Amnesia Analysis

IOB - Indicator of Behavior (16)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

PRTG Network Monitor4
WordPress2
GLPI2
Samba2
WPBakery2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1WordPress Post press-this.php access control5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000540.03CVE-2011-1762
2Elementor Website Builder Plugin AJAX Action module.php unrestricted upload7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.961970.02CVE-2022-1329
3Crocoblock JetEngine Form Data Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002010.00CVE-2021-41844
4Crocoblock JetEngine Custom Forms cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000660.00CVE-2021-38607
5WPBakery XSS Protection Mechanism kses_remove_filters protection mechanism5.95.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000580.03CVE-2020-28650
6Yoast SEO Plugin Term Description input validation9.08.9$0-$5k$0-$5kNot DefinedOfficial Fix0.002440.02CVE-2019-13478
7Rocket.Chat Server NoSQL sql injection8.58.3$0-$5k$0-$5kNot DefinedOfficial Fix0.003690.04CVE-2017-1000493
8vBulletin moderation.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.002840.01CVE-2016-6195
9PRTG Network Monitor addusers access control7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.00CVE-2018-19411
10PRTG Network Monitor login.htm access control8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002880.04CVE-2018-19410
11Samba smbd _netr_ServerPasswordSet code6.55.7$0-$5k$0-$5kHighOfficial Fix0.974000.00CVE-2015-0240
12OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.20CVE-2016-6210
13QNAP Music Station command injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002740.00CVE-2017-13069
14QNAP NAS cgi.cgi heap-based overflow5.95.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.000000.00
15Download Manager redirect6.25.9$0-$5k$0-$5kNot DefinedOfficial Fix0.002330.00CVE-2017-2217
16GLPI information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.007030.00CVE-2011-2720

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • TVT Digital DVR Devices

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
193.174.95.38AmnesiaTVT Digital DVR Devices08/30/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/adduserspredictiveHigh
2File/home/httpd/cgi-bin/cgi.cgipredictiveHigh
3File/xxxxxx/xxxxx.xxxpredictiveHigh
4Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
5Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
6File~/xxxx/xxx/xxxxxxx/xxxxxxxxxx/xxxxxx.xxxpredictiveHigh
7ArgumentxxxxxxxxpredictiveMedium
8ArgumentxxxxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!