AdvisorsBot Analysisinfo

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en238
zh196
ru70
ja68
sv66

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows12
WordPress6
Linux Kernel6
MailCleaner6
itsourcecode Tailoring Management System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Apryse WebViewer PDF Document cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.04CVE-2024-4327
2MailCleaner Email os command injection9.89.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.00CVE-2024-3191
3osCommerce all-products cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000650.08CVE-2024-4348
4MailCleaner Admin Interface cross site scripting5.85.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.06CVE-2024-3192
5SourceCodester Pisay Online E-Learning System controller.php unrestricted upload7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.00CVE-2024-4349
6MailCleaner Admin Endpoints os command injection8.88.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.00CVE-2024-3193
7BloomPixel Max Addons Pro for Bricks Plugin authorization6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-32951
8Elementor ImageBox Plugin cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2024-3074
9Dell Wyse Proprietary OS Telemetry Dashboard information disclosure4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-28963
10Apache Parquet Parquet-MR denial of service3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000990.08CVE-2021-41561
11Dell Repository Manager API Module improper authorization8.38.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-28976
12Jegstudio Financio Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33690
13ThemeNcode Fan Page Widget by Plugin cross site scripting4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33695
14AnnounceKit Plugin cross site scripting2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2024-3023
15Repute Infosystems ARMember Plugin authorization7.87.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-32948
16Dell Repository Manager Logger Module improper authorization3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-28977
17GOG Galaxy RPC Object Manager Symbolic Link GalaxyClientService.exe denial of service4.64.6$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2023-50915
18Opmantek Open-AudIT Community URL cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.017220.00CVE-2021-44916
19StreamWeasels Twitch Integration Plugin information disclosure5.35.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-32716
20Culqi Plugin server-side request forgery5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-32819

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1162.244.32.148arthurherrera.clientshostname.comAdvisorsBot08/25/2018verifiedLow
2XXX.XXX.XX.XXX.Xxxxxxxxxxx08/25/2018verifiedLow
3XXX.XXX.XXX.XX.Xxxxxxxxxxx08/25/2018verifiedLow
4XXX.XXX.XX.XXX.Xxxxxxxxxxx08/25/2018verifiedLow

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5T1068CAPEC-104CWE-250, CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
13TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
20TXXXX.XXXCAPEC-XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
21TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (182)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/admin/add_ikev2.phppredictiveHigh
3File/admin/category_save.phppredictiveHigh
4File/admin/index2.htmlpredictiveHigh
5File/admin/list_ipAddressPolicy.phppredictiveHigh
6File/admin/manage_model.phppredictiveHigh
7File/admin/manage_user.phppredictiveHigh
8File/admin/subject.phppredictiveHigh
9File/building/backmgr/urlpage/mobileurl/configfile/jx2_config.inipredictiveHigh
10File/catalog/all-productspredictiveHigh
11File/cgi-bin/cstecgi.cgipredictiveHigh
12File/cgi-bin/ExportSettings.shpredictiveHigh
13File/changePasswordpredictiveHigh
14File/cloudstore/ecode/setup/ecology_dev.zippredictiveHigh
15File/edit-subject.phppredictiveHigh
16File/endpoint/add-user.phppredictiveHigh
17File/etc/postfix/sender_loginpredictiveHigh
18File/etc/shadow.samplepredictiveHigh
19File/foms/routers/place-order.phppredictiveHigh
20File/forum/away.phppredictiveHigh
21File/goform/frmL7ProtFormpredictiveHigh
22File/goform/SetLEDCfgpredictiveHigh
23File/goform/setMacFilterCfgpredictiveHigh
24File/xxxxxx/xxxxxxxxxxxxxpredictiveHigh
25File/xxxxxx/xxxxxxxxxxxpredictiveHigh
26File/xxxx/xxxxxxxpredictiveHigh
27File/xxxxxx.xxxpredictiveMedium
28File/xxxxx.xxxpredictiveMedium
29File/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
30File/xxxxx.xxx?x=xxxxx&x=xxxxx&x=xxxxxxx_xxxxpredictiveHigh
31File/xxxxxxxxxxx.xxx/xxxxxxxxpredictiveHigh
32File/xxxxxx_xxxxxx.xxxpredictiveHigh
33File/xxxxxx_xxxxxxxx.xxxpredictiveHigh
34File/xxxxxx_xx.xxxpredictiveHigh
35File/xxxxxx_xxxx.xxxpredictiveHigh
36File/xxx.xxxpredictiveMedium
37File/xxxxx.xxxx.xxxpredictiveHigh
38File/xxx/xxxxx/xxxxxx/xxxx_xxxxx.xxxpredictiveHigh
39File/xxxxx_xxxx_xxxxxxx.xxxpredictiveHigh
40File/xxxxxxxx.xxxpredictiveHigh
41File/xxx/xxxxxxx/xxxpredictiveHigh
42File/xxxxxx.xxxpredictiveMedium
43File/xxxx.xxxpredictiveMedium
44File/xxxxxx.xx/_xxxx/xxxxxpredictiveHigh
45File/xxx/xxxx/xxxxxxxxxxxx?xxxxxxxx=xxxxxpredictiveHigh
46File/xxxxxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
47File/xxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
48File/xxxxxxx.xxpredictiveMedium
49File/xxxx/xxxxxx_xxx.xxxpredictiveHigh
50File/xxxx_xxxx.xxxpredictiveHigh
51Filexxxxxxxxxxxxxx.xxxpredictiveHigh
52Filexxx_xxxxx_xxx_xxxx.xxxpredictiveHigh
53Filexxxx/xxxxx.xxxpredictiveHigh
54Filexxxxxx/xx/xxxxxxxxxxxx.xxpredictiveHigh
55Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
56Filexxx_xxxxxxxx.xxpredictiveHigh
57Filexxxxxxx.xxpredictiveMedium
58Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
59Filexxxxxxxxxx.xxxpredictiveHigh
60Filexxxxxxxx.xxxpredictiveMedium
61Filexxxxxxxx_xxxxxxxxxxxx.xxxpredictiveHigh
62Filexxxxx/xxxxxxx/xxxxxxxxxxxxx.xxpredictiveHigh
63Filexxxxx.xxxpredictiveMedium
64Filexxxxx.xxxpredictiveMedium
65Filexxx.xxxpredictiveLow
66Filexxxx_xxxxxxxx.xxxpredictiveHigh
67Filexx/xxxxxxx.xpredictiveMedium
68Filexxxxxxxxx.xxxpredictiveHigh
69Filexxxxxxxxxxxx.xxxpredictiveHigh
70Filexxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
71Filexxxx/xxxxx/xxxxxxx.xxx.xxxpredictiveHigh
72FilexxxxxpredictiveLow
73Filexxxxxxx/xxxxxxx.xxx.xxxpredictiveHigh
74Filexxxxx.xxxpredictiveMedium
75Filexxxxxxx.xxxpredictiveMedium
76Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
77Filexx.xxxpredictiveLow
78Filexx/xxxxxx/xxxxxxxxxxxpredictiveHigh
79Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
80Filexxxxx.xxxpredictiveMedium
81Filexxxxxxxxxxxx.xxxpredictiveHigh
82Filexxxxxx.xxxpredictiveMedium
83Filexxxxxx_xxxxxxxx.xxxpredictiveHigh
84Filexxxxxxxx.xxxpredictiveMedium
85Filexxxxx.xxxx.xxxpredictiveHigh
86Filexxxxxxxxxxxx.xxxpredictiveHigh
87Filexxx.xxpredictiveLow
88Filexxx/xxxxxx_xxxx.xxxpredictiveHigh
89Filexxxxxxxx.xxxpredictiveMedium
90Filexxxxxxxx.xxxpredictiveMedium
91Filexxxx-xxxxxxx.xpredictiveHigh
92Filexxxxxxxx.xxxpredictiveMedium
93Filexxxxxxxx_xx.xxxpredictiveHigh
94Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
95Filexxx.xxxxpredictiveMedium
96Filexxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
97Filexxxxxxxx/xxxxx/xxxxxxx.xxpredictiveHigh
98Filexxxx.xxxpredictiveMedium
99Filexxxxx_xxxx.xxxpredictiveHigh
100Filexxxxx_xxxx.xxxpredictiveHigh
101Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
102Filexxxxxxx-xxxxxxxx.xxxpredictiveHigh
103Filexxxx/xxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
104Filexxxx-xxxxx.xxxpredictiveHigh
105Filexxxx-xxxxxxxx.xxxpredictiveHigh
106Filexxx.xpredictiveLow
107Filexxxxxxxxx/xx_xxxxxxxxx.xxxpredictiveHigh
108Filexxxx_xxxxxx.xxxpredictiveHigh
109Filexxxx_xxxx.xxxpredictiveHigh
110Filexxxx_xxxx_xxxx.xxxpredictiveHigh
111Filexxxxxxxxx.xxxpredictiveHigh
112Filexx-xxxx.xxxpredictiveMedium
113Filexx-xxxxx.xxxpredictiveMedium
114Argument$_xxxx['xxxxxxxxx']predictiveHigh
115ArgumentxxxpredictiveLow
116ArgumentxxxxxxxxpredictiveMedium
117ArgumentxxxxxpredictiveLow
118Argumentxxxxxxx_xxpredictiveMedium
119ArgumentxxxpredictiveLow
120ArgumentxxxxxxxxpredictiveMedium
121ArgumentxxxxxxxxxpredictiveMedium
122ArgumentxxxxxxpredictiveLow
123ArgumentxxxxxpredictiveLow
124ArgumentxxxxxxxxxxpredictiveMedium
125ArgumentxxpredictiveLow
126ArgumentxxxxxxxxpredictiveMedium
127ArgumentxxxxxpredictiveLow
128ArgumentxxxxpredictiveLow
129ArgumentxxxxpredictiveLow
130ArgumentxxxxxpredictiveLow
131ArgumentxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
132Argumentxxxxx_xxxx_xxxxpredictiveHigh
133Argumentxxxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxpredictiveHigh
134ArgumentxxxxxxxpredictiveLow
135ArgumentxxxxxxxpredictiveLow
136ArgumentxxxxpredictiveLow
137ArgumentxxxpredictiveLow
138ArgumentxxpredictiveLow
139ArgumentxxpredictiveLow
140Argumentxxxxxx/xxxx/xxxx/xxxxxxpredictiveHigh
141Argumentxxx_xxxpredictiveLow
142ArgumentxxxxpredictiveLow
143ArgumentxxxpredictiveLow
144ArgumentxxxpredictiveLow
145ArgumentxxxxxxxxxxpredictiveMedium
146Argumentxx_xxxxxx_xxxxxxxxxxxxpredictiveHigh
147Argumentxx_xxxxxpredictiveMedium
148ArgumentxxxxpredictiveLow
149Argumentxxxx/xxxxxx/xxxxxxxpredictiveHigh
150ArgumentxxxxxxxxxxxpredictiveMedium
151ArgumentxxxxxxpredictiveLow
152ArgumentxxxxpredictiveLow
153ArgumentxxxxxxxxpredictiveMedium
154ArgumentxxxxpredictiveLow
155ArgumentxxxxpredictiveLow
156ArgumentxxxxxxxxpredictiveMedium
157Argumentxxxxxxx_xxxxxxx_xxxxx_xxxxx_xxxxxpredictiveHigh
158ArgumentxxxxxxpredictiveLow
159ArgumentxxxxxxxxpredictiveMedium
160ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
161ArgumentxxxxxxxxxxxxxpredictiveHigh
162ArgumentxxxxxxxxxpredictiveMedium
163ArgumentxxxxxxpredictiveLow
164ArgumentxxxxpredictiveLow
165ArgumentxxxpredictiveLow
166ArgumentxxxxxxxxxpredictiveMedium
167Argumentxxxx/xxxx/xxxx/xxxx/xxxxxpredictiveHigh
168Argumentxxxxxxxxxxx_xxpredictiveHigh
169ArgumentxxxxpredictiveLow
170ArgumentxxxxxpredictiveLow
171ArgumentxxxxxpredictiveLow
172ArgumentxxxxxxxxpredictiveMedium
173Argumentxxxxxx/xxxxxxx-xxxxxxxpredictiveHigh
174ArgumentxxxxpredictiveLow
175ArgumentxxxxxxxxpredictiveMedium
176ArgumentxxxxxxxxpredictiveMedium
177Argumentxxx_xxxpredictiveLow
178Input Valuex%xxxxx%xxx=x%xxxxxxx%xxxxxxxx%xxx,x,x,x,x,x,x,xxxx(),xxxxxxxx()--+predictiveHigh
179Input Value<xxxxxx>xxxxx("xxx")</xxxxxx>predictiveHigh
180Input Value\xxx\xxxpredictiveMedium
181Network Portxxx/xx (xxxx)predictiveHigh
182Network PortxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!