Amnesia Analysis

IOB - Indicator of Behavior (16)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Download Manager2
QNAP NAS2
Elementor Website Builder Plugin2
GLPI2
Yoast SEO Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1WordPress Post press-this.php access control5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2011-1762
2Elementor Website Builder Plugin AJAX Action module.php unrestricted upload7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.010.55095CVE-2022-1329
3Crocoblock JetEngine Form Data Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2021-41844
4Crocoblock JetEngine Custom Forms cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.01055CVE-2021-38607
5WPBakery XSS Protection Mechanism kses_remove_filters protection mechanism5.95.6$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2020-28650
6Yoast SEO Plugin Term Description input validation7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2019-13478
7Rocket.Chat Server NoSQL sql injection8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2017-1000493
8vBulletin moderation.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.020.01564CVE-2016-6195
9PRTG Network Monitor addusers access control7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2018-19411
10PRTG Network Monitor login.htm access control8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.09029CVE-2018-19410
11Samba smbd _netr_ServerPasswordSet code6.55.7$0-$5k$0-$5kHighOfficial Fix0.020.95138CVE-2015-0240
12OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.250.49183CVE-2016-6210
13QNAP Music Station command injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.01055CVE-2017-13069
14QNAP NAS cgi.cgi heap-based overflow5.95.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.040.00000
15Download Manager redirect6.25.9$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01136CVE-2017-2217
16GLPI information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.060.04358CVE-2011-2720

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • TVT Digital DVR Devices

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
193.174.95.38AmnesiaTVT Digital DVR DevicesverifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79Cross Site ScriptingpredictiveHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
3TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
4TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/adduserspredictiveHigh
2File/home/httpd/cgi-bin/cgi.cgipredictiveHigh
3File/xxxxxx/xxxxx.xxxpredictiveHigh
4Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
5Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
6File~/xxxx/xxx/xxxxxxx/xxxxxxxxxx/xxxxxx.xxxpredictiveHigh
7ArgumentxxxxxxxxpredictiveMedium
8ArgumentxxxxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!