Armageddon Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (53)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en52
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA40
CN: China12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Feodo2
BazarBackdoor2
Cobalt Strike2
Cactus2
FAKEUPDATES2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined30
Router Operating System4
Web Server2
Content Management System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined20
SwitchVPN2
Google2
Nfec.de2
Cisco2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Magento10
Jumpserver2
Thruk2
SwitchVPN Client2
Google gson2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Magento Search Module sql injection7.37.3$0-$5k$0-$5kNot definedNot defined 0.020710.00CVE-2021-21024
2Magento code injection8.08.0$0-$5k$0-$5kNot definedNot defined 0.006500.00CVE-2020-9585
3Magento File Upload unrestricted upload4.74.7$0-$5k$0-$5kNot definedNot defined 0.020870.00CVE-2020-24407
4Magento WebAPI os command injection4.14.1$0-$5k$0-$5kNot definedNot defined 0.042380.08CVE-2021-21016
5Magento unrestricted upload4.74.7$0-$5k$0-$5kNot definedNot defined 0.005950.00CVE-2021-21014
6OpenResty ngx.req.get_post_args sql injection9.08.9$0-$5k$0-$5kNot definedOfficial fixpossible0.438480.06CVE-2018-9230
7TBK DVR-4104/DVR-4216 device.rsp os command injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot definedpossible0.543101.28CVE-2024-3721
8Magento session expiration5.65.6$0-$5k$0-$5kNot definedNot defined 0.001590.00CVE-2021-21032
9Cisco IOS/IOS XE Tcl Interpreter input validation7.37.0$25k-$100k$0-$5kNot definedOfficial fix 0.000630.03CVE-2020-3204
10Apache Batik server-side request forgery6.76.5$5k-$25k$0-$5kNot definedOfficial fix 0.000520.06CVE-2022-44729
11Cisco SD-WAN Solution WebUI command injection5.25.1$5k-$25k$0-$5kNot definedOfficial fix 0.007430.05CVE-2019-12629
12Jumpserver API access control5.55.5$0-$5k$0-$5kNot definedNot defined 0.010770.05CVE-2021-3169
13PbootCMS function.php parserIfLabel code injection8.07.9$0-$5k$0-$5kNot definedNot definedpossible0.600370.06CVE-2022-32417
14Synacor Zimbra Collaboration Memcache Command injection6.96.7$0-$5k$0-$5kAttackedOfficial fixverified0.624770.00CVE-2022-27924
15Synacor Zimbra Collaboration Suite Element Attribute injection5.95.8$0-$5k$0-$5kAttackedOfficial fixverified0.775340.00CVE-2022-24682
16Google gson writeReplace deserialization6.66.5$5k-$25k$0-$5kNot definedOfficial fix 0.021490.00CVE-2022-25647
17Nfec.de RechnungsZentrale authent.php4 sql injection5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.026870.06CVE-2006-1954
18Thruk Parameter extinfo.cgi cross site scripting4.84.8$0-$5k$0-$5kNot definedNot defined 0.009030.00CVE-2021-35489
19jeecg-boot CMS upload unrestricted upload5.55.5$0-$5k$0-$5kNot definedNot defined 0.058750.00CVE-2020-28088
20Canvas LMS server-side request forgery6.66.6$0-$5k$0-$5kNot definedNot definedpossible0.542460.07CVE-2020-5775

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.61.136.56Armageddon06/17/2024verifiedHigh
266.42.95.12366.42.95.123.vultrusercontent.comArmageddon07/30/2022verifiedMedium
3XX.XX.XXX.XXXxxxxxxxx.xxxxxxx.xxXxxxxxxxxx07/30/2022verifiedMedium
4XXX.XX.XXX.XXXXxxxxxxxxx06/17/2024verifiedHigh
5XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxx07/30/2022verifiedVery Low
6XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx07/30/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___predictiveHigh
2File/jeecg-boot/sys/common/uploadpredictiveHigh
3File/thruk/#cgi-bin/extinfo.cgi?type=2predictiveHigh
4Filexxxxxxx.xxxxpredictiveMedium
5Filexxxxxxxx.xxxpredictiveMedium
6Filexxx_xxxx_xxx_xxxxxxxxxx.xpredictiveHigh
7Filexxx/xxxxxxx.xpredictiveHigh
8Filexxxxxx.xpredictiveMedium
9Filexxxxxxx.xpredictiveMedium
10Filexxxxx/xxxxxxx/xxxxxxxx/xxxxx.xxx.xxxxpredictiveHigh
11Filexxx/xxx/xxxxxxxxx.xxxpredictiveHigh
12Argumentxxxx/xxxxxxx/xxxxxxxpredictiveHigh
13Argumentxxx/xxxpredictiveLow
14ArgumentxxxxxxxpredictiveLow
15Argumentxxxxxxxx_xxxxxxxpredictiveHigh
16ArgumentxxxxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!