Amnesia Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

gb6
us4
ir2
nl2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Amnesia1
GoGoogle1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Network Management Software4
WordPress Plugin2
Not Defined2
Asset Management Software2
Forum Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined14
Crocoblock2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

PRTG Network Monitor4
Elementor Website Builder Plugin2
Crocoblock JetEngine2
GLPI2
vBulletin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1WordPress Post press-this.php access control5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00054CVE-2011-1762
2Elementor Website Builder Plugin AJAX Action module.php unrestricted upload7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.020.96296CVE-2022-1329
3Crocoblock JetEngine Form Data Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00201CVE-2021-41844
4Crocoblock JetEngine Custom Forms cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00066CVE-2021-38607
5WPBakery XSS Protection Mechanism kses_remove_filters protection mechanism5.95.6$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00058CVE-2020-28650
6Yoast SEO Plugin Term Description input validation9.08.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00244CVE-2019-13478
7Rocket.Chat Server NoSQL sql injection8.58.3$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00369CVE-2017-1000493
8vBulletin moderation.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.010.00284CVE-2016-6195
9PRTG Network Monitor addusers access control7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00093CVE-2018-19411
10PRTG Network Monitor login.htm access control8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00288CVE-2018-19410
11Samba smbd _netr_ServerPasswordSet code6.55.7$0-$5k$0-$5kHighOfficial Fix0.000.97400CVE-2015-0240
12OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.020.10737CVE-2016-6210
13QNAP Music Station command injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00274CVE-2017-13069
14QNAP NAS cgi.cgi heap-based overflow5.95.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.000.00000
15Download Manager redirect6.25.9$0-$5kCalculatingNot DefinedOfficial Fix0.000.00233CVE-2017-2217
16GLPI information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00703CVE-2011-2720

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • TVT Digital DVR Devices

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
193.174.95.38AmnesiaTVT Digital DVR Devices08/30/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79Cross Site ScriptingpredictiveHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
3TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
4TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/adduserspredictiveHigh
2File/home/httpd/cgi-bin/cgi.cgipredictiveHigh
3File/xxxxxx/xxxxx.xxxpredictiveHigh
4Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
5Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
6File~/xxxx/xxx/xxxxxxx/xxxxxxxxxx/xxxxxx.xxxpredictiveHigh
7ArgumentxxxxxxxxpredictiveMedium
8ArgumentxxxxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!