Adwind Analysis

IOB - Indicator of Behavior (111)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en98
fr4
ar4
de2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us46
ru18
ir10
fr10
gb4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Patchwork4
Adwind3
FIN71
Remcos1
Nanocore1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined28
Content Management System20
Programming Language Software6
Smartphone Operating System4
Joomla Component4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined38
Microsoft6
Joomla4
Huawei4
Linux4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Ovidentia4
Joomla CMS4
Huawei SXXXX4
Linux Kernel4
Microsoft .NET Framework4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.080.25090CVE-2017-0055
2VMware Tools race condition7.77.7$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00885CVE-2020-3941
3WECON LEVI Studio HMI Editor Project File memory corruption7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2017-6035
4Ovidentia fileman.php privileges management7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.12567CVE-2006-2811
5Ovidentia login.php privileges management7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.12567CVE-2006-2811
6vsftpd deny_file unknown vulnerability3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01136CVE-2015-1419
7WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.01974CVE-2017-5611
8Oracle Business Intelligence Enterprise Edition Analytics Web General Remote Code Execution9.89.4$100k and more$5k-$25kNot DefinedOfficial Fix0.020.16239CVE-2021-2456
9Ruby on Rails Action Pack input validation7.37.1$0-$5k$0-$5kHighOfficial Fix0.020.93015CVE-2016-2098
10Rocklobster Contact Form 7 unrestricted upload6.36.3$0-$5k$0-$5kNot DefinedOfficial Fix0.040.69867CVE-2020-35489
11Google Chrome WebGPU use after free6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.27766CVE-2022-2007
12Zh YandexMap sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.01564CVE-2018-6604
13Timetable Responsive Schedule sql injection8.58.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.01564CVE-2018-6583
14Acyba AcyMailing Extension CSV Export input validation7.56.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.050.08382CVE-2018-9107
15Fortinet FortiWLC hard-coded credentials8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2017-17540
16JetBrains IntelliJ IDEA License Server authentication spoofing7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2020-11690
17Huawei ACXXXX/SXXXX SSH Packet input validation7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01055CVE-2014-8572
18Huawei SXXXX XML Parser input validation3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2017-15346
19GNU Mailman Pipermail information disclosure4.04.0$0-$5k$0-$5kNot DefinedNot Defined0.010.00950CVE-2002-0389
20WordPress FilteredIterator.php deserialization7.67.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.20148CVE-2020-28032

IOC - Indicator of Compromise (126)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
12.5.29.14AdwindverifiedHigh
25.79.79.67AdwindverifiedHigh
35.79.79.70storage205.ntesrv.comAdwindverifiedHigh
45.187.34.231231.34.187.5.in-addr.arpa.dynamic.gestiondeservidor.comAdwindverifiedHigh
55.254.112.21AdwindverifiedHigh
65.254.112.24AdwindverifiedHigh
75.254.112.36AdwindverifiedHigh
85.254.112.56AdwindverifiedHigh
95.254.112.60AdwindverifiedHigh
108.15.0.59AdwindverifiedHigh
1114.3.210.2ae210002.dynamic.ppp.asahi-net.or.jpAdwindverifiedHigh
1223.227.196.19823-227-196-198.static.hvvc.usAdwindverifiedHigh
1323.227.199.7223-227-199-72.static.hvvc.usAdwindverifiedHigh
1423.227.199.11823-227-199-118.static.hvvc.usAdwindverifiedHigh
1523.227.199.12123-227-199-121.static.hvvc.usAdwindverifiedHigh
1623.231.23.182mx6.touringul.comAdwindverifiedHigh
1731.31.196.31server31.hosting.reg.ruAdwindverifiedHigh
1831.171.155.72AdwindverifiedHigh
1937.61.235.30AdwindverifiedHigh
2046.20.33.76AdwindverifiedHigh
2150.7.199.164AdwindverifiedHigh
2251.254.21.25ip25.ip-51-254-21.euAdwindverifiedHigh
2365.99.225.111hv36svg168.neubox.netAdwindverifiedHigh
2467.215.4.74AdwindverifiedHigh
2567.215.4.75AdwindverifiedHigh
2667.215.9.231AdwindverifiedHigh
27XX.XXX.X.XXXXxxxxxverifiedHigh
28XX.XXX.X.XXXXxxxxxverifiedHigh
29XX.XX.X.XXXxx-xx.xx.x.xxx.xxxxxxxxx.xxxXxxxxxverifiedHigh
30XX.XXX.XXX.XXxxxxxxXxxxxxverifiedHigh
31XX.XXX.XXX.XXxxxxxxXxxxxxverifiedHigh
32XX.XXX.XXX.XXXxxxxxxxxx.xxxXxxxxxverifiedHigh
33XX.XXX.XXX.XXXxxxxxxx.xxxxxxxxx.xxxXxxxxxverifiedHigh
34XX.XXX.XXX.XXXXxxxxxverifiedHigh
35XX.XXX.XXX.XXXXxxxxxverifiedHigh
36XX.XXX.XXX.XXxxxx-xxx-xx.xxxxxxxxxxxx.xxxXxxxxxverifiedHigh
37XX.XXX.XXX.XXxxxx-xxx-xx.xxxxxxxxxxxx.xxxXxxxxxverifiedHigh
38XX.XXX.XXX.XXxxxx-xxx-xx.xxxxxxxxxxxx.xxxXxxxxxverifiedHigh
39XX.XXX.XXX.XXxxxx-xxx-xx.xxxxxxxxxxxx.xxxXxxxxxverifiedHigh
40XX.XXX.XXX.XXxxxx-xxx-xx.xxxxxxxxxxxx.xxxXxxxxxverifiedHigh
41XX.XXX.XXX.XXxxxx-xxx-xx.xxxxxxxxxxxx.xxxXxxxxxverifiedHigh
42XXX.X.X.Xxxxxxxxxx.xxx.xxxXxxxxxverifiedHigh
43XXX.XX.XXX.XXXxxxxxx-xx.xxxxxxxx.xxxXxxxxxverifiedHigh
44XXX.XXX.XX.XXxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxxxverifiedHigh
45XXX.XX.XX.XXXXxxxxxverifiedHigh
46XXX.XX.XX.XXXxxxxxverifiedHigh
47XXX.XX.X.XXXxxx-x-xx-xxx.xxxxxxx-xxx.xxxxxxxXxxxxxverifiedHigh
48XXX.XXX.X.XXXxxxxxverifiedHigh
49XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxx.xxxxxxxxx.xxxXxxxxxverifiedHigh
50XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxx.xxxxxxxxx.xxxXxxxxxverifiedHigh
51XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxx.xxxxxxxxx.xxxXxxxxxverifiedHigh
52XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxx.xxxxxxxxx.xxxXxxxxxverifiedHigh
53XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxverifiedHigh
54XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxverifiedHigh
55XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxverifiedHigh
56XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxverifiedHigh
57XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxverifiedHigh
58XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxverifiedHigh
59XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxverifiedHigh
60XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxverifiedHigh
61XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxverifiedHigh
62XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxverifiedHigh
63XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxverifiedHigh
64XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxverifiedHigh
65XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxverifiedHigh
66XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxverifiedHigh
67XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxverifiedHigh
68XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxx.xxxxxxx.xxxXxxxxxverifiedHigh
69XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxx.xxxxxxx.xxxXxxxxxverifiedHigh
70XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxx.xxxxxxx.xxxXxxxxxverifiedHigh
71XXX.XX.XX.XXXxxxxxverifiedHigh
72XXX.XX.X.XXxxx-xx-x-xx.xxxxx.xxxx.xx.xxxxxxxxxxx.xxxXxxxxxverifiedHigh
73XXX.X.XXX.XXXXxxxxxverifiedHigh
74XXX.XX.XX.XXxxx-xxx-xx.xxxxxxx.xxxXxxxxxverifiedHigh
75XXX.XX.X.XXXxxxxxverifiedHigh
76XXX.XX.X.XXXxxxxxverifiedHigh
77XXX.XX.X.XXXxxxxxverifiedHigh
78XXX.XX.X.XXXxxxxxverifiedHigh
79XXX.XX.X.XXXxxxxxverifiedHigh
80XXX.XX.X.XXXxxxxxverifiedHigh
81XXX.XX.X.XXXxxxxxverifiedHigh
82XXX.XX.X.XXXXxxxxxverifiedHigh
83XXX.XX.X.XXXXxxxxxverifiedHigh
84XXX.XX.X.XXXXxxxxxverifiedHigh
85XXX.XX.X.XXXXxxxxxverifiedHigh
86XXX.XX.X.XXXXxxxxxverifiedHigh
87XXX.XX.X.XXXXxxxxxverifiedHigh
88XXX.XX.X.XXXXxxxxxverifiedHigh
89XXX.XX.X.XXXXxxxxxverifiedHigh
90XXX.XX.X.XXXXxxxxxverifiedHigh
91XXX.XX.X.XXXXxxxxxverifiedHigh
92XXX.XX.X.XXXXxxxxxverifiedHigh
93XXX.XX.X.XXXXxxxxxverifiedHigh
94XXX.XX.X.XXXXxxxxxverifiedHigh
95XXX.XX.X.XXXXxxxxxverifiedHigh
96XXX.XX.XX.XXXXxxxxxverifiedHigh
97XXX.XX.XXX.XXxx.xxx.xx.xxx.xxx.xxxxxxxxxxxxxxxxxxx.xxxXxxxxxverifiedHigh
98XXX.XX.X.XXxx-x-xx.xxxxxxxx.xxXxxxxxverifiedHigh
99XXX.XX.XXX.XXxxxxxverifiedHigh
100XXX.XX.XX.XXXxxxx-xxx.xxxxxxx.xxx.xxXxxxxxverifiedHigh
101XXX.XX.XXX.XXXxxxxxverifiedHigh
102XXX.XX.XXX.XXXxxxxxverifiedHigh
103XXX.XX.XXX.XXXxxxxxverifiedHigh
104XXX.XX.XXX.XXXxxxxxverifiedHigh
105XXX.XX.XXX.XXXxxxxxverifiedHigh
106XXX.XX.XXX.XXXxxxxxverifiedHigh
107XXX.XX.XXX.XXXxxxxxverifiedHigh
108XXX.XX.XXX.XXXxxxxxverifiedHigh
109XXX.XX.XXX.XXXxxxxxverifiedHigh
110XXX.XX.XX.XXXxxx-xx-xx-xxx.xx.xxxx.xxxxxxxx.xxxXxxxxxverifiedHigh
111XXX.XXX.XX.XXXxxxxxverifiedHigh
112XXX.XX.XXX.XXXXxxxxxverifiedHigh
113XXX.XX.XXX.XXXXxxxxxverifiedHigh
114XXX.XX.XXX.XXXxxxxxverifiedHigh
115XXX.XX.XX.XXXXxxxxxverifiedHigh
116XXX.XX.XX.XXXXxxxxxverifiedHigh
117XXX.XXX.XXX.XXXxxxxxverifiedHigh
118XXX.XXX.XXX.XXXxxxxxverifiedHigh
119XXX.XXX.XXX.XXxxxxxxxxxxxxxx.xxxXxxxxxverifiedHigh
120XXX.XXX.XXX.XXxxxxxx.xxxXxxxxxverifiedHigh
121XXX.X.XXX.XXXxxx-x-xxx-xxx.xxxxxx.xxXxxxxxverifiedHigh
122XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxx.xxxxxx.xxXxxxxxverifiedHigh
123XXX.XX.X.XXXxx-xxx.xx.x.xxx.xxxxxxxxx.xxxXxxxxxverifiedHigh
124XXX.XX.X.XXXxx-xxx.xx.x.xxx.xxxxxxxxx.xxxXxxxxxverifiedHigh
125XXX.XX.X.XXXXxxxxxverifiedHigh
126XXX.XXX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (54)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/irj/portal/predictiveMedium
2File/phppath/phppredictiveMedium
3File/uncpath/predictiveMedium
4Fileacl.cpredictiveLow
5Fileadmin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1predictiveHigh
6Fileadministrator/components/com_media/helpers/media.phppredictiveHigh
7Fileagent/Core/Controller/SendRequest.cpppredictiveHigh
8Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
9Filexxx_xxxxxxxpredictiveMedium
10Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
11Filexxxx_xxxx.xxxpredictiveHigh
12Filexxxxxx/xxxxxxxx.xpredictiveHigh
13Filexxxxxxx/xxxxxxx/xxxxxx.xpredictiveHigh
14Filexxxxxxx.xxxpredictiveMedium
15Filexxxxxxxxx/xx/xxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxx.xxxpredictiveMedium
17Filexxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxx.xxxpredictiveMedium
19Filexxxxx.xxxpredictiveMedium
20Filexxx_xxxxxx.xpredictiveMedium
21Filexxx_xxxxx.xpredictiveMedium
22Filexxx_xxxxxxxxx.xxxpredictiveHigh
23Filexxxx_xxx.xxxpredictiveMedium
24Filexxxxx.xxxpredictiveMedium
25Filexxxx-xxxxxx.xpredictiveHigh
26Filexxxxxx.xxxpredictiveMedium
27Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxpredictiveHigh
28Filexxxxxx/predictiveLow
29Filexxxxxxxxx.xpredictiveMedium
30Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
31Filexx-xxxxx/xxxx.xxxpredictiveHigh
32Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
33Filexx-xxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
34Filexxxxxx.x/xxxxx.x/xxxx.xpredictiveHigh
35Argumentxxxxxx-xxxxxxxxpredictiveHigh
36Argumentxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxx/xxxxx/xxxxx_xxxxxxxpredictiveHigh
37ArgumentxxxxxxpredictiveLow
38ArgumentxxxxxxxxxxxxxxpredictiveHigh
39ArgumentxxxpredictiveLow
40Argumentxxxx/xxxx/xxxxxxxxxpredictiveHigh
41ArgumentxxxxxxxxxxxpredictiveMedium
42ArgumentxxxxxxxxpredictiveMedium
43ArgumentxxpredictiveLow
44Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxpredictiveHigh
45ArgumentxxxxxxpredictiveLow
46ArgumentxxxxpredictiveLow
47Argumentxxxx[xxxxxxxxxxxxxxxxx]predictiveHigh
48ArgumentxxxxxxxxxpredictiveMedium
49Argumentxxxxx_xxxxpredictiveMedium
50ArgumentxxxxxpredictiveLow
51Argumentxxxxx_xxxxxxxxpredictiveHigh
52ArgumentxxxxxxxxpredictiveMedium
53Input Valuexxxxxxxxx/xxxxxxxxxpredictiveHigh
54Pattern() {predictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!