Agrius Analysis

IOB - Indicator of Behavior (346)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en304
de10
es8
fr8
sv6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us138
ru26
ir8
sv6
gb6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Agrius10
Candiru1
SpeakUp1
Pony1
Kuluoz1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined116
Content Management System20
Smartphone Operating System14
Operating System14
Groupware Software12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined108
Microsoft26
Samsung10
Apple8
Mozilla4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows12
Microsoft Exchange Server6
Mozilla Firefox4
Devilz Clanportal4
Joomla CMS4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$10k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$2k-$5k$0-$1kProof-of-ConceptOfficial Fix0.760.04187CVE-2010-0966
3PHP Outburst Easynews admin.php memory corruption7.36.7$2k-$5k$0-$1kProof-of-ConceptUnavailable0.080.07437CVE-2006-5412
4Microsoft Windows Win32k Local Privilege Escalation7.87.2$50k-$100k$5k-$10kFunctionalOfficial Fix0.020.01150CVE-2021-28310
5Popup Maker Plugin Shortcode Attribute cross site scripting3.53.4$1k-$2k$0-$1kNot DefinedOfficial Fix0.020.00885CVE-2022-4362
6Huawei HG8245H URL information disclosure7.47.1$10k-$25kCalculatingNot DefinedOfficial Fix0.000.00885CVE-2017-15328
7Redis dbghelp.dll uncontrolled search path [Disputed]7.57.3$1k-$2k$0-$1kProof-of-ConceptNot Defined0.070.00885CVE-2022-3734
8Apple Mac OS X Server Wiki Server cross site scripting4.34.3$5k-$10k$0-$1kNot DefinedNot Defined0.080.01319CVE-2009-2814
9WordPress WP_Query sql injection6.36.2$5k-$10k$0-$1kNot DefinedOfficial Fix0.030.11157CVE-2022-21661
10Microsoft Exchange Server Remote Code Execution8.37.3$50k-$100k$5k-$10kUnprovenOfficial Fix0.050.04844CVE-2021-31198
11YaBB yabb.pl cross site scripting4.34.1$1k-$2k$0-$1kProof-of-ConceptNot Defined0.010.01213CVE-2004-2402
12Apple M1 Register s3_5_c15_c10_1 M1RACLES access control8.88.8$10k-$25k$10k-$25kNot DefinedNot Defined0.000.00000CVE-2021-30747
13Devilz Clanportal sql injection7.37.0$2k-$5kCalculatingHighOfficial Fix0.020.01139CVE-2006-6339
14Microsoft SharePoint Server Privilege Escalation6.05.3$10k-$25k$0-$1kUnprovenOfficial Fix0.000.01967CVE-2021-31963
15lodash Template command injection4.74.7$1k-$2k$0-$1kNot DefinedOfficial Fix0.040.04106CVE-2021-23337
16Spring Cloud Config spring-cloud-config-server path traversal6.46.1$1k-$2k$0-$1kNot DefinedOfficial Fix0.040.90940CVE-2020-5410
17Rittal PDU-3C002DEC/CMCIII-PU-9333E0FB os command injection7.57.5$2k-$5k$1k-$2kNot DefinedNot Defined0.060.01086CVE-2020-11953
18MyBB Sendthread Page sendthread.php denial of service5.34.8$5k-$10k$0-$1kProof-of-ConceptUnavailable0.010.00000
19Microsoft Windows SMB input validation7.77.1$50k-$100k$0-$1kHighOfficial Fix0.250.93222CVE-2017-0143
20Palo Alto PAN-OS CLI command injection6.56.3$1k-$2k$0-$1kNot DefinedOfficial Fix0.050.01005CVE-2020-1980

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.2.67.85mail.astrilll.comAgriusverifiedHigh
25.2.73.67AgriusverifiedHigh
337.59.236.23237.59.236.232.rdns.hasaserver.comAgriusverifiedHigh
4XX.XXX.XXX.XXXxxxxxverifiedHigh
5XX.XX.XX.Xxxx.xx-xx-xx-xx.xxXxxxxxverifiedHigh
6XX.XXX.XX.XXXxxxxxverifiedHigh
7XX.XXX.XX.XXXxxxxxverifiedHigh
8XX.XXX.XXX.XXXXxxxxxverifiedHigh
9XXX.XXX.XX.XXxxxxxx.xxx-xxxx.xxXxxxxxverifiedHigh
10XXX.XXX.XX.XXxxxx.xxxxxxx.xxxXxxxxxverifiedHigh
11XXX.XXX.XXX.XXXxxxxxverifiedHigh
12XXX.XXX.XXX.XXXxxxxxxxxxxx.xxxxxx.xxxXxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22, CWE-23Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-88, CWE-94Cross Site ScriptingpredictiveHigh
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
14TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
18TXXXXCWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
19TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (101)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/auth/registerpredictiveHigh
2File/cgi-bin/kerbynetpredictiveHigh
3File/damicms-master/admin.php?s=/Article/doeditpredictiveHigh
4File/etc/quaggapredictiveMedium
5File/main?cmd=invalid_browserpredictiveHigh
6File/opt/IBM/es/lib/libffq.cryptionjni.sopredictiveHigh
7File/pdf/InfoOutputDev.ccpredictiveHigh
8File/plugins/Dashboard/Controller.phppredictiveHigh
9File/storage/app/media/evil.svgpredictiveHigh
10File/uncpath/predictiveMedium
11File/usr/lpp/mmfs/bin/predictiveHigh
12Fileadmin.asppredictiveMedium
13Filexxxxx.xxxpredictiveMedium
14Filexxxxx/xxxxx_xxxxx.xxxpredictiveHigh
15Filexxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxxxxxxx/xxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
17Filexxxxxxxxxxxx/xxxxxxxxx/xxx/xxxxx.xxxpredictiveHigh
18Filexxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxxxx/xxxxxx.xpredictiveHigh
20Filexxxxxxxxx.xxxpredictiveHigh
21Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
22Filexxxxxx/xxx.xpredictiveMedium
23Filexxx.xxxxxxx.xxxpredictiveHigh
24Filexxxxxxx_xxx.xxxpredictiveHigh
25Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
26Filexxx.xxxpredictiveLow
27Filexxxxxxxxxxxx.xxxpredictiveHigh
28Filexxxx-xxxxxxxx-xxxxxx.xxxpredictiveHigh
29Filexxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
30Filexxxxxxxxx.xxxpredictiveHigh
31Filexx_xxx_xx.xpredictiveMedium
32Filexxx/xxxxxx.xxxpredictiveHigh
33Filexxx/xxxxx/xxxx-xxxxxxxx.xxxpredictiveHigh
34Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
35Filexxxxx.xxxpredictiveMedium
36Filexxxx/xx.xxxpredictiveMedium
37Filexxxxxxx.xxxpredictiveMedium
38Filexxxxxxxx.xxxpredictiveMedium
39Filexx_xxxx.xpredictiveMedium
40Filexxxxxx_xxxxxxx.xxxpredictiveHigh
41Filexx/xxxxx/xxxxxxx/xxxx.xxpredictiveHigh
42Filexxxxxxx.xxxpredictiveMedium
43Filexxxxxxxx.xxxpredictiveMedium
44Filexxxxxxxx_xxxx.xxxpredictiveHigh
45Filexxxxxxxxxx.xxxpredictiveHigh
46Filexxxx-xxxxxx.xpredictiveHigh
47Filexxxxxxxx.xxxpredictiveMedium
48Filexxxxxxx:xxxxxxxxxxxxxxxxpredictiveHigh
49Filexx_xxxx/xx/predictiveMedium
50Filexxxx.xxxpredictiveMedium
51Filexxxx_xxx.xxxpredictiveMedium
52Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
53Filexx-xxxxx/xxxxxxxx/xxxxx-xxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
54Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
55Filexx-xxxxx.xxxpredictiveMedium
56Filexxxxxxx.xpredictiveMedium
57FilexxxxxxxpredictiveLow
58Filexxxx.xxpredictiveLow
59Libraryx:/xxxxxxx xxxxx/xxxxx/xxxxxxx.xxxpredictiveHigh
60Libraryxxxxxxxxxx.xxxpredictiveHigh
61Libraryxxxxxxxx.xxxpredictiveMedium
62Libraryxxx/xxx/xx/xxx/xxxxxx.xxxxxxxxxxx.xxpredictiveHigh
63ArgumentxxxxxxxxxxxxpredictiveMedium
64ArgumentxxxxxxxxpredictiveMedium
65Argumentxxxxxxxx xxxxpredictiveHigh
66ArgumentxxxxxpredictiveLow
67ArgumentxxxxxxxxxxxpredictiveMedium
68ArgumentxxxpredictiveLow
69ArgumentxxxxxxxxxxxxxxxpredictiveHigh
70ArgumentxxxxxxxxxxxxpredictiveMedium
71ArgumentxxxxxxpredictiveLow
72Argumentxx_xxxxx_xxpredictiveMedium
73ArgumentxxxxpredictiveLow
74ArgumentxxxxxxxxpredictiveMedium
75Argumentxxxxxx_xxxxx_xxxpredictiveHigh
76ArgumentxxxxxxpredictiveLow
77ArgumentxxpredictiveLow
78ArgumentxxpredictiveLow
79Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictiveHigh
80ArgumentxxxxpredictiveLow
81Argumentxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxx/xxxxxpredictiveHigh
82Argumentxx_xxxxxpredictiveMedium
83ArgumentxxpredictiveLow
84Argumentxxxxxxx[xxxxxx_xxxxx]predictiveHigh
85Argumentxxxx xxxxxpredictiveMedium
86ArgumentxxxxxpredictiveLow
87Argumentxxxx_xxxxxpredictiveMedium
88ArgumentxxxxxxxxxxxxxxxpredictiveHigh
89Argumentxxxxxxx_xx_xxxxpredictiveHigh
90ArgumentxxxpredictiveLow
91Argumentxxxxxxx/xxxx/xxxxxxxxxxxpredictiveHigh
92ArgumentxxxxpredictiveLow
93ArgumentxxxxxxxpredictiveLow
94ArgumentxxxxxxxpredictiveLow
95ArgumentxxxxxxxxxxxpredictiveMedium
96ArgumentxxxxxxxxxpredictiveMedium
97ArgumentxxxxxxxxxpredictiveMedium
98ArgumentxxxxpredictiveLow
99ArgumentxxxxxxxxpredictiveMedium
100Argument__xxxxxxxxxpredictiveMedium
101Input Value%xx%xxxxx%xx/xxx/xxxxxx%xx%xxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!