Autoit Analysis
IOB - Indicator of Behavior (476)
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Activities
Interest
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Vulnerabilities
IOC - Indicator of Compromise (42)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (25)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (194)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Class | Indicator | Type | Confidence |
---|---|---|---|---|
1 | File | /appLms/ajax.server.php | predictive | High |
2 | File | /apps/ | predictive | Low |
3 | File | /etc/shadow | predictive | Medium |
4 | File | /mgmt/tm/util/bash | predictive | High |
5 | File | /ofrs/admin/?page=reports | predictive | High |
6 | File | /onlineordering/GPST/store/initiateorder.php | predictive | High |
7 | File | /products/details.asp | predictive | High |
8 | File | /public/login.htm | predictive | High |
9 | File | /RPC2 | predictive | Low |
10 | File | /rup | predictive | Low |
11 | File | /secure/QueryComponent!Default.jspa | predictive | High |
12 | File | /var/hnap/timestamp | predictive | High |
13 | File | Addons/file/mod.file.php | predictive | High |
14 | File | admin-ajax.php | predictive | High |
15 | File | admin.color.php | predictive | High |
16 | File | admin.php | predictive | Medium |
17 | File | admin/admin_login.php | predictive | High |
18 | File | admin/index.php?page=manage_car | predictive | High |
19 | File | admin/media.php | predictive | High |
20 | File | admin_events.php | predictive | High |
21 | File | affich.php | predictive | Medium |
22 | File | Ap4StscAtom.cpp | predictive | High |
23 | File | xxxxxxxxxxx.xxx | predictive | High |
24 | File | xxxxxxxxxxx.xxx | predictive | High |
25 | File | xxx/xxxxxxxx.xxx?xxxxxx=xxxxxxxx_xxxxxx&xxxxxx=xxxxxxxxxxxxx | predictive | High |
26 | File | xxx\xxxxxxxx\xxxxxxx_xxxx.xxx | predictive | High |
27 | File | xxxxx_xxxx.x | predictive | Medium |
28 | File | xxxx-xxxx.x | predictive | Medium |
29 | File | xxxx.xxx | predictive | Medium |
30 | File | xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxx | predictive | High |
31 | File | xxxxxxxxxx(/xxx/xxxxx/xxxxxxxxxx/xxxxxxxxx) | predictive | High |
32 | File | xxx_xxxx.xx | predictive | Medium |
33 | File | xxx-xxx/xxxx-xxx | predictive | High |
34 | File | xxxxxxxxxxxxxxxx.xxxx | predictive | High |
35 | File | xxxxx.xxxxx.xxx | predictive | High |
36 | File | xxxxx.xxxxxxxx.xxx | predictive | High |
37 | File | xxx.xxx | predictive | Low |
38 | File | xxxxxxxx.xxx | predictive | Medium |
39 | File | xxxxxxxxxx/xxxxxxxxxxx/xxxxx.xxxxxxxxxxx.xxx | predictive | High |
40 | File | xxxxxx.xxx.xxx | predictive | High |
41 | File | xxxxxxxxx.xxx | predictive | High |
42 | File | xxxx/xxxxxxxxxxxxxxxxxx.xxx | predictive | High |
43 | File | xxxx/xxxxxxxxxxx.x | predictive | High |
44 | File | xxxx/xxxxxxx/xxxxxx_xxxxxxx_xx.xx | predictive | High |
45 | File | xxxx/xxxxxxxxxxxxxxx.xxx | predictive | High |
46 | File | xxx.xxx | predictive | Low |
47 | File | xxxxxx.xxx | predictive | Medium |
48 | File | xxxxxxxxx.xxx | predictive | High |
49 | File | xxxxxxxxxxxxxxx.xxx | predictive | High |
50 | File | xxxxxxxxxxxxxx.xxx | predictive | High |
51 | File | xxxxxxx/xxx/xxx/xxxxxxx/xxxxxxx_xxxxx.x | predictive | High |
52 | File | xxxxxxx/xxxxxxxxxx/xx/xxxx_xx/xx_xxxxx.x | predictive | High |
53 | File | xxxxxxx/xxx/xxxx/xxxxx.x | predictive | High |
54 | File | xxxxxxxxxxx/xxxxx | predictive | High |
55 | File | xxxx/xxxxxxxxxx/xxxx/xxx/xxxxxx-xxx-xxxxxxxx.x | predictive | High |
56 | File | xxxxxx.xxx | predictive | Medium |
57 | File | xx/xxxxx/xxxxxxx.x | predictive | High |
58 | File | xx/xxxx/xxxxxxxx.x | predictive | High |
59 | File | xxxxxxxxxxxx_xxxx.xxx | predictive | High |
60 | File | xxxxxx/xxxxxxxxxxxxx | predictive | High |
61 | File | xxxx.xxx | predictive | Medium |
62 | File | xxxxxx.xxx | predictive | Medium |
63 | File | xxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xx | predictive | High |
64 | File | xx/xxxxx/xxx.x | predictive | High |
65 | File | xxxxxxxxx.xxx | predictive | High |
66 | File | xxx/xxxxxx.xxx | predictive | High |
67 | File | xxxxxxxx/xxxxx_xxxxxxxx.xxx | predictive | High |
68 | File | xxxxxxxx/xxxxxxxxx_xxx_xxxx.xxx | predictive | High |
69 | File | xxxxx.xxx | predictive | Medium |
70 | File | xxxxxxxx/xxxxx_xxxxxx.xxx | predictive | High |
71 | File | xxxxx.xxxxxxx.xxx | predictive | High |
72 | File | xxxx_xxxx.xxx | predictive | High |
73 | File | xxxxx.x | predictive | Low |
74 | File | xxxxxxxxx/xxxxxxx/xxxxx.xxx | predictive | High |
75 | File | xxx_xxxx.xx | predictive | Medium |
76 | File | xxxx.xxx | predictive | Medium |
77 | File | xxxxxxxx/xxxx_xxxxxx/xxxx_xxxxx_xxxxx.xxx | predictive | High |
78 | File | xxxx/xxx/xxx.x | predictive | High |
79 | File | xxxxxxxxx/xxxxxxxx.xxx | predictive | High |
80 | File | xxxxx.xxx | predictive | Medium |
81 | File | xxxxxx.xxx | predictive | Medium |
82 | File | xx/xxx.x | predictive | Medium |
83 | File | xxx_xxxxx.xxx | predictive | High |
84 | File | xxxxxxx_xxxxxxx/xxxxxxx/xxxxx_xxxxxxxxx.xxx | predictive | High |
85 | File | xxxxxxxx.xxxxx | predictive | High |
86 | File | xxx | predictive | Low |
87 | File | xxxxxxx.xxx.xxx | predictive | High |
88 | File | xxxx | predictive | Low |
89 | File | xxxx.xxx | predictive | Medium |
90 | File | xxxxxxx/xxxxx/xxxxxxx/xxxxxx.xxx | predictive | High |
91 | File | xxx.x | predictive | Low |
92 | File | xxxx.xxx | predictive | Medium |
93 | File | xxxxxxx.xxxxxx.xxx | predictive | High |
94 | File | xxxxxx/xxxxx/xxxx/xxxxxxx.xxxx | predictive | High |
95 | File | xxxxxx.xxxx | predictive | Medium |
96 | File | xxxx-xxxxx.x | predictive | Medium |
97 | File | xxxxxx_xxx_xxxxxx.x | predictive | High |
98 | File | xxxx.xxx | predictive | Medium |
99 | File | xxxxxxx.xxx | predictive | Medium |
100 | File | xxxxxx_xxxx.xxx | predictive | High |
101 | File | xxxx_xxxxxxx_xxxxxxxx.xxx | predictive | High |
102 | File | xxxxxxxxxxxx.xxx | predictive | High |
103 | File | xxxxx.xxx | predictive | Medium |
104 | File | xxxxxxxxxx.xxx | predictive | High |
105 | File | xxx/xxxxxxxxxx | predictive | High |
106 | File | xxxxx.x | predictive | Low |
107 | File | xxxxxxxxxxxxxxxx.xxx | predictive | High |
108 | File | xxxx.x | predictive | Low |
109 | File | xxxx_xxxxx.x | predictive | Medium |
110 | File | xxxxx.xxx | predictive | Medium |
111 | File | xxxx.xxx | predictive | Medium |
112 | File | xxxxxxxxxxxx.xxx | predictive | High |
113 | File | xxxxxxx.xxx | predictive | Medium |
114 | File | xxxxxxx | predictive | Low |
115 | File | xxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxx | predictive | High |
116 | File | xx-xxxxxxxxx.xxx | predictive | High |
117 | File | _xxxx_/xxxxxxx/xxxxxx | predictive | High |
118 | Library | xxxxxxxx.xxx | predictive | Medium |
119 | Library | xxxxxx_xxx[xxx_xxx | predictive | High |
120 | Library | xxxxxxxx.xxx | predictive | Medium |
121 | Library | xxxxxxxxx.xxx | predictive | High |
122 | Library | xxxxxxx.xxx | predictive | Medium |
123 | Library | xxx/xxxxxxxxxx/xxxxx/xxxxxx.xxx | predictive | High |
124 | Library | xxxxxxxx.xxx | predictive | Medium |
125 | Argument | xxx_xxxx_xxxxx | predictive | High |
126 | Argument | xxxxxxx | predictive | Low |
127 | Argument | xxxxx | predictive | Low |
128 | Argument | xxx | predictive | Low |
129 | Argument | xxxx | predictive | Low |
130 | Argument | xxxxxxxx | predictive | Medium |
131 | Argument | xxxxxxxx | predictive | Medium |
132 | Argument | xxx | predictive | Low |
133 | Argument | xxxxx | predictive | Low |
134 | Argument | xxx_xx | predictive | Low |
135 | Argument | xxx | predictive | Low |
136 | Argument | xxxxxxxxxxxxxxxxxxxxxx | predictive | High |
137 | Argument | xxx | predictive | Low |
138 | Argument | xxxx_xx | predictive | Low |
139 | Argument | xxxxxx_xxx[xxx_xxx] | predictive | High |
140 | Argument | xxxx/xxxx | predictive | Medium |
141 | Argument | xxxx | predictive | Low |
142 | Argument | xxxxxxx | predictive | Low |
143 | Argument | xxxxxxx | predictive | Low |
144 | Argument | xxxxxx | predictive | Low |
145 | Argument | xxxx_xxxxxx_xxxxxxxxx | predictive | High |
146 | Argument | xxxxxxxxxx | predictive | Medium |
147 | Argument | xxxxxx_xxx | predictive | Medium |
148 | Argument | xxxxxx_xxxxxx | predictive | High |
149 | Argument | xxxxxxx | predictive | Low |
150 | Argument | xxxxxxxx | predictive | Medium |
151 | Argument | xxxxx_xx | predictive | Medium |
152 | Argument | xxxx_xxxx | predictive | Medium |
153 | Argument | xxxx_xxxxxx | predictive | Medium |
154 | Argument | xx | predictive | Low |
155 | Argument | xxxxxxxxxx | predictive | Medium |
156 | Argument | xxxxx | predictive | Low |
157 | Argument | xxxx_xx | predictive | Low |
158 | Argument | xxxx | predictive | Low |
159 | Argument | xxxx_xxxx | predictive | Medium |
160 | Argument | xxxxxxxx | predictive | Medium |
161 | Argument | xxx_xxxxxxx_xxx | predictive | High |
162 | Argument | xxxxx_xxxx/xxxxx_xxxxxxx | predictive | High |
163 | Argument | xxxxxx | predictive | Low |
164 | Argument | xxxxxxxxx_xxxx_xxxx | predictive | High |
165 | Argument | xxx_xxxxx_xxxx | predictive | High |
166 | Argument | xx | predictive | Low |
167 | Argument | xxxxxxxxxxxx xxxx | predictive | High |
168 | Argument | xxxx | predictive | Low |
169 | Argument | xxxxxx | predictive | Low |
170 | Argument | xxxxxxxx | predictive | Medium |
171 | Argument | xxxx_xx_xx_xxx | predictive | High |
172 | Argument | xxxx | predictive | Low |
173 | Argument | xxxxx_xxxx_xxxx | predictive | High |
174 | Argument | xxxxxxx_xx | predictive | Medium |
175 | Argument | xxx | predictive | Low |
176 | Argument | xxxxx_xxxxxx | predictive | Medium |
177 | Argument | xxxxxx xxxxxxxx | predictive | High |
178 | Argument | xxxxxxxxx | predictive | Medium |
179 | Argument | xxxxxxxxxxxx | predictive | Medium |
180 | Argument | xxxxxx_xxxx_xxxx | predictive | High |
181 | Argument | xxxxxx/xxxxx/xxxxxx/xxxxxxx/xxxxxxxxx | predictive | High |
182 | Argument | xxxxxxx_xx | predictive | Medium |
183 | Argument | xxxx/xxxxxx/xxxxx | predictive | High |
184 | Argument | xxx_xxxxxxx | predictive | Medium |
185 | Argument | xxxx_xxxxx | predictive | Medium |
186 | Argument | xxxxxxxxxx | predictive | Medium |
187 | Argument | xxxxxxxxxxxx | predictive | Medium |
188 | Argument | xx_xx | predictive | Low |
189 | Argument | xxx | predictive | Low |
190 | Argument | xxxxxxxxxxx/xxxxx_xxxxx | predictive | High |
191 | Argument | xxxxxx_xxxx | predictive | Medium |
192 | Argument | xxx | predictive | Low |
193 | Network Port | xx xxxxxxx xxx.xx.xx.xx | predictive | High |
194 | Network Port | xxx/xxxxx | predictive | Medium |
References (9)
The following list contains external sources which discuss the actor and the associated activities:
- https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxxxx.xxx/xxxxx/xxxxx_xxxxxx_xxxxxxxxxxxx/xxxx/xxxx/xxxxxx/xxxxxx
- xxxxx://xxx.xxxx.xxx/xxxxxx/xxxxx/xxxxxxxxx+xxxxxxx+xxxxx+xxxxxxxxxxx+xxxxxxx/xxxxx/