Agrius Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (375)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en348
de6
fr4
ru4
zh4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us180
ru28
gb10
ir6
de4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Agrius13
Cobalt Strike2
SpeakUp1
Bashlite1
Mirai1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined124
Content Management System26
Operating System22
Smartphone Operating System12
Groupware Software12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined106
Microsoft28
Samsung10
Apple10
Google10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows12
Microsoft Exchange Server6
Joomla CMS4
GitLab Community Edition4
GitLab Enterprise Edition4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.260.00943CVE-2010-0966
3TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix3.820.01009CVE-2006-6168
4PHP Outburst Easynews admin.php memory corruption7.36.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.000.05921CVE-2006-5412
5Microsoft Windows Win32k Local Privilege Escalation7.87.2$25k-$100k$5k-$25kFunctionalOfficial Fix0.000.00088CVE-2021-28310
6I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery Plugin cross site scripting5.85.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00046CVE-2023-41658
7Popup Maker Plugin Shortcode Attribute cross site scripting4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00056CVE-2022-4362
8Huawei HG8245H URL information disclosure7.47.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00167CVE-2017-15328
9Redis dbghelp.dll uncontrolled search path [Disputed]7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.00180CVE-2022-3734
10Apple Mac OS X Server Wiki Server cross site scripting4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.020.00263CVE-2009-2814
11WordPress WP_Query sql injection6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.93536CVE-2022-21661
12Microsoft Exchange Server Remote Code Execution8.37.3$25k-$100k$0-$5kUnprovenOfficial Fix0.000.01068CVE-2021-31198
13YaBB yabb.pl cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.01240CVE-2004-2402
14Apple M1 Register s3_5_c15_c10_1 M1RACLES access control8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00000CVE-2021-30747
15Devilz Clanportal sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.080.00684CVE-2006-6339
16Microsoft SharePoint Server Privilege Escalation6.05.3$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00483CVE-2021-31963
17lodash Template command injection4.74.7$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00606CVE-2021-23337
18Spring Cloud Config spring-cloud-config-server path traversal6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.010.97175CVE-2020-5410
19Rittal PDU-3C002DEC/CMCIII-PU-9333E0FB os command injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00171CVE-2020-11953
20MyBB Sendthread Page sendthread.php denial of service5.34.8$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000.00000

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Israel

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.2.67.85mail.astrilll.comAgrius06/01/2021verifiedHigh
25.2.73.67Agrius06/01/2021verifiedHigh
337.59.236.23237.59.236.232.rdns.hasaserver.comAgrius06/01/2021verifiedHigh
437.120.238.15Agrius06/01/2021verifiedHigh
5XX.XX.XX.Xxxx.xx-xx-xx-xx.xxXxxxxx06/01/2021verifiedHigh
6XX.XXX.XX.XXXxxxxx06/01/2021verifiedHigh
7XX.XXX.XX.XXXXxxxxxXxxxxx11/09/2023verifiedHigh
8XX.XXX.XX.XXXxxxxx06/01/2021verifiedHigh
9XX.XXX.XXX.XXXXxxxxxXxxxxx11/09/2023verifiedHigh
10XX.XXX.XXX.XXXXxxxxx06/01/2021verifiedHigh
11XXX.XXX.XXX.XXXxxx.xxxxxxXxxxxxXxxxxx11/09/2023verifiedHigh
12XXX.XXX.XX.XXXxxxxxXxxxxx11/09/2023verifiedHigh
13XXX.XXX.XX.XXXxxxxxXxxxxx11/09/2023verifiedHigh
14XXX.XXX.XX.XXxxxxxx.xxx-xxxx.xxXxxxxx06/01/2021verifiedHigh
15XXX.XXX.XX.XXxxxx.xxxxxxx.xxxXxxxxx06/01/2021verifiedHigh
16XXX.XXX.XXX.XXXxxxxx06/01/2021verifiedHigh
17XXX.XXX.XXX.XXXxxxxxxxxxxx.xxxxxx.xxxXxxxxx06/01/2021verifiedHigh
18XXX.XX.XX.XXXXxxxxxXxxxxx11/09/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CWE-88, CWE-94Argument InjectionpredictiveHigh
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
18TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
19TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
20TXXXX.XXXCWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
21TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (117)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/maintenance/view_designation.phppredictiveHigh
2File/auth/registerpredictiveHigh
3File/cgi-bin/kerbynetpredictiveHigh
4File/damicms-master/admin.php?s=/Article/doeditpredictiveHigh
5File/etc/quaggapredictiveMedium
6File/main?cmd=invalid_browserpredictiveHigh
7File/opt/IBM/es/lib/libffq.cryptionjni.sopredictiveHigh
8File/pdf/InfoOutputDev.ccpredictiveHigh
9File/plugins/Dashboard/Controller.phppredictiveHigh
10File/signup.phppredictiveMedium
11File/storage/app/media/evil.svgpredictiveHigh
12File/uncpath/predictiveMedium
13File/usr/lpp/mmfs/bin/predictiveHigh
14Fileadclick.phppredictiveMedium
15Filexxxxx.xxxpredictiveMedium
16Filexxxxx.xxxpredictiveMedium
17Filexxxxx/xxxxx_xxxxx.xxxpredictiveHigh
18Filexxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxxxxxxxx/xxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
20Filexxxxxxxxxxxx/xxxxxxxxx/xxx/xxxxx.xxxpredictiveHigh
21Filexxxxxxxxxxxx.xxxpredictiveHigh
22Filexxxxxxx/xxxxxx.xpredictiveHigh
23Filexxxxxxxxx.xxxpredictiveHigh
24Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
25Filexxxxxx/xxx.xpredictiveMedium
26Filexxx.xxxxxxx.xxxpredictiveHigh
27Filexxxxxxx_xxx.xxxpredictiveHigh
28Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexxx.xxxpredictiveLow
30Filexxxxxxxxxxxx.xxxpredictiveHigh
31Filexxxx-xxxxxxxx-xxxxxx.xxxpredictiveHigh
32Filexxxxx.xxxpredictiveMedium
33Filexxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
34Filexxxxxxxxx.xxxpredictiveHigh
35Filexx_xxx_xx.xpredictiveMedium
36Filexxx.xxpredictiveLow
37Filexxx/xxxxxx.xxxpredictiveHigh
38Filexxx/xxxxx/xxxx-xxxxxxxx.xxxpredictiveHigh
39Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
40Filexxxxx.xxxxpredictiveMedium
41Filexxxxx.xxxpredictiveMedium
42Filexxxx/xx.xxxpredictiveMedium
43Filexxxxxxx.xxxpredictiveMedium
44Filexxxxxxxx.xxxpredictiveMedium
45Filexx_xxxx.xpredictiveMedium
46Filexxxxxx_xxxxxxx.xxxpredictiveHigh
47Filexx/xxxxx/xxxxxxx/xxxx.xxpredictiveHigh
48Filexxxxxxx.xxxpredictiveMedium
49Filexxxxx.xxxpredictiveMedium
50Filexxxxxxxx.xxxpredictiveMedium
51Filexxxxxxxx_xxxx.xxxpredictiveHigh
52Filexxxxxxxxxx.xxxpredictiveHigh
53Filexxxx-xxxxxx.xpredictiveHigh
54Filexxxxxxxx.xxxpredictiveMedium
55Filexxxxxxx:xxxxxxxxxxxxxxxxpredictiveHigh
56Filexxxxxxxxx/xxxxxxxxxxpredictiveHigh
57Filexxxx-xxxxxxxx.xxxpredictiveHigh
58Filexx_xxxx/xx/predictiveMedium
59Filexxxxxx.xxxpredictiveMedium
60Filexxxx.xxxpredictiveMedium
61Filexxxx_xxx.xxxpredictiveMedium
62Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
63Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxx-xxxxxx-xxxxxpredictiveHigh
64Filexx-xxxxx/xxxxxxxx/xxxxx-xxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
65Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
66Filexx-xxxxx.xxxpredictiveMedium
67Filexxxxxxx.xpredictiveMedium
68FilexxxxxxxpredictiveLow
69Filexxxx.xxpredictiveLow
70Libraryx:/xxxxxxx xxxxx/xxxxx/xxxxxxx.xxxpredictiveHigh
71Libraryxxxxxxxxxx.xxxpredictiveHigh
72Libraryxxxxxx.xxxpredictiveMedium
73Libraryxxxxxxxx.xxxpredictiveMedium
74Libraryxxx/xxx/xx/xxx/xxxxxx.xxxxxxxxxxx.xxpredictiveHigh
75ArgumentxxxxxxxxxxxxpredictiveMedium
76ArgumentxxxxxxxxpredictiveMedium
77Argumentxxxxxxxx xxxxpredictiveHigh
78ArgumentxxxxxpredictiveLow
79ArgumentxxxxxxxxxxxpredictiveMedium
80ArgumentxxxpredictiveLow
81ArgumentxxxxxxxxxxxxxxxpredictiveHigh
82Argumentxxxxxxx_xxxxxx_xxpredictiveHigh
83ArgumentxxxxxxxxxxxxpredictiveMedium
84ArgumentxxxxxxpredictiveLow
85Argumentxx_xxxxx_xxpredictiveMedium
86ArgumentxxxxpredictiveLow
87ArgumentxxxxxxxxpredictiveMedium
88Argumentxxxxxx_xxxxx_xxxpredictiveHigh
89ArgumentxxxxxxpredictiveLow
90Argumentxxxx_xxpredictiveLow
91ArgumentxxpredictiveLow
92ArgumentxxpredictiveLow
93Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictiveHigh
94ArgumentxxxxpredictiveLow
95Argumentxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxx/xxxxxpredictiveHigh
96Argumentxx_xxxxxpredictiveMedium
97ArgumentxxpredictiveLow
98Argumentxxxxxxx[xxxxxx_xxxxx]predictiveHigh
99Argumentxxxx xxxxxpredictiveMedium
100ArgumentxxxxxpredictiveLow
101Argumentxxxx_xxxxxpredictiveMedium
102ArgumentxxxxxxxxxxxxxxxpredictiveHigh
103Argumentxxxxxxx_xx_xxxxpredictiveHigh
104ArgumentxxxpredictiveLow
105Argumentxxxxxxx/xxxx/xxxxxxxxxxxpredictiveHigh
106ArgumentxxxxpredictiveLow
107ArgumentxxxxxxxpredictiveLow
108ArgumentxxxxxxxpredictiveLow
109ArgumentxxxxxxxxxxxpredictiveMedium
110ArgumentxxxxxxxxxpredictiveMedium
111ArgumentxxxxxxxxxpredictiveMedium
112ArgumentxxxxpredictiveLow
113ArgumentxxxxxxxxpredictiveMedium
114Argument__xxxxxxxxxpredictiveMedium
115Input Value%xx%xxxxx%xx/xxx/xxxxxx%xx%xxpredictiveHigh
116Input Value<xxxxxx>xxxxx("xxx")</xxxxxx>predictiveHigh
117Network PortxxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!