Agrius Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (486)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en422
fr14
de10
ru8
pl6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA242
RU: Russia36
IR: Iran10
GB: Great Britain8
IE: Ireland6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Agrius13
Cobalt Strike2
Bashlite1
Mirai1
SpeakUp1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined152
Content Management System26
Operating System18
Smartphone Operating System14
Groupware Software10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined114
Microsoft20
Samsung10
Google10
SourceCodester8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows8
Atlassian JIRA6
Google Android6
Microsoft Exchange Server6
Trend Micro Apex One4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.24CVE-2010-0966
3TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.042770.69CVE-2006-6168
4Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot definedOfficial fixexpected0.911381.03CVE-2020-15906
5LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot definedUnavailable 0.000000.32
6CodeAstro Hospital Management System Add Laboratory Equipment Page his_admin_add_lab_equipment.php cross site scripting4.14.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.000740.04CVE-2024-11676
7PSAUX CyberPanel File Manager upload ProcessUtilities.outputExecutioner os command injection9.99.7$0-$5k$0-$5kNot definedOfficial fixexpected0.881130.05CVE-2024-51568
8SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot definedOfficial fix 0.023051.01CVE-2022-28959
9kurniaramadhan E-Commerce-PHP Create Product Page create_product.php cross site scripting2.42.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000140.02CVE-2024-13205
10Article Directory Plugin Setting cross site scripting4.14.1$0-$5kCalculatingNot definedNot defined 0.000770.00CVE-2023-0422
11Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot definedNot defined 0.000000.30
12PHP Outburst Easynews admin.php memory corruption7.36.9$0-$5k$0-$5kProof-of-ConceptUnavailable 0.072110.02CVE-2006-5412
13Kenj_Frog 肯尼基蛙 company-financial-management 公司财务管理系统 ShangpinleixingController.java page sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.000290.04CVE-2025-3318
14Microsoft Windows Win32k out-of-bounds write7.87.6$25k-$100k$5k-$25kAttackedOfficial fixverified0.305650.00CVE-2021-28310
15H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request setsyncpppoecfg FCGI_WizardProtoProcess command injection8.07.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.016990.02CVE-2025-3543
16Booking for Appointments and Events Calendar – Amelia Plugin wpAmeliaApiCall information disclosure5.35.2$0-$5k$0-$5kNot definedNot defined 0.000610.06CVE-2025-2578
17IBM UrbanCode Velocity/DevOps Velocity web browser cache containing sensitive information3.63.6$0-$5k$0-$5kNot definedOfficial fix 0.000480.07CVE-2024-22349
18LotusCMS Fraise index.php path traversal5.65.6$0-$5k$0-$5kHighNot definedpossible0.630600.06CVE-2011-0518
19Tikiwiki Error Message tiki-listpages.php information disclosure5.35.1$0-$5k$0-$5kHighOfficial fixpossible0.563880.07CVE-2006-5702
20CodeAstro Hospital Management System Add Patient Details Page his_admin_register_patient.php cross site scripting4.14.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.000550.06CVE-2024-11675

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Israel

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.2.67.85mail.astrilll.comAgrius06/01/2021verifiedLow
25.2.73.67Agrius06/01/2021verifiedLow
337.59.236.23237.59.236.232.rdns.hasaserver.comAgrius06/01/2021verifiedLow
437.120.238.15Agrius06/01/2021verifiedLow
5XX.XX.XX.Xxxx.xx-xx-xx-xx.xxXxxxxx06/01/2021verifiedLow
6XX.XXX.XX.XXXxxxxx06/01/2021verifiedLow
7XX.XXX.XX.XXXXxxxxxXxxxxx11/09/2023verifiedHigh
8XX.XXX.XX.XXXxxxxx06/01/2021verifiedLow
9XX.XXX.XXX.XXXXxxxxxXxxxxx11/09/2023verifiedHigh
10XX.XXX.XXX.XXXXxxxxx06/01/2021verifiedLow
11XXX.XXX.XXX.XXXxxx.xxxxxxXxxxxxXxxxxx11/09/2023verifiedHigh
12XXX.XXX.XX.XXXxxxxxXxxxxx11/09/2023verifiedHigh
13XXX.XXX.XX.XXXxxxxxXxxxxx11/09/2023verifiedHigh
14XXX.XXX.XX.XXxxxxxx.xxx-xxxx.xxXxxxxx06/01/2021verifiedVery Low
15XXX.XXX.XX.XXxxxx.xxxxxxx.xxxXxxxxx06/01/2021verifiedLow
16XXX.XXX.XXX.XXXxxxxx06/01/2021verifiedLow
17XXX.XXX.XXX.XXXxxxxxxxxxxx.xxxxxx.xxxXxxxxx06/01/2021verifiedLow
18XXX.XX.XX.XXXXxxxxxXxxxxx11/09/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-XCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
18TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
20TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
21TXXXX.XXXCWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
22TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (176)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/?page=purchase_order/view_popredictiveHigh
2File/admin/chatroom.phppredictiveHigh
3File/admin/create_product.phppredictiveHigh
4File/admin/maintenance/view_designation.phppredictiveHigh
5File/admin/publishnews.phppredictiveHigh
6File/admin/templatepredictiveHigh
7File/api/wizard/setsyncpppoecfgpredictiveHigh
8File/auth/registerpredictiveHigh
9File/auth/userkey/logout.phppredictiveHigh
10File/backend/admin/his_admin_add_lab_equipment.phppredictiveHigh
11File/backend/admin/his_admin_register_patient.phppredictiveHigh
12File/cgi-bin/kerbynetpredictiveHigh
13File/damicms-master/admin.php?s=/Article/doeditpredictiveHigh
14File/etc/quaggapredictiveMedium
15File/filemanager/uploadpredictiveHigh
16File/forum/away.phppredictiveHigh
17File/fossasia/open-event-server/blob/development/app/api/helpers/mail.pypredictiveHigh
18File/index.php/dashboard/savepredictiveHigh
19File/main?cmd=invalid_browserpredictiveHigh
20File/opt/IBM/es/lib/libffq.cryptionjni.sopredictiveHigh
21File/pda/workflow/check_seal.phppredictiveHigh
22File/xxx/xxxxxxxxxxxxx.xxpredictiveHigh
23File/xxxxxxx/xxxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
24File/xxxxxxxx.xxxpredictiveHigh
25File/xxxxxx-xxxxxx.xxxpredictiveHigh
26File/xxxxxx.xxxpredictiveMedium
27File/xxxxx-xxx/xxxxxxxx/xxxxx-xxxx-xxxxxxxxxxpredictiveHigh
28File/xxxx.xxxpredictiveMedium
29File/xxxxxxx/xxx/xxxxx/xxxx.xxxpredictiveHigh
30File/xxxxxxx/xxxxxxx_xxxxxxxxx/xxxxxxx_xxxxxxxxx.xxxpredictiveHigh
31File/xxxxxxx/predictiveMedium
32File/xxxx_xxxxxx_xxxxxxxx_xxxxx.xxxpredictiveHigh
33File/xxx/xxx/xxxx/xxx/predictiveHigh
34File/xxxxxxxx/xxx/xxxxxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxx.xxxpredictiveMedium
36Filexxxxx.xxxpredictiveMedium
37Filexxxxx.xxxpredictiveMedium
38Filexxxxx/xxxxx_xxxxx.xxxpredictiveHigh
39Filexxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
40Filexxxxxxxxxxx/xxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
41Filexxxxxxxxxxxx/xxxxxxxxx/xxx/xxxxx.xxxpredictiveHigh
42Filexxxxxxxxxxxx.xxxpredictiveHigh
43Filexxxxxxx/xxxxxx.xpredictiveHigh
44Filexxxxxxxxx.xxxpredictiveHigh
45Filexxxxxxxxxxxxxx.xxxpredictiveHigh
46Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
47Filexxxxxx/xxx.xpredictiveMedium
48Filexxx.xxxxxxx.xxxpredictiveHigh
49Filexxxxxxx_xxx.xxxpredictiveHigh
50Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
51Filexxx.xxxpredictiveLow
52Filexxxxxxxxxxxx.xxxpredictiveHigh
53Filexxxx-xxxxxxxx-xxxxxx.xxxpredictiveHigh
54Filexxxxx.xxxpredictiveMedium
55Filexxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
56Filexxxxxxxxx.xxxpredictiveHigh
57Filexx_xxx_xx.xpredictiveMedium
58Filexxx.xxpredictiveLow
59Filexxx/xxxxxx.xxxpredictiveHigh
60Filexxx/xxxxx/xxxx-xxxxxxxx.xxxpredictiveHigh
61Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
62Filexxxxx.xxxxpredictiveMedium
63Filexxxxx.xxxpredictiveMedium
64Filexxxxxxx/xx_xxxxxxx/xx_xxxxxx.xpredictiveHigh
65Filexxxx/xx.xxxpredictiveMedium
66Filexxxxxxx.xxxpredictiveMedium
67Filexxxxxxxx.xxxpredictiveMedium
68Filexx_xxxx.xpredictiveMedium
69Filexxxxxx_xxxxxxx.xxxpredictiveHigh
70Filexx/xxxxx/xxxxxxx/xxxx.xxpredictiveHigh
71Filexxxxxxx.xxxpredictiveMedium
72Filexxxx.xxxpredictiveMedium
73Filexxxxx_xxxxxxxx_xxxxx.xxxpredictiveHigh
74Filexxxxxxx\xxxxxxxxxx.xxxpredictiveHigh
75Filexxxxxxx.xxxpredictiveMedium
76Filexxxxx.xxxpredictiveMedium
77Filexxxxxxxx.xxxpredictiveMedium
78Filexxxxxxxx_xx.xxxpredictiveHigh
79Filexxxxxxxx_xxxx.xxxpredictiveHigh
80Filexxxxxxxxxx.xxxpredictiveHigh
81Filexxxx-xxxxxx.xpredictiveHigh
82Filexxxxxxxx.xxxpredictiveMedium
83Filexxxxxxx:xxxxxxxxxxxxxxxxpredictiveHigh
84Filexxx/xxxx/xxxx/xxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
85Filexxxxxxxxx/xxxxxxxxxxpredictiveHigh
86Filexxxxxxxx.xxxpredictiveMedium
87Filexxxx-xxxxx.xxxpredictiveHigh
88Filexxxx-xxxxxxxxx.xxxpredictiveHigh
89Filexxxx-xxxxx.xxxpredictiveHigh
90Filexxxx-xxxxxxxx.xxxpredictiveHigh
91Filexx_xxxx/xx/predictiveMedium
92Filexxxxxx.xxxpredictiveMedium
93Filexxxxx/xxxxx.xxxpredictiveHigh
94Filexxxx.xxxpredictiveMedium
95Filexxxx_xxx.xxxpredictiveMedium
96Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
97Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxx-xxxxxx-xxxxxpredictiveHigh
98Filexx-xxxxx/xxxxxxxx/xxxxx-xxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
99Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
100Filexx-xxxxx.xxxpredictiveMedium
101Filexxxxxxx.xpredictiveMedium
102FilexxxxxxxpredictiveLow
103Filexxxx.xxpredictiveLow
104Libraryx:/xxxxxxx xxxxx/xxxxx/xxxxxxx.xxxpredictiveHigh
105Libraryxxxx/xxx/xxxxxx.xxxpredictiveHigh
106Libraryxxxxxxxxxx.xxxpredictiveHigh
107Libraryxxxxxx.xxxpredictiveMedium
108Libraryxxxxxxxx.xxxpredictiveMedium
109Libraryxxx/xxx/xx/xxx/xxxxxx.xxxxxxxxxxx.xxpredictiveHigh
110ArgumentxxxxxxxxxxxxpredictiveMedium
111Argumentxxxxxxx_xxxxxxpredictiveHigh
112ArgumentxxxxxxxpredictiveLow
113ArgumentxxxxxxxxpredictiveMedium
114Argumentxxxxxxxx xxxxpredictiveHigh
115ArgumentxxxxxpredictiveLow
116ArgumentxxxxxxxxxxxpredictiveMedium
117ArgumentxxxpredictiveLow
118ArgumentxxxxxxxxxxxxxxxpredictiveHigh
119Argumentxxxxxxx_xxxxxx_xxpredictiveHigh
120Argumentx_xxxx_xxxxxxpredictiveHigh
121ArgumentxxxxxxxxxxxxpredictiveMedium
122ArgumentxxxxxxxxxpredictiveMedium
123Argumentx/xxxxpredictiveLow
124ArgumentxxxxxxxxpredictiveMedium
125ArgumentxxxxxxpredictiveLow
126Argumentxx_xxxxx_xxpredictiveMedium
127Argumentxxx_xxxx/xxx_xxxx/xxx_xxxxxx/xxx_xxxx/xxx_xxxx/xxx_xxxxxx/xxx_xxxpredictiveHigh
128ArgumentxxxxpredictiveLow
129ArgumentxxxxxxxxpredictiveMedium
130Argumentxxxxxx_xxxxx_xxxpredictiveHigh
131ArgumentxxxxxxpredictiveLow
132Argumentxxxx_xxpredictiveLow
133ArgumentxxpredictiveLow
134ArgumentxxpredictiveLow
135ArgumentxxpredictiveLow
136ArgumentxxxxxpredictiveLow
137Argumentxxx_xxxxxxxxpredictiveMedium
138Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictiveHigh
139ArgumentxxxxpredictiveLow
140Argumentxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxx/xxxxxpredictiveHigh
141Argumentxx_xxxxxpredictiveMedium
142ArgumentxxxxpredictiveLow
143ArgumentxxxxxxxxxxxxxxpredictiveHigh
144ArgumentxxpredictiveLow
145ArgumentxxxxxxpredictiveLow
146Argumentxxxxxxx[xxxxxx_xxxxx]predictiveHigh
147Argumentxxxx xxxxxpredictiveMedium
148ArgumentxxxxxpredictiveLow
149Argumentxxxx_xxxxxpredictiveMedium
150Argumentxxx_xxxxx/xxx_xxxxxxx/xxx_xxxxx/xxx_xxx/xxx_xxx/xxx_xxxxxx/xxx_xxxxx/xxx_xxxx/xxx_xxxxpredictiveHigh
151Argumentxxxxxxx_xxpredictiveMedium
152ArgumentxxxxxxxxxxxxxxxpredictiveHigh
153Argumentxxxxxxx_xx_xxxxpredictiveHigh
154Argumentxxxxxxx_xxxxx_xxxxpredictiveHigh
155ArgumentxxxpredictiveLow
156ArgumentxxxxxxpredictiveLow
157Argumentxxxxxxx/xxxx/xxxxxxxxxxxpredictiveHigh
158ArgumentxxxxpredictiveLow
159ArgumentxxxxpredictiveLow
160ArgumentxxxxxxxpredictiveLow
161Argumentxxxx_xxxxpredictiveMedium
162ArgumentxxxxxxpredictiveLow
163ArgumentxxxxxxxpredictiveLow
164ArgumentxxxxxxxxxxxpredictiveMedium
165Argumentxxxxxxxxxx_xxxxxxxx/xxxxxx_xxxxxxxx/xxxxxx_xxxxxxxxpredictiveHigh
166Argumentxxxxxxxx_xxxxpredictiveHigh
167ArgumentxxxxxxxxxpredictiveMedium
168ArgumentxxxxxxxxxpredictiveMedium
169ArgumentxxxxpredictiveLow
170ArgumentxxxxxxxxpredictiveMedium
171Argument__xxxxxxxxxpredictiveMedium
172Input Value%xx%xxxxx%xx/xxx/xxxxxx%xx%xxpredictiveHigh
173Input Valuexxxxxxxxx--><xxxxxx%xx>xxxxx(xxxx)</xxxxxx><!--predictiveHigh
174Input Value<xxxxxx>xxxxx("xxx")</xxxxxx>predictiveHigh
175Input Valuexxxxxx%xx+xx+%xxx%xx+%xx+%xxx%xx+--+-predictiveHigh
176Network PortxxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!