Sednit Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (95)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en72
es8
de8
ru6
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us48
ru14
gb8
es6
be2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Grizzly Steppe6
APT283
Cobalt Strike3
Zeus2
Mirai2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined30
Content Management System12
Programming Language Software6
Operating System6
Web Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined36
Cisco8
VMware4
Microsoft4
Palo Alto2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

PHP6
Cisco IP Phone 68004
Cisco IP Phone 78004
Cisco IP Phone 88004
Microsoft Windows4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Apple macOS Sudo out-of-bounds write6.56.4$0-$5k$0-$5kHighOfficial Fix0.970510.00CVE-2021-3156
2Microsoft IIS FastCGI memory corruption7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.282640.06CVE-2010-2730
3Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.18CVE-2017-0055
4Apache HTTP Server mod_cgid resource management5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.247150.04CVE-2014-0231
5Drupal sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.001350.00CVE-2008-2999
6Nuked-Klan Partenaires module clic.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001340.06CVE-2010-4925
7Contest Gallery Photos and Files Plugin cross-site request forgery4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-24887
8MariaDB init_expr_cache_tracker memory corruption5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000950.05CVE-2022-32083
9TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010757.32CVE-2006-6168
10Django Admin Interface debug.py cross site scripting6.15.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003700.03CVE-2016-6186
11Mendelson OFTP2 Upload Directory pathname traversal4.64.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000900.00CVE-2022-27906
12Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 denial of service7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001720.03CVE-2023-20079
13Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 command injection9.89.7$5k-$25k$5k-$25kNot DefinedOfficial Fix0.002870.00CVE-2023-20078
14Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.21
15Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.03CVE-2008-2052
16OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002480.04CVE-2005-1612
17PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.03CVE-2015-4134
18eSyndicat Directory Software suggest-listing.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.05
19iRZ RUH2 Firmware Patch data authenticity6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002260.00CVE-2016-2309
20Joomla sql injection6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001420.05CVE-2022-23797

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Sednit

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.135.183.154ns3290077.ip-5-135-183.euAPT28Sednit12/15/2020verifiedHigh
231.7.62.103Sednit03/05/2022verifiedHigh
3XX.XXX.XX.XXXxxxxXxxxxx12/15/2020verifiedHigh
4XX.XX.XX.XXXxx.xx.xx.xxx.xxxxxx.xxxxxxxxx.xxxXxxxxXxxxxx12/15/2020verifiedHigh
5XX.XX.XX.Xxxxxxx-xx.xxxxxxxxxxxxxxxx.xxxXxxxxXxxxxx12/15/2020verifiedHigh
6XX.XXX.XX.XXXXxxxxXxxxxx12/15/2020verifiedHigh
7XX.XXX.XX.XXXxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxxxxx12/15/2020verifiedHigh
8XXX.XX.XXX.XXXXxxxxXxxxxx12/15/2020verifiedHigh
9XXX.XXX.XXX.XXXxxxx.xxxxxxxxxxxxx.xxxXxxxxXxxxxx12/15/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (48)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/etc/config/image_signpredictiveHigh
3File/home/httpd/cgi-bin/cgi.cgipredictiveHigh
4File/htdocs/web/getcfg.phppredictiveHigh
5File/uncpath/predictiveMedium
6Fileadmin/admin.shtmlpredictiveHigh
7Filexxxxx/xxxxxxxx.xxxpredictiveHigh
8Filexxxxx/xxxxxxxxx.xxxpredictiveHigh
9Filexxxx.xxxpredictiveMedium
10Filexxxx.xxxpredictiveMedium
11Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveHigh
12Filexxx/xxxx/xxxx.xpredictiveHigh
13Filexxx/xxxxxxxx/xxxx_xxxxx.xpredictiveHigh
14Filexxxx.xxxpredictiveMedium
15Filexxxxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxx.xxxpredictiveMedium
17Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictiveHigh
18Filexxxxxx.xpredictiveMedium
19Filexxx/xxxx/xxxx.xpredictiveHigh
20Filexxxxx:xxxxxxxxxxx.xxpredictiveHigh
21Filexxxx.xxxpredictiveMedium
22Filexxxxxxxx.xxxpredictiveMedium
23Filexxxxxxxx.xxxpredictiveMedium
24Filexx-xxxxxxx.xxxpredictiveHigh
25Filexxx.xxxpredictiveLow
26Filexxxxxxxxxxx.xpredictiveHigh
27Filexxxxxx_xxxxxxxxxx_xxxxxxxx_xxxxxxx_xxxxxxxx.xpredictiveHigh
28Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
29Filexxxx-xxxxxxxx.xxxpredictiveHigh
30Filexxx.xxxpredictiveLow
31Filexxxxx/xxxxx.xxpredictiveHigh
32Filexxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxxpredictiveHigh
33Filexxxxxxx.xxxpredictiveMedium
34ArgumentxxxxpredictiveLow
35ArgumentxxpredictiveLow
36ArgumentxxxxxxxxxpredictiveMedium
37ArgumentxxxxxxxxpredictiveMedium
38Argumentxxxxxx/xxxxxpredictiveMedium
39ArgumentxxxpredictiveLow
40ArgumentxxxpredictiveLow
41ArgumentxxxxxxxpredictiveLow
42ArgumentxxxpredictiveLow
43ArgumentxxxxxpredictiveLow
44ArgumentxxxpredictiveLow
45Argumentxxxx_xxxxxxxxx/xxxx_xxxxxxxxpredictiveHigh
46Argumentx=/predictiveLow
47Input Valuexxxxxx/**/xxxx.predictiveHigh
48Input Value…/.predictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!