Arkei Analysis

IOB - Indicator of Behavior (58)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en34
fr10
de8
es2
ja2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
DZCP deV!L`z Clanportal2
Mambo Site Server2
Array Networks ArrayOS2
Fortinet FortiAnalyzer2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$10k-$25k$0-$1kHighWorkaround0.040.04187CVE-2007-1192
2Array Networks ArrayOS command injection9.39.1$2k-$5k$0-$1kNot DefinedOfficial Fix0.020.02055CVE-2022-42897
3Maarch RM privileges management7.57.2$2k-$5k$0-$1kNot DefinedOfficial Fix0.030.00885CVE-2019-15854
4Maarch RM path traversal7.87.4$1k-$2k$0-$1kNot DefinedOfficial Fix0.010.01055CVE-2019-15855
5Discuz! admin.php cross site scripting3.63.6$0-$1k$0-$1kNot DefinedNot Defined0.000.00885CVE-2018-19464
6Sansuart Free simple guestbook PHP script act.php code injection7.36.7$2k-$5k$0-$1kProof-of-ConceptUnavailable0.030.06790CVE-2008-6934
7Cannot PHP infoBoard access control7.36.9$2k-$5k$0-$1kProof-of-ConceptNot Defined0.010.04187CVE-2008-4334
8IPS IP.Board ipsconnect.php sql injection7.37.1$2k-$5k$0-$1kHighUnavailable0.010.01136CVE-2014-9239
9DZCP deV!L`z Clanportal config.php code injection7.36.6$2k-$5k$0-$1kProof-of-ConceptOfficial Fix0.770.04187CVE-2010-0966
10Ultimate Member Plugin get_option_value_from_callback code injection5.95.9$1k-$2k$1k-$2kNot DefinedNot Defined0.020.04571CVE-2022-3383
11phpservermon User.php generatePasswordResetToken predictable algorithm in random number generator3.53.4$0-$1k$0-$1kProof-of-ConceptOfficial Fix0.020.00954CVE-2021-4240
12Fortinet FortiOS API access control4.94.9$2k-$5k$1k-$2kNot DefinedNot Defined0.030.01055CVE-2022-38380
13phpipam Import Preview import-load-data.php cross site scripting3.63.6$0-$1k$0-$1kNot DefinedOfficial Fix0.060.03283CVE-2022-3845
14Com Newsfeeds Newsfeed index.php sql injection7.37.3$2k-$5k$0-$1kHighUnavailable0.020.00986CVE-2010-1739
15Deployment Dashboard Plugin Environment Name cross site scripting4.44.4$0-$1k$0-$1kNot DefinedNot Defined0.000.00885CVE-2022-34795
16Netgear WN604/WN802Tv2/WNAP210/WNAP320/WNDAP350/WNDAP360 boardDataWW.php command injection9.89.4$25k-$50k$0-$1kProof-of-ConceptNot Defined0.000.94828CVE-2016-1555
17Hassan Consulting Shopping Cart shop.cgi path traversal5.35.0$2k-$5k$0-$1kProof-of-ConceptNot Defined0.020.04187CVE-2000-0921
18Lansweeper Web Console cross-site request forgery6.16.1$0-$1k$0-$1kNot DefinedNot Defined0.000.00885CVE-2020-13658
19Microsoft Windows Services for NFS ONCRPC XDR Driver information disclosure6.45.5$25k-$50k$5k-$10kUnprovenOfficial Fix0.010.02251CVE-2022-21993
20Microsoft Windows Common Log File System Driver Privilege Escalation8.17.4$100k and more$10k-$25kUnprovenOfficial Fix0.020.01150CVE-2022-21981

IOC - Indicator of Compromise (28)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (35)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/getcfg.phppredictiveMedium
2Fileact.phppredictiveLow
3Fileadmin.phppredictiveMedium
4Fileapp/admin/import-export/import-load-data.phppredictiveHigh
5FileboardData103.php/boardDataJP.php/boardDataNA.php/boardDataWW.phppredictiveHigh
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
7Filexxx/xxxxxx.xxxpredictiveHigh
8Filexxxxx.xxxpredictiveMedium
9Filexxxxxx.xxxpredictiveMedium
10Filexxxxxxxxxx.xxxpredictiveHigh
11Filexxxxxxx_xxxx.xxxpredictiveHigh
12Filexxxx.xxxpredictiveMedium
13Filexxxx.xxxpredictiveMedium
14Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
15Filexxx/xxx/xxxxxxx/xxxx.xxxpredictiveHigh
16Filexxxxxxxxxx.xxxpredictiveHigh
17Libraryxxxxxxxxxxxx_xxx.xxxpredictiveHigh
18ArgumentxxxxxpredictiveLow
19ArgumentxxxxxxxxpredictiveMedium
20Argumentxxx_xxpredictiveLow
21Argumentxxxxxx xxxxxxxxpredictiveHigh
22ArgumentxxxxxxxpredictiveLow
23ArgumentxxxxxxpredictiveLow
24ArgumentxxpredictiveLow
25ArgumentxxxxxxxpredictiveLow
26ArgumentxxxxpredictiveLow
27ArgumentxxxxxxxxxpredictiveMedium
28Argumentxxxxxxxx_xxpredictiveMedium
29ArgumentxxxxxxxxxxxxxxxpredictiveHigh
30ArgumentxxxxxxpredictiveLow
31ArgumentxxxxxxxxpredictiveMedium
32ArgumentxxxxxxxxpredictiveMedium
33Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
34Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
35Network Portxxx xxxxxx xxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!