Avos Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (68)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en52
fr12
pl2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

FR: France12
US: USA4
RU: Russia2
ES: Spain2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Mikey1
Amadey1
AsyncRAT1
Storm-18651
RedLine Stealer1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined24
Operating System4
Anti-Malware Software2
Router Operating System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
Microsoft6
HP2
Coinsoft Technologies2
Canto2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows4
Hydra4
OmniSecure2
HP SAN2
HP iQ2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1HP SAN/iQ hydra.exe credentials management4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.077510.00CVE-2012-4362
2Hydra HTTP Header read.c process_header_end null pointer dereference6.46.4$0-$5k$0-$5kNot definedNot defined 0.004350.06CVE-2019-17502
3IW Guestbook badwords_edit.asp sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot defined 0.000000.00
4Hydra authentication replay5.75.6$0-$5k$0-$5kNot definedOfficial fix 0.001920.00CVE-2020-5300
5OmniSecure AddUrlShield index.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot defined 0.000000.02
6ORY Hydra error Reflected cross site scripting5.25.1$0-$5k$0-$5kNot definedOfficial fix 0.003420.02CVE-2019-8400
7PHPGurukul Hospital Management System dashboard.php access control5.55.5$0-$5k$0-$5kNot definedNot defined 0.003790.00CVE-2020-35745
8HP SAN/iQ Login hydra.exe memory corruption10.09.5$25k-$100k$0-$5kProof-of-ConceptOfficial fixpossible0.392080.00CVE-2011-4157
9HP LeftHand Virtual SAN Appliance hydra memory corruption10.09.5$25k-$100k$0-$5kHighOfficial fixpossible0.756000.02CVE-2013-2343
10Coinsoft Technologies phpCOIN db.php file inclusion7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.059720.00CVE-2005-4211
11Coinsoft Technologies phpCOIN db.php path traversal5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.056050.00CVE-2005-4212
12Ilohamail cross site scripting4.34.1$0-$5k$0-$5kNot definedOfficial fix 0.000000.00
13DrayTek Vigor2960/Vigor3900/Vigor300B mainfunction.cgi injection9.89.8$25k-$100k$0-$5kAttackedNot definedverified0.943570.00CVE-2020-8515
14simplesamlphp simplesamlphp-module-openidprovider trust.tpl.php cross site scripting4.14.1$0-$5k$0-$5kNot definedOfficial fix 0.000700.03CVE-2010-10008
15Small CRM cross site scripting3.53.4$0-$5k$0-$5kNot definedNot defined 0.002020.00CVE-2023-44075
16Intern Record System controller.php cross site scripting4.44.4$0-$5k$0-$5kNot definedNot defined 0.005910.00CVE-2022-40348
17Sitekit CMS registration-form.html cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000000.00
18Microsoft Windows Backup Service privilege escalation7.77.1$25k-$100k$0-$5kProof-of-ConceptOfficial fixpossible0.431230.04CVE-2023-21752
19SunHater KCFinder upload.php cross site scripting5.75.7$0-$5kCalculatingNot definedNot defined 0.001890.02CVE-2019-14315
20Canto Cumulus login server-side request forgery8.07.9$0-$5k$0-$5kNot definedNot defined 0.012940.00CVE-2022-40305

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.136.230.191Avos07/29/2022verifiedMedium
2XXX.XXX.XXX.XXXXxxx07/29/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3TXXXXCAPEC-XXCWE-XXXxxxxxxx Xxxxxxxxxxxxxx Xx Xxxx Xxxxxx Xxxxx XxxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cwc/loginpredictiveMedium
2File/intern/controller.phppredictiveHigh
3File/iwguestbook/admin/badwords_edit.asppredictiveHigh
4File/iwguestbook/admin/messages_edit.asppredictiveHigh
5Fileadmin/dashboard.phppredictiveHigh
6Filexxxxx.xxxpredictiveMedium
7Filexxx-xxx/xxxxxxxxxxxx.xxxpredictiveHigh
8Filexxxx_xxxxxxxx/xx.xxxpredictiveHigh
9Filexxxxx.xxxpredictiveMedium
10Filexxxxx.xxxpredictiveMedium
11Filexxxxx.xxx/xxxxxxxxxxxxx/xxxpredictiveHigh
12Filexxxxxx/xxxxxxxxx/xxxxxpredictiveHigh
13Filexxxx.xpredictiveLow
14Filexxxxxxxxxxxx-xxxx.xxxxpredictiveHigh
15Filexxxxxxxxx/xxxxx.xxx.xxxpredictiveHigh
16Filexxxxxx.xxxpredictiveMedium
17Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
18ArgumentxxxxxxxpredictiveLow
19ArgumentxxxxxxpredictiveLow
20ArgumentxxxxxxxxxxxxxxxpredictiveHigh
21ArgumentxxxxxxxxxpredictiveMedium
22Argumentxxxxxxx-xxxxxxpredictiveHigh
23Argumentxxxxx_xxxxpredictiveMedium
24Argumentxxxxxx$xxxxxpredictiveMedium
25ArgumentxxpredictiveLow
26ArgumentxxxxxpredictiveLow
27Argumentxxxx/xxxxxpredictiveMedium
28Argumentxxxx_xxpredictiveLow
29ArgumentxxxxxxpredictiveLow
30ArgumentxxxxxxxpredictiveLow
31Argument_xxxx[_xxx_xxxx_xxxxpredictiveHigh
32Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!