Web Swiper 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (18)

语言

en	16
zh	2

国家/地区

us	16
cn	2

演员

LinuxMoose	1
TrickBot	1
Web Swiper	1

利益

类型

Not Defined	4
Operating System	4
Cloud Software	2

供应商

Microsoft	4
Dell	2
Oracle	2
Not Defined	2

产品

Microsoft Windows	4
Dell iDRAC6	2
Dell iDRAC7	2
Dell iDRAC8	2
Oracle Communications Messaging Server	2

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开	5.3	5.2	$5k-$25k	计算	High	Workaround	0.02016	0.00	CVE-2007-1192
2	Linux Kernel File Descriptor timerfd.c 内存损坏	6.1	5.9	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00084	0.08	CVE-2017-10661
3	Microsoft Windows Raw Image Extension Remote Code Execution	7.0	6.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.04080	0.00	CVE-2021-34521
4	lighttpd burl.c burl_normalize_2F_to_slash_fix 内存损坏	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.77505	0.00	CVE-2019-11072
5	Microsoft Windows Active Directory Federation Services ls 权限升级	7.9	7.9	$25k-$100k	$25k-$100k	Not Defined	Not Defined	0.00426	0.04	CVE-2018-16794
6	Asuswrt-Merlin UDP wanduck.c parse_req_queries 内存损坏	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00379	0.02	CVE-2018-20336
7	Dell iDRAC6/iDRAC7/iDRAC8 目录遍历	6.1	5.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00245	0.04	CVE-2015-7270
8	Oracle Communications Messaging Server Security 内存损坏	9.8	9.6	$100k 以及更多	$5k-$25k	Not Defined	Official Fix	0.01626	0.00	CVE-2015-7182
9	WordPress SQL注入	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00375	0.04	CVE-2017-14723

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	活动	Identified	类型	可信度
1	207.244.67.218		Web Swiper		2020-01-28	verified	高

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	分类	漏洞	访问向量	类型	可信度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
3	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	/adfs/ls	predictive	中
2	File	burl.c	predictive	低
3	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	高
4	File	xx/xxxxxxx.x	predictive	中
5	File	xxxxxxx.x	predictive	中
6	Argument	xxxxxxxxxxx	predictive	中
7	Argument	xxxx->xxxxxxx	predictive	高
8	Input Value	/%xx	predictive	低

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!