BadBazaar Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (392)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en290
zh60
fr12
es8
de8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA238
CN: China110
CA: Canada10
DE: Germany10
FR: France8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

BadBazaar12
Cobalt Strike7
Sliver4
pupy3
Curious Gorge2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined98
Content Management System16
Forum Software10
Operating System8
Firewall Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined108
Cisco14
Google8
Microsoft6
Synacor6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android6
Postfix4
Microsoft Windows4
Synacor Zimbra Collaboration4
WordPress4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.919800.77CVE-2020-15906
2Ignite Realtime Openfire Administration Console improper authentication7.87.7$0-$5k$0-$5kHighOfficial Fix0.970700.04CVE-2023-32315
3DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.028200.34CVE-2010-0966
4Devilz Clanportal index.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptUnavailable0.009110.04CVE-2006-3347
5LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000000.29
6TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010750.27CVE-2006-6168
7Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.038280.00CVE-2007-1192
8jforum username User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003180.04CVE-2019-7550
9DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.046040.09CVE-2007-1167
10vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.002330.02CVE-2018-6200
11Synacor Zimbra Collaboration mboximport pathname traversal4.74.5$0-$5k$0-$5kHighOfficial Fix0.902170.05CVE-2022-27925
12Google Chrome WebGPU use after free6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.004820.00CVE-2022-2007
13RoundCube sql injection8.68.5$0-$5k$0-$5kHighOfficial Fix0.020180.02CVE-2021-44026
14Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.16
15Google Chrome Compositing out-of-bounds6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.002380.03CVE-2022-2010
16Google Chrome WebGL out-of-bounds6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.002660.03CVE-2022-2008
17Apple Mac OS X TCP Timestamp information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.004740.00CVE-2003-0882
18eSyndicat Directory Software suggest-listing.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.26
19SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001931.07CVE-2022-28959
20MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.014340.22CVE-2007-0354

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.63.89.23845.63.89.238.vultrusercontent.comBadBazaar09/20/2023verifiedMedium
245.133.238.92BadBazaar09/20/2023verifiedHigh
345.154.12.132BadBazaar09/20/2023verifiedHigh
445.154.12.151BadBazaar09/20/2023verifiedHigh
5XX.XXX.XX.XXXXxxxxxxxx09/20/2023verifiedHigh
6XX.XXX.XX.XXXxx-xx.xxxxxxxxxxxxxxx.xxxXxxxxxxxx09/20/2023verifiedHigh
7XX.XXX.XXX.XXXXxxxxxxxx09/20/2023verifiedHigh
8XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxx.xxxx.xxxXxxxxxxxx09/20/2023verifiedHigh
9XXX.XX.XXX.XXXXxxxxxxxx09/20/2023verifiedHigh
10XXX.XX.XXX.XXXXxxxxxxxx09/20/2023verifiedHigh
11XXX.XXX.XX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxx09/20/2023verifiedHigh
12XXX.XXX.XX.XXXXxxxxxxxx09/20/2023verifiedHigh
13XXX.XX.XX.XXXxxxxxxxx09/20/2023verifiedHigh
14XXX.XXX.XXX.XXXxxxxxxxx09/20/2023verifiedHigh
15XXX.XX.XXX.XXXxxx-xx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxx08/06/2024verifiedVery High
16XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxx09/20/2023verifiedMedium

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-XXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
15TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (132)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/ajax/device_entities.php?entity_type=netscalervsvrpredictiveHigh
2File/api/admin/user/listpredictiveHigh
3File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
4File/current_action.php?action=rebootpredictiveHigh
5File/etc/postfix/sender_loginpredictiveHigh
6File/file/upload/1predictiveHigh
7File/filemanager/ajax_calls.phppredictiveHigh
8File/forum/away.phppredictiveHigh
9File/Items/*/RemoteImages/DownloadpredictiveHigh
10File/login.phppredictiveMedium
11File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
12File/secure/QueryComponent!Default.jspapredictiveHigh
13File/spip.phppredictiveMedium
14Fileactions/CompanyDetailsSave.phppredictiveHigh
15Fileadclick.phppredictiveMedium
16Fileadmin/index.phppredictiveHigh
17Filexxxxxx.xxxpredictiveMedium
18Filexxxxxxx/xxxxxxx/xxxxxx.xxxpredictiveHigh
19Filexxxxx.xxxpredictiveMedium
20Filexxxxxxx_xxx.xxxpredictiveHigh
21Filexxxxxx.xxx.xxxpredictiveHigh
22Filexxxx_xxxx.xxxpredictiveHigh
23Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
24Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictiveHigh
25Filexxxxxx.xxxpredictiveMedium
26Filexxx/xxxxxx/xxxxxx/xxxxxxxxxxx/xxx.xxxpredictiveHigh
27Filexxxxx.xxxpredictiveMedium
28Filexxxx/xxxxx.xpredictiveMedium
29Filexxxx.xxxpredictiveMedium
30Filexxxxxxx_x.xpredictiveMedium
31Filexxxx/xxxx.xxpredictiveMedium
32Filexxxxxxxxx.xxx.xxxpredictiveHigh
33Filexx_xxx_xx.xpredictiveMedium
34Filexxxx.xxxpredictiveMedium
35Filexxxxxxxxx.xxxpredictiveHigh
36Filexxxxxxxxxx.xxxxpredictiveHigh
37Filexxx/xxxxxx.xxxpredictiveHigh
38Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
39Filexxxxxxx/xxxxxxx/xxxxxxxx.xxx.xxxpredictiveHigh
40Filexxxxx.xxxpredictiveMedium
41Filexxxxxxxxxx.xxxpredictiveHigh
42Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveHigh
43Filexxxxxxxx_xxxxxxx.xxxxx.xxxpredictiveHigh
44Filexxxxxxx/xxx_xxxxx.xpredictiveHigh
45Filexxxxxxxx.xpredictiveMedium
46Filexxxxx.xxxxpredictiveMedium
47Filexxxxx_xx.xxxxpredictiveHigh
48Filexxxxxxx/xxx.xxxpredictiveHigh
49Filexxx/xxxx/xx_xxxxxxxx.xpredictiveHigh
50Filexxxxx.xpredictiveLow
51Filexxxxxxxx.xxxpredictiveMedium
52Filexxxxxx.xpredictiveMedium
53Filexxxxxxxxx_xxxxx.xxxxx.xxxpredictiveHigh
54Filexxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
55Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
56Filexxxxxxxx.xxpredictiveMedium
57Filexxxx.xxxpredictiveMedium
58Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
59Filexxxx.xxxpredictiveMedium
60Filexxxxx.xxxpredictiveMedium
61Filexxxxx.xxxpredictiveMedium
62Filexxxxxxxxxx.xxxpredictiveHigh
63Filexxxxxxxx.xxxpredictiveMedium
64Filexxxxxxxx.xxxpredictiveMedium
65Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
66Filexxxxxxxx_xxxx.xxxpredictiveHigh
67Filexxxxxxxx_xxxxxxxxx.xxxpredictiveHigh
68Filexxxxxxx-xxxxxxxx.xxxpredictiveHigh
69Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
70Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictiveHigh
71Filexxxx-xxxxx.xxxpredictiveHigh
72Filexxxx-xxxxxxxx.xxxpredictiveHigh
73Filexxxxx_xxxxx.xxxpredictiveHigh
74Filexxxxxx_xxxxxxxx.xxxpredictiveHigh
75Filexxxxx.xxxxpredictiveMedium
76Filexxxx.xxxpredictiveMedium
77Filexxxxxxx.xxxpredictiveMedium
78Filexxxxxxx.xxxpredictiveMedium
79Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
80Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
81Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
82Libraryxxx.xxxpredictiveLow
83ArgumentxxxxxxpredictiveLow
84ArgumentxxxxxxxxpredictiveMedium
85Argumentxxxxx_xxxxpredictiveMedium
86ArgumentxxxpredictiveLow
87ArgumentxxxxxxxxxxpredictiveMedium
88ArgumentxxxpredictiveLow
89ArgumentxxxxpredictiveLow
90Argumentxxxxxx_xx[]predictiveMedium
91ArgumentxxxpredictiveLow
92ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
93ArgumentxxxpredictiveLow
94ArgumentxxxxxpredictiveLow
95Argumentxxxxxxx[]predictiveMedium
96ArgumentxxxxxpredictiveLow
97ArgumentxxxxpredictiveLow
98ArgumentxxxxxxxxpredictiveMedium
99ArgumentxxxxxxxxxxxxpredictiveMedium
100ArgumentxxpredictiveLow
101ArgumentxxxxpredictiveLow
102Argumentxxxx_xxxxxpredictiveMedium
103ArgumentxxpredictiveLow
104ArgumentxxxxxxxxpredictiveMedium
105Argumentxxxxxxx_xxxxpredictiveMedium
106ArgumentxxxxxpredictiveLow
107Argumentxxxxx_xxxpredictiveMedium
108ArgumentxxxxxxxxxpredictiveMedium
109Argumentxxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxxpredictiveHigh
110ArgumentxxxxxxxxpredictiveMedium
111ArgumentxxxxxxxxpredictiveMedium
112Argumentxxxx_xxxxxxpredictiveMedium
113ArgumentxxxxxxpredictiveLow
114ArgumentxxpredictiveLow
115ArgumentxxxxxxxxpredictiveMedium
116Argumentxxxxxx_xxxxpredictiveMedium
117ArgumentxxxxxxxxxpredictiveMedium
118Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
119Argumentxxxx_xxxxxpredictiveMedium
120Argumentxxxxxxxxx_xxxxxx_xxxpredictiveHigh
121Argumentxxxxx_xxxxpredictiveMedium
122ArgumentxxxxxxxxxxxxpredictiveMedium
123ArgumentxxxpredictiveLow
124ArgumentxxxxxpredictiveLow
125ArgumentxxxxpredictiveLow
126ArgumentxxxpredictiveLow
127Argument\xxxxxx\predictiveMedium
128Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
129Input Value..predictiveLow
130Input Valuexxxx://xxx.xxxxxx.xxxpredictiveHigh
131Input Value\xxx\xxxpredictiveMedium
132Network Portxxx/xxx (xxxx)predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!