Avos Analysis

IOB - Indicator of Behavior (64)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en54
fr8
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Coinsoft Technologies phpCOIN4
GESIO ERP2
Basti2web Book Panel2
Sitekit CMS2
IW Guestbook2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1HP SAN/iQ hydra.exe credentials management4.33.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.040.00293CVE-2012-4362
2Hydra HTTP Header read.c process_header_end null pointer dereference6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00117CVE-2019-17502
3IW Guestbook badwords_edit.asp sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00000
4Hydra authentication replay5.65.0$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00099CVE-2020-5300
5OmniSecure AddUrlShield index.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.00000
6ORY Hydra error Reflected cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00109CVE-2019-8400
7PHPGurukul Hospital Management System dashboard.php access control5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00336CVE-2020-35745
8HP SAN/iQ Login hydra.exe memory corruption10.09.5$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.020.10070CVE-2011-4157
9HP LeftHand Virtual SAN Appliance hydra memory corruption10.09.5$25k-$100k$0-$5kHighOfficial Fix0.030.94627CVE-2013-2343
10Coinsoft Technologies phpCOIN db.php file inclusion7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.050.07606CVE-2005-4211
11Coinsoft Technologies phpCOIN db.php path traversal5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.050.03877CVE-2005-4212
12Ilohamail cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00000
13Sitekit CMS registration-form.html cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00000
14Microsoft Windows Backup Service Privilege Escalation7.77.1$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.030.01557CVE-2023-21752
15SunHater KCFinder upload.php cross site scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.030.00131CVE-2019-14315
16Canto Cumulus login server-side request forgery8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.030.00187CVE-2022-40305
17IW Guestbook messages_edit.asp sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.00000
18CKEditor Clipboard Package code injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00188CVE-2021-32809
19Microsoft Windows Remote Access Connection Manager Privilege Escalation8.37.3$100k and more$5k-$25kUnprovenOfficial Fix0.000.00043CVE-2021-33773
20Microsoft Malware Protection Engine Defender Remote Code Execution8.37.3$25k-$100k$0-$5kUnprovenOfficial Fix0.040.00329CVE-2021-34522

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.136.230.191Avos07/29/2022verifiedHigh
2XXX.XXX.XXX.XXXXxxx07/29/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1040CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3TXXXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx XxxxxxxpredictiveHigh
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cwc/loginpredictiveMedium
2File/iwguestbook/admin/badwords_edit.asppredictiveHigh
3File/iwguestbook/admin/messages_edit.asppredictiveHigh
4Fileadmin/dashboard.phppredictiveHigh
5Filexxxxx.xxxpredictiveMedium
6Filexxxx_xxxxxxxx/xx.xxxpredictiveHigh
7Filexxxxx.xxxpredictiveMedium
8Filexxxxx.xxxpredictiveMedium
9Filexxxxx.xxx/xxxxxxxxxxxxx/xxxpredictiveHigh
10Filexxxxxx/xxxxxxxxx/xxxxxpredictiveHigh
11Filexxxx.xpredictiveLow
12Filexxxxxxxxxxxx-xxxx.xxxxpredictiveHigh
13Filexxxxxx.xxxpredictiveMedium
14Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
15ArgumentxxxxxxpredictiveLow
16ArgumentxxxxxxxxxxxxxxxpredictiveHigh
17ArgumentxxxxxxxxxpredictiveMedium
18Argumentxxxxxxx-xxxxxxpredictiveHigh
19Argumentxxxxx_xxxxpredictiveMedium
20Argumentxxxxxx$xxxxxpredictiveMedium
21ArgumentxxpredictiveLow
22ArgumentxxxxxpredictiveLow
23Argumentxxxx_xxpredictiveLow
24ArgumentxxxxxxpredictiveLow
25Argument_xxxx[_xxx_xxxx_xxxxpredictiveHigh
26Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!