asterzeu Analysisinfo

IOB - Indicator of Behavior (48)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en30
zh14
de2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel4
Microsoft Windows4
Oracle Java4
Archery2
Matt Smith Remository For Mambo2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1CloudPanel unrestricted upload7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001280.00CVE-2023-36630
2phpMyAdmin Setup cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.013320.04CVE-2022-23808
3Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001470.04CVE-2008-2052
4LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000001.03
5Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.021470.00CVE-2007-1192
6Microsoft Windows Netlogon input validation7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.013170.00CVE-2016-3228
7Bomgar Remote Support Serialization code injection7.36.6$0-$5kCalculatingProof-of-ConceptOfficial Fix0.129280.03CVE-2015-0935
8Icegram Email Subscribers & Newsletters Plugin sql injection8.38.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.06CVE-2024-37252
9KDE Plasma Workspace Session Restore server.cpp user session6.96.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.05CVE-2024-36041
10Microsoft Windows RDP authorization8.88.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.001720.00CVE-2021-1669
11Duo Authentication for Windows Logon/RDP improper authentication6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2020-3427
12Archery instance.py sql injection6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000770.04CVE-2023-30552
13Ransom.Win64.AtomSilo EXE File denial of service4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
14KeyCloak Admin REST API injection3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000820.04CVE-2022-1274
15OpenSSL x86_64 Montgomery Squaring bn_sqrx8x_internal information disclosure6.05.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.001720.03CVE-2017-3736
16Boa backup.html information disclosure5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.002920.03CVE-2021-33558
17Linux Kernel KVM emulate.c x86_decode_insn access control5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.03CVE-2016-8630
18Linux Kernel lapic.c apic_get_tmcct numeric error6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002770.00CVE-2013-6367
19QEMU ahci.c ahci_commit_buf denial of service3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2019-12067
20Linux Kernel watch_queue Subsystem out-of-bounds write7.67.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000530.04CVE-2022-0995

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • OpenSSH

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2File/getcfg.phppredictiveMedium
3File/modules/profile/index.phppredictiveHigh
4Fileadclick.phppredictiveMedium
5Filexxxxx.xxxpredictiveMedium
6Filexxxxx.xxxxxxxxxx.xxxpredictiveHigh
7Filexxxx/xxx/xxx/xxxxxxx.xpredictiveHigh
8Filexxxxxx.xxxxpredictiveMedium
9Filexxxxxxxxxx_xxxxx.xxxpredictiveHigh
10Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
11Filexxxxxxxx.xxxpredictiveMedium
12Filexxx/xxxx.xpredictiveMedium
13Filexxxxxxxxx/xxxxxx.xxxpredictiveHigh
14Filexxx/xxxxx.xpredictiveMedium
15Filexxxxx.xxxpredictiveMedium
16Filexxxxxxxx.xxxpredictiveMedium
17Filexxxxxx.xxxpredictiveMedium
18Filexxx/xxxxxxxx.xxpredictiveHigh
19Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
20ArgumentxxxpredictiveLow
21Argumentxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxpredictiveHigh
22ArgumentxxxxpredictiveLow
23ArgumentxxxxpredictiveLow
24Argumentxxxxxxxx_xxxpredictiveMedium
25Argumentxxxxx_xxxxx.xxxxxxpredictiveHigh
26Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
27ArgumentxxxxxxxxpredictiveMedium
28ArgumentxxxxxxxxpredictiveMedium
29ArgumentxxxpredictiveLow
30Argumentxxxx_xxpredictiveLow
31Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
32Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!