APT28 Analysis

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en892
zh46
ar18
de18
sv8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

nl826
ro82
us50
ch30
ru4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows94
Linux Kernel22
F5 BIG-IP18
WordPress16
Google Android12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined6.800.00000CVE-2020-12440
2Huawei ACXXXX/SXXXX SSH Packet input validation7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.01055CVE-2014-8572
3Microsoft Windows WPAD access control8.07.9$25k-$100k$0-$5kHighOfficial Fix0.060.34346CVE-2016-3213
4Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.180.25090CVE-2017-0055
5Apache HTTP Server mod_rewrite redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.090.07767CVE-2020-1927
6Microsoft Windows TCP/IP Stack Privilege Escalation9.98.6$100k and more$5k-$25kUnprovenOfficial Fix0.040.01728CVE-2021-26424
7Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.070.01648CVE-2021-34530
8Microsoft Windows Event Tracing Privilege Escalation7.36.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.010.01150CVE-2021-34487
9Backdoor.Win32.Tiny.c Service Port 7778 backdoor7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.010.00000
10Cisco Secure Email and Web Manager Web-based Management Interface improper authentication9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.090.01055CVE-2022-20798
11nginx Log File link following7.87.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.090.05028CVE-2016-1247
12Microsoft .NET Core/Visual Studio denial of service6.45.5$5k-$25k$0-$5kUnprovenOfficial Fix0.010.02427CVE-2021-26423
13Microsoft Windows Event Tracing Privilege Escalation8.37.3$100k and more$5k-$25kUnprovenOfficial Fix0.040.01150CVE-2021-26425
14Microsoft Windows Bluetooth Driver Privilege Escalation8.37.3$100k and more$5k-$25kUnprovenOfficial Fix0.020.01150CVE-2021-34537
15Microsoft Dynamics 365 Privilege Escalation8.57.4$25k-$100k$0-$5kUnprovenOfficial Fix0.020.01967CVE-2021-34524
16Microsoft Windows Storage Spaces Controller Local Privilege Escalation7.86.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.01150CVE-2021-34536
17Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.01648CVE-2021-34533
18Microsoft Windows Services for NFS ONCRPC XDR Driver information disclosure6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.02427CVE-2021-36926
19Microsoft ASP.NET Core/Visual Studio information disclosure4.94.3$5k-$25k$0-$5kUnprovenOfficial Fix0.000.01150CVE-2021-34532
20Microsoft Windows Services for NFS ONCRPC XDR Driver information disclosure6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.02427CVE-2021-36933

Campaigns (7)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (245)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.63.153.1775-63-153-177.ovz.vps.regruhosting.ruAPT28verifiedHigh
25.100.155.825.100.155-82.publicdomainregistry.comAPT28verifiedHigh
35.100.155.915.100.155-91.publicdomainregistry.comAPT28verifiedHigh
45.135.183.154ns3290077.ip-5-135-183.euAPT28SednitverifiedHigh
55.199.171.58APT28verifiedHigh
618.130.154.13ec2-18-130-154-13.eu-west-2.compute.amazonaws.comAPT28verifiedMedium
718.133.205.135ec2-18-133-205-135.eu-west-2.compute.amazonaws.comAPT28verifiedMedium
818.133.249.238ec2-18-133-249-238.eu-west-2.compute.amazonaws.comAPT28verifiedMedium
923.88.228.248APT28verifiedHigh
1023.163.0.59naomi.rem2d.comAPT28verifiedHigh
1123.227.196.2123-227-196-21.static.hvvc.usAPT28verifiedHigh
1223.227.196.21523-227-196-215.static.hvvc.usAPT28verifiedHigh
1323.227.196.21723-227-196-217.static.hvvc.usAPT28verifiedHigh
1431.184.198.23APT28verifiedHigh
1531.184.198.38APT28verifiedHigh
1631.220.43.99APT28SednitverifiedHigh
1731.220.61.251APT28verifiedHigh
1837.235.52.1818.52.235.37.in-addr.arpaAPT28verifiedHigh
1945.32.129.18545.32.129.185.vultr.comAPT28verifiedMedium
2045.32.227.2145.32.227.21.mobiltel.mxAPT28verifiedHigh
2145.64.105.23APT28verifiedHigh
2245.124.132.127APT28verifiedHigh
2346.19.138.66ab2.alchibasystems.in.netAPT28verifiedHigh
2446.21.147.5546-21-147-55.static.hvvc.usAPT28verifiedHigh
2546.21.147.7146-21-147-71.static.hvvc.usAPT28verifiedHigh
2646.21.147.7646-21-147-76.static.hvvc.usAPT28verifiedHigh
2746.148.17.227APT28verifiedHigh
2846.166.162.90APT28Pawn StormverifiedHigh
2946.183.217.74ip-217-74.dataclub.infoAPT28Pawn StormverifiedHigh
3051.38.128.110vps-0a3489af.vps.ovh.netAPT28verifiedHigh
3151.254.76.54APT28verifiedHigh
3251.254.158.57APT28verifiedHigh
3354.37.104.106piber.connectedlists.comAPT28verifiedHigh
3458.49.58.58APT28verifiedHigh
3562.113.232.197APT28verifiedHigh
3666.172.11.207ip-66-172-11-207.chunkhost.comAPT28CarberpverifiedHigh
3766.172.12.133APT28verifiedHigh
3869.12.73.17469.12.73.174.static.quadranet.comAPT28SednitverifiedHigh
3969.16.243.33host.tecnode.comAPT28verifiedHigh
4070.85.221.10server002.nilsson-it.dkAPT28verifiedHigh
4170.85.221.2014.dd.5546.static.theplanet.comAPT28Pawn StormverifiedHigh
4276.74.177.251ip-76-74-177-251.chunkhost.comAPT28verifiedHigh
4377.81.98.122no-rdns.clues.roAPT28verifiedHigh
4477.83.247.81APT28Global Brute ForceverifiedHigh
4578.153.151.222smtp33.pristavka-fr.ruAPT28verifiedHigh
4680.83.115.187host3.smtpnoida.bizAPT28verifiedHigh
4780.255.3.93APT28verifiedHigh
4880.255.3.94set121.comAPT28verifiedHigh
4980.255.6.15APT28verifiedHigh
50XX.XXX.XX.XXXXxxxxverifiedHigh
51XX.XX.XX.XXXxxxxverifiedHigh
52XX.XX.X.XXXXxxxxverifiedHigh
53XX.XX.X.XXXxxxxverifiedHigh
54XX.XXX.XXX.XXXXxxxxverifiedHigh
55XX.XXX.XXX.XXXxxxxverifiedHigh
56XX.XXX.X.XXXxxxx.xxxxx.xxxXxxxxverifiedHigh
57XX.XXX.X.XXXXxxxxverifiedHigh
58XX.XXX.XXX.XXXxxxxXxxxxverifiedHigh
59XX.XXX.XXX.XXXxxxxx.xxxxxxxxxxx.xxxXxxxxverifiedHigh
60XX.XXX.XXX.XXXxxxxx.xxxxxxxxxxx-xxx.xxxXxxxxverifiedHigh
61XX.XXX.XX.XXXxxxxverifiedHigh
62XX.XXX.XX.XXXxxxxverifiedHigh
63XX.XXX.XXX.XXXXxxxxverifiedHigh
64XX.XXX.XX.XXXXxxxxXxxx XxxxxverifiedHigh
65XX.XXX.XX.XXXXxxxxverifiedHigh
66XX.XXX.XXX.XXXXxxxxverifiedHigh
67XX.XXX.XXX.Xxx-xx-xxx-xxx-x.xxxxxxx.xxxXxxxxverifiedHigh
68XX.XXX.XXX.XXxx-xx-xxx-xxx-xx.xxxxxxx.xxxXxxxxverifiedHigh
69XX.XXX.XXX.XXxx-xx-xxx-xxx-xx.xxxxxxx.xxxXxxxxverifiedHigh
70XX.XXX.XXX.XXxx-xx-xxx-xxx-xx.xxxxxxx.xxxXxxxxverifiedHigh
71XX.XXX.XXX.XXxx-xx-xxx-xxx-xx.xxxxxxx.xxxXxxxxverifiedHigh
72XX.XXX.XXX.XXxx-xx-xxx-xxx-xx.xxxxxxx.xxxXxxxxverifiedHigh
73XX.XXX.XXX.XXXxx-xx-xxx-xxx-xxx.xxxxxxx.xxxXxxxxverifiedHigh
74XX.XXX.XXX.XXXxx-xx-xxx-xxx-xxx.xxxxxxx.xxxXxxxxverifiedHigh
75XX.XXX.XXX.XXXxx-xx-xxx-xxx-xxx.xxxxxxx.xxxXxxxxverifiedHigh
76XX.XX.XX.Xxxxxxx-xx.xxxxxxxxxxxxxxxx.xxxXxxxxXxxxxxverifiedHigh
77XX.XX.XXX.XXXXxxxxverifiedHigh
78XX.XX.XXX.XXXXxxxxverifiedHigh
79XX.XX.XXX.XXXXxxxxverifiedHigh
80XX.XX.XXX.XXXXxxxxverifiedHigh
81XX.XX.XXX.XXXXxxxxverifiedHigh
82XX.XX.XXX.XXXxxxxx.xxxxxxxxxx.xxxXxxxxverifiedHigh
83XX.XX.XXX.XXXxxxx.xxxxxxxx.xxxXxxxxverifiedHigh
84XX.XX.XXX.XXXxx.xxxxxx.xxxXxxxxverifiedHigh
85XX.XX.XX.XXXxxxxverifiedHigh
86XX.XX.XX.XXXxxxxverifiedHigh
87XX.XX.XX.XXXXxxxxverifiedHigh
88XX.XX.XX.XXXXxxxxverifiedHigh
89XX.XX.XX.XXXXxxxxverifiedHigh
90XX.XXX.XXX.XXxxxx-xxxxxxxx.xxxxxxXxxxxverifiedHigh
91XX.XXX.XXX.XXxxxxxxxx.xx-xx-xxx-xxx.xxXxxxxverifiedHigh
92XX.XXX.XXX.XXXxxxxverifiedHigh
93XX.XXX.XXX.XXXxxxxxx.xxxx-x.xxxXxxxxverifiedHigh
94XX.XXX.XXX.XXxxxx.xxxXxxxxverifiedHigh
95XX.XXX.XX.XXXxxxxxxxxxxxxxxxx.xxxXxxxxverifiedHigh
96XX.XXX.XX.XXXXxxxxXxxxxxverifiedHigh
97XX.XXX.XXX.XXxxxxverifiedHigh
98XX.XXX.XXX.XXXx.xxxxx.xx.xxxXxxxxXxxxxverifiedHigh
99XX.XXX.XXX.XXXxxx.xxxxxxxxx.xxxXxxxxverifiedHigh
100XX.XXX.XX.XXXXxxxxXxxxxx Xxxxx XxxxxverifiedHigh
101XX.XXX.XX.XXXxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxxxxxverifiedHigh
102XX.XXX.XX.XXXxx.xxxxxxxx.xxxXxxxxverifiedHigh
103XX.XXX.XX.XXXXxxxxverifiedHigh
104XX.XXX.XX.XXxxx.xxx.xxXxxxxverifiedHigh
105XX.XXX.XX.XXXxxxxxxx.xxxxxxx.xxXxxxxXxxxxx Xxxxx XxxxxverifiedHigh
106XX.XXX.XX.XXxxxxxx-xx.xxxxxxxx.xxXxxxxverifiedHigh
107XX.XXX.XX.XXXxxxxxx.xxxxxx.xxXxxxxverifiedHigh
108XX.XXX.XX.XXXXxxxxverifiedHigh
109XX.XXX.XX.XXxxxxx.xxxxx-xxxxxx.xxxxXxxxxverifiedHigh
110XX.XXX.XX.XXxxxxx-xx.xxxxxxxx.xxXxxxxverifiedHigh
111XX.XXX.XX.XXXXxxxxverifiedHigh
112XX.XXX.XX.XXXXxxxxverifiedHigh
113XXX.XX.XXX.XXXxxxxXxxxxverifiedHigh
114XXX.XXX.XX.XXxxx.xx.xxxxxxxxxx.xxxXxxxxverifiedHigh
115XXX.XXX.XX.XXXXxxxxverifiedHigh
116XXX.XXX.XXX.XXXXxxxxverifiedHigh
117XXX.XXX.XXX.XXXxxxxverifiedHigh
118XXX.XXX.XXX.XXXxxxxverifiedHigh
119XXX.XXX.XXX.XXXxxxxxx.xxxxxxxxxxxxx.xxxXxxxxverifiedHigh
120XXX.XX.XXX.XXXXxxxxverifiedHigh
121XXX.X.XXX.XXXXxxxxverifiedHigh
122XXX.X.XXX.XXXXxxxxverifiedHigh
123XXX.XX.XXX.XXXxxxxverifiedHigh
124XXX.XX.XXX.XXxxxxxxxxxxxxxxxx.xxxXxxxxverifiedHigh
125XXX.XX.XXX.XXXxxxxverifiedHigh
126XXX.XX.XXX.XXXxxxxverifiedHigh
127XXX.XX.XXX.XXXxxxxverifiedHigh
128XXX.XX.XXX.XXxxxxx.xxxxxx.xxxxxxxxxxxxxxxxx.xxxXxxxxverifiedHigh
129XXX.XX.XXX.XXXxxxxverifiedHigh
130XXX.XXX.XXX.XXxxxxxx-xx.xxxxxxxxxxxxxxxx.xxxXxxxxverifiedHigh
131XXX.XXX.XX.Xxxxxxxxxx.xx-xxx-xxx-xx.xxXxxxxverifiedHigh
132XXX.XXX.XXX.XXXXxxxxverifiedHigh
133XXX.X.XX.XXxxxxxx-xx.xxxxxxxxxxxxxxxx.xxxXxxxxverifiedHigh
134XXX.XXX.XXX.XXXxxxxxxx.xxxxxxx.xxxxXxxxxverifiedHigh
135XXX.XXX.XXX.XXXxxxxxx.xxxxxxxxxxx.xxxxxxXxxxxverifiedHigh
136XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xx-xxxx.xxxxXxxxxverifiedHigh
137XXX.XXX.XX.Xxxxxxxx.xxxXxxxxverifiedHigh
138XXX.XXX.XX.Xxxx-xxx-xx-x.xxxxxx.xxxx.xxXxxxxverifiedHigh
139XXX.XX.XX.XXXxxxxxxxx-xxx.xxxxxxxxxx.xxxXxxxxverifiedHigh
140XXX.XX.XX.XXXxxxxx.xxxxxxxxx.xxxXxxxxverifiedHigh
141XXX.XXX.XX.XXxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxxverifiedHigh
142XXX.XX.XXX.XXxxxxxx-xx.xxx.xx.xxx.xxxxxx.xxxXxxxxXxxxxx Xxxxx XxxxxverifiedHigh
143XXX.XX.XXX.XXXXxxxxverifiedHigh
144XXX.XXX.XX.XXXxxxxverifiedHigh
145XXX.XXX.XXX.XXXxxxxxxx.xxxxxxxx.xxxXxxxxXxx-xxxx-xxxxxverifiedHigh
146XXX.XXX.XXX.XXx-xxxx.xxxxXxxxxverifiedHigh
147XXX.XXX.XXX.XXxxxxxxxxxxxx.xxxXxxxxverifiedHigh
148XXX.XXX.XXX.XXXxxx.xx.xxxxxxxxxx.xxxXxxxxverifiedHigh
149XXX.XXX.XXX.XXXxxx.xx.xxxxxxxxxx.xxxXxxxxverifiedHigh
150XXX.XXX.XXX.XXxxx.xx.xxxxxxxxxx.xxxXxxxxverifiedHigh
151XXX.XXX.XXX.XXXxxx.xx.xxxxxxxxxx.xxxXxxxxverifiedHigh
152XXX.XXX.XXX.XXXXxxxxverifiedHigh
153XXX.XXX.XXX.XXXXxxxxverifiedHigh
154XXX.XX.XX.XXXxxxxxxxx.xx-xxx-xx-xx.xxXxxxxverifiedHigh
155XXX.XX.XXX.XXxxxxxxxx.xxxxxxx.xxxXxxxxverifiedHigh
156XXX.XXX.XXX.XXxxxxxx.xxxxxxx-xxxxxx.xxxXxxxxverifiedHigh
157XXX.XXX.XXX.XXXXxxxxverifiedHigh
158XXX.XXX.XXX.XXXxxxxxx.xxxxxxxxx.xxxXxxxxverifiedHigh
159XXX.XXX.XXX.XXXXxxxxverifiedHigh
160XXX.XX.XXX.XXxxxxxxxx.xxxxxxxxxx.xxxXxxxxverifiedHigh
161XXX.XX.XXX.XXXxxxxverifiedHigh
162XXX.XX.XXX.XXXXxxxxverifiedHigh
163XXX.XX.XX.XXXxxx.xxxxxxxxxxxx.xxx.xxXxxxxverifiedHigh
164XXX.XX.XXX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxxxxx.xxxXxxxxverifiedHigh
165XXX.XX.XXX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxxxxx.xxxXxxxxverifiedHigh
166XXX.XX.XX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxxverifiedHigh
167XXX.XX.XX.XXXxxxx-xxxxx.xxxxxxx.xxxxXxxxxverifiedHigh
168XXX.XX.XXX.XXxxxxxx-xx.xxxxxxxxxxx.xxXxxxxverifiedHigh
169XXX.XX.XXX.XXxx.xxxxxxxxxxxx.xxxxXxxxxverifiedHigh
170XXX.XX.XXX.XXXxxxxverifiedHigh
171XXX.XX.XXX.XXxx.xxxx-xxxxxx.xxxxxxXxxxxverifiedHigh
172XXX.XX.XXX.XXXXxxxxverifiedHigh
173XXX.XX.XXX.XXXxxx.xxxxxxxxxx.xxxXxxxxXxxxxverifiedHigh
174XXX.XX.XXX.XXXXxxxxXxxx XxxxxverifiedHigh
175XXX.XX.XXX.XXx.xxxxxxx.xxxXxxxxverifiedHigh
176XXX.XX.XXX.XXXxxxxverifiedHigh
177XXX.XX.XXX.XXxxxxx.xxxXxxxxverifiedHigh
178XXX.XX.XXX.XXxxxx.xxxxxx-xxxxxx.xxxXxxxxverifiedHigh
179XXX.XX.XXX.XXXXxxxxXxxxxverifiedHigh
180XXX.XX.XXX.XXXXxxxxverifiedHigh
181XXX.XX.XXX.XXXXxxxxverifiedHigh
182XXX.XX.XXX.XXxxxx.xxxxxxx.xxXxxxxXxxxxverifiedHigh
183XXX.XX.XXX.XXXXxxxxverifiedHigh
184XXX.XX.XXX.XXXXxxxxverifiedHigh
185XXX.XX.XXX.XXXXxxxxverifiedHigh
186XXX.XX.XXX.XXXXxxxxXxxxxxverifiedHigh
187XXX.XX.XXX.XXXXxxxxverifiedHigh
188XXX.XX.XXX.XXxxxxverifiedHigh
189XXX.XX.XXX.XXXxxxxverifiedHigh
190XXX.XX.XXX.XXXXxxxxXxxxxverifiedHigh
191XXX.XX.XXX.XXXxxxxXxxxxverifiedHigh
192XXX.XX.XXX.XXXXxxxxverifiedHigh
193XXX.XXX.XX.XXXXxxxxverifiedHigh
194XXX.XXX.XXX.XXXxxxx.xxxxxxxxxxxxx.xxxXxxxxXxxxxxverifiedHigh
195XXX.XXX.XX.XXxxxxx.xxxxxxx.xxxXxxxxverifiedHigh
196XXX.XXX.XX.XXXXxxxxverifiedHigh
197XXX.XXX.XX.XXXxxxxverifiedHigh
198XXX.XXX.XX.XXxxxxx.xxxxxxxxxxxxxxx.xxxXxxxxverifiedHigh
199XXX.XXX.XX.XXXxxxxXxxxxx Xxxxx XxxxxverifiedHigh
200XXX.XXX.XX.XXXXxxxxXxxxxverifiedHigh
201XXX.XXX.XX.XXXXxxxxverifiedHigh
202XXX.XXX.XXX.XXxxxxxxxxx-xx.xxx.xxx.xxx.xxxxxxxxx-xx.xxxxxxx.xxxXxxxxverifiedHigh
203XXX.XXX.XXX.XXXxxxxverifiedHigh
204XXX.XXX.XXX.XXXxx-xxxx.xxxx.xxXxxxxverifiedHigh
205XXX.XXX.XXX.XXXxx-xxxx.xxxx.xxXxxxxverifiedHigh
206XXX.XXX.XXX.XXXxx-xxxx.xxxx.xxXxxxxverifiedHigh
207XXX.XXX.XXX.XXXxxxxverifiedHigh
208XXX.XXX.XXX.XXXXxxxxverifiedHigh
209XXX.XXX.XXX.XXXXxxxxverifiedHigh
210XXX.XXX.XXX.XXXXxxxxverifiedHigh
211XXX.XXX.XX.XXxxxxverifiedHigh
212XXX.XXX.XX.XXXxxxxverifiedHigh
213XXX.XXX.XX.XXXxxxxverifiedHigh
214XXX.XXX.XX.XXXXxxxxverifiedHigh
215XXX.XXX.XX.XXXxxxxx.xxxxxxxxxxx.xxxxXxxxxverifiedHigh
216XXX.XXX.XXX.XXXXxxxxverifiedHigh
217XXX.XXX.XXX.XXXxxxxXxxxxx Xxxxx XxxxxverifiedHigh
218XXX.XX.XX.XXxxxxverifiedHigh
219XXX.XXX.XX.XXxxx.xxxxxxxxxxx.xxxXxxxxXxxxxx Xxxxx XxxxxverifiedHigh
220XXX.XXX.XX.XXXxxxxxxx.xxxx-xxxxxx.xxxXxxxxverifiedHigh
221XXX.XXX.XX.XXXxxxx.xxxxx.xxxXxxxxverifiedHigh
222XXX.XX.XXX.XXXxxxxxxxxxxxx.xxxXxxxxverifiedHigh
223XXX.XX.XXX.XXXxxxxverifiedHigh
224XXX.XXX.XX.XXxxxxXxxxxxxverifiedHigh
225XXX.XX.XX.XXxxxxverifiedHigh
226XXX.XXX.XXX.XXXxxxxXxxxxx Xxxxx XxxxxverifiedHigh
227XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxxx XxxxxverifiedHigh
228XXX.XX.XXX.XXxxxx-xxxxx.xxxxxxxxx.xxxXxxxxXxxxxx Xxxxx XxxxxverifiedHigh
229XXX.XX.XXX.XXXxxxxverifiedHigh
230XXX.XXX.XXX.XXxxx.xxxxxxxxx.xxx.xxXxxxxverifiedHigh
231XXX.XX.XX.XXXxx-xxxxxxx-xxx.xxxxxXxxxxverifiedHigh
232XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxverifiedHigh
233XXX.XX.XX.XXXXxxxxverifiedHigh
234XXX.XX.XX.XXXXxxxxverifiedHigh
235XXX.XX.XX.XXxxxx-xxxxx.xxXxxxxverifiedHigh
236XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxx.xxxxxxxxxxxx.xxXxxxxXxxxxx Xxxxx XxxxxverifiedHigh
237XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxxXxxxxverifiedHigh
238XXX.XXX.XXX.XXxxxxxxx.xxxxxxxxxxxxxxxxxxxx.xxxXxxxxXxxxxxverifiedHigh
239XXX.XX.XXX.XXXxxxx.xxxxxxxxx.xxxXxxxxXxxx XxxxxverifiedHigh
240XXX.XXX.XXX.XXxxxxxxxxxxxxx.xxxXxxxxverifiedHigh
241XXX.XXX.XXX.XXXxxxxxxx.xxxxxxx.xxxXxxxxverifiedHigh
242XXX.XXX.XXX.XXXxxx.xxxxxx.xxXxxxxverifiedHigh
243XXX.XX.X.XXXxxxxxxxx.xxxxxxxxxxx.xxXxxxxverifiedHigh
244XXX.X.XX.XXXXxxxxverifiedHigh
245XXX.XXX.XXX.XXXXxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (233)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.travis.ymlpredictiveMedium
2File/.envpredictiveLow
3File/admin.phppredictiveMedium
4File/admin/subnets/ripe-query.phppredictiveHigh
5File/Config/SaveUploadedHotspotLogoFilepredictiveHigh
6File/core/conditions/AbstractWrapper.javapredictiveHigh
7File/dashboard/updatelogo.phppredictiveHigh
8File/debug/pprofpredictiveMedium
9File/etc/openshift/server_priv.pempredictiveHigh
10File/exportpredictiveLow
11File/file?action=download&filepredictiveHigh
12File/hardwarepredictiveMedium
13File/index.phppredictiveMedium
14File/medical/inventories.phppredictiveHigh
15File/mgmt/tm/util/bashpredictiveHigh
16File/mkshop/Men/profile.phppredictiveHigh
17File/monitoringpredictiveMedium
18File/MTFWUpredictiveLow
19File/Noxen-master/users.phppredictiveHigh
20File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
21File/plugin/LiveChat/getChat.json.phppredictiveHigh
22File/plugins/servlet/audit/resourcepredictiveHigh
23File/plugins/servlet/project-config/PROJECT/rolespredictiveHigh
24File/REBOOTSYSTEMpredictiveHigh
25File/replicationpredictiveMedium
26File/RestAPIpredictiveMedium
27File/xxx/xxxxxx-xxxxxxxx-*predictiveHigh
28File/xxxxxxx/predictiveMedium
29File/xxxxxxpredictiveLow
30File/xxxx/xxxxxx.xxx?xxx=xpredictiveHigh
31File/xxx/xxx/xxpredictiveMedium
32File/xxx/xxx/xxxxxpredictiveHigh
33File/xxx/xxx/xxxxxxxx.xxxpredictiveHigh
34File/xxxxxx/xxxxxx.xxxxpredictiveHigh
35File/xx-xxxx/xxxxxx/x.x/xxxxx?xxxpredictiveHigh
36File/xx-xxxx/xx/xx/xxxxxxxxpredictiveHigh
37Filexxxxx/xxxxxxx.xxxpredictiveHigh
38Filexxxxxxx.xxxpredictiveMedium
39Filexxx.xxxpredictiveLow
40Filexxxxxxx.xxxpredictiveMedium
41Filexxx/xx-xxxxx-xxxxxxx/xxx-xx-xxxxx-xxxxxxx.xxxpredictiveHigh
42Filexxx/xxx/xxxx-xxxpredictiveHigh
43Filexxxx/xxxxxxx/xxx/xxxxxx_xxxx.xpredictiveHigh
44Filexxxx-xxxx.xpredictiveMedium
45Filexxxx/xxxxxxx.xxxpredictiveHigh
46Filexxxxxx.xxxxpredictiveMedium
47Filex:\xxxxxxx xxxxx\xxxxxx xxxxx\xxx\xxxxxxx.xxxpredictiveHigh
48Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxpredictiveHigh
49Filexxx-xxx/xx.xxxpredictiveHigh
50Filexxx/xxxxxxx.xxpredictiveHigh
51Filexxxxx.xxxpredictiveMedium
52Filexxxxxx.xxxpredictiveMedium
53Filexxx_xxxxxx.xxxpredictiveHigh
54Filexxx.xxxpredictiveLow
55Filexxxxxx.xxxpredictiveMedium
56Filexxxxxxxx.xxpredictiveMedium
57Filexxxxxxx.xxxpredictiveMedium
58Filex_xxxxxxpredictiveMedium
59Filexxxxxxx.xxxpredictiveMedium
60Filexx.xpredictiveLow
61Filexxxxxxxx.xxxpredictiveMedium
62Filexxxxxxx/xxxxx/xxxxxx.xpredictiveHigh
63Filexxxxxxx/xxx/xxxxxxx/xxxx.xpredictiveHigh
64Filexxxx_xxxxx.xxxpredictiveHigh
65Filexxx/xxxx/xxxx.xpredictiveHigh
66Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xpredictiveHigh
67Filexxxxxxxx.xpredictiveMedium
68Filexx/xxxxxxxxx.xpredictiveHigh
69Filexx/xxxxx.xpredictiveMedium
70Filexx/xxxxx/xxxxxxx.xpredictiveHigh
71Filexxxxx.xxxpredictiveMedium
72Filexxxxxxxxxx.xxpredictiveHigh
73Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
74Filexxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
75Filexxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
76Filexxxx_xxxx.xpredictiveMedium
77Filexxxxx-xxxxx.xpredictiveHigh
78Filexxxxxx_xxxxx_xxxxxxx.xpredictiveHigh
79Filexxxxx.xxxpredictiveMedium
80Filexxxxx.xxx?xx=xxxxxxxx.xxxxxxpredictiveHigh
81Filexxxxx.xpredictiveLow
82Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
83Filexxxx_xxxxxx.xxpredictiveHigh
84Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
85Filexxxxxx/xxxxx/xxxxx_xxxxxx_xxxxxx.xpredictiveHigh
86Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveHigh
87Filexxxxxxx/xx_xxx.xpredictiveHigh
88Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
89Filexxxx.xxxpredictiveMedium
90Filexxxxx.xxxpredictiveMedium
91Filexxxxx.xxxpredictiveMedium
92Filexxxxx.xxxpredictiveMedium
93Filexxxxx/?xxxxxx=xxxxxxx&xxxxpredictiveHigh
94Filexxxx.xpredictiveLow
95Filexxxxxx_xxxxx_xxxxxxx.xpredictiveHigh
96Filexxxxxxxxxxxxxxxx.xpredictiveHigh
97Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveHigh
98Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveHigh
99Filexxxx_xxxx.xxxpredictiveHigh
100Filexxxxx-xxxxxxxxxx.xxxpredictiveHigh
101Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
102Filexxx_xx.xpredictiveMedium
103Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
104Filexxxxxxxxxxxx.xxxpredictiveHigh
105Filexxxxxxxxx.xxx.xxxpredictiveHigh
106Filexxxxxxx.xxxpredictiveMedium
107Filexxxxxxxxxxxxx.xxxxpredictiveHigh
108Filexxxxxxx.xxxpredictiveMedium
109Filexxxxxxxxxxxxxx.xxxpredictiveHigh
110Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
111Filexxxxxxxx.xxxpredictiveMedium
112Filexxxxxxxx.xxxpredictiveMedium
113Filexxxxx_xxxxxxx.xxxpredictiveHigh
114Filexxxxxxx.xxxpredictiveMedium
115Filexxxxxxx.xpredictiveMedium
116Filexxxx_xxx_xx.xpredictiveHigh
117Filexx_xxx.xpredictiveMedium
118Filexxx.xpredictiveLow
119Filexxxxxx.xpredictiveMedium
120Filexxxxx.xxxpredictiveMedium
121Filexxxx-xxxxxx.xpredictiveHigh
122Filexxxxxxxx.xxxpredictiveMedium
123Filexxxx.xxxpredictiveMedium
124Filexxxxxxx.xpredictiveMedium
125Filexxx/xxx_xxxxx.xpredictiveHigh
126Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
127Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxx.xxxpredictiveHigh
128Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
129Filexxxxxxxxx.xpredictiveMedium
130Filexxxx.xxxxxxxxx.xxxpredictiveHigh
131Filexxxx_xxxxxxx.xxxpredictiveHigh
132Filexxxxxx.xxxpredictiveMedium
133Filexxx.xxxpredictiveLow
134Filexxxxxx/xx/xxxx.xxxpredictiveHigh
135Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
136Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
137Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictiveHigh
138Filexx/xx/xxxxxpredictiveMedium
139Filexx_xxxxxxx.xpredictiveMedium
140File_xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
141File~/xxxxx/xxxxx-xxxxx-xxxxxx-xxxxx-xxxxx.xxxpredictiveHigh
142File~/xxxx/xxx/xxxxxxx/xxxxxxxxxx/xxxxxx.xxxpredictiveHigh
143File~/xxxxxx/xxxxxx/xxxxxxx-xxxxxxx/xxxxxx/xxxxxxxx-xxxxxxx.xxxpredictiveHigh
144Libraryxxxxx/xxxxxxxxx/xxxx.xxxxxxxxx.xxxpredictiveHigh
145Libraryxxxxxxxxxx/xxxxxxxx.xpredictiveHigh
146Libraryxxxxxxxx.xxxpredictiveMedium
147Libraryxxxxxx-xx/xxx/xxx-xxxxxx-xxxxx-xx.xxxpredictiveHigh
148Libraryxxxxxxxxx.xxxpredictiveHigh
149Libraryxxxxxxx.xxxpredictiveMedium
150Libraryxxxxxx.xxx.xxx.xxxpredictiveHigh
151Libraryxxxxxxxx.xxxpredictiveMedium
152Libraryxxxxxxxx.xxxpredictiveMedium
153Argument-xpredictiveLow
154ArgumentxxxxpredictiveLow
155Argumentxxxxxxxxxx xxx xxxxxxxpredictiveHigh
156Argumentxxxxxx_xxxxpredictiveMedium
157ArgumentxxxpredictiveLow
158ArgumentxxxxxpredictiveLow
159Argumentxxx_xxpredictiveLow
160ArgumentxxxxxxpredictiveLow
161ArgumentxxxxxxxxxxpredictiveMedium
162ArgumentxxxxxxxpredictiveLow
163Argumentxxxxxx_xxxx_xxxxxxxxpredictiveHigh
164Argumentxxxxxxx_xxxx->xxx($xxxxxxxx)predictiveHigh
165ArgumentxxxxxxxxxxxpredictiveMedium
166Argumentxxxxxxxx_xxxxpredictiveHigh
167ArgumentxxxxxxxxxxxpredictiveMedium
168Argumentxxxxxx_xxxxpredictiveMedium
169ArgumentxxxxpredictiveLow
170ArgumentxxpredictiveLow
171ArgumentxxxxxxxxxpredictiveMedium
172ArgumentxxxxxxxxxxxxxxpredictiveHigh
173ArgumentxxxxxxxxxpredictiveMedium
174ArgumentxxxxxxxpredictiveLow
175ArgumentxxxpredictiveLow
176Argumentxxxx_xxxxxx_xxxxpredictiveHigh
177ArgumentxxxxxxxxxxxxxpredictiveHigh
178Argumentxxxx x xxxxpredictiveMedium
179Argumentxxxxxxxxx/xxxxxxxxxpredictiveHigh
180Argumentxxx_xxpredictiveLow
181Argumentx-xxxpredictiveLow
182ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveHigh
183ArgumentxxpredictiveLow
184Argumentxxxxxxx/xxxx/xxxxxxxxpredictiveHigh
185Argumentxxxxx/xxxxxxpredictiveMedium
186ArgumentxxxxxxxxpredictiveMedium
187ArgumentxxxxxxxxpredictiveMedium
188ArgumentxxxxxxxxxpredictiveMedium
189Argumentxxx_xxxpredictiveLow
190ArgumentxxxxxxpredictiveLow
191ArgumentxxxxxxpredictiveLow
192Argumentxx_xxxxxxx_xxxxxxxpredictiveHigh
193ArgumentxxxxxpredictiveLow
194ArgumentxxxxxxxxpredictiveMedium
195Argumentxxxxxxx_xxxpredictiveMedium
196ArgumentxxxxxxpredictiveLow
197ArgumentxxxxpredictiveLow
198ArgumentxxxxxxxpredictiveLow
199ArgumentxxxxxxpredictiveLow
200Argumentxxxxxxxx_xxxxxpredictiveHigh
201ArgumentxxxxxxxxxxxxpredictiveMedium
202ArgumentxxxxxxpredictiveLow
203ArgumentxxxxxpredictiveLow
204ArgumentxxxpredictiveLow
205ArgumentxxxxxxpredictiveLow
206ArgumentxxxpredictiveLow
207Argumentxxxxxxxx-xxxxxxxxpredictiveHigh
208ArgumentxxxpredictiveLow
209ArgumentxxxpredictiveLow
210ArgumentxxxxpredictiveLow
211ArgumentxxxxxxxxpredictiveMedium
212ArgumentxxxxxxxpredictiveLow
213Argumentxxxx->xxxxxxxpredictiveHigh
214Argumentxxxxx/xxxxxpredictiveMedium
215ArgumentxxxpredictiveLow
216Argument_xxx_xxxxxxx_xxxxxxx_xxxxxxxxxxxxx_xxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxpredictiveHigh
217Argument_xxx_xxxxxxxxxxx_predictiveHigh
218Input Value"><xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveHigh
219Input Value.%xx.../.%xx.../predictiveHigh
220Input Valuexxx xxxxxxxxpredictiveMedium
221Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
222Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
223Input ValuexxxxxpredictiveLow
224Input Valuexxxxxxx_xxxxx.xxxxxxx_xxxxxxxpredictiveHigh
225Input Value\xpredictiveLow
226Input Value….//predictiveLow
227Pattern() {predictiveLow
228Pattern|xx|predictiveLow
229Network PortxxxxxpredictiveLow
230Network Portxx xxxxxxx xxx.xx.xx.xxpredictiveHigh
231Network Portxxx/xx (xxxxxx)predictiveHigh
232Network Portxxx/xxxxpredictiveMedium
233Network Portxxx xxxxxx xxxxpredictiveHigh

References (40)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!