APT41 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (178)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en154
ru8
zh4
es4
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA92
RU: Russia30
CN: China26
GB: Great Britain8
TR: Turkey2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

APT414
Meterpreter2
RedLine Stealer2
Tofsee1
JAFF1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined62
Content Management System12
Operating System8
Web Server8
Application Server Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined48
SourceCodester10
Microsoft10
Fortinet8
Apache6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft IIS6
SourceCodester Simple Cold Storage Management Syst ...4
Linux Kernel4
Fortinet FortiOS4
Fortinet FortiTester4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013022.18CVE-2007-0354
2Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.19CVE-2009-4935
3LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.11
4FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.002030.53CVE-2008-5928
5OpenX adclick.php redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.004400.10CVE-2014-2230
6vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001060.04CVE-2018-6200
7Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.04CVE-2008-2052
8Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.49
9HP Router/Switch SNMP information disclosure3.73.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.002850.03CVE-2012-3268
10Esoftpro Online Guestbook Pro ogp_show.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.002090.04CVE-2009-2441
11Apache Struts ExceptionDelegator input validation8.88.4$5k-$25k$0-$5kHighOfficial Fix0.308380.04CVE-2012-0391
12DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.73CVE-2010-0966
13Vunet VU Web Visitor Analyst redir.asp sql injection7.37.1$0-$5k$0-$5kHighWorkaround0.001190.10CVE-2010-2338
14Schneider Electric Vijeo Designer path traversal5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002760.00CVE-2021-22704
15Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009364.55CVE-2020-15906
16Hscripts PHP File Browser Script index.php path traversal5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.001510.00CVE-2018-16549
17Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.15CVE-2014-4078
18Microsoft Windows Win32k Privilege Escalation8.37.8$25k-$100k$0-$5kHighOfficial Fix0.000950.16CVE-2021-40449
19Sphinx missing authentication7.47.3$0-$5k$0-$5kNot DefinedWorkaround0.010380.04CVE-2019-14511
20vsftpd deny_file unknown vulnerability3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.002610.10CVE-2015-1419

Campaigns (6)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (159)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
13.1.206.135ec2-3-1-206-135.ap-southeast-1.compute.amazonaws.comAPT4106/17/2024verifiedHigh
25.183.101.21bestofgy.co.ukAPT41MoonBounce01/21/2022verifiedMedium
35.183.101.114APT41MoonBounce01/21/2022verifiedMedium
45.183.103.122APT41MoonBounce01/21/2022verifiedMedium
55.188.93.132gcorelabs.paris.vpn015APT41MoonBounce01/21/2022verifiedLow
65.188.108.22pol1.htjsq.comAPT41MoonBounce01/21/2022verifiedMedium
75.188.108.228xc5.exclusivacondominios.comAPT41MoonBounce01/21/2022verifiedMedium
85.189.222.33spain466.esAPT41MoonBounce01/21/2022verifiedMedium
98.209.255.168APT4106/17/2024verifiedVery High
108.218.156.56APT4106/17/2024verifiedVery High
1113.250.182.175ec2-13-250-182-175.ap-southeast-1.compute.amazonaws.comAPT4106/17/2024verifiedHigh
1216.162.24.214ec2-16-162-24-214.ap-east-1.compute.amazonaws.comAPT4106/17/2024verifiedHigh
1318.118.56.237ec2-18-118-56-237.us-east-2.compute.amazonaws.comAPT41CVE-2021-4420703/11/2022verifiedLow
1418.143.183.217ec2-18-143-183-217.ap-southeast-1.compute.amazonaws.comAPT4106/17/2024verifiedHigh
1518.163.182.3ec2-18-163-182-3.ap-east-1.compute.amazonaws.comAPT4106/17/2024verifiedHigh
1620.121.42.11APT41CVE-2021-4420703/11/2022verifiedMedium
1723.67.95.153a23-67-95-153.deploy.static.akamaitechnologies.comAPT4110/06/2021verifiedMedium
1823.133.5.48APT4106/17/2024verifiedVery High
1923.225.199.162APT4106/17/2024verifiedVery High
2023.225.199.164APT4106/17/2024verifiedVery High
2123.225.199.165APT4106/17/2024verifiedVery High
2227.102.114.105APT4106/17/2024verifiedVery High
2327.124.37.62APT4106/17/2024verifiedVery High
2427.124.37.63APT4106/17/2024verifiedVery High
2527.124.37.65APT4106/17/2024verifiedVery High
2634.139.13.4646.13.139.34.bc.googleusercontent.comAPT41CVE-2021-4420703/11/2022verifiedLow
2736.255.220.179APT4106/17/2024verifiedVery High
2839.106.32.186APT4106/17/2024verifiedVery High
2943.229.155.38APT4106/17/2024verifiedVery High
3043.229.155.39APT4106/17/2024verifiedVery High
3143.229.155.40APT4106/17/2024verifiedVery High
3243.229.155.41APT4106/17/2024verifiedVery High
33XX.XXX.XXX.XXXxxxx06/17/2024verifiedVery High
34XX.XXX.XXX.XXXXxxxx12/23/2020verifiedLow
35XX.XX.XXX.XXXXxxxxXxxxxxxx04/18/2022verifiedMedium
36XX.XX.X.XXXxx.xx.x.xxx.xxxxx.xxxXxxxx05/31/2021verifiedVery Low
37XX.XX.XX.XXXxx.xx.xx.xxx.xxxxx.xxxXxxxx05/31/2021verifiedVery Low
38XX.XX.XXX.XXXxxxxxxx.xxxxxxx.xxxxXxxxx06/17/2024verifiedHigh
39XX.XX.XX.XXXxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxx06/17/2024verifiedHigh
40XX.XX.X.XXXxxxxxxxx.xx.xxxxxxxXxxxxXxx-xxxx-xxxxx03/11/2022verifiedLow
41XX.XXX.XXX.XXxxxxXxxxxxxxxx01/21/2022verifiedMedium
42XX.XXX.XXX.XXXxxxxXxxxxxxxxx01/21/2022verifiedMedium
43XX.XXX.XXX.XXxxxx.xxxxxxxxxxx.xxXxxxx09/14/2021verifiedMedium
44XX.XXX.XXX.XXxxxxxxx.xxxxxXxxxxXxx-xxxx-xxxxx03/11/2022verifiedMedium
45XX.XXX.XXX.XXXxxxx06/17/2024verifiedVery High
46XX.XX.XX.XXXxxxxXxxxxxxx10/29/2023verifiedVery High
47XX.XX.XX.XXXxxx-xx-xx-xx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxXxx-xxxx-xxxxx03/11/2022verifiedLow
48XX.XX.XX.XXXxxx-xx-xx-xx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxx06/17/2024verifiedHigh
49XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxxxxxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxXxx-xxxx-xxxxx03/11/2022verifiedLow
50XX.XX.XX.XXXxxxx12/23/2020verifiedLow
51XX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxxxxxx.xx.xxXxxxx12/23/2020verifiedVery Low
52XX.XX.XX.XXXxx.xx.xx.xxx.xxxxx.xxxXxxxx05/31/2021verifiedVery Low
53XX.XX.XX.XXXxx.xx.xx.xxx.xxxxx.xxxXxxxxXxx-xxxx-xxxxx12/12/2020verifiedVery Low
54XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxx.xxxXxxxx05/31/2021verifiedVery Low
55XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxx.xxxXxxxx05/31/2021verifiedVery Low
56XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxx.xxxXxxxx05/31/2021verifiedVery Low
57XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxxx.xxxxx.xxxXxxxx12/23/2020verifiedLow
58XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxxx.xxxxx.xxxXxxxx12/23/2020verifiedLow
59XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxxx.xxxxx.xxxXxxxx12/23/2020verifiedLow
60XX.XXX.XXX.XXXXxxxxXxx-xxxx-xxxxx03/11/2022verifiedMedium
61XX.XX.XXX.XXxx.xx.xxx.xx.xxxxx.xxxXxxxxXxxxxxxxxx01/21/2022verifiedLow
62XX.XX.XXX.Xxx.xx.xxx.x.xxxxxxxx.xxxXxxxx12/15/2020verifiedVery Low
63XX.XXX.XXX.XXxx-xxxxx.xxxXxxxx12/15/2020verifiedLow
64XX.XX.XXX.XXXxxxxxxx-x-xx.xxxXxxxxXxxxxxxxxx01/21/2022verifiedMedium
65XX.XXX.XXX.XXXxxxxxxxxxxxxxxxxxxxxxxx.xxxXxxxxXxxxxxxxxx01/21/2022verifiedMedium
66XXX.XX.X.XXxxx.xx.x.xx.xxxxxx.xxxx.xxxXxxxx05/31/2021verifiedLow
67XXX.XX.X.XXXxxx.xx.x.xxx.xxxxxx.xxxx.xxxXxxxx05/31/2021verifiedLow
68XXX.XX.XXX.XXXXxxxxXxxxxxxx10/29/2023verifiedVery High
69XXX.XX.XX.XXXXxxxx06/17/2024verifiedVery High
70XXX.XX.XX.XXXxxxx07/21/2023verifiedVery High
71XXX.XX.XX.XXXxxxx06/17/2024verifiedVery High
72XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxxx05/31/2021verifiedLow
73XXX.XXX.XX.XXXxxxx05/31/2021verifiedLow
74XXX.XXX.XXX.XXXxxxx06/17/2024verifiedVery High
75XXX.XXX.XXX.XXXxxxxXxx-xxxx-xxxxx03/11/2022verifiedMedium
76XXX.XXX.XX.XXXxxxx06/17/2024verifiedVery High
77XXX.XXX.XX.XXXxxxx06/17/2024verifiedVery High
78XXX.XX.XX.XXxxxx05/24/2024verifiedHigh
79XXX.XX.X.XXXXxxxxXxx-xxxx-xxxxx03/11/2022verifiedMedium
80XXX.XX.X.XXXXxxxxXxx-xxxx-xxxxx03/11/2022verifiedMedium
81XXX.XX.XX.XXxxxx05/24/2024verifiedHigh
82XXX.XX.XX.XXxxxx05/24/2024verifiedHigh
83XXX.XX.XXX.XXXXxxxx10/06/2021verifiedMedium
84XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxx.xxxXxxxx05/31/2021verifiedVery Low
85XXX.XX.XXX.XXXxxxx06/17/2024verifiedVery High
86XXX.XX.XXX.XXXxxxx06/17/2024verifiedVery High
87XXX.XXX.XXX.XXxxx-xxx-xxx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxXxx-xxxx-xxxxx03/11/2022verifiedMedium
88XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx05/31/2021verifiedLow
89XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxx.xxxXxxxx05/31/2021verifiedVery Low
90XXX.XX.XXX.XXXXxxxx05/31/2021verifiedLow
91XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xx.xxxxxx.xxxxxxxx.xxxXxxxx12/21/2020verifiedLow
92XXX.XXX.XXX.XXXxxxx06/17/2024verifiedVery High
93XXX.XXX.XXX.XXXxxxx06/17/2024verifiedVery High
94XXX.XXX.XXX.XXXxxxx06/17/2024verifiedVery High
95XXX.XXX.XXX.XXXxxxx06/17/2024verifiedVery High
96XXX.XXX.X.XXXxxxx07/21/2023verifiedVery High
97XXX.XX.XXX.XXxxxx05/31/2021verifiedLow
98XXX.XX.XXX.XXXxxxx05/31/2021verifiedLow
99XXX.XXX.XX.XXXXxxxx07/21/2023verifiedVery High
100XXX.XXX.XXX.XXXXxxxx05/31/2021verifiedLow
101XXX.X.XXX.XXXxxx-xxx-x-xxx-xxx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxx06/17/2024verifiedHigh
102XXX.XX.XXX.XXXxxxx07/21/2023verifiedVery High
103XXX.XXX.XXX.XXXxxxx07/21/2023verifiedVery High
104XXX.XX.XXX.XXXXxxxx05/31/2021verifiedLow
105XXX.XXX.XXX.XXXXxxxx06/17/2024verifiedVery High
106XXX.XXX.XXX.XXXxxx-xxx-xxxxx.xx.xxxxxx.xx.xxXxxxx12/23/2020verifiedLow
107XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxx.xxxXxxxxXxxxxxxxxx01/21/2022verifiedLow
108XXX.XXX.XXX.XXXxxxx06/17/2024verifiedVery High
109XXX.XX.XXX.XXxxxx06/17/2024verifiedHigh
110XXX.XXX.XX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxx12/23/2020verifiedLow
111XXX.XXX.XXX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxx06/11/2021verifiedLow
112XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxx.xxxXxxxx10/06/2021verifiedLow
113XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxx.xxxXxxxxXxx-xxxx-xxxxx03/11/2022verifiedLow
114XXX.XX.XX.XXxxxxxxxx.xxxxxxxxx.xxxXxxxx05/31/2021verifiedLow
115XXX.XX.XX.XXxxx.xx.xx.xx.xxxxx.xxxXxxxx10/06/2021verifiedLow
116XXX.XX.XX.XXxxx.xx.xx.xx.xxxxx.xxxXxxxx05/31/2021verifiedVery Low
117XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxXxxxxxxx04/18/2022verifiedLow
118XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxx.xxxXxxxx05/31/2021verifiedVery Low
119XXX.XXX.X.XXXXxxxx05/31/2021verifiedLow
120XXX.XXX.XXX.XXXXxxxx06/17/2024verifiedVery High
121XXX.XXX.XXX.XXXXxxxx05/31/2021verifiedLow
122XXX.XXX.XXX.XXXXxxxx12/21/2020verifiedLow
123XXX.XXX.X.XXXXxxxx06/17/2024verifiedVery High
124XXX.XX.XXX.XXXxxxx-xxxxxx.xxxXxxxx12/23/2020verifiedLow
125XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxxx.xxxXxxxx06/11/2021verifiedLow
126XXX.XX.XXX.XXXXxxxx05/31/2021verifiedLow
127XXX.XXX.X.XXxxxx05/31/2021verifiedLow
128XXX.XX.XXX.XXxxxx05/24/2024verifiedHigh
129XXX.XXX.XXX.XXxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxx-xxxx-xxxxx03/11/2022verifiedMedium
130XXX.XXX.XX.XXxxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxxXxxxxxxxxx01/21/2022verifiedMedium
131XXX.XXX.XXX.XXXXxxxxXxxxxxxxxx01/21/2022verifiedMedium
132XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxx.xxxx.xxxXxxxx12/23/2020verifiedLow
133XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxx.xxxx.xxxXxxxx12/23/2020verifiedLow
134XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxx.xxxx.xxxXxxxx12/23/2020verifiedLow
135XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxx.xxxXxxxx05/31/2021verifiedVery Low
136XXX.XXX.XX.XXxxx.xxx.xx.xx.xx.xxxxxxxxxxx.xxxXxxxxXxx-xxxx-xxxxx03/11/2022verifiedMedium
137XXX.XX.XX.XXxx.xxxxxxxXxxxx10/06/2021verifiedMedium
138XXX.XXX.XXX.XXXxxxxxxxxxxxx.xxxxxxx.xxXxxxxXxxxxxxx04/18/2022verifiedMedium
139XXX.XXX.XXX.XXxxxx.xxXxxxxXxxxxxxx04/18/2022verifiedMedium
140XXX.XXX.XXX.XXxxxxxx.xxxxxxx.xxXxxxxXxx-xxxx-xxxxx03/11/2022verifiedMedium
141XXX.XXX.XXX.XXxxxxxx.xxxx.xxXxxxx12/21/2020verifiedLow
142XXX.XXX.XX.XXXXxxxxXxxxxxxxxx01/21/2022verifiedMedium
143XXX.XX.XXX.XXXXxxxx06/17/2024verifiedVery High
144XXX.XX.XX.XXXxxxxxxxx.xxxXxxxxXxxxxxxxxx01/21/2022verifiedMedium
145XXX.XX.XXX.XXXxxxx10/06/2021verifiedMedium
146XXX.XXX.XXX.XXXXxxxx06/17/2024verifiedVery High
147XXX.XXX.XXX.XXXxxxx06/17/2024verifiedVery High
148XXX.XXX.XXX.XXXXxxxx06/17/2024verifiedVery High
149XXX.XXX.XX.XXxxxxxxxx.xx.xxxxxxxXxxxxXxx-xxxx-xxxxx03/11/2022verifiedLow
150XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxXxx-xxxx-xxxxx03/11/2022verifiedLow
151XXX.XX.XXX.XXXXxxxx06/17/2024verifiedVery High
152XXX.XX.XXX.XXXXxxxx06/17/2024verifiedVery High
153XXX.XX.XXX.XXXXxxxx06/17/2024verifiedVery High
154XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxx06/17/2024verifiedHigh
155XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxx.xxxXxxxx12/21/2020verifiedLow
156XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxx.xxxXxxxx05/31/2021verifiedVery Low
157XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxx.xxxXxxxx05/31/2021verifiedVery Low
158XXX.XX.XXX.XXXXxxxx12/21/2020verifiedLow
159XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxx.xxxXxxxxXxxxxxxxxx01/21/2022verifiedLow

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94, CWE-1321Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-120CWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx XxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-59CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (93)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/csms/?page=contact_uspredictiveHigh
2File/forum/away.phppredictiveHigh
3File/goform/PowerSaveSetpredictiveHigh
4File/index.phppredictiveMedium
5File/members/view_member.phppredictiveHigh
6File/mhds/clinic/view_details.phppredictiveHigh
7File/out.phppredictiveMedium
8File/owa/auth/logon.aspxpredictiveHigh
9File/rest/api/latest/projectvalidate/keypredictiveHigh
10File/SSOPOST/metaAlias/%realm%/idpv2predictiveHigh
11File/uncpath/predictiveMedium
12Fileadclick.phppredictiveMedium
13Filexxxxxxxxx.xxxpredictiveHigh
14Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
15Filexxxxx/xxxxx.xxxpredictiveHigh
16Filexxxxx/xxxxx-xxxx.xxxpredictiveHigh
17Filexxxxxxx.xxxpredictiveMedium
18Filexxx/xxx.xxxpredictiveMedium
19Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxxpredictiveHigh
20Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
21Filexxxxxxxx.xxxpredictiveMedium
22Filexxxxx.xxxpredictiveMedium
23Filexxx/xxxxx/xxxxxxxxxx/xxxxx.xxxxpredictiveHigh
24Filexxxx.xxxpredictiveMedium
25Filexxx/xxxx/xxxx.xpredictiveHigh
26Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
27Filexxx.xxxpredictiveLow
28Filexxxx.xxxpredictiveMedium
29Filexxxxx.xxxxpredictiveMedium
30Filexxx/xxxxxx.xxxpredictiveHigh
31Filexxxxx.xxxpredictiveMedium
32Filexxxxxxxx/xx/xxxx.xxpredictiveHigh
33Filexxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxxpredictiveHigh
34Filexxxxx.xxxpredictiveMedium
35Filexxx/xxxxxpredictiveMedium
36Filexxx_xxxx.xxxpredictiveMedium
37Filexxx/xxxxxx_xxxx.xxxpredictiveHigh
38Filexxx_xx_xx_xxxxxxxx.xxxpredictiveHigh
39Filexxxxxxxxx.xxxpredictiveHigh
40Filexxxxxxxx.xxxpredictiveMedium
41Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
42Filexxxxxxx.xpredictiveMedium
43Filexxxx.xxxpredictiveMedium
44Filexxxxx.xxxpredictiveMedium
45Filexxxxx.xxxpredictiveMedium
46Filexxxxxxxx.xxxpredictiveMedium
47Filexxxxxxxxxx.xxxpredictiveHigh
48Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
49Filexxx_xxxxx.xxxpredictiveHigh
50Filexxxx.xxxpredictiveMedium
51Filexxxx-xxxxx.xxxpredictiveHigh
52Filexxx.xpredictiveLow
53Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
54Libraryxxx/xxxxxx.xpredictiveMedium
55ArgumentxxxxxxxxpredictiveMedium
56ArgumentxxxxxxxxpredictiveMedium
57Argumentxxx_xxpredictiveLow
58Argumentxxx_xxxxpredictiveMedium
59ArgumentxxxxxxxxxpredictiveMedium
60Argumentxxxxxxx-xxxxxxpredictiveHigh
61ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
62ArgumentxxxxpredictiveLow
63ArgumentxxxxxxxpredictiveLow
64ArgumentxxxxxxxxpredictiveMedium
65ArgumentxxxxxpredictiveLow
66ArgumentxxxxpredictiveLow
67Argumentxxxxx xxxxpredictiveMedium
68Argumentxx_xxpredictiveLow
69ArgumentxxxxpredictiveLow
70ArgumentxxxxpredictiveLow
71ArgumentxxpredictiveLow
72ArgumentxxxxpredictiveLow
73ArgumentxxxpredictiveLow
74ArgumentxxxxpredictiveLow
75ArgumentxxxxxxxpredictiveLow
76ArgumentxxxxxxxxpredictiveMedium
77ArgumentxxxxpredictiveLow
78ArgumentxxxxxxxpredictiveLow
79Argumentxxxx_xxpredictiveLow
80ArgumentxxxxxxxxpredictiveMedium
81ArgumentxxxxxxpredictiveLow
82ArgumentxxxxxxxxxxxpredictiveMedium
83ArgumentxxxpredictiveLow
84ArgumentxxxpredictiveLow
85ArgumentxxxxxpredictiveLow
86ArgumentxxxpredictiveLow
87ArgumentxxxpredictiveLow
88ArgumentxxxxxxxxpredictiveMedium
89ArgumentxxxxxpredictiveLow
90Argumentx-xxxxxxxxx-xxxxxxpredictiveHigh
91Input Value../predictiveLow
92Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
93Network Portxxx/xxx (xxxx)predictiveHigh

References (19)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!