BadPatch Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (31)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en26
fr6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA4
RU: Russia4
DE: Germany2
FR: France2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Mozi1
BadPatch1
KasperAgent1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined8
Photo Gallery Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined4
POS2
ElkaGroup2
Saskia Bruckner2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

POS Codekop2
ElkaGroup Image Gallery2
Saskia Bruckner Saskias Shopsystem2
AjPortal2Php2
ampleShop2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Netgear DGN1000B setup.cgi privileges management9.89.3$25k-$100k$0-$5kProof-of-ConceptNot defined 0.000000.00
2rAthena FluxCP Service Desk Image URL view.php cross site scripting4.44.3$0-$5k$0-$5kNot definedOfficial fix 0.000630.02CVE-2022-4421
3yiisoft yii unserialize deserialization7.87.8$0-$5k$0-$5kNot definedOfficial fix 0.032550.03CVE-2023-47130
4POS Codekop print.php cross site scripting4.84.6$0-$5k$0-$5kProof-of-ConceptNot defined 0.063770.00CVE-2023-36346
5Saskia Bruckner Saskias Shopsystem content.php path traversal7.37.1$0-$5k$0-$5kHighUnavailablepossible0.001630.06CVE-2010-0957
6ElkaGroup Image Gallery view.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptNot defined 0.001490.05CVE-2008-5037
7ampleShop category.cfm sql injection7.37.3$0-$5k$0-$5kNot definedUnavailable 0.013550.06CVE-2006-2038
8Apache HTTP Server mod_proxy_fcgi.c handle_headers memory corruption5.35.1$25k-$100k$0-$5kNot definedOfficial fix 0.197850.07CVE-2014-3583
9Infiray IRAY-A8Z3 Web Application set_param.cgi hard-coded credentials8.08.0$0-$5k$0-$5kNot definedNot defined 0.001770.08CVE-2022-31210
10AjPortal2Php pages.inc.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.069300.06CVE-2007-2142

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
16.43.51.17Badpatch10/23/2019verifiedLow
2XXX.XXX.XXX.XXXxxxxxx.xxxxxx.xxXxxxxxxx12/23/2020verifiedLow
3XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxx.xxxxxxxxxxxx.xxXxxxxxxx12/23/2020verifiedVery Low

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2TXXXX.XXXCAPEC-XXXCWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
3TXXXXCAPEC-XXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/usr/local/sbin/webproject/set_param.cgipredictiveHigh
2Filecategory.cfmpredictiveMedium
3Filecontent.phppredictiveMedium
4Filexxxxxxxx/xxxxx.xxx.xxxpredictiveHigh
5Filexxx_xxxxx_xxxx.xpredictiveHigh
6Filexxxxx.xxxpredictiveMedium
7Filexxxxx.xxxpredictiveMedium
8Filexxxxxx/xxxxxxx/xxxxxxxxxxx/xxxx.xxxpredictiveHigh
9Filexxxx.xxxpredictiveMedium
10ArgumentxxxpredictiveLow
11ArgumentxxxpredictiveLow
12ArgumentxxpredictiveLow
13Argumentxx_xxxxxxpredictiveMedium
14ArgumentxxxxxxxxxxpredictiveMedium
15ArgumentxxxxxxpredictiveLow
16ArgumentxxxxxxxxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!