Armor Piercer Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (220)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en192
zh12
ru8
fr6
ar2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA72
CN: China64
RU: Russia8
CE: Chechnya6
GB: Great Britain4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike13
NetSupportManager RAT12
Raccoon10
RecordBreaker9
SideWinder8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined72
WordPress Plugin22
Router Operating System16
Firewall Software14
Operating System10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined78
Microsoft12
Hikvision6
Sophos4
Linksys4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress6
Microsoft Windows6
cPanel4
QNAP QTS4
Microsoft Exchange Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot definedOfficial fix 0.003820.04CVE-2013-5033
2Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow8.88.6$0-$5kCalculatingNot definedOfficial fix 0.007510.00CVE-2021-3056
3WordPress sql injection6.86.7$5k-$25k$0-$5kNot definedOfficial fix 0.067480.07CVE-2022-21664
4VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5kCalculatingNot definedOfficial fix 0.012560.04CVE-2019-13275
5Linksys WRT54GL Web Management Interface SysInfo1.htm information disclosure4.34.1$0-$5k$0-$5kProof-of-ConceptNot defined 0.000780.13CVE-2024-1406
607FLY CRM Administrator Login Page login_auth sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.002120.00CVE-2023-5020
7Moment.js path traversal6.96.7$0-$5k$0-$5kNot definedOfficial fix 0.005230.67CVE-2022-24785
8Teclib GLPI unlock_tasks.php sql injection8.58.5$0-$5k$0-$5kNot definedOfficial fixexpected0.877960.04CVE-2019-10232
9Sophos Firewall User Portal/Webadmin improper authentication9.09.0$0-$5k$0-$5kHighNot definedverified0.944230.03CVE-2022-1040
10CutePHP CuteNews index.php unrestricted upload7.56.8$0-$5k$0-$5kProof-of-ConceptNot definedpossible0.664900.00CVE-2019-11447
11WordPress Object injection5.35.2$5k-$25k$0-$5kNot definedOfficial fix 0.005060.08CVE-2022-21663
12Microsoft Windows Active Directory Domain Services certificate validation8.88.3$25k-$100k$0-$5kHighOfficial fixverified0.913520.00CVE-2022-26923
13QNAP QTS Media Library access control8.58.2$0-$5kCalculatingHighOfficial fixpossible0.510690.02CVE-2017-13067
14Microsoft Exchange Server ProxyShell server-side request forgery9.59.1$25k-$100k$5k-$25kHighOfficial fixverified0.941830.00CVE-2021-34473
15Linux Kernel netfilter nf_reject_ip6_tcphdr_put uninitialized resource6.76.6$5k-$25k$0-$5kNot definedOfficial fix 0.004580.00CVE-2024-47685
16Liferay Portal ommand absolute path traversal8.48.2$0-$5k$0-$5kProof-of-ConceptNot definedpossible0.443330.00CVE-2021-33990
17MZ Automation LibIEC61850 MMS Client stack-based overflow5.55.3$0-$5k$0-$5kNot definedOfficial fix 0.000980.00CVE-2024-45970
18Pureftpd pure-FTPd path traversal5.15.1$0-$5kCalculatingNot definedNot defined 0.000280.04CVE-2011-3171
19Baidu UEditor controller.php unrestricted upload4.44.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.001450.00CVE-2024-7342
20WP Maps Plugin sql injection7.57.4$0-$5k$0-$5kNot definedNot defined 0.002790.00CVE-2024-2386

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.252.179.221no-rdns.mivocloud.comArmor Piercer09/24/2021verifiedVery Low
2XX.XX.XX.XXxxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxx Xxxxxxx09/24/2021verifiedLow
3XX.XXX.XX.XXxx.xxx.xx.xx.xxxxxx.xxxxxxxxx.xxxXxxxx Xxxxxxx09/24/2021verifiedLow
4XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxx.xxxxxxxxx.xxxXxxxx Xxxxxxx09/24/2021verifiedLow
5XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxx.xxxxxxxxx.xxxXxxxx Xxxxxxx09/24/2021verifiedLow

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23, CWE-37Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-XCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (107)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin.php?p=/Area/index#tab=t2predictiveHigh
2File/api/RecordingList/DownloadRecord?file=predictiveHigh
3File/apply.cgipredictiveMedium
4File/cgi-bin/cstecgi.cgipredictiveHigh
5File/index.php/sysmanage/Login/login_auth/predictiveHigh
6File/index.php?menu=asterisk_clipredictiveHigh
7File/MIME/INBOX-MM-1/predictiveHigh
8File/php/ping.phppredictiveHigh
9File/rapi/read_urlpredictiveHigh
10File/scripts/unlock_tasks.phppredictiveHigh
11File/SysInfo1.htmpredictiveHigh
12File/sysinfo_json.cgipredictiveHigh
13File/xxxxxx/xxxxxxxx/xxxxxxxxxxxxpredictiveHigh
14File/xxxxxx/xxxx/xxxxxxx/xxx_xxxxx/xxxxxxxxxx.xxxpredictiveHigh
15File/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxx=xxxxxxxxxx&xxxxxx=xxx-xpredictiveHigh
16File/xxxx/xxx/xxxxxxx/xxx_xxxxxx.xxxpredictiveHigh
17File/xx-xxxxx/xxxxx-xxxx.xxx?xx_xxxx=x&xxxxxx_xxxxpredictiveHigh
18Filexxxxxxx/xxxx.xxxpredictiveHigh
19Filexxx\xxxxx\xxxxxxxxxx\xxx\xxxxxxx.xxxpredictiveHigh
20Filexxxx-xxxx.xpredictiveMedium
21Filexxxxxx.xxxpredictiveMedium
22Filexxxxxx/xxxxxxx/xxxx/xxxxx.xxxpredictiveHigh
23Filexxxxxxxx.xxxpredictiveMedium
24Filexxxxxx/xxx.xpredictiveMedium
25Filexxxxxxx=xxxxxxxxxx&xxxx=xxxx&xxxxxxxxxxxxx=/predictiveHigh
26Filexxxxxx.xxxpredictiveMedium
27Filexxxxxxxxx.xxx.xxxpredictiveHigh
28Filexxxxx/xxxxx.xxxpredictiveHigh
29Filexxxx_xxxxx.xxxpredictiveHigh
30Filexxxxx.xxxpredictiveMedium
31Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
32Filexx/xx-xx.xpredictiveMedium
33Filexxx/xxxx_xxxx.xpredictiveHigh
34Filexxxxxx/xxxxxxxxxxxpredictiveHigh
35Filexxxx_xxxxxx.xpredictiveHigh
36Filexxxx/xxxxxxx.xpredictiveHigh
37Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
38Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveHigh
39Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
40Filexxxxxxxxxx.xxxpredictiveHigh
41Filexxxxx.xxxpredictiveMedium
42Filexx_xxx_xxxx.xpredictiveHigh
43Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
44Filexxxx.xpredictiveLow
45Filexxx/xxx.xxxpredictiveMedium
46Filexxxxxx.xxxpredictiveMedium
47Filexxxxxx.xpredictiveMedium
48Filexxxx.xxxpredictiveMedium
49Filexxxxx.xxxpredictiveMedium
50Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
51Filexxxxxxxx.xxxpredictiveMedium
52Filexxxxxxxxxxx.xxxpredictiveHigh
53Filexxxxxxxx.xxxpredictiveMedium
54Filexxxx.xxxpredictiveMedium
55Filexxxxx/xxxxx.xxxpredictiveHigh
56Filexxxxxxxx.xxxpredictiveMedium
57Filexxxx.xxxxxxxx.xxxpredictiveHigh
58Filexxxxxxxxx.xxxpredictiveHigh
59Filexxxxxxxxx.xxxpredictiveHigh
60FilexxxxxxxxxxpredictiveMedium
61Filexxxxxxx/xxxxx.xxxpredictiveHigh
62ArgumentxxxxxxxpredictiveLow
63ArgumentxxxxxxpredictiveLow
64Argumentxxxxxxx_xxxxpredictiveMedium
65Argumentxxxxxx_xxxxpredictiveMedium
66ArgumentxxxpredictiveLow
67ArgumentxxxxxxxpredictiveLow
68ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
69ArgumentxxxxxpredictiveLow
70Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
71Argumentxxxxxx_xxpredictiveMedium
72ArgumentxxxxxpredictiveLow
73ArgumentxxxxpredictiveLow
74ArgumentxxxxxxpredictiveLow
75ArgumentxxxxpredictiveLow
76ArgumentxxxxpredictiveLow
77ArgumentxxpredictiveLow
78Argumentxxxxxxxx[xx]predictiveMedium
79ArgumentxxxpredictiveLow
80ArgumentxxxxxxxpredictiveLow
81Argumentxxx_xxxxpredictiveMedium
82ArgumentxxxxpredictiveLow
83Argumentxxx-xxxxxxxxxpredictiveHigh
84ArgumentxxxxxxxxpredictiveMedium
85Argumentxxxx_xxxxpredictiveMedium
86ArgumentxxxxxxxpredictiveLow
87ArgumentxxpredictiveLow
88Argumentxxxxxxx/xxxxxpredictiveHigh
89Argumentxxxxxx_xxxpredictiveMedium
90Argumentxxxx_xxpredictiveLow
91Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
92ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
93Argumentxxxx_xxpredictiveLow
94ArgumentxxxxxxpredictiveLow
95ArgumentxxxpredictiveLow
96ArgumentxxxxpredictiveLow
97ArgumentxxxxxxxxpredictiveMedium
98Argumentxxxx/xx/xxxx/xxxpredictiveHigh
99Input Value.%xx.../.%xx.../predictiveHigh
100Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
101Input Valuexxxxxxx -xxxpredictiveMedium
102Input ValuexxxxxxxxxxpredictiveMedium
103Network PortxxxxpredictiveLow
104Network PortxxxxpredictiveLow
105Network Portxxxx xxxxpredictiveMedium
106Network Portxxx/xxxpredictiveLow
107Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!