Armor Piercer Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (203)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en170
zh16
ru8
fr6
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China72
US: USA58
RU: Russia14
GB: Great Britain2
CE: Chechnya2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike13
NetSupportManager RAT12
Raccoon10
RecordBreaker9
SideWinder8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined86
WordPress Plugin14
Router Operating System10
Log Management Software6
Firewall Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined72
Microsoft8
QNAP4
Linksys4
Kayako4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows4
QNAP QTS4
Kayako SupportSuite4
cPanel4
Cacti4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.06CVE-2013-5033
2Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001120.04CVE-2021-3056
3WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.00CVE-2022-21664
4VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002850.04CVE-2019-13275
5Linksys WRT54GL Web Management Interface SysInfo1.htm information disclosure4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.04CVE-2024-1406
607FLY CRM Administrator Login Page sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.04CVE-2023-5020
7Moment.js path traversal6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003300.28CVE-2022-24785
8Teclib GLPI unlock_tasks.php sql injection8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.121490.04CVE-2019-10232
9Sophos Firewall User Portal/Webadmin improper authentication8.58.5$0-$5k$0-$5kHighNot Defined0.974100.03CVE-2022-1040
10CutePHP CuteNews unrestricted upload7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.021430.05CVE-2019-11447
11WordPress Object injection5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.004320.07CVE-2022-21663
12Microsoft Windows Active Directory Domain Services certificate validation8.88.3$25k-$100k$0-$5kHighOfficial Fix0.070700.07CVE-2022-26923
13QNAP QTS Media Library access control8.58.2$0-$5k$0-$5kHighOfficial Fix0.015750.07CVE-2017-13067
14Microsoft Exchange Server ProxyShell Remote Code Execution9.58.7$25k-$100k$5k-$25kHighOfficial Fix0.973030.00CVE-2021-34473
15Synology Router Manager Firewall default permission4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.05CVE-2024-39347
16scidsg hushline tips.hushline.app permissive list of allowed inputs6.36.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.05CVE-2024-38522
17Issabel PBX Asterisk-Cli os command injection6.46.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.027950.16CVE-2024-0986
18Pear Admin Boot loadDictItem sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.12CVE-2024-6266
19Ruijie RG-UAC sub_commit.php os command injection4.74.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.05CVE-2024-5340
20PowerDNS Recursor denial of service3.93.9$0-$5k$0-$5kNot DefinedNot Defined0.000980.04CVE-2023-26437

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.252.179.221no-rdns.mivocloud.comArmor Piercer09/24/2021verifiedLow
2XX.XX.XX.XXxxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxx Xxxxxxx09/24/2021verifiedMedium
3XX.XXX.XX.XXxx.xxx.xx.xx.xxxxxx.xxxxxxxxx.xxxXxxxx Xxxxxxx09/24/2021verifiedMedium
4XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxx.xxxxxxxxx.xxxXxxxx Xxxxxxx09/24/2021verifiedMedium
5XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxx.xxxxxxxxx.xxxXxxxx Xxxxxxx09/24/2021verifiedMedium

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-1CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (96)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin.php?p=/Area/index#tab=t2predictiveHigh
2File/api/RecordingList/DownloadRecord?file=predictiveHigh
3File/apply.cgipredictiveMedium
4File/index.php/sysmanage/Login/login_auth/predictiveHigh
5File/index.php?menu=asterisk_clipredictiveHigh
6File/MIME/INBOX-MM-1/predictiveHigh
7File/php/ping.phppredictiveHigh
8File/rapi/read_urlpredictiveHigh
9File/scripts/unlock_tasks.phppredictiveHigh
10File/SysInfo1.htmpredictiveHigh
11File/sysinfo_json.cgipredictiveHigh
12File/xxxxxx/xxxxxxxx/xxxxxxxxxxxxpredictiveHigh
13File/xxxxxx/xxxx/xxxxxxx/xxx_xxxxx/xxxxxxxxxx.xxxpredictiveHigh
14File/xxxx/xxx/xxxxxxx/xxx_xxxxxx.xxxpredictiveHigh
15File/xx-xxxxx/xxxxx-xxxx.xxx?xx_xxxx=x&xxxxxx_xxxxpredictiveHigh
16Filexxxxxxx/xxxx.xxxpredictiveHigh
17Filexxx\xxxxx\xxxxxxxxxx\xxx\xxxxxxx.xxxpredictiveHigh
18Filexxxx-xxxx.xpredictiveMedium
19Filexxxxxx.xxxpredictiveMedium
20Filexxxxxxxx.xxxpredictiveMedium
21Filexxxxxx/xxx.xpredictiveMedium
22Filexxxxxx.xxxpredictiveMedium
23Filexxxxxxxxx.xxx.xxxpredictiveHigh
24Filexxxxx/xxxxx.xxxpredictiveHigh
25Filexxxx_xxxxx.xxxpredictiveHigh
26Filexxxxx.xxxpredictiveMedium
27Filexx/xx-xx.xpredictiveMedium
28Filexxx/xxxx_xxxx.xpredictiveHigh
29Filexxxxxx/xxxxxxxxxxxpredictiveHigh
30Filexxxx_xxxxxx.xpredictiveHigh
31Filexxxx/xxxxxxx.xpredictiveHigh
32Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
33Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveHigh
34Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
35Filexxxxxxxxxx.xxxpredictiveHigh
36Filexxxxx.xxxpredictiveMedium
37Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
38Filexxxx.xpredictiveLow
39Filexxx/xxx.xxxpredictiveMedium
40Filexxxxxx.xxxpredictiveMedium
41Filexxxxxx.xpredictiveMedium
42Filexxxx.xxxpredictiveMedium
43Filexxxxx.xxxpredictiveMedium
44Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
45Filexxxxxxxx.xxxpredictiveMedium
46Filexxxxxxxx.xxxpredictiveMedium
47Filexxxx.xxxpredictiveMedium
48Filexxxxx/xxxxx.xxxpredictiveHigh
49Filexxxxxxxx.xxxpredictiveMedium
50Filexxxx.xxxxxxxx.xxxpredictiveHigh
51Filexxxxxxxxx.xxxpredictiveHigh
52Filexxxxxxxxx.xxxpredictiveHigh
53FilexxxxxxxxxxpredictiveMedium
54Filexxxxxxx/xxxxx.xxxpredictiveHigh
55ArgumentxxxxxxxpredictiveLow
56ArgumentxxxxxxpredictiveLow
57Argumentxxxxxxx_xxxxpredictiveMedium
58Argumentxxxxxx_xxxxpredictiveMedium
59ArgumentxxxpredictiveLow
60ArgumentxxxxxxxpredictiveLow
61ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
62ArgumentxxxxxpredictiveLow
63Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
64Argumentxxxxxx_xxpredictiveMedium
65ArgumentxxxxxxpredictiveLow
66ArgumentxxxxpredictiveLow
67ArgumentxxxxpredictiveLow
68ArgumentxxpredictiveLow
69Argumentxxxxxxxx[xx]predictiveMedium
70ArgumentxxxpredictiveLow
71ArgumentxxxxxxxpredictiveLow
72Argumentxxx_xxxxpredictiveMedium
73ArgumentxxxxpredictiveLow
74Argumentxxx-xxxxxxxxxpredictiveHigh
75ArgumentxxxxxxxxpredictiveMedium
76Argumentxxxx_xxxxpredictiveMedium
77ArgumentxxpredictiveLow
78Argumentxxxxxxx/xxxxxpredictiveHigh
79Argumentxxxxxx_xxxpredictiveMedium
80Argumentxxxx_xxpredictiveLow
81Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
82ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
83Argumentxxxx_xxpredictiveLow
84ArgumentxxxpredictiveLow
85ArgumentxxxxpredictiveLow
86ArgumentxxxxxxxxpredictiveMedium
87Argumentxxxx/xx/xxxx/xxxpredictiveHigh
88Input Value.%xx.../.%xx.../predictiveHigh
89Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
90Input Valuexxxxxxx -xxxpredictiveMedium
91Input ValuexxxxxxxxxxpredictiveMedium
92Network PortxxxxpredictiveLow
93Network PortxxxxpredictiveLow
94Network Portxxxx xxxxpredictiveMedium
95Network Portxxx/xxxpredictiveLow
96Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!