00536d Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	14
zh	8

Country

cn	8
ca	8
us	6

Actors

00536d	3

Activities

Interest

Timeline

Type

Not Defined	10
Project Management Software	2
Web Server	2
File Transfer Software	2
Network Camera Software	2

Vendor

Not Defined	8
IBM	2
Softing	2
Biscom	2
AXIS	2

Product

NexusPHP	2
Black Tie Project	2
Comments	2
IBM HTTP Server	2
Softing smartLink SW-HT	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	Checkmk UI denial of service	2.7	2.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00044	CVE-2023-23549
2	Softing smartLink SW-HT inadequate encryption	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00087	CVE-2022-48193
3	PHP Date Extension parse_date.c php_parse_date out-of-bounds	6.4	6.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00777	CVE-2017-16642
4	ImageMagick png.c ReadOnePNGImage memory corruption	5.4	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00060	CVE-2017-11539
5	PhotoPost PHP Pro showproduct.php sql injection	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00276	CVE-2004-0250
6	Comments comments.php sql injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00000
7	Black Tie Project Category ID categorie.php3 Path information disclosure	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00342	CVE-2002-0446
8	Dynacolor FCM-MB40 cross-site request forgery	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00112	CVE-2019-13401
9	eG Manager improper authentication	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00659	CVE-2020-8591
10	NexusPHP modtask.php sql injection	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00184	CVE-2017-12909
11	Active Auction House ItemInfo.asp sql injection	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00685	CVE-2005-1029
12	WP Fastest Cache Plugin wpFastestCache.php rm_folder_recursively input validation	5.6	5.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.02224	CVE-2019-6726
13	AXIS 2110 Network Camera editcgi.cgi path traversal	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.01492	CVE-2004-2426
14	Oracle Fusion Middleware WebLogic Server access control	9.0	9.0	$5k-$25k	$0-$5k	High	Not Defined	0.03	0.97573	CVE-2019-2725
15	Netgear D6300B Credential Storage nvram cleartext storage	5.4	4.6	$5k-$25k	$0-$5k	Proof-of-Concept	Workaround	0.00	0.00000
16	Biscom Secure File Transfer AngularJS injection	5.3	5.3	$0-$5k	Calculating	Not Defined	Not Defined	0.00	0.00057	CVE-2017-5246
17	IBM HTTP Server memory corruption	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00359	CVE-2015-4947
18	jQuery UI dialog cross site scripting	5.2	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00469	CVE-2016-7103
19	Citrix XenApp XML Service Interface memory corruption	9.9	8.6	$25k-$100k	$0-$5k	Unproven	Official Fix	0.03	0.04580	CVE-2012-5161
20	Microsoft IIS code injection	9.9	9.9	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.02	0.08875	CVE-2010-1256

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	8.208.9.98		00536d	04/12/2022	verified	High
2	54.39.74.124		00536d	04/12/2022	verified	High
3	XX.XXX.XX.XXX		Xxxxxx	04/12/2022	verified	High
4	XX.XXX.XXX.XX		Xxxxxx	04/12/2022	verified	High
5	XXX.XXX.X.XXX	xxx.xxxx-xxxxxx.xxx	Xxxxxx	04/12/2022	verified	High
6	XXX.XX.XXX.XXX	x-xxxx.x-xxxxxx.xxx	Xxxxxx	04/12/2022	verified	High

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CWE-22	Path Traversal	predictive	High
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	High
3	TXXXX	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	High
4	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
5	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
7	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
9	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/data/nvram	predictive	Medium
2	File	categorie.php3	predictive	High
3	File	cgi-bin/	predictive	Medium
4	File	xxxxxx/xxx.x	predictive	Medium
5	File	xxx.xxxxxxx.xxxxxxxxxxxxxx?xxxxx=xxxxx&xxxxx=&xxxxxxxxx=xxxxxxxxx	predictive	High
6	File	xxxxxxxx.xxx	predictive	Medium
7	File	xxxxxxx.xxx	predictive	Medium
8	File	xxx/xxxx/xxx/xxxxx_xxxx.x	predictive	High
9	File	xxxxxxxx.xxx	predictive	Medium
10	File	xxxxxxx.xxx	predictive	Medium
11	File	xxxxxxxxxxx.xxx	predictive	High
12	File	xxxxxxxxxxxxxx.xxx	predictive	High
13	Argument	xxx	predictive	Low
14	Argument	xxx	predictive	Low
15	Argument	xxxxxxxxx	predictive	Medium
16	Argument	xxxxxxx xxxx	predictive	Medium
17	Argument	xxxxxx	predictive	Low
18	Argument	xxx	predictive	Low
19	Argument	xxxxxx	predictive	Low
20	Input Value	../	predictive	Low
21	Input Value	{{ }}	predictive	Low
22	Network Port	xxxxxxxxxxxxxx xxxxxx	predictive	High

References (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!