Azorult Analysis

IOB - Indicator of Behavior (443)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en372
fr16
de14
ru10
zh8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us172
nl92
ru20
de4
kp4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress10
Apache HTTP Server6
Linux Kernel6
Qualcomm Snapdragon Auto4
Qualcomm Snapdragon Compute4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.560.25090CVE-2017-0055
2Linux Kernel efi Subsystem efi.c phys_efi_set_virtual_address_map Memory 7pk error5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01282CVE-2019-12380
3SunHater KCFinder upload.php cross site scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.070.01055CVE-2019-14315
4WordPress Thumbnail input validation7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.050.04571CVE-2018-1000773
5Ilohamail cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00000
6Oracle NetSuite SuiteCommerce Advanced privileges management5.04.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2020-14729
7Oracle NetSuite SuiteCommerce Advanced privileges management6.06.0$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00885CVE-2020-14728
8Microsoft Windows Encrypting File System Privilege Escalation7.56.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.040.02342CVE-2021-43893
9ShopXO phar File unrestricted upload8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.000.01978CVE-2021-27817
10Exim input validation8.57.9$5k-$25k$0-$5kFunctionalOfficial Fix0.010.94954CVE-2019-10149
11Wibu CodeMeter Runtime Privileges codemeter.exe access control8.48.0$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00885CVE-2014-8419
12Wibu-Systems CodeMeter Advanced Settings ChangeConfiguration.html cross site scripting4.44.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.02810CVE-2017-13754
13DotNetNuke Cookie input validation7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.59278CVE-2017-9822
14Plohni Advanced Comment System Installation index.php code injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.13011CVE-2009-4623
15Squid Proxy HTTP Header Host Field Parser access control7.56.9$5k-$25k$0-$5kProof-of-ConceptWorkaround0.010.01319CVE-2012-2213
16safe-eval access control9.19.1$0-$5k$0-$5kNot DefinedNot Defined0.010.00954CVE-2017-16088
17Telerik Reporting for ASP.NET WebForms Report Viewer Control cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01136CVE-2017-9140
18Yii ActiveRecord.php findByCondition sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.01055CVE-2018-7269
19FileZilla Server PORT confused deputy4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2015-10003
20Acme Mini HTTPd Terminal input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.040.04187CVE-2009-4490

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Azorult

IOC - Indicator of Compromise (39)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
12.59.42.63vds-cw08597.timeweb.ruAmadey BotAzorultverifiedHigh
213.107.21.200AzorultverifiedHigh
323.106.124.148AzorultverifiedHigh
437.140.192.153scp59.hosting.reg.ruAzorultverifiedHigh
537.140.192.166scp46.hosting.reg.ruAzorultverifiedHigh
645.76.18.3945.76.18.39.vultrusercontent.comAzorultverifiedHigh
745.139.236.14AzorultverifiedHigh
867.199.248.10bit.lyAzorultverifiedHigh
9XX.XXX.XXX.XXxxx.xxXxxxxxxverifiedHigh
10XX.XX.XXX.XXXxxxxxxxxxx.xxxx.xxXxxxxxXxxxxxxverifiedHigh
11XX.XX.XX.XXxxxxxx.xx.xx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxverifiedHigh
12XX.XXX.XX.XXXXxxxxxXxxxxxxverifiedHigh
13XX.XXX.XXX.XXxxxxxxxx-xxxx.xxx.xxxxxxxxx.xxxXxxxxxxverifiedHigh
14XXX.XX.XXX.XXXXxxxxxxverifiedHigh
15XXX.XX.XXX.XXXXxxxxxxverifiedHigh
16XXX.XX.XXX.XXXxxxxxxverifiedHigh
17XXX.XX.XXX.XXXxxxxxxverifiedHigh
18XXX.XX.XX.XXxxxxxxverifiedHigh
19XXX.XXX.XX.XXXxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxxXxxxxxxverifiedHigh
20XXX.XXX.XX.XXXxxx.xxxxxxx.xxxxXxxxxxXxxxxxxverifiedHigh
21XXX.XXX.XXX.XXXXxxxxxxverifiedHigh
22XXX.XXX.XXX.XXXxxxxxxverifiedHigh
23XXX.XX.XXX.XXXxxxxx.xxxxxxxxxxxxxxxx.xxxXxxxxxXxxxxxxverifiedHigh
24XXX.XX.XXX.XXXxxx.xx.xxxxxxxxxx.xxxXxxxxxxverifiedHigh
25XXX.XXX.XX.XXXxxxxxxverifiedHigh
26XXX.XXX.XXX.XXXxxxxxxverifiedHigh
27XXX.XXX.XXX.XXXxxxxxxverifiedHigh
28XXX.XXX.XX.XXXXxxxxxxverifiedHigh
29XXX.XX.XXX.XXxxxxxxx.xxxXxxxxxxverifiedHigh
30XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxxxxverifiedHigh
31XXX.XXX.XXX.XXxxxxxx.xxxxxxxxxx.xxxXxxxxxxverifiedHigh
32XXX.XX.XXX.Xxx-xxx.xxxXxxxxxxverifiedHigh
33XXX.XXX.XX.XXXxxxxx.xxxxxxxxxxxxxxxx.xxXxxxxxxverifiedHigh
34XXX.XXX.XX.XXXxxxxx.xxxxxxxx.xxxXxxxxxxverifiedHigh
35XXX.XX.XX.XXXxxxxxxverifiedHigh
36XXX.XX.XX.XXXxxxxxxverifiedHigh
37XXX.XX.XX.XXXxxxxxxverifiedHigh
38XXX.XXX.XXX.XXXxxxxxxverifiedHigh
39XXX.XXX.XXX.XXXxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (24)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22, CWE-23Pathname TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74InjectionpredictiveHigh
4T1059CWE-94, CWE-1321Cross Site ScriptingpredictiveHigh
5T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
15TXXXXCWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
17TXXXXCWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
18TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
19TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
20TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
21TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
22TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
23TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
24TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (192)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/admin/deluser.phppredictiveHigh
3File/administration/theme.phppredictiveHigh
4File/auparse/auparse.cpredictiveHigh
5File/auxpredictiveLow
6File/BindAccount/SuccessTips.jspredictiveHigh
7File/goform/QuickIndexpredictiveHigh
8File/goform/setMacFilterCfgpredictiveHigh
9File/goform/WifiBasicSetpredictiveHigh
10File/home/httpd/cgi-bin/cgi.cgipredictiveHigh
11File/login.htmlpredictiveMedium
12File/medical/inventories.phppredictiveHigh
13File/pages.phppredictiveMedium
14File/pages/save_user.phppredictiveHigh
15File/patient/doctors.phppredictiveHigh
16File/rom-0predictiveLow
17File/uncpath/predictiveMedium
18File/usr/local/psa/admin/sbin/wrapperpredictiveHigh
19File/usr/local/WowzaStreamingEngine/bin/predictiveHigh
20File/vloggers_merch/classes/Master.php?f=delete_orderpredictiveHigh
21Fileabm.aspxpredictiveMedium
22Fileactions/ChangeConfiguration.htmlpredictiveHigh
23Filexxxxxxx.xxxpredictiveMedium
24Filexxx/xxxx_xxxx_xxxxxx.xxxpredictiveHigh
25Filexxxxx/xxxxx.xxxpredictiveHigh
26Filexxxxx/xxxx/xxxxxxxx/xxx/predictiveHigh
27Filexxxxx/xxxxxxxx.xxxpredictiveHigh
28Filexxxxxxx.xxx?xxx=xxxx&xx=xxxxpredictiveHigh
29Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
30Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
31Filexxxx_xxxxx.xxxpredictiveHigh
32Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
33Filexxxxxxxxxxx.xxxpredictiveHigh
34Filexxxx/xxx/xxxxxxxx/xxx/xxx.xpredictiveHigh
35Filexxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
36Filexxxx-xxxx.xpredictiveMedium
37Filexxxxxx.xxxpredictiveMedium
38Filexxxxxx.xpredictiveMedium
39Filexxxxxx/xxxxx.xxxpredictiveHigh
40Filexxxxxx.xxxpredictiveMedium
41Filexxxxxxxxx.xxxpredictiveHigh
42Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictiveHigh
43Filexxxxxxxxxx/xx-xxxxxxxxx/xx-xxxxxxxxx-xxxx.xxpredictiveHigh
44Filexxxxxxxxxxxxx.xxxpredictiveHigh
45Filexxxxxxx.xxxpredictiveMedium
46Filexx-xxxxxxxx.xpredictiveHigh
47Filexxx.xxxpredictiveLow
48Filexxxxxx.xxxpredictiveMedium
49Filexxxxxxx/xxxx/xxxxxxxx/xxxxxxxx.xpredictiveHigh
50Filexxxxxxx/xxxxx/xxxxxxxx/xxxxxpredictiveHigh
51Filexxxxxxx_xxxx_xxxxxx_xxxx.xxxpredictiveHigh
52Filexxxxxxxx/xxxxx/xxxxxxxxx.xxxpredictiveHigh
53Filexxxxxxxxxxx.xxxpredictiveHigh
54Filexxxxxxxxxxxx.xxxpredictiveHigh
55Filexxxxxx.xxxxpredictiveMedium
56Filexxxxxx.xxxpredictiveMedium
57Filexxxxxxxxx/xx/xxxxxxxxxxxx.xxxpredictiveHigh
58Filexxxxx/xxxx.xxxpredictiveHigh
59Filexxxx.xxxpredictiveMedium
60FilexxxpredictiveLow
61Filexxxxxx.xxxpredictiveMedium
62Filexxxxxxxx.xxxpredictiveMedium
63Filexxx/xxxxxx.xxxpredictiveHigh
64Filexxxxx.xxpredictiveMedium
65Filexxxxx.xxxpredictiveMedium
66Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictiveHigh
67Filexxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
68Filexxxx.xxxpredictiveMedium
69Filexxxx.xxxpredictiveMedium
70Filexxxxxx.xpredictiveMedium
71Filexxxxxxxxxxx_xxxxx.xxpredictiveHigh
72Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
73Filexxxxx.xxxpredictiveMedium
74Filexxxxxx/xxxx.xpredictiveHigh
75Filexxxx.xxxpredictiveMedium
76Filexxxxxxxxxxxxx.xxxpredictiveHigh
77Filexxxxxxxx.xxxpredictiveMedium
78Filexx-xxxxxxxx-xxxxxxx-xxx.xxxpredictiveHigh
79Filexxx/xxxx/xxxx.xpredictiveHigh
80Filexxxx.xxpredictiveLow
81Filexx/xxxxpredictiveLow
82Filexxxxxxxxx.xxx.xxxpredictiveHigh
83Filexxxxxxxxxxxx.xxxpredictiveHigh
84Filexxxxxxx.xxxpredictiveMedium
85Filexxxxxxx/xx/xxx.xxpredictiveHigh
86Filexxxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
87Filexxx.xpredictiveLow
88Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
89Filexxxxxxxxxxxxxx.xxxpredictiveHigh
90Filexxxxx/xx/xxxxxxxxx/predictiveHigh
91Filexxxxxxxx.xxxpredictiveMedium
92Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
93FilexxxxxxpredictiveLow
94Filexxxxxxxxx/xxxxxx.xpredictiveHigh
95Filexxxxxx.xxxpredictiveMedium
96Filexxxxxx_xxxxxxx.xxxpredictiveHigh
97Filexxxxxxxxxxx.xxxpredictiveHigh
98Filexxxx.xxxpredictiveMedium
99Filexxxxxxxxxx.xxxxpredictiveHigh
100Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
101Filexxxxxxxx.xpredictiveMedium
102Filexxxxxxxxx.xxxpredictiveHigh
103Filexxx_xxxxxxx.xxxpredictiveHigh
104Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
105Filexx.xxxpredictiveLow
106Filexxxxxxxxxxxx_xxxx_xxxxxxxxx.xxxpredictiveHigh
107Filexxxxxxx.xpredictiveMedium
108Filexxxxxx.xxxpredictiveMedium
109Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
110Filexxxxx/xxxxx.xxpredictiveHigh
111Filexxxxxx.xxxpredictiveMedium
112Filexxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxxpredictiveHigh
113Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
114Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
115Filexxxxxx.xxxpredictiveMedium
116File~/xxxxxxxxxxxxx.xxxpredictiveHigh
117Library/xxx/xxx/xxxx.xxxpredictiveHigh
118Library/xxx/xxx.xpredictiveMedium
119Libraryxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveHigh
120Libraryxxxxxxxxxxxxxx.xxxpredictiveHigh
121Libraryxxx_xxxxxx.xxxpredictiveHigh
122Libraryxxxxxxxxxxxx.xxxpredictiveHigh
123Libraryxxxxxxxx.xxxpredictiveMedium
124Libraryxxxxxx_xxx.xxxpredictiveHigh
125Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveHigh
126Argument--xxxxx/--xxxxxpredictiveHigh
127Argumentxxx_xxxxpredictiveMedium
128ArgumentxxxxpredictiveLow
129ArgumentxxxxxxxxpredictiveMedium
130Argumentxxxxx_xxxxxxxxxxxpredictiveHigh
131ArgumentxxxxpredictiveLow
132ArgumentxxxxxpredictiveLow
133Argumentxxx_xxpredictiveLow
134ArgumentxxxpredictiveLow
135ArgumentxxxxxxxxxxxxxxxpredictiveHigh
136Argumentxxxxxx_xxpredictiveMedium
137ArgumentxxxxxpredictiveLow
138ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
139ArgumentxxxxxxxxxxxpredictiveMedium
140ArgumentxxxpredictiveLow
141Argumentxxxxx->xxxxpredictiveMedium
142ArgumentxxxxxxxxpredictiveMedium
143ArgumentxxxxxxxxpredictiveMedium
144ArgumentxxpredictiveLow
145Argumentxx/xxxxxxxxpredictiveMedium
146ArgumentxxxxxxxxxpredictiveMedium
147ArgumentxxxxxxpredictiveLow
148Argumentxxxxx[xxxxx][xx]predictiveHigh
149ArgumentxxxxxxxpredictiveLow
150Argumentxxxxxxxx_xxxxpredictiveHigh
151ArgumentxxxxxxpredictiveLow
152ArgumentxxxxxxxpredictiveLow
153Argumentxxxxxx xxxxxpredictiveMedium
154ArgumentxxxxpredictiveLow
155Argumentxx_xxxxpredictiveLow
156ArgumentxxxxpredictiveLow
157ArgumentxxxxxxxxpredictiveMedium
158ArgumentxxxxxxxxxpredictiveMedium
159Argumentxxxxxxx_xxxpredictiveMedium
160ArgumentxxxxxxxxxxxxxpredictiveHigh
161ArgumentxxxxxxpredictiveLow
162ArgumentxxpredictiveLow
163Argumentx_xxxxpredictiveLow
164ArgumentxxxxxxxxxxxpredictiveMedium
165ArgumentxxxxxxxxxpredictiveMedium
166Argumentxxxxxx/xxxxxpredictiveMedium
167ArgumentxxxxxxpredictiveLow
168ArgumentxxxxxxxxpredictiveMedium
169ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
170ArgumentxxxxxxpredictiveLow
171ArgumentxxxxpredictiveLow
172ArgumentxxxxxxxxxxpredictiveMedium
173ArgumentxxxxxpredictiveLow
174ArgumentxxxxxpredictiveLow
175ArgumentxxxpredictiveLow
176Argumentxxxxxxxx/xxxxpredictiveHigh
177Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
178Argumentxxxx_xxxxxxxxx/xxxx_xxxxxxxxpredictiveHigh
179ArgumentxxxxxxpredictiveLow
180Argumentxxxx->xxxxxxxpredictiveHigh
181Argumentx-xxxx-xxpredictiveMedium
182Input Value.%xx.../.%xx.../predictiveHigh
183Input Value/../predictiveLow
184Input Value//predictiveLow
185Input Valuex">[xxx/xxxxxx=xxxxx(x)]predictiveHigh
186Input Valuexxxx:xxxxxxpredictiveMedium
187Input ValuexxxxxxxxxxxxxxxxxxxxpredictiveHigh
188Input Value…/.predictiveLow
189Network Portxx xxxxxxx xxx.xx.xx.xxpredictiveHigh
190Network Portxxx/xx (xxx)predictiveMedium
191Network Portxxx/xxxx (xxxx) & xxx/xxxx (xx-xxxx)predictiveHigh
192Network Portxxx xxxxxx xxxxpredictiveHigh

References (8)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!