8220 Gang Analysis

IOB - Indicator of Behavior (446)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en434
sv8
fr2
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us120
se14
es6
no2
au2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

8220 Gang5
Remcos1
BitRAT1
AsyncRAT1
NetWire RC1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined156
Operating System22
Smartphone Operating System16
Content Management System12
Cloud Software10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined98
Apple20
Microsoft16
IBM12
Google12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel10
Google Android10
Apple iCloud8
Joomla CMS8
Microsoft Windows6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.01621CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.670.00954CVE-2010-0966
3Ncftpd FTP Server PORT Command denial of service5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.01216CVE-1999-1568
4Cisco Webex Meetings/WebEx Meetings Server Meeting Room Lobby information disclosure4.84.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00115CVE-2020-3441
5Linux Kernel KVM Hypervisor stack-based overflow6.05.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.00060CVE-2020-27152
6WordPress wpdb->prepare sql injection8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00389CVE-2017-16510
7Sonoff TH 10/TH 16 Friendly Name cross site scripting4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.020.00058CVE-2020-7470
8HP Inkjet Printer cross site scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000.00050CVE-2019-6332
9MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.260.03545CVE-2007-0354
10Linux Kernel KVM access control7.07.0$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00064CVE-2018-1087
11Apache HTTP Server mod_status race condition7.36.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.060.97464CVE-2014-0226
12Fortinet FortiOS ZebOS Shell improper authentication7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00718CVE-2015-7361
13vsftpd deny_file unknown vulnerability3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.090.00312CVE-2015-1419
14Dell EMC iDRAC7/iDRAC8/iDRAC9 stack-based overflow7.26.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00614CVE-2020-5344
15nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined2.160.00000CVE-2020-12440
16IBM Maximo Asset Management/Maximo Application Suite Web UI cross site scripting5.15.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00052CVE-2022-35645
17Microsoft SQL Server Privilege Escalation7.56.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.00384CVE-2022-29143
18Zoho ManageEngine ServiceDesk Plus AjaxDomainServlet User information disclosure5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.040.03022CVE-2019-15045
19FastTrack Admin By Request AdminByRequest.exe privileges management7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.140.00044CVE-2019-17201
20TP-Link Tapo C200 uhttpd command injection9.89.6$0-$5k$0-$5kNot DefinedNot Defined0.030.61941CVE-2021-4045

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • CVE-2022-26134

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
151.79.175.139vps-dc8b0481.vps.ovh.ca8220 GangCVE-2022-2613406/15/2022verifiedHigh
251.255.171.23vps-fc1a1567.vps.ovh.net8220 GangCVE-2022-2613406/15/2022verifiedHigh
3XX.XX.XX.XXXxxxx.xxxxxxxxx.xxxXxxx Xxxx10/05/2022verifiedHigh
4XX.XXX.XX.XXxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxx Xxxx10/05/2022verifiedHigh
5XXX.XX.XXX.XXxxx-xxxxxxxx.xxx.xxx.xxxXxxx XxxxXxx-xxxx-xxxxx06/15/2022verifiedHigh
6XXX.XXX.XXX.XXXxxx Xxxx07/29/2022verifiedHigh
7XXX.XXX.XXX.XXXxxx-xxxxxxxx.xxx.xxx.xxXxxx XxxxXxx-xxxx-xxxxx06/15/2022verifiedHigh
8XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxx.xxxx.xxxXxxx Xxxx10/05/2022verifiedHigh
9XXX.XXX.XX.XXXxxx XxxxXxx-xxxx-xxxxx06/15/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22, CWE-23Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx XxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
15TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
18TXXXXCWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
19TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
20TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (125)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/web_index.cgi?lang=en&src=AwSystem.html&ertqVvnKV4TjU9VtpredictiveHigh
2File/control/streampredictiveHigh
3File/MicroStrategyWS/happyaxis.jsppredictiveHigh
4File/product_list.phppredictiveHigh
5File/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.cpredictiveHigh
6File/tmppredictiveLow
7File/ucms/chk.phppredictiveHigh
8File/uncpath/predictiveMedium
9File/wp-content/plugins/woocommerce/templates/emails/plain/predictiveHigh
10Fileadd-category.phppredictiveHigh
11Fileadmin/content/postcategorypredictiveHigh
12FileAdminByRequest.exepredictiveHigh
13Fileannouncements.phppredictiveHigh
14Fileapp/View/Users/statistics_orgs.ctppredictiveHigh
15Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
16Filexxxx/xxxxxxx/xxxxxx/xxxx_xxxxxx.xpredictiveHigh
17Filexxxx.xpredictiveLow
18Filex:\xxxxxxxxxxx\xxxxx\xxxxpredictiveHigh
19Filexxxxxxxx.xxxpredictiveMedium
20Filexxxx.xxxpredictiveMedium
21Filexxxxxxx.xxxpredictiveMedium
22Filexxxxxx.xxxpredictiveMedium
23Filexxxxxxx.xxxpredictiveMedium
24Filexxxxx.xxxpredictiveMedium
25Filexxxxxxxx_xxxxpredictiveHigh
26Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
27Filexxxxxxxxxx.xpredictiveMedium
28Filexxxxxxx_xxxxxxxx.xxxxx.xxxpredictiveHigh
29Filexxxxxx.xxxpredictiveMedium
30Filexxx_xxxx.xxxpredictiveMedium
31Filexxxxxx/xxxxxxx/xxxxxxxx/xxxxxxxx.xxpredictiveHigh
32Filexxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
33Filexxxxxxx/xxx/xxx/xxxxx.xpredictiveHigh
34Filexxxxxxx/xxx/xx/xx.xpredictiveHigh
35Filexxxxxxx/xxx/xxxxx/xxxx_xx.xpredictiveHigh
36Filexxxxxxx_xxxx_xxxxxx_xxxx.xxxpredictiveHigh
37Filexxxxx.xxxpredictiveMedium
38Filexxxxxx.xxxpredictiveMedium
39Filexxxx_xxx.xpredictiveMedium
40Filexxxxxxx.xpredictiveMedium
41Filexx/xxxx/xxxxx.xpredictiveHigh
42Filexx/xxxxx.xpredictiveMedium
43Filexxxx.xpredictiveLow
44Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
45Filexxxxxxxxxxxxx.xxxpredictiveHigh
46Filexxxxx/xxxxx.xxxpredictiveHigh
47Filexxxxxx.xxxpredictiveMedium
48Filexxx/xxxxxx.xxxpredictiveHigh
49Filexxxxxxx/xxxxxxx.xxx.xxxpredictiveHigh
50Filexxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
51Filexxxxx.xxxpredictiveMedium
52Filexxxxxxxxxx/xxxxxxxx.xpredictiveHigh
53Filexxxxxxxxxxxxxxx/xxxxxxx.xpredictiveHigh
54Filexxxxx.xxx.xxxpredictiveHigh
55Filexxxxxx.xxxpredictiveMedium
56Filexxx_xxxx_xxxxxx.xxxpredictiveHigh
57Filexxx_xxxxx_xxxx.xpredictiveHigh
58Filexxxxx.xxxpredictiveMedium
59Filexxx/xxxx/xx_xxxxxxxxx.xpredictiveHigh
60Filexxx_xxxxxx.xpredictiveMedium
61Filexxx_xxxx.xxxpredictiveMedium
62Filexxxxxxx.xxxpredictiveMedium
63Filexxxxxxxxxxxxx.xpredictiveHigh
64Filexxxxx-xxxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
65Filexxxxxx.xpredictiveMedium
66Filexxxxxx.xxxpredictiveMedium
67Filexxxxxxx.xxxpredictiveMedium
68Filexxxxx.xxxpredictiveMedium
69Filexxxxxx.xxpredictiveMedium
70Filexxxx-xxxxxxx.xxxpredictiveHigh
71Filexxxxxxxxx.xxxpredictiveHigh
72Filexxxxxxxxx_xxxxxxx.xxxpredictiveHigh
73FilexxxxxxpredictiveLow
74Filexxxx_xxxxxxx.xxxpredictiveHigh
75Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
76Filexx/xxxxxx/xxxxpredictiveHigh
77Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
78Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
79Filexx-xxxxx.xxxpredictiveMedium
80Filexxx.xpredictiveLow
81Library/xxxxxxx/xxxxxxxx/xxx.xxxpredictiveHigh
82Libraryxxxxxxxx.xxxpredictiveMedium
83Libraryxxxxxx.xx.xpredictiveMedium
84Libraryxxxx.xxxpredictiveMedium
85Libraryxxxxxx-xx/xxx/xxx-xxxxxx-xxxxx-xx.xxxpredictiveHigh
86Libraryxxxxxx.xxxpredictiveMedium
87Libraryxxxx/xxxxxxx/xxxxx.xxpredictiveHigh
88Argument-xxxxxxxxxpredictiveMedium
89ArgumentxxxxxxxxpredictiveMedium
90ArgumentxxxxxxxpredictiveLow
91Argumentxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
92Argumentxxx_xxpredictiveLow
93ArgumentxxxpredictiveLow
94ArgumentxxxxxxxxxpredictiveMedium
95ArgumentxxxpredictiveLow
96Argumentxxxxxxx-xxxxxxpredictiveHigh
97Argumentxxxxxx_xxpredictiveMedium
98ArgumentxxxxxxxpredictiveLow
99Argumentxxxx_xxxxxxxxpredictiveHigh
100ArgumentxxxxxpredictiveLow
101ArgumentxxxxxxxpredictiveLow
102ArgumentxxxxpredictiveLow
103ArgumentxxxxpredictiveLow
104ArgumentxxxxxxxxpredictiveMedium
105ArgumentxxpredictiveLow
106ArgumentxxxxxpredictiveLow
107Argumentxxxxxxx/xxxxxxxxxpredictiveHigh
108Argumentxxxx_xxxxpredictiveMedium
109Argumentxxxxx_xxxx_xxxxpredictiveHigh
110ArgumentxxxxxxxxxxxxpredictiveMedium
111ArgumentxxxxxxpredictiveLow
112Argumentxxxx/xxxx_xx/xxxxxx{xxx]/xxxxxx[xxxxxxxxxx]predictiveHigh
113ArgumentxxxxxxpredictiveLow
114ArgumentxxxxxpredictiveLow
115ArgumentxxxxxxxpredictiveLow
116Argumentxxxx-xxxxxpredictiveMedium
117ArgumentxxxxpredictiveLow
118ArgumentxxxxxxxpredictiveLow
119Argumentx-xxxx-xxpredictiveMedium
120Input Value-xpredictiveLow
121Input Value../predictiveLow
122Input Valuexxxx%xxxxxpredictiveMedium
123Network PortxxxxxpredictiveLow
124Network Portxxx/xxxxpredictiveMedium
125Network Portxxx/xxxxpredictiveMedium

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!