ACBackdoor Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en8
de6
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

ACBackdoor2
SystemBC1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined6
Router Operating System4
Content Management System2
JavaScript Library2
Web Server2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
Lightning Labs2
Apollo2
Ikuai2
TYPO32

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Lightning Labs lnd2
Apollo Router2
Ikuai Router OS2
TYPO3 Kiddog Mysqldumper2
ThinkCMF2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1ThinkCMF UeditorController.php unrestricted upload6.36.1$2k-$5k$1k-$2kNot definedNot defined 0.004850.08CVE-2024-31615
2Xenforo code injection7.77.5$1k-$2k$0-$1kProof-of-ConceptOfficial fix 0.004240.07CVE-2024-38458
3nginx SPDY memory corruption7.36.4$2k-$5k$0-$1kUnprovenOfficial fix 0.105580.00CVE-2014-0133
4Apollo Router exceptional condition7.06.9$1k-$2k$0-$1kNot definedOfficial fix 0.002700.00CVE-2023-41317
5Redis Lua sandbox8.88.8$2k-$5k$0-$1kHighNot definedverified0.943850.08CVE-2022-0543
6Ikuai Router OS webman.lua ActionLogin command injection7.67.5$1k-$2k$0-$1kNot definedNot defined 0.013220.08CVE-2023-34849
7Lightning Labs lnd privilege escalation5.55.3$2k-$5k$0-$1kNot definedOfficial fix 0.007840.00CVE-2021-41593
8phpMyAdmin sql injection7.57.4$5k-$10k$0-$1kNot definedOfficial fix 0.197560.06CVE-2020-5504
9ABB IDAL FTP server improper authentication7.57.4$1k-$2k$0-$1kProof-of-ConceptNot defined 0.003670.00CVE-2019-7230
10Matrix Synapse key management7.47.1$1k-$2k$0-$1kNot definedOfficial fix 0.008000.00CVE-2019-5885
11Werner Baumann davfs2 File System kernel_interface.c "system" access control8.47.6$1k-$2k$0-$1kProof-of-ConceptNot defined 0.016450.00CVE-2013-4362
12osTicket CSV File file.php cross site scripting5.25.1$1k-$2k$0-$1kProof-of-ConceptOfficial fix 0.069780.00CVE-2019-11537
13Joomla CMS sql injection8.68.4$10k-$25k$0-$1kNot definedOfficial fix 0.012770.05CVE-2015-8769
14TYPO3 Kiddog Mysqldumper information disclosure5.35.3$1k-$2k$0-$1kNot definedNot defined 0.002500.09CVE-2010-0336
15jQuery UI dialog cross site scripting5.24.9$0-$1k$0-$1kNot definedOfficial fix 0.013970.08CVE-2016-7103

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1185.198.56.53free.hostsailor.comACBackdoor02/12/2024verifiedHigh
2XXX.XX.XX.XXXXxxxxxxxxx02/12/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
2T1059.007CAPEC-209CWE-79Basic Cross Site ScriptingpredictiveHigh
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/upload/file.phppredictiveHigh
2Filekernel_interface.cpredictiveHigh
3Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
4Filexxxxxx.xxxpredictiveMedium
5ArgumentxxxxxxxxxpredictiveMedium
6Argumentxxxxxxxx_xxxxxx_xxxpredictiveHigh
7Input Valuexxx.xxxx.%xxx.%xxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!