Agrius Analysis

IOB - Indicator of Behavior (383)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en346
fr8
ru6
es6
de6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows20
Microsoft Exchange Server6
Samsung GALAXY Apps4
Google Android4
Atlassian JIRA4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.45CVE-2010-0966
3TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.0107510.00CVE-2006-6168
4PHP Outburst Easynews admin.php memory corruption7.36.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.065130.06CVE-2006-5412
5Microsoft Windows Win32k Local Privilege Escalation7.87.4$25k-$100k$5k-$25kHighOfficial Fix0.000890.00CVE-2021-28310
6I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery Plugin cross site scripting5.85.8$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2023-41658
7Popup Maker Plugin Shortcode Attribute cross site scripting4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.00CVE-2022-4362
8Huawei HG8245H URL information disclosure7.47.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001670.00CVE-2017-15328
9Redis dbghelp.dll uncontrolled search path [Disputed]7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002130.05CVE-2022-3734
10Apple Mac OS X Server Wiki Server cross site scripting4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.002630.05CVE-2009-2814
11WordPress WP_Query sql injection6.36.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.934220.00CVE-2022-21661
12Microsoft Exchange Server Remote Code Execution8.37.3$25k-$100k$0-$5kUnprovenOfficial Fix0.014890.05CVE-2021-31198
13YaBB yabb.pl cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.012400.04CVE-2004-2402
14Apple M1 Register s3_5_c15_c10_1 M1RACLES access control8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.00CVE-2021-30747
15Devilz Clanportal sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.006840.05CVE-2006-6339
16Microsoft SharePoint Server Privilege Escalation6.05.3$5k-$25k$0-$5kUnprovenOfficial Fix0.004580.00CVE-2021-31963
17lodash Template command injection4.74.7$0-$5k$0-$5kNot DefinedOfficial Fix0.006060.05CVE-2021-23337
18Spring Cloud Config spring-cloud-config-server path traversal6.46.3$0-$5k$0-$5kHighOfficial Fix0.972110.00CVE-2020-5410
19Rittal PDU-3C002DEC/CMCIII-PU-9333E0FB os command injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001710.04CVE-2020-11953
20MyBB Sendthread Page sendthread.php denial of service5.34.8$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000000.00

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Israel

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-50CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-37CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
20TXXXX.XXXCAPEC-CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
21TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (122)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/maintenance/view_designation.phppredictiveHigh
2File/admin/templatepredictiveHigh
3File/auth/registerpredictiveHigh
4File/cgi-bin/kerbynetpredictiveHigh
5File/damicms-master/admin.php?s=/Article/doeditpredictiveHigh
6File/etc/quaggapredictiveMedium
7File/main?cmd=invalid_browserpredictiveHigh
8File/opt/IBM/es/lib/libffq.cryptionjni.sopredictiveHigh
9File/pdf/InfoOutputDev.ccpredictiveHigh
10File/plugins/Dashboard/Controller.phppredictiveHigh
11File/signup.phppredictiveMedium
12File/storage/app/media/evil.svgpredictiveHigh
13File/uncpath/predictiveMedium
14File/usr/lpp/mmfs/bin/predictiveHigh
15Filexxxxxxx.xxxpredictiveMedium
16Filexxxxx.xxxpredictiveMedium
17Filexxxxx.xxxpredictiveMedium
18Filexxxxx/xxxxx_xxxxx.xxxpredictiveHigh
19Filexxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxxxxxxxxx/xxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
21Filexxxxxxxxxxxx/xxxxxxxxx/xxx/xxxxx.xxxpredictiveHigh
22Filexxxxxxxxxxxx.xxxpredictiveHigh
23Filexxxxxxx/xxxxxx.xpredictiveHigh
24Filexxxxxxxxx.xxxpredictiveHigh
25Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
26Filexxxxxx/xxx.xpredictiveMedium
27Filexxx.xxxxxxx.xxxpredictiveHigh
28Filexxxxxxx_xxx.xxxpredictiveHigh
29Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
30Filexxx.xxxpredictiveLow
31Filexxxxxxxxxxxx.xxxpredictiveHigh
32Filexxxx-xxxxxxxx-xxxxxx.xxxpredictiveHigh
33Filexxxxx.xxxpredictiveMedium
34Filexxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxxxx.xxxpredictiveHigh
36Filexx_xxx_xx.xpredictiveMedium
37Filexxx.xxpredictiveLow
38Filexxx/xxxxxx.xxxpredictiveHigh
39Filexxx/xxxxx/xxxx-xxxxxxxx.xxxpredictiveHigh
40Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
41Filexxxxx.xxxxpredictiveMedium
42Filexxxxx.xxxpredictiveMedium
43Filexxxx/xx.xxxpredictiveMedium
44Filexxxxxxx.xxxpredictiveMedium
45Filexxxxxxxx.xxxpredictiveMedium
46Filexx_xxxx.xpredictiveMedium
47Filexxxxxx_xxxxxxx.xxxpredictiveHigh
48Filexx/xxxxx/xxxxxxx/xxxx.xxpredictiveHigh
49Filexxxxxxx.xxxpredictiveMedium
50Filexxxxxxx\xxxxxxxxxx.xxxpredictiveHigh
51Filexxxxx.xxxpredictiveMedium
52Filexxxxxxxx.xxxpredictiveMedium
53Filexxxxxxxx_xx.xxxpredictiveHigh
54Filexxxxxxxx_xxxx.xxxpredictiveHigh
55Filexxxxxxxxxx.xxxpredictiveHigh
56Filexxxx-xxxxxx.xpredictiveHigh
57Filexxxxxxxx.xxxpredictiveMedium
58Filexxxxxxx:xxxxxxxxxxxxxxxxpredictiveHigh
59Filexxxxxxxxx/xxxxxxxxxxpredictiveHigh
60Filexxxx-xxxxxxxx.xxxpredictiveHigh
61Filexx_xxxx/xx/predictiveMedium
62Filexxxxxx.xxxpredictiveMedium
63Filexxxx.xxxpredictiveMedium
64Filexxxx_xxx.xxxpredictiveMedium
65Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
66Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxx-xxxxxx-xxxxxpredictiveHigh
67Filexx-xxxxx/xxxxxxxx/xxxxx-xxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
68Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
69Filexx-xxxxx.xxxpredictiveMedium
70Filexxxxxxx.xpredictiveMedium
71FilexxxxxxxpredictiveLow
72Filexxxx.xxpredictiveLow
73Libraryx:/xxxxxxx xxxxx/xxxxx/xxxxxxx.xxxpredictiveHigh
74Libraryxxxxxxxxxx.xxxpredictiveHigh
75Libraryxxxxxx.xxxpredictiveMedium
76Libraryxxxxxxxx.xxxpredictiveMedium
77Libraryxxx/xxx/xx/xxx/xxxxxx.xxxxxxxxxxx.xxpredictiveHigh
78ArgumentxxxxxxxxxxxxpredictiveMedium
79ArgumentxxxxxxxxpredictiveMedium
80Argumentxxxxxxxx xxxxpredictiveHigh
81ArgumentxxxxxpredictiveLow
82ArgumentxxxxxxxxxxxpredictiveMedium
83ArgumentxxxpredictiveLow
84ArgumentxxxxxxxxxxxxxxxpredictiveHigh
85Argumentxxxxxxx_xxxxxx_xxpredictiveHigh
86ArgumentxxxxxxxxxxxxpredictiveMedium
87ArgumentxxxxxxxxxpredictiveMedium
88ArgumentxxxxxxxxpredictiveMedium
89ArgumentxxxxxxpredictiveLow
90Argumentxx_xxxxx_xxpredictiveMedium
91ArgumentxxxxpredictiveLow
92ArgumentxxxxxxxxpredictiveMedium
93Argumentxxxxxx_xxxxx_xxxpredictiveHigh
94ArgumentxxxxxxpredictiveLow
95Argumentxxxx_xxpredictiveLow
96ArgumentxxpredictiveLow
97ArgumentxxpredictiveLow
98Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictiveHigh
99ArgumentxxxxpredictiveLow
100Argumentxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxx/xxxxxpredictiveHigh
101Argumentxx_xxxxxpredictiveMedium
102ArgumentxxpredictiveLow
103Argumentxxxxxxx[xxxxxx_xxxxx]predictiveHigh
104Argumentxxxx xxxxxpredictiveMedium
105ArgumentxxxxxpredictiveLow
106Argumentxxxx_xxxxxpredictiveMedium
107ArgumentxxxxxxxxxxxxxxxpredictiveHigh
108Argumentxxxxxxx_xx_xxxxpredictiveHigh
109ArgumentxxxpredictiveLow
110Argumentxxxxxxx/xxxx/xxxxxxxxxxxpredictiveHigh
111ArgumentxxxxpredictiveLow
112ArgumentxxxxxxxpredictiveLow
113ArgumentxxxxxxxpredictiveLow
114ArgumentxxxxxxxxxxxpredictiveMedium
115ArgumentxxxxxxxxxpredictiveMedium
116ArgumentxxxxxxxxxpredictiveMedium
117ArgumentxxxxpredictiveLow
118ArgumentxxxxxxxxpredictiveMedium
119Argument__xxxxxxxxxpredictiveMedium
120Input Value%xx%xxxxx%xx/xxx/xxxxxx%xx%xxpredictiveHigh
121Input Value<xxxxxx>xxxxx("xxx")</xxxxxx>predictiveHigh
122Network PortxxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!