Aland Unknown Analysis

IOB - Indicator of Behavior (465)

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en405
fr19
de13
es13
ar5

Country

us316
fi20
es18
fr14
il14

Actors

DPRK196

Activities

Interest

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

Not Defined139
Content Management System35
Web Server17
Database Software15
Programming Language Software15

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Vendor

Not Defined136
Microsoft19
Oracle19
Cisco11
Apache10

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

WordPress11
Oracle MySQL Server9
PHP8
Apache HTTP Server6
Microsoft Windows5

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$10k-$25k$0-$1kHighWorkaround0.040.04187CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$2k-$5k$0-$1kProof-of-ConceptOfficial Fix0.480.04187CVE-2010-0966
3LogicBoard CMS away.php redirect6.36.1$2k-$5k$1k-$2kNot DefinedUnavailable0.300.00000
4OpenSSH Authentication Username information disclosure5.34.8$10k-$25k$0-$1kHighOfficial Fix0.530.49183CVE-2016-6210
5Serendipity exit.php privileges management6.36.0$2k-$5k$0-$1kProof-of-ConceptNot Defined0.190.00000
6vBulletin redirector.php6.66.6$2k-$5k$0-$1kNot DefinedNot Defined0.270.00885CVE-2018-6200
7Ecommerce Online Store Kit shop.php sql injection9.89.4$2k-$5k$0-$1kNot DefinedOfficial Fix0.040.04386CVE-2004-0300
8Maran PHP Shop prod.php sql injection7.37.3$2k-$5k$0-$1kHighUnavailable0.040.00986CVE-2008-4879
9Microsoft IIS cross site scripting5.24.7$10k-$25k$0-$1kProof-of-ConceptOfficial Fix0.720.25090CVE-2017-0055
10Apache Struts MultiPageValidator input validation7.57.2$10k-$25k$10k-$25kNot DefinedOfficial Fix0.070.05857CVE-2015-0899
11SPIP spip.php cross site scripting3.53.4$0-$1k$0-$1kNot DefinedOfficial Fix0.230.01018CVE-2022-28959
12Bitrix Site Manager redirect.php link following5.34.7$2k-$5k$0-$1kUnprovenUnavailable0.380.01055CVE-2008-2052
13OpenBB read.php sql injection7.37.0$2k-$5k$0-$1kNot DefinedOfficial Fix1.060.00986CVE-2005-1612
14Woocommerce cross site scripting3.53.4$0-$1k$0-$1kNot DefinedOfficial Fix0.000.00885CVE-2021-24323
15UAEPD Shopping Cart Script products.php sql injection7.37.1$2k-$5k$0-$1kHighUnavailable0.080.02800CVE-2014-1618
16nginx request smuggling6.96.9$2k-$5k$0-$1kNot DefinedNot Defined3.360.00000CVE-2020-12440
17Elementor Pro Plugin customize.php elementor-edit-template cross site scripting5.24.9$0-$1k$0-$1kNot DefinedOfficial Fix0.040.00954CVE-2018-18379
18Engine.IO POST Request EventEmitter resource consumption4.34.3$0-$1k$0-$1kNot DefinedOfficial Fix0.040.00954CVE-2020-36048
19Cisco Linksys EA2700 URL information disclosure4.34.1$10k-$25k$0-$1kProof-of-ConceptUnavailable0.070.00000
20Oracle FLEXCUBE Direct Banking Jasper Project access control6.15.8$10k-$25k$0-$1kNot DefinedOfficial Fix0.070.00885CVE-2019-2549

IOC - Indicator of Compromise (26)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.62.61.248r-248-61-62-5.consumer-pool.prcdn.netAland UnknownverifiedHigh
25.62.63.244r-244-63-62-5.consumer-pool.prcdn.netAland UnknownverifiedHigh
345.12.70.15straggler.get-eye.comAland UnknownverifiedHigh
445.12.71.15Aland UnknownverifiedHigh
546.36.201.221Aland UnknownverifiedHigh
646.36.201.222Aland UnknownverifiedHigh
7XX.XX.XXX.XXXXxxxx XxxxxxxverifiedHigh
8XX.XXX.X.XXxxxx XxxxxxxverifiedHigh
9XX.XXX.XXX.XXxxxx XxxxxxxverifiedHigh
10XX.XXX.XXX.XXxxxx XxxxxxxverifiedHigh
11XXX.XX.XXX.XXxxxx XxxxxxxverifiedHigh
12XXX.XX.XXX.XXxxxx XxxxxxxverifiedHigh
13XXX.XXX.X.XXxxxx XxxxxxxverifiedHigh
14XXX.XXX.XX.XXxxxx XxxxxxxverifiedHigh
15XXX.XX.XX.XXXxxxx XxxxxxxverifiedHigh
16XXX.XX.XXX.XXXxxxx XxxxxxxverifiedHigh
17XXX.XX.XXX.XXxxxx XxxxxxxverifiedHigh
18XXX.XXX.XXX.XXxxxx XxxxxxxverifiedHigh
19XXX.XXX.XXX.XXxxxx XxxxxxxverifiedHigh
20XXX.XXX.X.XXxxxx XxxxxxxverifiedHigh
21XXX.XXX.XXX.XXxxxx XxxxxxxverifiedHigh
22XXX.XX.XXX.Xxxx-xx-xxx-x.xxx.xxXxxxx XxxxxxxverifiedHigh
23XXX.XXX.XX.XXxxxx XxxxxxxverifiedHigh
24XXX.XXX.XX.Xxxx-xxx-xx-x.xxxxxxxx.xxxxx.xxxXxxxx XxxxxxxverifiedHigh
25XXX.XXX.XX.XXxxxx XxxxxxxverifiedHigh
26XXX.XX.XXX.XXxxxx XxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Pathname TraversalpredictiveHigh
2T1040CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74InjectionpredictiveHigh
4T1059CWE-88, CWE-94Cross Site ScriptingpredictiveHigh
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCWE-XX, CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (227)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/acms/admin/cargo_types/view_cargo_type.phppredictiveHigh
3File/admin/addemployee.phppredictiveHigh
4File/admin/index.phppredictiveHigh
5File/apilog.phppredictiveMedium
6File/appliance/users?action=editpredictiveHigh
7File/filemanager/upload.phppredictiveHigh
8File/forum/away.phppredictiveHigh
9File/html/portal/flash.jsppredictiveHigh
10File/if.cgipredictiveLow
11File/mifs/c/i/reg/reg.htmlpredictiveHigh
12File/modules/profile/index.phppredictiveHigh
13File/news.dtl.phppredictiveHigh
14File/see_more_details.phppredictiveHigh
15File/services/details.asppredictiveHigh
16File/setuppredictiveLow
17File/spip.phppredictiveMedium
18File/uncpath/predictiveMedium
19File/var/log/nginxpredictiveHigh
20File/VPortal/mgtconsole/Subscriptions.jsppredictiveHigh
21File/wp-content/plugins/updraftplus/admin.phppredictiveHigh
22Fileact.phppredictiveLow
23Fileadclick.phppredictiveMedium
24FileadminpredictiveLow
25Fileadmin.phppredictiveMedium
26Fileadmin/adminsignin.htmlpredictiveHigh
27Fileadmin/movieview.phppredictiveHigh
28Fileadmin/versions.htmlpredictiveHigh
29Filexxxx_xxxxx.xxxpredictiveHigh
30Filexxx.xxxpredictiveLow
31Filexxxxxxxxxx.xxxpredictiveHigh
32Filexxxx-xxxx.xpredictiveMedium
33Filexxxx.xxxpredictiveMedium
34Filexxxxx.xxxxpredictiveMedium
35Filexxxxx.xxxpredictiveMedium
36Filexx_xxxx.xxxpredictiveMedium
37Filexxxxxxx/xxxxxxx/xxxxxxx.xxxx?xxxxpredictiveHigh
38Filex-xxxxxx/xxxxxxx.xpredictiveHigh
39Filexxxxxx/xxxxx/xxxxx.xxxpredictiveHigh
40Filexxxxxxxx.xxxpredictiveMedium
41Filexxxxxxxx_xxxx.xxxpredictiveHigh
42Filexxx-xxx/xxxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
43Filexxx-xxx/xx.xxxpredictiveHigh
44Filexxx/xxxxxxx.xxpredictiveHigh
45Filexxxxx.xxxpredictiveMedium
46Filexxx.xxx?xxx=xxxxx_xxxxpredictiveHigh
47Filexxxxxx.xxxpredictiveMedium
48Filexxxxxxx.xxxpredictiveMedium
49Filexxxxx/xxx/predictiveMedium
50Filexxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
51Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
52Filexxxxxxx.xxxpredictiveMedium
53Filexxxxxxxx.xxxpredictiveMedium
54Filexxxxxxxxx.xxxpredictiveHigh
55Filexxxx_xxxxx.xxxpredictiveHigh
56Filexxxx/predictiveLow
57Filexxxxxxx.xxxpredictiveMedium
58Filexxxx.xxxpredictiveMedium
59Filexxx/xxxx/xxxx.xpredictiveHigh
60Filexxx/xxxxxxxx/xxxx_xxxxx_xxxxxxx.xpredictiveHigh
61Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
62Filexxxxxxxxx.xxxpredictiveHigh
63Filexxxxxx.xxxpredictiveMedium
64Filexxxxxxxxxx.xxxxxxx.xxpredictiveHigh
65Filexxx_xxxx.xpredictiveMedium
66Filexxxx.xxxpredictiveMedium
67Filexx.xxxpredictiveLow
68Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
69Filexxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictiveHigh
70Filexxxxxx.xxxpredictiveMedium
71Filexxx.xxxpredictiveLow
72Filexxx/xxxxxx.xxxpredictiveHigh
73Filexxxxxxx/xxxx_xxxxxxxx.xxxxx.xxxpredictiveHigh
74Filexxxxxxxx/xxxxxxxxxxxx.xxx.xxxpredictiveHigh
75Filexxxxxxxx/xxxxxxxx.xxxpredictiveHigh
76Filexxxxx.xxxpredictiveMedium
77Filexxxxx.xxx?xx=xxxxxxx&xxx=xxxpredictiveHigh
78Filexxxxxxxxx/xxxxxxxxxpredictiveHigh
79Filexxxxxxx.xxxpredictiveMedium
80Filexxxxxxxxxx.xxxpredictiveHigh
81Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
82Filexxxx_xxxxxx_xxxxx_xxxxxxx.xpredictiveHigh
83Filexxxxxxxxxx.xxxpredictiveHigh
84Filexxxx_xxxx.xxxpredictiveHigh
85Filexxxxxxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
86Filexxxxxx/xxxxx/xxxxxxxx.xpredictiveHigh
87Filexxx/xxxx/xxx.x/xxxx_xxxxxx.xpredictiveHigh
88Filexxxxx_xx.xxxxpredictiveHigh
89Filexxxx.xxxpredictiveMedium
90Filexxxxxxxxxxx.xxxpredictiveHigh
91Filexxx/xxxx/xxxx.xpredictiveHigh
92Filexxxxx/xxxxxxxx.xxx.xxxpredictiveHigh
93Filexxxxxxxxx.xxx.xxxpredictiveHigh
94Filexxxx.xxxpredictiveMedium
95Filexxxxxxxx.xxxpredictiveMedium
96Filexxxxxxxxxx.xxxpredictiveHigh
97Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
98Filexxxxxxxx.xxxxxxpredictiveHigh
99Filexxxx.xxxpredictiveMedium
100Filexxxx_xxxx.xxxpredictiveHigh
101Filexxxxxxxxxx.xxxpredictiveHigh
102Filexxxxxx.xxxpredictiveMedium
103Filexxxxx.xxxpredictiveMedium
104Filexxxxx.xxxpredictiveMedium
105Filexxxxxxxx.xxxpredictiveMedium
106Filexxxxxxxxxx.xxxpredictiveHigh
107Filexxxxxxxx.xxxpredictiveMedium
108Filexxxxxxx.xxxpredictiveMedium
109Filexxxx.xxxpredictiveMedium
110Filexxxxxxxxxxxxx.xxxpredictiveHigh
111Filexxx_xxxxx.xxpredictiveMedium
112Filexxx/xxx_xxxxx.xpredictiveHigh
113Filexxx.xxxpredictiveLow
114Filexxxxx/xxxxxxx/xxxxxx/xxxx_xxxx_xxxxxx.xxxpredictiveHigh
115Filexxxxxx.xxxpredictiveMedium
116Filexxxx_xxxx.xxxpredictiveHigh
117Filexxx_xxx.xpredictiveMedium
118Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
119Filexx-xxxxx/xxxxx.xxx?xxxx=xx-xxxxxxpredictiveHigh
120Filexx-xxxxx/xxxxxxxxx.xxxpredictiveHigh
121Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxxxxx-xpredictiveHigh
122Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
123Filexx-xxxxxxxx/xxxxx-xx-xxxxxx-xxxxxx.xxxpredictiveHigh
124Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
125Library/xxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
126Libraryxxx/xxxxxxxxx.xxxpredictiveHigh
127Libraryxxx/xxxxxxxxxx.xxxpredictiveHigh
128Libraryxxx/xxxxxxxx.xxpredictiveHigh
129Libraryxxxxx.xxxpredictiveMedium
130Argument$_xxxxxx['xxx_xxxx']predictiveHigh
131Argument--xxxpredictiveLow
132Argument-xxxxxxxxxxxxxpredictiveHigh
133Argumentxxxxxxxxxx xxx xxxxxxxpredictiveHigh
134Argumentxxxxx_xxxxxpredictiveMedium
135ArgumentxxxxxxxxpredictiveMedium
136ArgumentxxxxxpredictiveLow
137ArgumentxxxxxxpredictiveLow
138Argumentxxxxxxxxxx_xxxxpredictiveHigh
139ArgumentxxxpredictiveLow
140ArgumentxxxxxxxxxxpredictiveMedium
141ArgumentxxxxxxxxxxpredictiveMedium
142Argumentxxx_xxpredictiveLow
143ArgumentxxxxxxpredictiveLow
144ArgumentxxxpredictiveLow
145ArgumentxxxxxxxxxxxxxxxpredictiveHigh
146Argumentxxxx_xxpredictiveLow
147Argumentxxxx_xxxxxxx_xxxxxxxxpredictiveHigh
148Argumentxxxxxxxxxxxx/xxxxxxxpredictiveHigh
149Argumentxxxxxxxxxxxx/xxxxxxxxxxxpredictiveHigh
150Argumentxxxxxx_xxxxpredictiveMedium
151ArgumentxxxxxxxpredictiveLow
152ArgumentxxxxxxpredictiveLow
153Argumentxx_xxxxx_xxpredictiveMedium
154Argumentxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
155Argumentxxxxxx/xxxxpredictiveMedium
156ArgumentxxxxxxpredictiveLow
157ArgumentxxxxxxpredictiveLow
158ArgumentxxxxpredictiveLow
159ArgumentxxxxxxxxxpredictiveMedium
160ArgumentxxpredictiveLow
161Argumentxx_xxxxxpredictiveMedium
162Argumentxxxxxxx_xxxpredictiveMedium
163Argumentxxxxxxx_xxxxpredictiveMedium
164ArgumentxxxxxxpredictiveLow
165Argumentxxxx_xxpredictiveLow
166Argumentxxxx_xxxxxx_xxxxx/xxxx_xxxxxx_xxxx_xxxxxxpredictiveHigh
167Argumentxxxxx_xxxxpredictiveMedium
168Argumentxxxxxxx/xxxxxx_xxpredictiveHigh
169ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
170ArgumentxxxxxxxpredictiveLow
171ArgumentxxxxxpredictiveLow
172ArgumentxxxxxxxpredictiveLow
173ArgumentxxxxxpredictiveLow
174Argumentxxxx_xxpredictiveLow
175Argumentxxxx_xxxxpredictiveMedium
176ArgumentxxpredictiveLow
177ArgumentxxxxxxxxxxpredictiveMedium
178ArgumentxxxxxpredictiveLow
179ArgumentxxxxxxxxxxxxxxpredictiveHigh
180ArgumentxxxxpredictiveLow
181ArgumentxxxxxxpredictiveLow
182ArgumentxxxxxxpredictiveLow
183ArgumentxxxxxxxxpredictiveMedium
184ArgumentxxxxxxxxpredictiveMedium
185ArgumentxxxxpredictiveLow
186Argumentxxxx_xxxxpredictiveMedium
187ArgumentxxxxxxxxxpredictiveMedium
188Argumentxxxx_xxxx_xxxxpredictiveHigh
189ArgumentxxxpredictiveLow
190Argumentxx_xxxxpredictiveLow
191Argumentxxxxxxx_xxpredictiveMedium
192ArgumentxxxxxxxxpredictiveMedium
193ArgumentxxxxxpredictiveLow
194ArgumentxxxxxxxxxpredictiveMedium
195ArgumentxxxxxxxxxxpredictiveMedium
196ArgumentxxxxxxpredictiveLow
197ArgumentxxxxxxxxxxpredictiveMedium
198ArgumentxxxxxxxpredictiveLow
199ArgumentxxxxxxxxxxxpredictiveMedium
200Argumentxxxxxx_xxpredictiveMedium
201Argumentxxxxxxx_xxpredictiveMedium
202ArgumentxxxxxxpredictiveLow
203ArgumentxxxxpredictiveLow
204Argumentxxxx_xxxxxxpredictiveMedium
205ArgumentxxpredictiveLow
206ArgumentxxxxxxxxpredictiveMedium
207Argumentxxxx xxpredictiveLow
208Argumentxxx_xxxx[x][]predictiveHigh
209Argumentxx_xxxxxxxpredictiveMedium
210ArgumentxxxpredictiveLow
211ArgumentxxxxxpredictiveLow
212Argumentxxxxx/xxxxxpredictiveMedium
213ArgumentxxxpredictiveLow
214ArgumentxxxxxxxxpredictiveMedium
215Argumentxxxxxxxx[x]predictiveMedium
216Argumentx-xxxx-xxxxxpredictiveMedium
217Argument_xxxxxxx_xxxxpredictiveHigh
218Input Value../predictiveLow
219Input Valuexxxxx"][xxxxxx]xxxxx('xxx')[/xxxxxx]predictiveHigh
220Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
221Input ValuexxxxxpredictiveLow
222Input Valuex:/xxx/xxxxxpredictiveMedium
223Network Portxxx/xx (xxxxxx)predictiveHigh
224Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh
225Network Portxxx/xxxx (xx-xxx)predictiveHigh
226Network Portxxx/xxx, xxx/xxx, xxx/xxxx, xxx/xxxxpredictiveHigh
227Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!