Winwebsec 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (144)

时间轴

语言

en116
zh22
de4
es2

国家/地区

ms144

演员

BlackTech1
Ponystealer1
Winwebsec1

活动

利益

时间轴

类型

Not Defined72
Content Management System18
Log Management Software4
Customer Relationship Management System4
Groupware Software4

供应商

Not Defined50
Microsoft6
Atmail4
Joomla4
Palosanto4

产品

Car Driving School Management System6
WordPress6
Cacti4
Atmail Webmail4
Joomla CMS4

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1vTiger CRM SQL注入7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002280.04CVE-2019-11057
2Microsoft Exchange Server ProxyShell Remote Code Execution9.58.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.973190.00CVE-2021-34473
3WordPress WP_Query class-wp-query.php SQL注入8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.02CVE-2017-5611
4Apache Solr ResourceLoader 目录遍历5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.528190.02CVE-2013-6397
5ThinkPHP 权限升级8.58.4$0-$5k$0-$5kHighOfficial Fix0.974550.03CVE-2019-9082
6Mailman 权限升级6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001600.00CVE-2018-13796
7Pivotal RabbitMQ password 权限升级7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003430.00CVE-2016-9877
8phpThumb Default Configuration 权限升级5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002460.03CVE-2013-6919
9phpThumb phpThumb.demo.showpic.php 跨网站脚本5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000960.00CVE-2016-10508
10Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
11XenForo 权限升级8.67.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.04
12WordPress Update URI Plugin Header Remote Code Execution7.87.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.006830.04CVE-2021-44223
13RuoYi edit SQL注入7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.000760.05CVE-2023-49371
14Apple iPhone UBS checkm8 权限升级6.45.9$5k-$25k$0-$5kFunctionalOfficial Fix0.000000.04CVE-2019-8900
15André Bräkling WP-Matomo Integration Plugin 跨网站脚本4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2023-33211
16Cacti graph_settings.php 权限升级7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.014980.02CVE-2014-5261
17crewjam saml 弱身份验证3.53.5$0-$5k$0-$5kNot DefinedOfficial Fix0.012510.00CVE-2020-27846
18VestaCP user.conf 权限升级4.64.6$0-$5k$0-$5kNot DefinedNot Defined0.000480.00CVE-2021-30463
19MobileIron Core/Connector 弱身份验证8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.009870.00CVE-2020-15506
20IceWarp Mail Server css.php 目录遍历6.45.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.904210.04CVE-2015-1503

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
184.22.104.243Winwebsec2021-07-24verified
2XXX.X.XXX.XXXxxxxxxxx2021-07-24verified
3XXX.XXX.XXX.XXXXxxxxxxxx2022-11-20verified
4XXX.XXX.XXX.XXxxxxxxxx2022-04-12verified
5XXX.XXX.XXX.XXxxxxx.xxxx.xxXxxxxxxxx2022-04-12verified

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-21, CWE-22, CWE-23Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictive
10TXXXXCWE-XXXxx Xxxxxxxxxpredictive
11TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
15TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictive
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
17TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (83)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/cdsms/classes/Master.php?f=delete_enrollmentpredictive
2File/mifs/c/i/reg/reg.htmlpredictive
3File/server-infopredictive
4File/system/dept/editpredictive
5File/wp-json/oembed/1.0/embed?urlpredictive
6Filea2billing/customer/iridium_threed.phppredictive
7Fileadmin.php?s=/Channel/add.htmlpredictive
8Fileadmin/class-bulk-editor-list-table.phppredictive
9Fileadministrator/components/com_media/helpers/media.phppredictive
10Fileauth.asppredictive
11Filexxxx/xxxxxxxxxxxx.xxxpredictive
12Filexxx-xxx/xxxxxxpredictive
13Filexxxx/xxxxxxxxxxxxx/xxxxxxx.xxxpredictive
14Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
15Filexxxx_xxxxx.xxxpredictive
16Filexxxxxx.xxxpredictive
17Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictive
18Filexxxxxxxxxxx/xxxx-xxxxxx-xxxxxx.xxxpredictive
19Filexxxxxxxxx/xx/xxxxxxxxxxxx.xxxpredictive
20Filexxxxx_xxxxxxxx.xxxpredictive
21Filexxxx/xxxxxxxxxx.xxxpredictive
22Filexxxxx.xxxpredictive
23Filexxxxxxx.xxxpredictive
24Filexxxxxxxxx/xxxxxxx.xxx.xxxpredictive
25Filexxx.xpredictive
26Filexxxxxxx.xxxpredictive
27Filexxx_xxxx.xxxpredictive
28Filexxxxx/xxxxx.xxxpredictive
29Filexxxxxxx/xxxx.xxxpredictive
30Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictive
31Filexxxxxxx/xxxxx/xxxx-xxx/xxxxxx.xpredictive
32Filexxxxx.xxxpredictive
33Filexxxxxx.xxxpredictive
34Filexxxx.xxxxpredictive
35Filexxxxxxxxx.xpredictive
36Filexxxxxxxx/xxxxxxxxpredictive
37Filexxxxx.xxxpredictive
38Filexxxxx/xxxxxxx/xxxxxxxx/xxxxx.xxx.xxxxpredictive
39Filexxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxxpredictive
40Filexxxxxxx.xxxpredictive
41Filexx-xxxxx/xxxxx-xxxx.xxxpredictive
42Filexx-xxxxx/xxxxxx-xxxx.xxxpredictive
43Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
44Libraryxxx/xxxx/xxxxxx.xxxxx.xxxpredictive
45Libraryxxx/xxx.xxxpredictive
46Argumentxxxxxx_xxxxpredictive
47Argumentxxxxxxxpredictive
48Argumentxxxxxxx-xxxxxxpredictive
49Argumentxxxxxxx_xxpredictive
50Argumentxxxxxxxxxxxxxxxpredictive
51Argumentxxxxxxpredictive
52Argumentxxxxpredictive
53Argumentxxxxxxxpredictive
54Argumentxxxxpredictive
55Argumentxxpredictive
56Argumentxxxxxxxxxpredictive
57Argumentxx_xxxxpredictive
58Argumentx/xx/xxxpredictive
59Argumentxxxxxxxxxxpredictive
60Argumentxxxxpredictive
61Argumentxxxx/xxxxxxxpredictive
62Argumentxxxxxxxxxxxxxxxxxxxxxxxpredictive
63Argumentxxxxxpredictive
64Argumentxxxxxx_xxxxpredictive
65Argumentxxxxxxxxxxxxxpredictive
66Argumentxxxxxxxx_xxxxxxxpredictive
67Argumentxxxxxxpredictive
68Argumentxxxxpredictive
69Argumentxxxxxx/xxxxxpredictive
70Argumentxxxxxxxx[]predictive
71Argumentxxxxxxxx[xxxx]predictive
72Argumentxxxpredictive
73Argumentxxx_xxxx[x][]predictive
74Argumentxxxxxxxx/xxxpredictive
75Argumentxxpredictive
76Argumentxxxxxxxxxxxxxpredictive
77Argumentxxxpredictive
78Argumentxxxxxxxxpredictive
79Argumentxxxxxxxxxxxxxpredictive
80Input Value-xpredictive
81Input Valuexxxxx"][xxxxxx]xxxxx('xxx')[/xxxxxx]predictive
82Input Value…/.predictive
83Network Portxxx xxxxxx xxxxpredictive

参考 (5)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you know our Splunk app?

Download it now for free!