AV Tech Support Scam Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (21)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	16
ru	6

Country

cn	10
ru	10
pl	2

Actors

AV Tech Support Scam	2
IcedID	1

Activities

Interest

Timeline

Type

Not Defined	8
Router Operating System	4
Programming Tool Software	2
Content Management System	2
Operating System	2

Vendor

Not Defined	4
SAP	2
Linksys	2
Huawei	2
LG	2

Product

SAP IDES Systems	2
PCRE	2
Linksys WRT1900ACS	2
DedeCMS	2
Huawei HarmonyOS	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	mintplex-labs anything-llm POST server-side request forgery	7.9	7.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00043	0.04	CVE-2024-0440
2	QNAP QTS/QuTS hero/QuTScloud command injection	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00305	0.04	CVE-2023-47218
3	Tenda AC9 fromSetIpMacBind stack-based overflow	8.8	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00043	0.04	CVE-2024-25748
4	DedeCMS article_allowurl_edit.php code injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00118	0.16	CVE-2023-2928
5	Sangfor Next-Gen Application Firewall loadfile.php information disclosure	4.7	4.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00079	0.00	CVE-2023-30804
6	Tongda OA delete.php sql injection	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00063	0.08	CVE-2023-5019
7	ITFlow settings.php cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00045	0.02	CVE-2024-25344
8	Huawei HarmonyOS/EMUI Wi-Fi Module missing authentication	4.3	4.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00043	0.03	CVE-2022-48621
9	FasterXML jackson-databind deserialization	6.8	6.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00431	0.04	CVE-2021-20190
10	LG Signage TV webOS code injection	6.8	6.8	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00043	0.04	CVE-2024-1885
11	SAP IDES Systems os command injection	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00043	0.03	CVE-2024-22132
12	Microsoft Windows Media Center MCL File ehshell.exe xml external entity reference	6.5	5.9	$100k and more	$0-$5k	Proof-of-Concept	Unavailable	0.00000	0.00
13	Rarlab UnRAR Unpack pathname traversal	6.3	6.0	$0-$5k	$0-$5k	High	Official Fix	0.90549	0.04	CVE-2022-30333
14	Microsoft Intune Management Extension Remote Code Execution	8.1	7.1	$25k-$100k	$0-$5k	Unproven	Official Fix	0.01007	0.00	CVE-2021-31980
15	DevExpress.XtraReports.UI deserialization	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01502	0.00	CVE-2021-36483
16	MikroTik RouterOS bfd null pointer dereference	4.3	4.1	$0-$5k	Calculating	Not Defined	Official Fix	0.00209	0.00	CVE-2020-20220
17	Linux Kernel Array Access xfrm_user.c __xfrm_policy_unlink out-of-bounds	5.9	5.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00045	0.03	CVE-2019-15666
18	Linksys WRT1900ACS Cookie Base64 cryptographic issues	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00046	0.03	CVE-2019-7311
19	Google Chrome Blink access control	5.8	5.6	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00119	0.00	CVE-2017-5027
20	PCRE pcregrep information disclosure	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00469	0.00	CVE-2015-8393

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	68.183.175.204		AV Tech Support Scam	01/10/2019	verified	High
2	XXX.XX.XXX.XX		Xx Xxxx Xxxxxxx Xxxx	01/10/2019	verified	High
3	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xxxxxxxxx.xxxxxxxx.xxx	Xx Xxxx Xxxxxxx Xxxx	01/10/2019	verified	High
4	XXX.XXX.XXX.XXX		Xx Xxxx Xxxxxxx Xxxx	01/10/2019	verified	High
5	XXX.XXX.XXX.XXX		Xx Xxxx Xxxxxxx Xxxx	01/10/2019	verified	High

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006		CWE-21	Path Traversal	predictive	High
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
4	TXXXX	CAPEC-19	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
7	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
8	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (10)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/nova/bin/bfd	predictive	High
2	File	ehshell.exe	predictive	Medium
3	File	xxxxxxx/xx/xxxxxx/xxxxx_xxxxxxxxxxxxx/xxxxxx.xxx	predictive	High
4	File	xxx/xxxx/xxxx_xxxx.x	predictive	High
5	File	xxxxxxxx.xxx	predictive	Medium
6	File	xxxx_xxxx/xxxxxxxx.xxx	predictive	High
7	File	xxxxxxx/xxxx/xxxxxxx_xxxxxxxx_xxxx.xxx	predictive	High
8	Argument	-x	predictive	Low
9	Argument	xxxxxxx	predictive	Low
10	Argument	xxxxxxxxxxxxx_xx	predictive	High

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!