Arid Viper Analysis

IOB - Indicator of Behavior (400)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en356
ru22
de8
pl6
fr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us344
ru22
de14
pl6
ir4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

nginx6
PHP4
Node.js2
Cisco IOS XR2
Joomla CMS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.08CVE-2019-7550
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
3DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.99CVE-2010-0966
4Dreaxteam Xt-News add_comment.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.005990.07CVE-2006-6746
5Enigma2 Coppermine Bridge e2_header.inc.php file inclusion9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.100260.00CVE-2006-6864
6IBM WebSphere Service Registry/Repository Access Restriction access control4.34.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.001620.05CVE-2014-6160
7Big Webmaster Big Webmaster Guestbook Script addguest.cgi cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.006150.04CVE-2006-2231
8LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.57
9Joomla CMS remember.php input validation5.44.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030440.00CVE-2013-3242
10Joomla CMS Media Manager path traversal8.58.2$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.749220.05CVE-2019-10945
11Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.48
12Apple macOS certificate validation5.65.4$5k-$25k$0-$5kHighOfficial Fix0.021810.00CVE-2023-41991
13Oracle Java SE JSSE unknown vulnerability7.47.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001050.08CVE-2023-21930
14ICQ fetch code injection10.09.5$0-$5k$0-$5kNot DefinedOfficial Fix0.003460.00CVE-2011-0487
15WebP Converter for Media Plugin passthru.php redirect4.94.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001060.06CVE-2021-25074
16CasaOS API command injection5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.011870.04CVE-2022-24193
17jQuery cross site scripting4.33.8$0-$5k$0-$5kNot DefinedOfficial Fix0.003060.04CVE-2011-4969
18Oracle Retail Central Office Security cross site scripting6.26.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.004390.02CVE-2021-41184
19InsydeH2O SMM HandleProtocol allocation of resources5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2021-41839
20PHP zip Extension php_zip.c use after free9.89.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.063260.04CVE-2016-5773

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Hamas

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (50)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2Fileaddguest.cgipredictiveMedium
3Fileadd_comment.phppredictiveHigh
4Fileadmin/index.phppredictiveHigh
5Fileapi_jsonrpc.phppredictiveHigh
6Filecloud.phppredictiveMedium
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
8Filexx_xxxxxx.xxx.xxxpredictiveHigh
9Filexxxxxx/xxx/xxxxxxx.xxxpredictiveHigh
10Filexxxxx.xxxpredictiveMedium
11Filexxxxx/xxxxx_xxxxx_xpredictiveHigh
12Filexxxxxx.xpredictiveMedium
13Filexx.xxxpredictiveLow
14Filexxxx/xxx_xxxx_xxxxx.xpredictiveHigh
15Filexxx/xxxxxx.xxxpredictiveHigh
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxxx/xxxxxx/xxxx.xpredictiveHigh
19Filexxxxxxxx.xxxpredictiveMedium
20Filexxxxxxx_xxx.xxxpredictiveHigh
21Filexxxxx/xxxxx.xxx.xxxpredictiveHigh
22Filexxxxxxxx.xxxpredictiveMedium
23Filexxx_xxx.xpredictiveMedium
24Filexxxxxxx/xxxxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
25Filexxxxxxxxxxxx.xxxpredictiveHigh
26Filexxxxx/xxxxxxxxxxx/xxxxx.xxxpredictiveHigh
27Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
28Filexxx.xpredictiveLow
29Filexxxx-xxxx.xpredictiveMedium
30Filexxxxx/xxxxxxxx.xxxpredictiveHigh
31Filexx/xx/xxxxxpredictiveMedium
32ArgumentxxxxxxxxpredictiveMedium
33ArgumentxxxxxxxxpredictiveMedium
34ArgumentxxxxxxxxxxpredictiveMedium
35Argumentxxxxxxxxxxxx/xxxxxxxpredictiveHigh
36Argumentxxxx/xxxxpredictiveMedium
37ArgumentxxxxxxxxxpredictiveMedium
38Argumentxxxx_xxxpredictiveMedium
39ArgumentxxxxxxpredictiveLow
40ArgumentxxxxxxxxxxxpredictiveMedium
41Argumentxxx_xxxx_xxxxxxxxpredictiveHigh
42Argumentxxxxx xxxx/xxxx xxxxpredictiveHigh
43ArgumentxxxxxxpredictiveLow
44ArgumentxxpredictiveLow
45Argumentxx_xxxxpredictiveLow
46Argumentxxxx_xxxpredictiveMedium
47ArgumentxxxxxxxxpredictiveMedium
48Argumentxxxxxxx_xxxxx_xxxxx_xxxxxxx=xxxxxpredictiveHigh
49Argumentxxxxxxxx_xxxpredictiveMedium
50ArgumentxxxpredictiveLow

References (4)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!