cyber_threat_intelligence/campaigns/CVE-2021-44228/README.md
2022-05-24 10:19:11 +02:00

6.3 KiB

CVE-2021-44228 - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the campaign known as CVE-2021-44228. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CVE-2021-44228:

There are 3 more country items available. Please use our online service to access the data.

Actors

These actors are associated with CVE-2021-44228 or other actors linked to the campaign.

ID Actor Confidence
1 Unknown High
2 APT41 High

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of CVE-2021-44228.

ID IP address Hostname Actor Confidence
1 5.254.101.167 - Unknown High
2 37.120.189.247 support.lgtron.de Unknown High
3 41.157.42.239 - Unknown High
4 45.83.64.1 - Unknown High
5 45.83.64.62 - Unknown High
6 45.83.64.103 - Unknown High
7 45.83.64.253 - Unknown High
8 ... ... ... ...

There are 28 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used within CVE-2021-44228. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1008 CWE-757 Algorithm Downgrade High
2 T1040 CWE-294 Authentication Bypass by Capture-replay High
3 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
4 ... ... ... ...

There are 11 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration during CVE-2021-44228. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /admin.php/admin/art/data.html High
2 File /admin.php/admin/plog/index.html High
3 File /admin.php/admin/ulog/index.html High
4 File /admin.php/admin/website/data.html High
5 File /admin.php?id=siteoptions&social=display&value=0&sid=2 High
6 File /admin/inbox.php&action=read High
7 File /admin/new-content High
8 File /admin/posts.php&action=delete High
9 File /admin/siteoptions.php&action=displaygoal&value=1&roleid=1 High
10 File /admin/uesrs.php&&action=delete&userid=4 High
11 File /admin/uesrs.php&action=type&userrole=Admin&userid=3 High
12 File /administrator/components/menu/ High
13 File /admin_page/all-files-update-ajax.php High
14 File /api/crontab Medium
15 File /application/common.php#action_log High
16 File /cdsms/classes/Master.php?f=delete_enrollment High
17 File /cgi-bin/kerbynet High
18 File /cloud_config/router_post/register High
19 File /cms/classes/Master.php?f=delete_service High
20 File /config/list Medium
21 File /ctpms/admin/?page=individuals/view_individual High
22 File /ctpms/classes/Master.php?f=delete_img High
23 File /download/ Medium
24 File /etc/ajenti/config.yml High
25 File /etc/cobbler Medium
26 File /etc/passwd Medium
27 File /goform/AdvSetLanIp High
28 File /goform/delAd High
29 File /goform/form2Reboot.cgi High
30 File /goform/SetNetControlList High
31 File /home.asp Medium
32 File /index.php?act=api&tag=8 High
33 File /index.php?p=admin/actions/users/send-password-reset-email High
34 File /insurance/editNominee.php High
35 ... ... ...

There are 303 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the campaign and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!