APT41 Analysis

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en614
zh256
es34
ru30
de20

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn494
us336
ru92
me10
jp8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows32
Linux Kernel18
Apache Tomcat16
Atlassian Data Center10
phpMyAdmin10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.620.04187CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
3PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.390.01213CVE-2015-4134
4WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.020.01319CVE-2006-5509
5Alurian Prismotube Video Script index.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.130.00986CVE-2011-5103
6WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.210.01034CVE-2022-21664
7Elasticsearch Async Search API information disclosure4.14.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00890CVE-2021-22132
8nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined4.350.00000CVE-2020-12440
9MantisBT API SOAP mc_project_get_users sql injection5.04.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.05473CVE-2020-28413
10Atlassian Jira Service Management Server/Data Center InsightDefaultCustomFieldConfig.jspa cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2021-43943
11NCH Axon PBX cross site scripting3.53.2$0-$5kCalculatingProof-of-ConceptNot Defined0.030.00885CVE-2021-37456
12HRworks Login Reflected cross site scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.000.01055CVE-2019-11559
13Git Plugin Build authorization6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-36883
14MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.680.02800CVE-2007-0354
15LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable1.000.00000
16Microsoft Exchange Server ProxyLogon unknown vulnerability9.38.9$25k-$100k$0-$5kFunctionalOfficial Fix0.060.96737CVE-2021-26855
17Microsoft Exchange Server ProxyShell Remote Code Execution9.58.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.180.61804CVE-2021-34473
18Magento Search Module sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.060.00885CVE-2021-21024
19Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.500.25090CVE-2017-0055
20vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.180.00885CVE-2018-6200

Campaigns (5)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (97)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.183.101.21bestofgy.co.ukAPT41MoonBounceverifiedHigh
25.183.101.114APT41MoonBounceverifiedHigh
35.183.103.122APT41MoonBounceverifiedHigh
45.188.93.132gcorelabs.paris.vpn015APT41MoonBounceverifiedHigh
55.188.108.22pol1.htjsq.comAPT41MoonBounceverifiedHigh
65.188.108.228xc5.exclusivacondominios.comAPT41MoonBounceverifiedHigh
75.189.222.33spain466.esAPT41MoonBounceverifiedHigh
818.118.56.237ec2-18-118-56-237.us-east-2.compute.amazonaws.comAPT41CVE-2021-44207verifiedMedium
920.121.42.11APT41CVE-2021-44207verifiedHigh
1023.67.95.153a23-67-95-153.deploy.static.akamaitechnologies.comAPT41verifiedHigh
1134.139.13.4646.13.139.34.bc.googleusercontent.comAPT41CVE-2021-44207verifiedMedium
1243.255.191.255APT41verifiedHigh
1345.61.136.199APT41ColunmTKverifiedHigh
1445.76.6.14945.76.6.149.vultr.comAPT41verifiedMedium
1545.76.75.21945.76.75.219.vultr.comAPT41verifiedMedium
1645.84.1.181vm372737.pq.hostingAPT41CVE-2021-44207verifiedHigh
1745.128.132.6APT41MoonBounceverifiedHigh
1845.128.135.15APT41MoonBounceverifiedHigh
1945.138.157.78srv1.fincantleri.coAPT41verifiedHigh
2045.153.231.31cheater.rehabAPT41CVE-2021-44207verifiedHigh
21XX.XX.XX.XXXxxx-xx-xx-xx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxXxx-xxxx-xxxxxverifiedMedium
22XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxxxxxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxXxx-xxxx-xxxxxverifiedMedium
23XX.XX.XX.XXXxxxxverifiedHigh
24XX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxxxxxx.xx.xxXxxxxverifiedHigh
25XX.XX.XX.XXXxx.xx.xx.xxx.xxxxx.xxxXxxxxverifiedMedium
26XX.XX.XX.XXXxx.xx.xx.xxx.xxxxx.xxxXxxxxXxx-xxxx-xxxxxverifiedMedium
27XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxx.xxxXxxxxverifiedMedium
28XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxx.xxxXxxxxverifiedMedium
29XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxx.xxxXxxxxverifiedHigh
30XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxxx.xxxxx.xxxXxxxxverifiedHigh
31XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxxx.xxxxx.xxxXxxxxverifiedHigh
32XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxxx.xxxxx.xxxXxxxxverifiedHigh
33XX.XXX.XXX.XXXXxxxxXxx-xxxx-xxxxxverifiedHigh
34XX.XX.XXX.XXxx.xx.xxx.xx.xxxxx.xxxXxxxxXxxxxxxxxxverifiedMedium
35XX.XX.XXX.Xxx.xx.xxx.x.xxxxxxxx.xxxXxxxxverifiedHigh
36XX.XXX.XXX.XXxx-xxxxx.xxxXxxxxverifiedHigh
37XX.XX.XXX.XXXxxxxxxx-x-xx.xxxXxxxxXxxxxxxxxxverifiedHigh
38XX.XXX.XXX.XXXxxxxxxxxxxxxxxxxxxxxxxx.xxxXxxxxXxxxxxxxxxverifiedHigh
39XXX.XX.X.XXxxx.xx.x.xx.xxxxxx.xxxx.xxxXxxxxverifiedHigh
40XXX.XX.X.XXXxxx.xx.x.xxx.xxxxxx.xxxx.xxxXxxxxverifiedHigh
41XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxverifiedHigh
42XXX.XXX.XX.XXXxxxxverifiedHigh
43XXX.XXX.XXX.XXXxxxxXxx-xxxx-xxxxxverifiedHigh
44XXX.XX.X.XXXXxxxxXxx-xxxx-xxxxxverifiedHigh
45XXX.XX.X.XXXXxxxxXxx-xxxx-xxxxxverifiedHigh
46XXX.XX.XXX.XXXXxxxxverifiedHigh
47XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxx.xxxXxxxxverifiedHigh
48XXX.XXX.XXX.XXxxx-xxx-xxx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxXxx-xxxx-xxxxxverifiedHigh
49XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxverifiedHigh
50XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxx.xxxXxxxxverifiedHigh
51XXX.XX.XXX.XXXXxxxxverifiedHigh
52XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xx.xxxxxx.xxxxxxxx.xxxXxxxxverifiedHigh
53XXX.XX.XXX.XXxxxxverifiedHigh
54XXX.XX.XXX.XXXxxxxverifiedHigh
55XXX.XXX.XXX.XXXXxxxxverifiedHigh
56XXX.XX.XXX.XXXXxxxxverifiedHigh
57XXX.XXX.XXX.XXXxxx-xxx-xxxxx.xx.xxxxxx.xx.xxXxxxxverifiedHigh
58XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxx.xxxXxxxxXxxxxxxxxxverifiedMedium
59XXX.XXX.XX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxverifiedHigh
60XXX.XXX.XXX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxverifiedHigh
61XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxx.xxxXxxxxverifiedMedium
62XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxx.xxxXxxxxXxx-xxxx-xxxxxverifiedMedium
63XXX.XX.XX.XXxxxxxxxx.xxxxxxxxx.xxxXxxxxverifiedHigh
64XXX.XX.XX.XXxxx.xx.xx.xx.xxxxx.xxxXxxxxverifiedMedium
65XXX.XX.XX.XXxxx.xx.xx.xx.xxxxx.xxxXxxxxverifiedMedium
66XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxXxxxxxxxverifiedHigh
67XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxx.xxxXxxxxverifiedMedium
68XXX.XXX.X.XXXXxxxxverifiedHigh
69XXX.XXX.XXX.XXXXxxxxverifiedHigh
70XXX.XXX.XXX.XXXXxxxxverifiedHigh
71XXX.XX.XXX.XXXxxxx-xxxxxx.xxxXxxxxverifiedHigh
72XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxxx.xxxXxxxxverifiedHigh
73XXX.XX.XXX.XXXXxxxxverifiedHigh
74XXX.XXX.X.XXxxxxverifiedHigh
75XXX.XXX.XXX.XXxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxx-xxxx-xxxxxverifiedHigh
76XXX.XXX.XX.XXxxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxxXxxxxxxxxxverifiedHigh
77XXX.XXX.XXX.XXXXxxxxXxxxxxxxxxverifiedHigh
78XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxx.xxxx.xxxXxxxxverifiedHigh
79XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxx.xxxx.xxxXxxxxverifiedHigh
80XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxx.xxxx.xxxXxxxxverifiedHigh
81XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxx.xxxXxxxxverifiedHigh
82XXX.XXX.XX.XXxxx.xxx.xx.xx.xx.xxxxxxxxxxx.xxxXxxxxXxx-xxxx-xxxxxverifiedHigh
83XXX.XX.XX.XXxx.xxxxxxxXxxxxverifiedHigh
84XXX.XXX.XXX.XXXxxxxxxxxxxxx.xxxxxxx.xxXxxxxXxxxxxxxverifiedHigh
85XXX.XXX.XXX.XXxxxx.xxXxxxxXxxxxxxxverifiedHigh
86XXX.XXX.XXX.XXxxxxxx.xxxxxxx.xxXxxxxXxx-xxxx-xxxxxverifiedHigh
87XXX.XXX.XXX.XXxxxxxx.xxxx.xxXxxxxverifiedHigh
88XXX.XXX.XX.XXXXxxxxXxxxxxxxxxverifiedHigh
89XXX.XX.XX.XXXxxxxxxxx.xxxXxxxxXxxxxxxxxxverifiedHigh
90XXX.XX.XXX.XXXxxxxverifiedHigh
91XXX.XXX.XX.XXxxxxxxxx.xx.xxxxxxxXxxxxXxx-xxxx-xxxxxverifiedHigh
92XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxXxx-xxxx-xxxxxverifiedHigh
93XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxx.xxxXxxxxverifiedHigh
94XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxx.xxxXxxxxverifiedMedium
95XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxx.xxxXxxxxverifiedMedium
96XXX.XX.XXX.XXXXxxxxverifiedHigh
97XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxx.xxxXxxxxXxxxxxxxxxverifiedMedium

TTP - Tactics, Techniques, Procedures (26)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22, CWE-23Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-88, CWE-94Cross Site ScriptingpredictiveHigh
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5T1068CWE-264, CWE-267, CWE-269, CWE-270, CWE-271, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6T1078.001CWE-259Use of Hard-coded PasswordpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxx-xxx Xxxx Xxxxxxx XxxxpredictiveHigh
9TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
14TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
17TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXXCWE-XXXXxxxxxxx Xxxxxxxxx Xx X Xxxxxxxxxxx'x Xxxxx Xx XxxxxpredictiveHigh
19TXXXX.XXXCWE-XXXXxxxxxxxxx XxxxxxxxxpredictiveHigh
20TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
21TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
22TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
23TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
24TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
25TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
26TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (366)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/predictiveLow
2File/api/blade-log/api/listpredictiveHigh
3File/api/trackedEntityInstancespredictiveHigh
4File/application/common.php#action_logpredictiveHigh
5File/category_view.phppredictiveHigh
6File/cgi-bin/portalpredictiveHigh
7File/cgi-bin/system_mgr.cgipredictiveHigh
8File/csms/?page=contact_uspredictiveHigh
9File/debugpredictiveLow
10File/debug/pprofpredictiveMedium
11File/forum/away.phppredictiveHigh
12File/goform/PowerSaveSetpredictiveHigh
13File/include/make.phppredictiveHigh
14File/index.phppredictiveMedium
15File/jeecg-boot/sys/common/uploadpredictiveHigh
16File/lists/admin/predictiveHigh
17File/login.cgi?logout=1predictiveHigh
18File/medical/inventories.phppredictiveHigh
19File/members/view_member.phppredictiveHigh
20File/mgmt/tm/util/bashpredictiveHigh
21File/module/admin_logspredictiveHigh
22File/nova/bin/consolepredictiveHigh
23File/owa/auth/logon.aspxpredictiveHigh
24File/plesk-site-preview/predictiveHigh
25File/public/login.htmpredictiveHigh
26File/public/plugins/predictiveHigh
27File/replicationpredictiveMedium
28File/SASWebReportStudio/logonAndRender.dopredictiveHigh
29File/scas/classes/Users.php?f=save_userpredictiveHigh
30File/secure/admin/InsightDefaultCustomFieldConfig.jspapredictiveHigh
31File/secure/admin/ViewInstrumentation.jspapredictiveHigh
32File/secure/QueryComponent!Default.jspapredictiveHigh
33File/SSOPOST/metaAlias/%realm%/idpv2predictiveHigh
34File/start-stoppredictiveMedium
35File/start_apply.htmpredictiveHigh
36File/thruk/#cgi-bin/extinfo.cgi?type=2predictiveHigh
37File/tmp/app/.envpredictiveHigh
38File/uncpath/predictiveMedium
39File/uploadpredictiveLow
40File/usr/bin/pkexecpredictiveHigh
41File/v2/quantum/save-data-upload-big-filepredictiveHigh
42File/WEB-INF/web.xmlpredictiveHigh
43File/wp-admin/admin-ajax.phppredictiveHigh
44File/xx-xxxxx/xxxxxxx.xxxpredictiveHigh
45File/_xxxxpredictiveLow
46Filexxxxxxx.xxxpredictiveMedium
47Filexxxxxxx.xxxpredictiveMedium
48Filexxxxxxxx.xxxpredictiveMedium
49Filexxxxxxxxx.xxxpredictiveHigh
50Filexxxxx.xxxpredictiveMedium
51Filexxxxx.xxx/xxxxxxxx/xxxxxxxx/predictiveHigh
52Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
53Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
54Filexxxxx/xxxx/xxx-xxx/xxxxx.xxxpredictiveHigh
55Filexxxxx/xxxxx-xxxx.xxxpredictiveHigh
56Filexxxxx_xxxxx_xxxxx.xxxpredictiveHigh
57Filexxxxxxxx_xxxxxxxx_xxxxxxx.xxxpredictiveHigh
58Filexxxxxxx/xxxxxx/xxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
59Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
60Filexxx/xxpredictiveLow
61Filexxx/xxxxx/xxx.xxxpredictiveHigh
62Filexxxxxxxxxxxxxx.xxxpredictiveHigh
63Filexxxx/xxx/xxx/xxxxx.xpredictiveHigh
64Filexxxxxxxx\xxxxx.xxxpredictiveHigh
65Filexxxxxxx.xxxpredictiveMedium
66Filexxxx-xxxx.xpredictiveMedium
67Filexxxxxxx.xxxxpredictiveMedium
68Filexxxxxxx.xxpredictiveMedium
69Filexxx/xxx.xxxpredictiveMedium
70Filexxxx/xxxx.xpredictiveMedium
71Filexxxxxxxx_xxxxxxx.xxxpredictiveHigh
72Filexxxxx.xxxpredictiveMedium
73Filexxx_xxxxxxxx.xxxpredictiveHigh
74Filexxx_xxxxxx_xxxxxxxx_xxxx.xxx/xxx_xxxxxx_xxxx.xxx/xxxx_xxx_xxxxxxxx_xxxx.xxx/xxxx_xxx_xxxx.xxxpredictiveHigh
75Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxpredictiveHigh
76Filexxxxxxxxxxxxxx.xxxxxxxxxxxxxxpredictiveHigh
77Filexxx-xxx/xxxxxxx.xxpredictiveHigh
78Filexxx-xxx/xxxxx_xxx_xxxpredictiveHigh
79Filexxx-xxx/xxxxxxxxxx.xxpredictiveHigh
80Filexxx/xxxxxxpredictiveMedium
81Filexxxxxxxx.xpredictiveMedium
82Filexxx.xxxxxxx.xxxpredictiveHigh
83Filexxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
84Filexxxxxxxx_xxxxxxxxxx_xxxxxxxxxxxxxx.xxxpredictiveHigh
85Filexxxxxxx.xxxpredictiveMedium
86Filexxxxxxxxxx/xxx_xxxxx/xxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
87Filexxxx/xxxxx.xxxxxxxxpredictiveHigh
88Filexxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
89Filexxxxxxx.xxxpredictiveMedium
90Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxxpredictiveHigh
91Filexxxxxxxxxx.xxxpredictiveHigh
92Filexxxxxx/xxxxxxx.xxpredictiveHigh
93Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
94Filexx_xxxxxxxxxxxxxx.xxxpredictiveHigh
95Filexxxxxxx.xxxpredictiveMedium
96Filexxxxxxxxx.xxxpredictiveHigh
97Filexxxxxx-xxxxxxxx.xxxpredictiveHigh
98Filexxxxxx.xxxpredictiveMedium
99Filexxxxxxx.xxxpredictiveMedium
100Filexxxx.xxx?xxx=xxxxpredictiveHigh
101Filexxxxxxx/xxx/xxxxxxxx/xxxxx.xpredictiveHigh
102Filexxxx.xxxpredictiveMedium
103Filexxxxxxxx.xxxpredictiveMedium
104Filexxxxx.xxxpredictiveMedium
105Filexxxxx_xxxx.xxxpredictiveHigh
106Filexxxx.xxxpredictiveMedium
107Filexxx/xxxx/xxxx.xpredictiveHigh
108Filexxxxx.xxxpredictiveMedium
109Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
110Filexx-xxxxxxx-xxxxxxxxxx.xpredictiveHigh
111Filexxxxxxx.xxxpredictiveMedium
112Filexxx.xxxpredictiveLow
113Filexx-xxxxxxx/xxxxxxxpredictiveHigh
114Filexxxxxx/xxxxxxxxxxxxpredictiveHigh
115Filexxxx.xxxpredictiveMedium
116Filexxxxx_xxxxxxxx.xxxpredictiveHigh
117Filexxx_xx_xxxxx.xxxpredictiveHigh
118Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
119Filexxxx_xxxx.xpredictiveMedium
120Filexxxxxx_xxxxx_xxxxxxx.xpredictiveHigh
121Filexxxxx/xxxxxxxxxxxxxxpredictiveHigh
122Filexxx/xxxxxx.xxxpredictiveHigh
123Filexxxxxxxx/xxxxxxxx.xxxpredictiveHigh
124Filexxxxx.xpredictiveLow
125Filexxxxx.xxxxpredictiveMedium
126Filexxxxx.xxxpredictiveMedium
127Filexxxxxxx_xx.xxxpredictiveHigh
128Filexxxxxxxx.xxxpredictiveMedium
129Filexxxxxxxx/xx/xxxx.xxpredictiveHigh
130Filexxxx_xxxx.xxxpredictiveHigh
131Filexxxx_xxxx.xxxpredictiveHigh
132Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveHigh
133FilexxxxxxxpredictiveLow
134Filexxxxxxxxxx/xxx_xxxx.xpredictiveHigh
135Filexxxxxxx/xxxxx.xpredictiveHigh
136Filexxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
137Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
138Filexxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxxpredictiveHigh
139Filexxxxxx.xxpredictiveMedium
140Filexxxxx/xxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveHigh
141Filexxxxx.xxxpredictiveMedium
142Filexxxxx.xxxxpredictiveMedium
143Filexxxxxxxx.xpredictiveMedium
144Filexxxx_xxxxx.xxxpredictiveHigh
145Filexxxxxx/xxxx_xxxxxxxxxxx.xxxpredictiveHigh
146Filexxxxxxxx.xxpredictiveMedium
147Filexxx_xxxxx.xxxpredictiveHigh
148Filexxxxxxxxx/xxxx-xxxxpredictiveHigh
149Filexxxxxxxxx.xxxpredictiveHigh
150Filexxxxxxxx.xxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxpredictiveHigh
151Filexxx/xxxxxpredictiveMedium
152Filexxx/xxx_xxxxx/xx_xxxxx.xpredictiveHigh
153Filexxxxxxxx.xpredictiveMedium
154Filexxxxxxxxxxx.xxpredictiveHigh
155Filexxx/xxxxxx_xxxx.xxxpredictiveHigh
156Filexxxxxxx.xxxpredictiveMedium
157Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
158Filexxxxxxx/xxx/xxxxxxx/xxxxxx/xxxx-xxxxxxxxxx/<xxxxxx>/xx.xxxpredictiveHigh
159Filexxxxxxxxx.xxxpredictiveHigh
160Filexxxxx/xxxxxxx.xpredictiveHigh
161Filexxxxx.xxxpredictiveMedium
162Filexxxxxxxx.xxxpredictiveMedium
163Filexxxxx.xpredictiveLow
164Filexxxxx.xxxpredictiveMedium
165Filexxxxxxx.xxxpredictiveMedium
166Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
167Filexxxxxxxxxxxxxx.xxxpredictiveHigh
168Filexxxxxxxxx.xxxpredictiveHigh
169Filexxxxxxxx.xxxpredictiveMedium
170Filexxxxxxx.xpredictiveMedium
171Filexxxxx_xxxxx.xxxpredictiveHigh
172Filexxxxx_xxxxxx_xxx.xxxpredictiveHigh
173Filexxxx.xxxpredictiveMedium
174Filexxxxxxx.xxxpredictiveMedium
175Filexxxxx.xxxpredictiveMedium
176Filexxxxxxxx.xxxpredictiveMedium
177Filexxxxxxxxxx.xxxpredictiveHigh
178Filexxxxx-xxxx/xxxxx-xxxxx-xxxx.xxxpredictiveHigh
179Filexxxxxxxx.xxxpredictiveMedium
180Filexxxxxxxx_xxxx.xxxpredictiveHigh
181Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
182Filexxx.xxxpredictiveLow
183Filexxxx_xxx_xx.xpredictiveHigh
184Filexxx_xxxx.xpredictiveMedium
185Filexxxx.xpredictiveLow
186Filexxxxxxxxx/xxxxxx.xpredictiveHigh
187Filexxxxxx_xxxxxx.xxxpredictiveHigh
188Filexxxxxx.xxxpredictiveMedium
189Filexxxx_xxxxxxxxx.xxxpredictiveHigh
190Filexxxx-xxxxxx.xpredictiveHigh
191Filexxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
192Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
193Filexxxxxxxx.xxxpredictiveMedium
194Filexxxxxxxxx.xxxpredictiveHigh
195Filexxx-xxxxxxxxx.xpredictiveHigh
196Filexxx/xxxxxxx.xpredictiveHigh
197Filexxxxxxx/xxxxxxxx.xpredictiveHigh
198Filexxx_xxxxx.xxxpredictiveHigh
199Filexxx.xxxpredictiveLow
200Filexxx_xxxxxx.xxxpredictiveHigh
201Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
202Filexxxxxxxx.xxxxx.xxxpredictiveHigh
203Filexxxx.xxxpredictiveMedium
204Filexxxxx/xxxxxxx/xxxxxx/xxxx_xxxx_xxxxxx.xxxpredictiveHigh
205Filexxx-xxxxxxx-xxx.xxpredictiveHigh
206Filexxx.xpredictiveLow
207Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
208Filexxxxxxx.xxx/xxxxxxx.xxxxxxxxxxxx/xxxxxxx/xxxxxxxxx/xxxxxxxxx.xxxx.xxpredictiveHigh
209Filexxxxxxxx-x.xpredictiveMedium
210Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
211Filexxxxxxx.xxxpredictiveMedium
212Filexxxxx/xxxxxxx/xxxxxxxx/xxxxx.xxx.xxxxpredictiveHigh
213Filexxx_xxx.xxxxpredictiveMedium
214Filexxx/xxxxxxx/xxxxxxx/xxxxxxxxxx?xx=xpredictiveHigh
215Filexx-xxxxx/xxxxx-xxxx.xxx?xxxxxx=xxxxxxxxxxx_xxxxxxxxxxxxxxpredictiveHigh
216Filexx-xxxxxx.xxxpredictiveHigh
217Filexx/xx/xxxxxpredictiveMedium
218Filexxxxxxxxxx.xxxpredictiveHigh
219Filexxxx.xxpredictiveLow
220Filexxxxxx.xxx?xxxxxx=xxxxxxxxx.xxxx&xxxxxxxxxxx=xpredictiveHigh
221Filexxxx/xxxx_xxx_xxxxxx.xpredictiveHigh
222Libraryxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
223Libraryxxxxxxxxxxx.xxxpredictiveHigh
224Libraryxxx/xxxxxxxx.xxpredictiveHigh
225Libraryxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxx.xpredictiveHigh
226Libraryxxxxxxxxx.x.x.xxx.xxxpredictiveHigh
227Libraryxxxxxxxx.xxxpredictiveMedium
228Libraryxxxxxxxxx.xxxpredictiveHigh
229Libraryxxx.xxxpredictiveLow
230Argument$xxxxxxxxxx['xxx']predictiveHigh
231Argument$_xxxx['xxx_xxxx_xxxxxx']predictiveHigh
232Argument-xpredictiveLow
233Argument-xpredictiveLow
234Argument.xxx.x.x.x.x.x.xx.x.x.x.x.x.x.x.x.x.x.xpredictiveHigh
235ArgumentxxxxxxpredictiveLow
236Argumentxxx_xxxxpredictiveMedium
237ArgumentxxxxxxpredictiveLow
238ArgumentxxxpredictiveLow
239Argumentxxx_xxxpredictiveLow
240Argumentxxx_xxxpredictiveLow
241ArgumentxxxxxpredictiveLow
242ArgumentxxxpredictiveLow
243Argumentxxx/xxxxpredictiveMedium
244ArgumentxxxxxxxxpredictiveMedium
245Argumentxxxxxxxxx xx xxxxxxxpredictiveHigh
246ArgumentxxxxxxpredictiveLow
247ArgumentxxxxxxxxpredictiveMedium
248ArgumentxxxxxpredictiveLow
249Argumentxxx_xxpredictiveLow
250Argumentxxx_xxxxpredictiveMedium
251ArgumentxxxpredictiveLow
252ArgumentxxxxxxxxpredictiveMedium
253ArgumentxxxxxxxxpredictiveMedium
254ArgumentxxxxxxxxxpredictiveMedium
255ArgumentxxxpredictiveLow
256Argumentxxxx_xxpredictiveLow
257ArgumentxxxxxpredictiveLow
258ArgumentxxxxxxpredictiveLow
259ArgumentxxxxxxxpredictiveLow
260Argumentxxxxxxx-xxxxxxpredictiveHigh
261ArgumentxxxxxxpredictiveLow
262Argumentxxxx/xxxxpredictiveMedium
263ArgumentxxxxxxxxxxxxxxpredictiveHigh
264ArgumentxxxxpredictiveLow
265ArgumentxxxxxxxxxxpredictiveMedium
266ArgumentxxxxxxxxxxxxxpredictiveHigh
267Argumentxxxxxxxxxxxx_xxxx_xxxx[x]predictiveHigh
268ArgumentxxxxxxxxpredictiveMedium
269ArgumentxxxxxxxpredictiveLow
270ArgumentxxxxxxpredictiveLow
271Argumentxx_xxxxxpredictiveMedium
272ArgumentxxxxpredictiveLow
273ArgumentxxxxxxxxpredictiveMedium
274Argumentxxxxx xxxxpredictiveMedium
275Argumentxx_xxpredictiveLow
276Argumentxxxx xxxxpredictiveMedium
277Argumentx_xxpredictiveLow
278Argumentxxxxxxx[xxxxxxxx_xxxx]predictiveHigh
279ArgumentxxxxpredictiveLow
280ArgumentxxxxpredictiveLow
281ArgumentxxxxxxxxxpredictiveMedium
282ArgumentxxxxpredictiveLow
283Argumentxxxx/xxxxxxpredictiveMedium
284Argumentxxxx/xxxxxxx/xxxxxxxpredictiveHigh
285ArgumentxxxxxxxxpredictiveMedium
286ArgumentxxxxpredictiveLow
287Argumentxxxx_xxxxxxpredictiveMedium
288ArgumentxxpredictiveLow
289ArgumentxxxxxpredictiveLow
290ArgumentxxxpredictiveLow
291ArgumentxxxxxxxpredictiveLow
292ArgumentxxxxxpredictiveLow
293ArgumentxxxxpredictiveLow
294Argumentxxxx_xxpredictiveLow
295ArgumentxxxpredictiveLow
296Argumentxxxxxx_xxpredictiveMedium
297Argumentxxxxxxxxx/xxxxxxxxxpredictiveHigh
298ArgumentxxxxxxxxxxxxpredictiveMedium
299ArgumentxxxxxxxxpredictiveMedium
300ArgumentxxxxpredictiveLow
301Argumentxxx_xxx_xxpredictiveMedium
302ArgumentxxxxxpredictiveLow
303ArgumentxxxxxpredictiveLow
304Argumentxxxxxx xxxxxxpredictiveHigh
305ArgumentxxpredictiveLow
306ArgumentxxxxxxxxxxxpredictiveMedium
307ArgumentxxxxpredictiveLow
308Argumentxxxxxx[xxxxxxxx]predictiveHigh
309ArgumentxxxxxxxxpredictiveMedium
310ArgumentxxxxxxxxpredictiveMedium
311ArgumentxxxxpredictiveLow
312ArgumentxxxxxpredictiveLow
313Argumentxxxxx_xxxx_xxxxpredictiveHigh
314ArgumentxxxxxxxpredictiveLow
315Argumentxxxx_xxpredictiveLow
316ArgumentxxxxxpredictiveLow
317ArgumentxxxxxxxxxxpredictiveMedium
318Argumentxxxxxxxx_xxxxxxxpredictiveHigh
319Argumentxxxxxx_xxxxpredictiveMedium
320ArgumentxxxxxxxxpredictiveMedium
321ArgumentxxxxxxpredictiveLow
322ArgumentxxxxxxxxxxxpredictiveMedium
323Argumentxxxxxx_xxxxxxx_xxxxxxxxx_xxxx/xxxxxx_xxxxxxx_xxxxxxx_xxxxpredictiveHigh
324Argumentxxxxxx/xxxxxx/xxxpredictiveHigh
325ArgumentxxxxxxpredictiveLow
326Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
327ArgumentxxxpredictiveLow
328ArgumentxxxxpredictiveLow
329ArgumentxxxxxxxxxpredictiveMedium
330Argumentxxx_xxxxxpredictiveMedium
331ArgumentxxxxpredictiveLow
332ArgumentxxxxxxxxpredictiveMedium
333Argumentxxxxxxxxxxx[x][x]predictiveHigh
334Argumentx:xxxxxxxxpredictiveMedium
335Argumentxxxxx_xxxxxxpredictiveMedium
336ArgumentxxxxxxxpredictiveLow
337ArgumentxxxxxxpredictiveLow
338ArgumentxxxpredictiveLow
339ArgumentxxxpredictiveLow
340ArgumentxxxxxpredictiveLow
341Argumentxxxxxx/xxxxxxxx/xxxx/xxxpredictiveHigh
342Argumentxxxxxxxx-xxxxxxxxpredictiveHigh
343ArgumentxxxpredictiveLow
344ArgumentxxxpredictiveLow
345ArgumentxxxpredictiveLow
346ArgumentxxxxpredictiveLow
347Argumentxxxxxxxxx_xxpredictiveMedium
348ArgumentxxxxxxxxpredictiveMedium
349ArgumentxxxxxxxxpredictiveMedium
350Argumentxxxxxxxx_xxxxxxx_xxpredictiveHigh
351ArgumentxxxxxxxxxxpredictiveMedium
352Argumentx-xxxxxxxxx-xxxxxxpredictiveHigh
353Argumentx_xx_xxxxxxxxxxxxxxxxxxxpredictiveHigh
354Argument\xxxxxx\predictiveMedium
355Argument_xxx_xxxxxxxxxxx_predictiveHigh
356Input Value%xxpredictiveLow
357Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
358Input Value(|)(\\x\\x)*predictiveMedium
359Input Value../predictiveLow
360Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
361Input Value</xxxxxx><xx>xxx/* </xxxxxx><x xxxx=xxx.xxx>predictiveHigh
362Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
363Network PortxxxxxpredictiveLow
364Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh
365Network Portxxx/xxxx (xx-xxx)predictiveHigh
366Network Portxxx/xxx, xxx/xxx, xxx/xxxx, xxx/xxxxpredictiveHigh

References (15)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!