AdWind Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (224)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en	148
zh	40
ru	18
ar	4
de	4

Country

US: USA	116
CN: China	40
RU: Russia	14
IR: Iran	6
GB: Great Britain	4

Actors

Remcos	9
RedLine Stealer	7
Ave Maria	5
AsyncRAT	5
Quasar RAT	4

Activities

Interest

Timeline

Type

Not Defined	102
WordPress Plugin	12
Content Management System	12
Operating System	10
Smartphone Operating System	6

Vendor

Not Defined	56
Microsoft	10
SourceCodester	10
Google	6
Optergy	6

Product

Microsoft Windows	6
Optergy Proton	6
Optergy Enterprise	6
MediaTek MT6761	4
MediaTek MT6779	4

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#	Vulnerability	Base	Temp	0day	Today	Exp	Cou	KEV	EPSS	CTI	CVE
1	vsftpd deny_file	3.7	3.6	$0-$5k	$0-$5k	Not defined	Official fix		0.35290	0.04	CVE-2015-1419
2	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official fix		0.00970	0.22	CVE-2010-0966
3	Guangzhou 1GE ONU/V2804RGW formPing os command injection	5.9	5.9	$0-$5k	$0-$5k	Not defined	Not defined	expected	0.86759	0.07	CVE-2020-8958
4	LogicBoard CMS away.php redirect	6.3	6.1	$0-$5k	$0-$5k	Not defined	Unavailable		0.00000	0.72
5	eSyndicat Directory Software suggest-listing.php cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not defined	Not defined		0.00000	0.61
6	nginx request smuggling	6.9	6.9	$0-$5k	$0-$5k	Not defined	Not defined		0.00000	0.39	CVE-2020-12440
7	Hitachi Kokusai Electric ISnex HC-IP9100HD GET Request ptippage.cgi path traversal	6.5	6.4	$0-$5k	$0-$5k	Not defined	Not defined		0.00274	0.00	CVE-2022-37681
8	Sambar Server Pro Webmail Interface Credentials missing encryption	5.3	5.3	$0-$5k	$0-$5k	Not defined	Not defined		0.00000	0.06
9	F5 NGINX Service Mesh Control Plane Endpoint missing authentication	6.4	6.2	$0-$5k	$0-$5k	Not defined	Official fix		0.00208	0.00	CVE-2022-27495
10	Extensionsforjoomla Com Vikrealestate index.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00275	0.00	CVE-2011-4823
11	EGavilan Media Contact-Form-With-Messages-Entry-Management Addmessage.php sql injection	6.3	6.3	$0-$5k	$0-$5k	Not defined	Not defined		0.00478	0.00	CVE-2021-44097
12	RARLabs WinRAR ZIP Archive data authenticity	7.3	7.2	$0-$5k	$0-$5k	Attacked	Official fix	verified	0.93714	0.00	CVE-2023-38831
13	MGB OpenSource Guestbook email.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	possible	0.01802	0.17	CVE-2007-0354
14	SourceCodester Simple Cold Storage Management System Contact Us page cross-site request forgery	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00046	0.05	CVE-2022-3585
15	Laravel Framework Permission .env writeNewEnvironmentFileWith Password information disclosure	6.4	6.1	$0-$5k	$0-$5k	High	Not defined	expected	0.85788	0.05	CVE-2017-16894
16	Linux Kernel can rcu_read_lock use after free	8.0	7.6	$5k-$25k	$5k-$25k	Not defined	Official fix		0.00032	0.09	CVE-2025-38003
17	Linux Kernel can bcm_can_tx out-of-bounds	3.5	3.4	$0-$5k	$0-$5k	Not defined	Official fix		0.00032	0.09	CVE-2025-38004
18	SaltStack salt access control	9.8	9.8	$0-$5k	$0-$5k	Not defined	Not defined		0.01705	0.05	CVE-2013-6617
19	Microsoft .NET Framework Username Parser access control	8.8	7.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official fix	expected	0.86632	0.06	CVE-2011-3416
20	RiteCMS Admin Panel path traversal	4.6	4.2	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00782	0.11	CVE-2022-24248

IOC - Indicator of Compromise (174)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	2.5.29.14		Adwind	12/23/2020	verified	Low
2	5.79.79.67		Adwind	12/23/2020	verified	Low
3	5.79.79.70	storage205.ntesrv.com	Adwind	12/23/2020	verified	Low
4	5.187.34.231	231.34.187.5.in-addr.arpa.dynamic.gestiondeservidor.com	Adwind	12/23/2020	verified	Very Low
5	5.254.112.21		Adwind	12/23/2020	verified	Low
6	5.254.112.24		Adwind	12/23/2020	verified	Low
7	5.254.112.36		Adwind	12/23/2020	verified	Low
8	5.254.112.56		Adwind	12/23/2020	verified	Low
9	5.254.112.60		Adwind	12/23/2020	verified	Low
10	8.15.0.59		Adwind	12/23/2020	verified	Low
11	14.3.210.2	ae210002.dynamic.ppp.asahi-net.or.jp	Adwind	12/23/2020	verified	Very Low
12	23.26.248.208		AdWind	08/04/2023	verified	High
13	23.105.131.204	mail204.nessfist.com	AdWind	09/21/2022	verified	Medium
14	23.227.196.198	23-227-196-198.static.hvvc.us	Adwind	12/23/2020	verified	Low
15	23.227.199.72	23-227-199-72.static.hvvc.us	Adwind	12/23/2020	verified	Low
16	23.227.199.118	23-227-199-118.static.hvvc.us	Adwind	12/23/2020	verified	Low
17	23.227.199.121	23-227-199-121.static.hvvc.us	Adwind	12/23/2020	verified	Low
18	23.231.23.182	mx6.touringul.com	Adwind	12/23/2020	verified	Low
19	31.31.196.31	server31.hosting.reg.ru	Adwind	12/23/2020	verified	Very Low
20	31.171.155.72		Adwind	12/23/2020	verified	Low
21	37.0.14.215		AdWind	10/20/2022	verified	Medium
22	37.61.235.30		Adwind	12/23/2020	verified	Low
23	43.226.229.92		AdWind	11/18/2022	verified	Medium
24	45.74.38.17		AdWind	09/21/2022	verified	Medium
25	45.138.16.101		AdWind	10/17/2022	verified	Medium
26	45.147.231.41		AdWind	07/02/2021	verified	Low
27	46.20.33.76		Adwind	12/23/2020	verified	Low
28	46.183.220.114	ip-220-114.dataclub.info	AdWind	08/24/2022	verified	Medium
29	46.183.222.88	ip-222-88.dataclub.info	AdWind	03/20/2024	verified	High
30	46.183.223.47	ip-223-47.dataclub.info	AdWind	07/25/2024	verified	Very High
31	XX.XXX.XXX.XX	xx-xxx-xx.xxxxxxxx.xxxx	Xxxxxx	02/28/2024	verified	High
32	XX.X.XXX.XXX		Xxxxxx	12/23/2020	verified	Low
33	XX.XXX.XX.XX	xxxx.xx-xx-xxx-xx.xx	Xxxxxx	12/23/2020	verified	Low
34	XX.XX.XXX.XXX	xxxxxxxxxx.xxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
35	XX.XXX.XXX.X		Xxxxxx	09/06/2021	verified	Low
36	XX.XXX.X.XX		Xxxxxx	12/23/2020	verified	Low
37	XX.XXX.X.XX		Xxxxxx	12/23/2020	verified	Low
38	XX.XXX.X.XXX		Xxxxxx	12/23/2020	verified	Low
39	XX.XXX.X.XXX		Xxxxxx	12/23/2020	verified	Low
40	XX.XXX.X.XXX		Xxxxxx	12/23/2020	verified	Low
41	XX.XX.X.XXX	xx-xx.xx.x.xxx.xxxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
42	XX.XXX.XX.XXX		Xxxxxx	05/11/2023	verified	Medium
43	XX.XXX.XX.XX		Xxxxxx	09/05/2022	verified	Medium
44	XX.XXX.XXX.XX		Xxxxxx	09/02/2022	verified	Medium
45	XX.XXX.XXX.XX		Xxxxxx	06/08/2021	verified	Low
46	XX.XXX.XXX.XX		Xxxxxx	09/26/2022	verified	Medium
47	XX.XXX.XXX.XX	xxxxxx	Xxxxxx	12/23/2020	verified	Low
48	XX.XXX.XXX.XX	xxxxxx	Xxxxxx	12/23/2020	verified	Low
49	XX.XX.XXX.XX	xxxxx.xxxxxxx.xxxxx	Xxxxxx	09/23/2024	verified	Very High
50	XX.XXX.XXX.XXX	xxxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
51	XX.XX.XXX.XX	xx-xxx-xx.xxxxxxxx.xxxx	Xxxxxx	08/30/2022	verified	Medium
52	XX.XXX.XX.XXX	xxxxxxxxxx.xxxxxxxxxxxxx.xxx	Xxxxxx	09/06/2023	verified	High
53	XX.XXX.XXX.XXX	xxxxxxx.xxxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
54	XX.XXX.XXX.XXX		Xxxxxx	12/23/2020	verified	Low
55	XX.XXX.XXX.XXX		Xxxxxx	12/23/2020	verified	Low
56	XX.XXX.XXX.XX	xxxx-xxx-xx.xxxxxxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
57	XX.XXX.XXX.XX	xxxx-xxx-xx.xxxxxxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
58	XX.XXX.XXX.XX	xxxx-xxx-xx.xxxxxxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
59	XX.XXX.XXX.XX	xxxx-xxx-xx.xxxxxxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
60	XX.XXX.XXX.XX	xxxx-xxx-xx.xxxxxxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
61	XX.XXX.XXX.XX	xxxx-xxx-xx.xxxxxxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
62	XXX.XXX.XXX.XXX		Xxxxxx	04/16/2024	verified	High
63	XXX.XXX.X.XX		Xxxxxx	03/28/2023	verified	Medium
64	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxxx-xxx	Xxxxxx	04/19/2021	verified	Very Low
65	XXX.XXX.XXX.XX		Xxxxxx	09/03/2022	verified	Medium
66	XXX.XXX.XXX.XXX		Xxxxxx	11/07/2022	verified	Medium
67	XXX.XXX.XXX.XXX	xx-xxx-xxx.xxxxxxxx.xx	Xxxxxx	09/06/2021	verified	Low
68	XXX.X.X.X	xxxxxxxxx.xxx.xxx	Xxxxxx	12/23/2020	verified	Low
69	XXX.XX.XXX.XXX	xxxxxx-xx.xxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Very Low
70	XXX.XX.XX.XXX	xxx.xx.xx.xxx.xx.xxxxxxxxxxxxx.xxx.xx	Xxxxxx	02/02/2022	verified	Low
71	XXX.XXX.XXX.XX		Xxxxxx	10/23/2021	verified	Low
72	XXX.XXX.XXX.XX		Xxxxxx	10/28/2021	verified	Low
73	XXX.XXX.XX.XX	xx.xx.xxx.xxx.xx-xxxx.xxxx	Xxxxxx	12/23/2020	verified	Low
74	XXX.XX.XXX.X	xxxxxxxxxx.xxxxxxxxx.xxx	Xxxxxx	02/28/2024	verified	High
75	XXX.XX.XX.XXX		Xxxxxx	12/23/2020	verified	Low
76	XXX.XX.XX.XX		Xxxxxx	12/23/2020	verified	Low
77	XXX.XX.X.XXX	xxx-x-xx-xxx.xxxxxxx-xxx.xxxxxxx	Xxxxxx	12/23/2020	verified	Very Low
78	XXX.XXX.X.XX		Xxxxxx	12/23/2020	verified	Low
79	XXX.XX.XXX.XX		Xxxxxx	08/30/2021	verified	Low
80	XXX.XXX.XXX.XX		Xxxxxx	02/10/2022	verified	Low
81	XXX.XXX.XXX.XX	xxx.xxx.xxx.xx.xxxxxx.xxxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
82	XXX.XXX.XXX.XX	xxx.xxx.xxx.xx.xxxxxx.xxxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
83	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx.xxxxxx.xxxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
84	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
85	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
86	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
87	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
88	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
89	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
90	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
91	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
92	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
93	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
94	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
95	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
96	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
97	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
98	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
99	XXX.XXX.XXX.XXX		Xxxxxx	09/09/2021	verified	Low
100	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxx.xxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
101	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxx.xxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
102	XXX.XX.XX.XX		Xxxxxx	12/23/2020	verified	Low
103	XXX.XX.X.XX	xxx-xx-x-xx.xxxxx.xxxx.xx.xxxxxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
104	XXX.X.XXX.XXX		Xxxxxx	12/23/2020	verified	Low
105	XXX.XX.XX.XX	xxx-xxx-xx.xxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
106	XXX.XX.X.XX		Xxxxxx	12/23/2020	verified	Low
107	XXX.XX.X.XX		Xxxxxx	12/23/2020	verified	Low
108	XXX.XX.X.XX		Xxxxxx	12/23/2020	verified	Low
109	XXX.XX.X.XX		Xxxxxx	12/23/2020	verified	Low
110	XXX.XX.X.XX		Xxxxxx	12/23/2020	verified	Low
111	XXX.XX.X.XX		Xxxxxx	12/23/2020	verified	Low
112	XXX.XX.X.XX		Xxxxxx	12/23/2020	verified	Low
113	XXX.XX.X.XXX		Xxxxxx	12/23/2020	verified	Low
114	XXX.XX.X.XXX		Xxxxxx	12/23/2020	verified	Low
115	XXX.XX.X.XXX		Xxxxxx	12/23/2020	verified	Low
116	XXX.XX.X.XXX		Xxxxxx	12/23/2020	verified	Low
117	XXX.XX.X.XXX		Xxxxxx	12/23/2020	verified	Low
118	XXX.XX.X.XXX		Xxxxxx	12/23/2020	verified	Low
119	XXX.XX.X.XXX		Xxxxxx	12/23/2020	verified	Low
120	XXX.XX.X.XXX		Xxxxxx	12/23/2020	verified	Low
121	XXX.XX.X.XXX		Xxxxxx	12/23/2020	verified	Low
122	XXX.XX.X.XXX		Xxxxxx	12/23/2020	verified	Low
123	XXX.XX.X.XXX		Xxxxxx	12/23/2020	verified	Low
124	XXX.XX.X.XXX		Xxxxxx	12/23/2020	verified	Low
125	XXX.XX.X.XXX		Xxxxxx	12/23/2020	verified	Low
126	XXX.XX.X.XXX		Xxxxxx	12/23/2020	verified	Low
127	XXX.XX.XX.XXX		Xxxxxx	12/23/2020	verified	Low
128	XXX.XX.XX.XXX		Xxxxxx	12/16/2021	verified	Low
129	XXX.XX.XX.XXX		Xxxxxx	03/02/2022	verified	Low
130	XXX.XX.XXX.XX	xx.xxx.xx.xxx.xxx.xxxxxxxxxxxxxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Very Low
131	XXX.XX.X.XX	xx-x-xx.xxxxxxxx.xx	Xxxxxx	12/23/2020	verified	Low
132	XXX.XX.XXX.X		Xxxxxx	12/23/2020	verified	Low
133	XXX.XX.XX.XXX	xxxx-xxx.xxxxxxx.xxx.xx	Xxxxxx	12/23/2020	verified	Low
134	XXX.XX.XXX.XX		Xxxxxx	12/23/2020	verified	Low
135	XXX.XX.XXX.XX		Xxxxxx	12/23/2020	verified	Low
136	XXX.XX.XXX.XX		Xxxxxx	12/23/2020	verified	Low
137	XXX.XX.XXX.XX		Xxxxxx	12/23/2020	verified	Low
138	XXX.XX.XXX.XX		Xxxxxx	12/23/2020	verified	Low
139	XXX.XX.XXX.XX		Xxxxxx	12/23/2020	verified	Low
140	XXX.XX.XXX.XX		Xxxxxx	12/23/2020	verified	Low
141	XXX.XX.XXX.XX		Xxxxxx	12/23/2020	verified	Low
142	XXX.XX.XXX.XX		Xxxxxx	12/23/2020	verified	Low
143	XXX.XXX.XXX.XXX		Xxxxxx	08/23/2021	verified	Low
144	XXX.XXX.XX.XXX		Xxxxxx	05/03/2021	verified	Low
145	XXX.XXX.XX.XXX	xxxxxx-xx.xxxxxxxxx.xxx	Xxxxxx	03/26/2021	verified	Very Low
146	XXX.XXX.XX.XX	xxxxxxxxxxxxxxxxx.xxxxxxxxx.xxx	Xxxxxx	09/05/2022	verified	Medium
147	XXX.XXX.XX.XXX	xxxxxx-xx.xxxxxxxxx.xxx	Xxxxxx	11/09/2022	verified	Low
148	XXX.XXX.XX.XXX	xxxxxx-xx.xxxxxxxxx.xxx	Xxxxxx	08/09/2022	verified	Low
149	XXX.XXX.XX.XXX		Xxxxxx	06/10/2021	verified	Low
150	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xx.xxxx.xxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
151	XXX.XXX.XX.XX		Xxxxxx	12/23/2020	verified	Low
152	XXX.XXX.XXX.XXX	xxxxx-xxxxxxx.xxxxxxxxxxxx.xxx	Xxxxxx	08/20/2022	verified	Medium
153	XXX.XXX.XXX.XXX		Xxxxxx	05/01/2024	verified	High
154	XXX.X.XX.X		Xxxxxx	07/06/2021	verified	Low
155	XXX.X.XX.XX		Xxxxxx	12/10/2021	verified	Low
156	XXX.XXX.XX.XXX		Xxxxxx	12/04/2022	verified	Medium
157	XXX.XX.XXX.XXX		Xxxxxx	12/23/2020	verified	Low
158	XXX.XX.XXX.XXX		Xxxxxx	12/23/2020	verified	Low
159	XXX.XX.XXX.XX		Xxxxxx	12/23/2020	verified	Low
160	XXX.XX.XX.XXX		Xxxxxx	12/23/2020	verified	Low
161	XXX.XX.XX.XXX		Xxxxxx	12/23/2020	verified	Low
162	XXX.XXX.XXX.XX		Xxxxxx	12/23/2020	verified	Low
163	XXX.XXX.XXX.XX		Xxxxxx	12/23/2020	verified	Low
164	XXX.XXX.XXX.XX	xxxxxxxxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
165	XXX.XXX.XXX.XX	xxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
166	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxx.xxx.xx	Xxxxxx	03/29/2021	verified	Low
167	XXX.XX.XXX.XX		Xxxxxx	09/02/2022	verified	Medium
168	XXX.XX.XXX.XXX	xxx.xx.xxx.xxx.xxxxxx.xxxxxxxxx.xxx	Xxxxxx	02/26/2024	verified	High
169	XXX.X.XXX.XXX	xxx-x-xxx-xxx.xxxxxx.xx	Xxxxxx	12/23/2020	verified	Low
170	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxxx.xxxxxx.xx	Xxxxxx	12/23/2020	verified	Very Low
171	XXX.XX.X.XXX	xx-xxx.xx.x.xxx.xxxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
172	XXX.XX.X.XXX	xx-xxx.xx.x.xxx.xxxxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low
173	XXX.XX.X.XXX		Xxxxxx	12/23/2020	verified	Low
174	XXX.XXX.XXX.XXX	xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxxxx	12/23/2020	verified	Low

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-21, CWE-22	Path Traversal	predictive	High
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	High
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
4	T1059.007	CAPEC-209	CWE-79, CWE-80, CWE-85	Basic Cross Site Scripting	predictive	High
5	TXXXX	CAPEC-XXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
6	TXXXX.XXX		CWE-XXX	Xxx Xx Xxxx-xxxxx Xxxxxxxx	predictive	High
7	TXXXX.XXX	CAPEC-XX	CWE-XXX, CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	High
8	TXXXX	CAPEC-XXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
9	TXXXX.XXX	CAPEC-XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
10	TXXXX	CAPEC-X	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
11	TXXXX	CAPEC-XXX	CWE-XX, CWE-XX	Xxx Xxxxxxxxx	predictive	High
12	TXXXX	CAPEC-XXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
13	TXXXX	CAPEC-XXX	CWE-XXX	Xxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxx	predictive	High
14	TXXXX	CAPEC-XX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	High
15	TXXXX.XXX		CWE-XXX	Xxxxxxxx Xxxxxx Xxxx	predictive	High
16	TXXXX	CAPEC-XXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
17	TXXXX.XXX		CWE-XX	Xxxxxxxxxxxxx	predictive	High
18	TXXXX	CAPEC-XXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High
19	TXXXX.XXX	CAPEC-XX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	High
20	TXXXX.XXX	CAPEC-X	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (118)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/.env	predictive	Low
2	File	/admin/pages/	predictive	High
3	File	/admins	predictive	Low
4	File	/ajax/getBasicInfo.php	predictive	High
5	File	/api/admin/system/store/order/list	predictive	High
6	File	/car.php	predictive	Medium
7	File	/cgi-bin/cstecgi.cgi	predictive	High
8	File	/cgi-bin/wlogin.cgi	predictive	High
9	File	/clientdetails/admin/regester.php	predictive	High
10	File	/core/admin/categories.php	predictive	High
11	File	/csms/?page=contact_us	predictive	High
12	File	/farm/product.php	predictive	High
13	File	/forum/away.php	predictive	High
14	File	/goform/set_ntp	predictive	High
15	File	/xxxxx.xxx/xxxxxx	predictive	High
16	File	/xxxxxxxxx/xxxxxxxxxxx.xxx	predictive	High
17	File	/xxxxxx_xxxxx.xxx	predictive	High
18	File	/xxxxx-xxxxxx-xxxxxxxx-xxxxxx/xxxxxxx-xxxx.xxx	predictive	High
19	File	/xxxxxxxx.xxx	predictive	High
20	File	/xxxx.xxx	predictive	Medium
21	File	/xxx/xxx	predictive	Medium
22	File	/xxxxxx-xxxxxx.xxx	predictive	High
23	File	/xxxxxx	predictive	Low
24	File	/xx/xxxxxxxx/	predictive	High
25	File	xxxxxxxxxx.xxx	predictive	High
26	File	xxxxx.xxx	predictive	Medium
27	File	xxxxx/xxxxxxxx.xxx	predictive	High
28	File	xxxxx_xxxxxxx.xxxx	predictive	High
29	File	xxxxx_xxxx.xxx	predictive	High
30	File	xxxxx.xxx	predictive	Medium
31	File	xxxx/xxxxxxxxx.xxx	predictive	High
32	File	xxxxxxx.xxx	predictive	Medium
33	File	xxxxxxx/xxxxx/xxxxxxxx	predictive	High
34	File	xxxxx.xxx	predictive	Medium
35	File	x:\xxxxxxx xxxxx (xxx)\xxxxxxxxx\xxxxxxxxx xxxxxxx\xxxxxxxxx_xxxxxx\xxxxxxxxx-xxxxxxx-xxxxxxxx.xxx	predictive	High
36	File	xxxxxxxxxx/xxxxxxxx.xxx	predictive	High
37	File	xxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxx	predictive	High
38	File	xxx_xxxxxxx_xxxxxxxxx_xxxxxxxxx_xxxxxxxxxxxxxx.xxx	predictive	High
39	File	xxxxxxxxxxxxx/xxxxxx/xxxx.xxx	predictive	High
40	File	xxxxxxxxx/xxxxxxxxx.xxx	predictive	High
41	File	xxxxxxxx.xxx	predictive	Medium
42	File	xxxxxxxxx.xxx	predictive	High
43	File	xxxxx.xxx	predictive	Medium
44	File	xxxxxxx.xxx	predictive	Medium
45	File	xxxxxxx/xx/xxxxxxxx/xxxxxx/xxxxxx.xxx	predictive	High
46	File	xxx/xxxxxx.xxx	predictive	High
47	File	xxxxx.xxx	predictive	Medium
48	File	xxxxxx.x	predictive	Medium
49	File	xxxxxxx.xxx	predictive	Medium
50	File	xxxxx.xxx	predictive	Medium
51	File	xxxxxx_xxxxxx.xxx	predictive	High
52	File	xxx_xxxxxxxx.x	predictive	High
53	File	xxxxx.xxx	predictive	Medium
54	File	xxxxxxx_xxxx.xxx	predictive	High
55	File	xxxxxx/xxxxxxx/xxxxxxx_xxx_xxxxxx_xxxxxx.xxx	predictive	High
56	File	xxxxx.xxx	predictive	Medium
57	File	xxx.xxx	predictive	Low
58	File	xxxxxxxx.xxx	predictive	Medium
59	File	xxxx_xxxxx.xxx	predictive	High
60	File	xxxxxxxx.xxx	predictive	Medium
61	File	xxxxxxx-xxxxxxx.xxx	predictive	High
62	File	xxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxx/xxxxxxxxxxx.xxxx	predictive	High
63	File	xxxx-xxxxx.xxx	predictive	High
64	File	xxx.xxx	predictive	Low
65	File	xxxxxxxxx.xxx?xxxxxx=xxxxxx	predictive	High
66	File	xxxx.xxx	predictive	Medium
67	File	xxx.xxx	predictive	Low
68	File	~/xxx-xxx-xxxxxx.xxx	predictive	High
69	Library	xxxxxx.xxx	predictive	Medium
70	Library	xxxx.xxx	predictive	Medium
71	Library	xxxxxxx/xxxxxxxxx/xxxxxx.x	predictive	High
72	Library	xxx/xxxxxxx.xx	predictive	High
73	Library	xxxxxx.xxx	predictive	Medium
74	Argument	xx/xx	predictive	Low
75	Argument	xxxxxxxx	predictive	Medium
76	Argument	xxxxxx	predictive	Low
77	Argument	x/xx	predictive	Low
78	Argument	xxx	predictive	Low
79	Argument	xx	predictive	Low
80	Argument	xxxxxx/xxxxxxx	predictive	High
81	Argument	xxxxxxx[xxxx_xx_xxxx]	predictive	High
82	Argument	xxxxxxxxxxxx	predictive	Medium
83	Argument	xxxxx	predictive	Low
84	Argument	x_xx	predictive	Low
85	Argument	xxxx xx xxxxxxx	predictive	High
86	Argument	xxxxx	predictive	Low
87	Argument	xxx	predictive	Low
88	Argument	xxxxxx	predictive	Low
89	Argument	xxxx	predictive	Low
90	Argument	xxxx xxxx/xxxxxxx/xxxxx/xxxxxxx	predictive	High
91	Argument	xxx-xxx-xxxx	predictive	Medium
92	Argument	xxxxxxxx	predictive	Medium
93	Argument	xxxx_xxxx	predictive	Medium
94	Argument	xx	predictive	Low
95	Argument	xxxxx_xx	predictive	Medium
96	Argument	xxx	predictive	Low
97	Argument	xxxxxxxx_xxxxxxx_xxxxxx	predictive	High
98	Argument	xxxxxxxx	predictive	Medium
99	Argument	xxxx	predictive	Low
100	Argument	xxxx	predictive	Low
101	Argument	xxx_xxxx_xxx	predictive	Medium
102	Argument	xxxxx xxxxxx	predictive	Medium
103	Argument	xxxxxxxx	predictive	Medium
104	Argument	xx	predictive	Low
105	Argument	xxxxxxxxxxxx	predictive	Medium
106	Argument	xxxxxxxxxxxxx	predictive	High
107	Argument	xxxxxx_xx	predictive	Medium
108	Argument	xxxxxxxx	predictive	Medium
109	Argument	xx	predictive	Low
110	Argument	xxxxx	predictive	Low
111	Argument	xxxxxxxx	predictive	Medium
112	Argument	x-xxxxx-xxxxxxx	predictive	High
113	Input Value	' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxx	predictive	High
114	Input Value	../	predictive	Low
115	Input Value	x\"><xxxxxx>xxxxx(x)</xxxxxx>	predictive	High
116	Input Value	x</xx><xxxxxx>xxxxx(x)</xxxxxx>	predictive	High
117	Input Value	xxxx://xxxx.xxx	predictive	High
118	Pattern	\|xx\|xx\|xx\|	predictive	Medium

References (7)

The following list contains external sources which discuss the actor and the associated activities:

Samples (1)

The following list contains associated samples:

https://bazaar.abuse.ch/sample/eab4de47bbafcc25413ea8c04856912f2a47a3cd2a32d1659d74c2f23e124f89/

◂ PreviousOverviewNext ▸

This view requires CTI permissions

Just purchase a CTI license today!