TEMP.Veles 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (11)

语言

en	12

国家/地区

ru	10
us	2

演员

Triton	1

利益

类型

Joomla Component	2
Web Server	2
Firewall Software	2
Network Encryption Software	2
Mail Client Software	2

供应商

Not Defined	6
Microsoft	2
Cisco	2

产品

com_tag	2
Microsoft IIS	2
Cisco ASA	2
OpenSSL	2
SquirrelMail	2

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	CTI	EPSS	CVE
1	Cisco ASA WebVPN Login Page logon.html 跨网站脚本	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.00192	CVE-2014-2120
2	Peplink Balance Cookie admin.cgi SQL注入	8.5	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.01457	CVE-2017-8835
3	SquirrelMail PHP Interface webmail.php 弱身份验证	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00500	CVE-2009-0030
4	OpenSSL 64-bit Block Cipher SWEET32 信息公开	6.5	6.4	$5k-$25k	$0-$5k	Proof-of-Concept	Unavailable	0.04	0.00547	CVE-2016-2183
5	com_tag index.php request SQL注入	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00275	CVE-2017-15946
6	FileZilla Server PORT 权限升级	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.23	0.00052	CVE-2015-10003
7	vsftpd deny_file 未知漏洞	3.7	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00312	CVE-2015-1419
8	Microsoft Windows Registry 权限升级	7.3	7.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	0.00290	CVE-2015-2429
9	Microsoft Windows WPAD Remote Code Execution	8.5	8.4	$25k-$100k	$0-$5k	High	Official Fix	0.02	0.92827	CVE-2016-3236
10	Microsoft IIS File Name Tilde 权限升级	6.5	5.9	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.96712	CVE-2005-4360

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	活动	Identified	类型	可信度
1	87.245.143.140		TEMP.Veles		2020-12-20	verified	高

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	漏洞	访问向量	类型	可信度
1	T1059.007	CWE-79	Cross Site Scripting	predictive	高
2	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
3	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
4	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	/+CSCOE+/logon.html	predictive	高
2	File	cgi-bin/MANGA/admin.cgi	predictive	高
3	File	xxxxx.xxx	predictive	中
4	File	xxxxxxx.xxx	predictive	中
5	Argument	xxxxx	predictive	低
6	Argument	xxx	predictive	低
7	Input Value	::$xxxxx_xxxxxxxxxx	predictive	高
8	Network Port	xxx xxxxxx xxxx	predictive	高

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!