CVE-2022-25183
19Sangoma Corporation Switchvox 权限升级4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.060.00109CVE-2021-45310
20Samsung Smartphone Edge Panel 信息公开2.72.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00047CVE-2022-24001

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (34)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/cgi-bin/kerbynetpredictive
2File/damicms-master/admin.php?s=/Article/doeditpredictive
3File/etc/quaggapredictive
4File/main?cmd=invalid_browserpredictive
5Filebackend/upcean.cpredictive
6Filexxxxxxxxx.xxxpredictive
7Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
9Filexxxx-xxxxxxxx-xxxxxx.xxxpredictive
10Filexxxx/xxxx_xxxxxxxx_xxx/xxx_xxxxpredictive
11Filexxxxxxxxx.xxxpredictive
12Filexx_xxx_xx.xpredictive
13Filexxx/xxxxx/xxxx-xxxxxxxx.xxxpredictive
14Filexxxxx.xxxpredictive
15Filexxxxxxx.xxxpredictive
16Filexxxxxxx.xxxpredictive
17Filexxxx/xxxxxxxxxxxxxx.xxxxpredictive
18Filexxxxxxx:xxxxxxxxxxxxxxxxpredictive
19Filexx_xxxx/xx/predictive
20Filexxxx.xxxpredictive
21Filexxxxxxxpredictive
22Libraryxxxxxxxxxx.xxxpredictive
23Argumentxxxpredictive
24Argumentxxxxxxxxxxxxxxxpredictive
25Argumentxxxxxxxxxxxxpredictive
26Argumentxxxxxxpredictive
27Argumentxxxxxx_xxxxx_xxxpredictive
28Argumentxxpredictive
29Argumentxxpredictive
30Argumentxxxx xxxxxpredictive
31Argumentxxxxxxxxxxxxxxxxxxxpredictive
32Argumentxxxxxxxpredictive
33Argumentxxxxpredictive
34Input Value%xx%xxxxx%xx/xxx/xxxxxx%xx%xxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!