Xpiro 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (85)

语言

en	78
zh	2
es	2
ru	2
fr	2

国家/地区

us	22
es	10
ir	2
cn	2
in	2

演员

Xpiro	4
Ramnit	3
Zeus	1
TrickBot	1

利益

类型

Not Defined	32
Smartphone Operating System	6
Operating System	6
Forum Software	4
Programming Language Software	4

供应商

Not Defined	30
Microsoft	12
Google	8
Apple	4
Apache	4

产品

Google Android	6
Docker Desktop	2
Hospital Management System	2
Microsoft Dynamics 365	2
Gemalto SafeNet KeySecure	2

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	CTI	EPSS	CVE
1	ThemeIsle Orbit Fox Plugin 跨网站脚本	4.9	4.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00045	CVE-2024-1323
2	IBM PowerSC 权限升级	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00073	CVE-2023-50940
3	Embed Calendly Plugin Shortcode 跨网站脚本	5.1	5.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00045	CVE-2023-4995
4	Tracker Software PDF-XChange Editor U3D File Parser 信息公开	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00000	CVE-2023-42058
5	Mozilla Firefox XLL Add-In File 权限升级	4.3	4.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00055	CVE-2023-4581
6	PHP Jabbers Yacht Listing Script Password Recovery 信息公开	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00091	CVE-2023-40761
7	OpenRapid RapidCMS run-movepass.php 权限升级	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00063	CVE-2023-4448
8	Chamilo SVG File fileUpload.lib.php 权限升级	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00088	CVE-2023-34944
9	Apache InLong 权限升级	6.5	6.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00	0.00125	CVE-2023-31206
10	Nokia NetAct Configuration Dashboard Page XML External Entity	6.4	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00069	CVE-2023-26057
11	Google Android PowerVR Kernel Driver PVRSRVBridgeRGXTDMSubmitTransfer 内存损坏	6.5	6.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00043	CVE-2021-0879
12	Oracle MySQL Server Packaging 信息公开	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.06	0.00092	CVE-2022-43551
13	Mikrobi Babel redirect.php Redirect	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00215	CVE-2019-1010290
14	Nextcloud App Password Protection 弱身份验证	4.1	4.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00053	CVE-2023-28647
15	Google Android unwinding.cc UnwindingWorker 内存损坏	5.4	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00042	CVE-2023-21018
16	OTCMS apiRun.php AutoRun 跨网站脚本	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00062	CVE-2023-1635
17	Google Android 内存损坏	5.4	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00042	CVE-2023-21042
18	SourceCodester Alphaware Simple E-Commerce System Payment summary.php 权限升级	6.1	5.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.00200	CVE-2023-0998
19	ThingsBoard 弱身份验证	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00337	CVE-2023-26462
20	Microsoft Dynamics 365 跨网站脚本	5.4	4.9	$5k-$25k	$0-$5k	Unproven	Official Fix	0.02	0.00052	CVE-2023-21573

IOC - Indicator of Compromise (27)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	Identified	类型	可信度
1	3.217.206.46	ec2-3-217-206-46.compute-1.amazonaws.com	Xpiro	2022-08-13	verified	中
2	3.223.115.185	ec2-3-223-115-185.compute-1.amazonaws.com	Xpiro	2021-11-06	verified	中
3	13.107.42.23		Xpiro	2021-07-18	verified	高
4	20.36.252.129		Xpiro	2022-01-08	verified	高
5	20.42.73.29		Xpiro	2022-02-13	verified	高
6	20.189.173.20		Xpiro	2022-02-13	verified	高
7	XX.XXX.XXX.XX		Xxxxx	2022-02-13	verified	高
8	XX.XXX.XX.XX	xx.xx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxx	Xxxxx	2022-02-13	verified	中
9	XX.XX.XX.XXX		Xxxxx	2021-11-06	verified	高
10	XX.XX.XX.XX	xxxxx-xx.xxxxxxx.xxxxxx.xxx	Xxxxx	2022-02-13	verified	高
11	XX.XX.XX.XXX	xxxxxx-xxx.xxxxxxx.xxxxxx.xxx	Xxxxx	2022-02-13	verified	高
12	XX.XXX.XXX.XXX		Xxxxx	2022-02-13	verified	高
13	XX.XXX.XXX.XXX		Xxxxx	2022-02-13	verified	高
14	XX.XX.XX.XXX	xxxxxxxxx.xxx.xxxxxxx.xx	Xxxxx	2021-10-24	verified	高
15	XX.XX.XXX.XX	xxxx.xxxxxxxxx.xxx	Xxxxx	2021-10-24	verified	高
16	XX.XX.XXX.XX	xxxx-xx.xxxxxxx.xxxxxx.xxx	Xxxxx	2022-02-13	verified	高
17	XX.XXX.XXX.XXX		Xxxxx	2021-10-24	verified	高
18	XX.XXX.XXX.XX	xxxx.xxxxxxxxxx.xxx	Xxxxx	2022-02-13	verified	高
19	XX.XXX.XXX.XXX	xxxxx-xxx.xxxxxxx.xxxxxx.xxx	Xxxxx	2022-02-13	verified	高
20	XXX.XX.XX.XX		Xxxxx	2022-01-08	verified	高
21	XXX.XX.XX.XX		Xxxxx	2022-01-08	verified	高
22	XXX.XXX.XX.XX		Xxxxx	2022-02-13	verified	高
23	XXX.XX.XXX.XXX	xxx-xxx-xx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxx	2022-08-13	verified	中
24	XXX.XX.XX.XX		Xxxxx	2022-02-13	verified	高
25	XXX.XX.XX.XX		Xxxxx	2022-02-13	verified	高
26	XXX.XX.XXX.XXX	x-xxxx.x-xxxxxx.xxx	Xxxxx	2022-05-06	verified	高
27	XXX.XXX.XX.XXX	xxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxx	Xxxxx	2022-02-13	verified	高

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	漏洞	访问向量	类型	可信度
1	T1006	CWE-22	Path Traversal	predictive	高
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	高
3	T1059	CWE-94	Argument Injection	predictive	高
4	T1059.007	CWE-79	Cross Site Scripting	predictive	高
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
6	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	高
7	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
8	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	高
9	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	高
10	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
11	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	高
12	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
13	TXXXX.XXX	CWE-XXX	Xxxxxxxx	predictive	高
14	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
15	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高
16	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	高
17	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	/alphaware/summary.php	predictive	高
2	File	/LoginAdmin	predictive	中
3	File	/vloggers_merch/classes/Master.php?f=delete_inventory	predictive	高
4	File	admin/run-movepass.php	predictive	高
5	File	xxxxxx.xxx	predictive	中
6	File	xxxxxxx/xxx/xxx-xxxx.x	predictive	高
7	File	xxxxxx.xx	predictive	中
8	File	xxx/xxxxx.xxxx	predictive	高
9	File	xxxxxxxxxxxxx.xxx	predictive	高
10	File	xxxxxxxx.xxx	predictive	中
11	File	xxx_xxxx.x	predictive	中
12	File	xxxxxx-xxxxxxx.xxx	predictive	高
13	File	xxxxxxx.xxx	predictive	中
14	File	xxxxxxxxx.xx	predictive	中
15	File	xxxxxxxxx/xxx/xxx.x	predictive	高
16	File	xxxx.xx	predictive	低
17	File	xxxxxxxxxxxx.xxx	predictive	高
18	Library	/xxxxxxxxxx.xxx.xxx	predictive	高
19	Argument	xxxxxx	predictive	低
20	Argument	xxx_xxxxxx_xxxx_xxx_xxxxxx_xxxx/xxx_xxxxxx_xxxx_xxx_xxxxxx_xxxxx	predictive	高
21	Argument	xxxx	predictive	低
22	Argument	xxxxxx	predictive	低
23	Argument	xxxx	predictive	低
24	Argument	xxxxxxxx/xxxxxxxxx	predictive	高
25	Argument	xxxxxxx_xxxxxxx	predictive	高
26	Argument	xx_xxxx	predictive	低
27	Argument	xxx_xxxxxxx_xxxxxxxx/xxx_xxxxxxx_xxxxxxxx	predictive	高
28	Argument	xxx	predictive	低
29	Argument	xxxxxxxx	predictive	中
30	Input Value	::$xxxxx_xxxxxxxxxx	predictive	高
31	Pattern	\|xx\|	predictive	低
32	Network Port	xxx xxxxxx xxxx	predictive	高

参考 (8)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!