Armor Piercer Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en73
zh3
fr3
de2

Country

us18
cn14
ce1
it1

Actors

DePriMon28
Ursnif19
Tofsee4
FIN74
Armor Piercer3

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.2$2k-$5k$0-$1kNot DefinedOfficial Fix0.05CVE-2019-13275
2WordPress WP_Query sql injection6.36.2$5k-$10k$2k-$5kNot DefinedOfficial Fix2.23CVE-2022-21661
3F5 BIG-IP Packet Filter input validation5.35.3$5k-$10k$10k-$25kNot DefinedNot Defined0.04CVE-2019-6678
4ImageMagick png.c WritePNGImage out-of-bounds read7.77.7$2k-$5k$0-$1kNot DefinedNot Defined0.03CVE-2019-19949
5F5 BIG-IP TMM input validation6.46.4$5k-$10k$10k-$25kNot DefinedNot Defined0.00CVE-2019-6676
6Fast Velocity Minify fastvelocity_min_files Path information disclosure4.34.1$1k-$2k$0-$1kNot DefinedOfficial Fix0.00CVE-2019-19983
7Email Subscribers / Newsletters unknown vulnerability6.56.2$2k-$5k$0-$1kNot DefinedOfficial Fix0.05CVE-2019-19982
8sssd HBAC Rule improper authentication7.57.5$2k-$5k$0-$1kNot DefinedNot Defined0.09CVE-2012-3462
9REMISE Payment Module cross site scripting5.75.7$1k-$2k$0-$1kNot DefinedNot Defined0.00CVE-2019-6016
10Cybozu Office Access Restriction privileges management5.35.3$2k-$5k$1k-$2kNot DefinedNot Defined0.03CVE-2019-6023
11SonicWALL SMA100 CGI Script viewcacert sql injection6.46.4$1k-$2k$0-$1kNot DefinedNot Defined0.05CVE-2019-7484
12Waitress Proxy request smuggling6.56.1$2k-$5k$1k-$2kNot DefinedNot Defined0.04CVE-2019-16789
13Livefyre LiveComments Picture cross site scripting5.75.7$1k-$2k$0-$1kNot DefinedNot Defined0.03CVE-2014-6420
14matio mat5.c ReadNextCell out-of-bounds read6.46.4$2k-$5k$0-$1kNot DefinedNot Defined0.00CVE-2019-20018
15Siemens SPPA-T3000 Application Server RMI improper authentication8.58.5$10k-$25k$5k-$10kNot DefinedNot Defined0.03CVE-2019-18314
16Siemens SPPA-T3000 Application Server RMI improper authentication6.46.4$5k-$10k$5k-$10kNot DefinedNot Defined0.03CVE-2019-18319
17GoPro gpmf-parser GPMF_parser.c GPMF_Next out-of-bounds read7.57.5$2k-$5k$0-$1kNot DefinedNot Defined0.05CVE-2019-20086
18IBM Cognos Analytics Web UI cross site scriting4.74.7$5k-$10k$2k-$5kNot DefinedNot Defined0.05CVE-2019-4623
19WAGO PFC100/PFC200 iocheckd Service buffer overflow8.58.5$2k-$5k$2k-$5kNot DefinedNot Defined0.04CVE-2019-5081
20Apple tvOS memory corruption7.57.2$5k-$10k$0-$1kNot DefinedOfficial Fix0.03CVE-2019-8763

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameCampaignsConfidence
15.252.179.221no-rdns.mivocloud.comHigh
245.79.81.88li1180-88.members.linode.comHigh
364.188.13.4664.188.13.46.static.quadranet.comHigh
4XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxx.xxxxxxxxx.xxxHigh
5XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxx.xxxxxxxxx.xxxHigh

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegesHigh
3T1495CWE-494Download of Code Without Integrity CheckHigh
4TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxHigh

IOA - Indicator of Attack (42)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/rapi/read_urlHigh
2File/wp-admin/admin-post.php?es_skip=1&option_nameHigh
3Fileapp\admin\controller\sys\Uploads.phpHigh
4Filecategory.cfmMedium
5Filexxxxxx/xxx.xMedium
6Filexxxxx/xxxxx.xxxHigh
7Filexxxx_xxxxx.xxxHigh
8Filexxxxx.xxxMedium
9Filexx/xx-xx.xMedium
10Filexxx/xxxx_xxxx.xHigh
11Filexxxx_xxxxxx.xHigh
12Filexxxx/xxxxxxx.xHigh
13Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxHigh
14Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxHigh
15Filexxxxxxxxxx.xxxHigh
16Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxHigh
17Filexxxx.xLow
18Filexxx/xxx.xxxMedium
19Filexxxxxx.xxxMedium
20Filexxxxxx.xMedium
21Filexxxx.xxxMedium
22Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]High
23Filexxxxxxxx.xxxMedium
24Filexxxx.xxxMedium
25Filexxxxx/xxxxx.xxxHigh
26Filexxxxxxxx.xxxMedium
27FilexxxxxxxxxxMedium
28Filexxxxxxx/xxxxx.xxxHigh
29Argumentxxxxxx_xxxxMedium
30ArgumentxxxLow
31ArgumentxxxxxxxxxxxxxxxxxHigh
32ArgumentxxxxxxLow
33ArgumentxxxxxxxLow
34Argumentxxx-xxxxxxxxxHigh
35Argumentxxxx_xxxxMedium
36Argumentxxxx_xxLow
37Argumentxxxxxxxx_xxxxxxxxHigh
38ArgumentxxxxxxxxxxxxxxxxxxxxxHigh
39ArgumentxxxxLow
40Argumentxxxx/xx/xxxx/xxxHigh
41Input ValuexxxxxxxxxxMedium
42Network Portxxxx xxxxMedium

References (1)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!