Armor Piercer Analysis

IOB - Indicator of Behavior (119)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en102
zh8
fr4
ru4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn32
us22
ru8
ce2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
WordPress4
Microsoft Exchange Server4
Schneider Electric Andover Continuum2
Pydio2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00954CVE-2019-13275
2CutePHP CuteNews unrestricted upload7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.35200CVE-2019-11447
3WordPress Object injection5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01034CVE-2022-21663
4Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k and more$0-$5kProof-of-ConceptOfficial Fix0.030.02288CVE-2022-26923
5QNAP QTS Media Library access control8.58.2$0-$5k$0-$5kHighOfficial Fix0.030.27000CVE-2017-13067
6Microsoft Exchange Server ProxyShell Remote Code Execution9.58.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.110.61804CVE-2021-34473
7WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.170.01034CVE-2022-21664
8Sophos Firewall User Portal/Webadmin code injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.060.01156CVE-2022-3236
9Proxmox Virtual Environment/Mail Gateway HTTP Request server-side request forgery8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01018CVE-2022-35508
10SOGo Web Calendar cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01136CVE-2016-6191
11OpenLDAP Backend sql injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.15351CVE-2022-29155
12Pydio pydio-core proxy.php unrestricted upload8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.01440CVE-2019-9642
13BlueMind Contact Application data processing7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00954CVE-2019-9563
14Sophos Firewall User Portal/Webadmin improper authentication8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.64728CVE-2022-1040
15Grafana Dashboard path traversal3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.050.01108CVE-2022-32275
16Home Assistant path traversal5.45.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2021-3152
17OPNsense Login Page redirect5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2020-23015
183CX Phone System Management Console path traversal5.45.0$0-$5k$0-$5kProof-of-ConceptWorkaround0.020.07308CVE-2017-15359
19Joomla CMS sql injection7.37.0$5k-$25k$0-$5kHighOfficial Fix0.030.93264CVE-2015-7297
20wp-polls Plugin sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00885CVE-2015-9352

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22, CWE-23Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (58)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/RecordingList/DownloadRecord?file=predictiveHigh
2File/MIME/INBOX-MM-1/predictiveHigh
3File/rapi/read_urlpredictiveHigh
4File/wp-admin/admin-post.php?es_skip=1&option_namepredictiveHigh
5Fileapp\admin\controller\sys\Uploads.phppredictiveHigh
6Fileauth-gss2.cpredictiveMedium
7Filebackup.phppredictiveMedium
8Filexxxxxxxx.xxxpredictiveMedium
9Filexxxxxx/xxx.xpredictiveMedium
10Filexxxxxxxxx.xxx.xxxpredictiveHigh
11Filexxxxx/xxxxx.xxxpredictiveHigh
12Filexxxx_xxxxx.xxxpredictiveHigh
13Filexxxxx.xxxpredictiveMedium
14Filexx/xx-xx.xpredictiveMedium
15Filexxx/xxxx_xxxx.xpredictiveHigh
16Filexxxx_xxxxxx.xpredictiveHigh
17Filexxxx/xxxxxxx.xpredictiveHigh
18Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
19Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
20Filexxxxxxxxxx.xxxpredictiveHigh
21Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
22Filexxxx.xpredictiveLow
23Filexxx/xxx.xxxpredictiveMedium
24Filexxxxxx.xxxpredictiveMedium
25Filexxxxxx.xpredictiveMedium
26Filexxxx.xxxpredictiveMedium
27Filexxxxx.xxxpredictiveMedium
28Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
29Filexxxxxxxx.xxxpredictiveMedium
30Filexxxx.xxxpredictiveMedium
31Filexxxxx/xxxxx.xxxpredictiveHigh
32Filexxxxxxxx.xxxpredictiveMedium
33FilexxxxxxxxxxpredictiveMedium
34Filexxxxxxx/xxxxx.xxxpredictiveHigh
35Argumentxxxxxx_xxxxpredictiveMedium
36ArgumentxxxpredictiveLow
37ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
38Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
39Argumentxxxxxx_xxpredictiveMedium
40ArgumentxxxxxxpredictiveLow
41ArgumentxxxxpredictiveLow
42ArgumentxxpredictiveLow
43ArgumentxxxxxxxpredictiveLow
44Argumentxxx-xxxxxxxxxpredictiveHigh
45Argumentxxxx_xxxxpredictiveMedium
46ArgumentxxpredictiveLow
47Argumentxxxx_xxpredictiveLow
48Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
49ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
50ArgumentxxxpredictiveLow
51ArgumentxxxxpredictiveLow
52Argumentxxxx/xx/xxxx/xxxpredictiveHigh
53Input Value.%xx.../.%xx.../predictiveHigh
54Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
55Input ValuexxxxxxxxxxpredictiveMedium
56Network PortxxxxpredictiveLow
57Network Portxxxx xxxxpredictiveMedium
58Network Portxxx/xxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!