Bandook Analysis

IOB - Indicator of Behavior (371)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en352
es12
ru4
de4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us346
ru10
me4
cn4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows32
Linux Kernel20
ImageMagick14
Microsoft Edge8
PHP8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Cisco Wireless LAN Controller IPv6 UDP Ingress input validation6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01136CVE-2016-9219
2Cisco Mobility Express 2800/Mobility Express 3800 802.11 Ingress Packet resource management4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2016-9220
3Cisco Mobility Express 2800/Mobility Express 3800 802.11 Ingress Connection Authentication resource management4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2016-9221
4D-Link DIR-846 SetGuestWLanSettings.php Privilege Escalation9.39.1$5k-$25k$5k-$25kNot DefinedNot Defined0.030.01978CVE-2020-21016
5nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined4.330.00000CVE-2020-12440
6Backdoor.Win32.Redkod.d Service Port 4820 hard-coded credentials7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.030.00000
7WordPress Editor information disclosure4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.080.00950CVE-2021-29450
8Google Chrome Index DB use after free6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.090.23230CVE-2022-1853
9PukiWiki Pukiwiki Plus! cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.050.01136CVE-2011-3990
10Microsoft Windows Malware Protection Service memory corruption8.87.9$100k and more$0-$5kProof-of-ConceptOfficial Fix0.020.87853CVE-2017-0290
11PHP unserialize use after free7.36.4$25k-$100k$0-$5kUnprovenOfficial Fix0.020.00000
12Linux Kernel UDP Packet udp.c security check8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.090.06908CVE-2016-10229
13WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.01974CVE-2017-5611
14Joomla sql injection6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00885CVE-2022-23797
15D-Link DSL-2750B login.cgi command injection7.36.8$5k-$25k$0-$5kFunctionalOfficial Fix0.050.08382CVE-2016-20017
16Microsoft Windows SMB input validation7.77.1$25k-$100k$0-$5kHighOfficial Fix0.240.93222CVE-2017-0143
17DrayTek Vigor/Vigor3910 wlogin.cgi buffer overflow9.08.9$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00885CVE-2022-32548
18Google Chrome V8 type confusion7.57.4$25k-$100k$5k-$25kHighOfficial Fix0.060.01055CVE-2022-4262
19Linksys E5350 Web Interface SysInfo.htm show_sysinfo access control6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2022-35572
20Linksys MR8300 DDNS Service os command injection8.18.1$0-$5k$0-$5kNot DefinedNot Defined0.060.01005CVE-2022-38132

IOC - Indicator of Compromise (26)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (148)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/kerbynetpredictiveHigh
2File/cgi-bin/supervisor/CloudSetup.cgipredictiveHigh
3File/cgi-bin/wlogin.cgipredictiveHigh
4File/domain/addpredictiveMedium
5File/etc/sudoerspredictiveMedium
6File/index.php/weblinks-categoriespredictiveHigh
7File/plainpredictiveLow
8File/show_group_members.phppredictiveHigh
9File/SysInfo.htmpredictiveMedium
10File/web/google_analytics.phppredictiveHigh
11Filealbum_portal.phppredictiveHigh
12Fileal_initialize.phppredictiveHigh
13Filearchive_endian.hpredictiveHigh
14Filebmp.cpredictiveLow
15Filecgi-bin/jc.cgipredictiveHigh
16Filechecklogin.phppredictiveHigh
17Filexxx.xxxpredictiveLow
18Filexxxxxx/xxx.xpredictiveMedium
19Filexxxxxx/xxx.xpredictiveMedium
20Filexxxxxx\xxxx.xpredictiveHigh
21Filexxxxxxx.xxxpredictiveMedium
22Filexxxx\xxxxxxxxxxxxxxpredictiveHigh
23Filexxxxxxxx_xxxxxxxxx_xxxxx.xxxpredictiveHigh
24Filexxxxxxx/xxx/xxx/xxxxxx/xxxxxxxx.xpredictiveHigh
25Filexxxxxxx/xxx/xxx/xxxxxx/xxxxxx_xxxxxxx.xpredictiveHigh
26Filexxxxxxx/xxx/xxx-xxxxxxx.xpredictiveHigh
27Filexxxxxxx/xxxxx/xxx/xxxxxxx/xxxxxxx-xxx.xpredictiveHigh
28Filexxxxxxx/xxx/xxxxxx.xpredictiveHigh
29Filexxxxxxx/xxxxxxxxx/xxxx.xpredictiveHigh
30Filexxxxxxx.xxxpredictiveMedium
31Filexx_xxxxxxx.xpredictiveMedium
32Filexxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
33Filexxx.xpredictiveLow
34Filexxxx.xpredictiveLow
35Filexxxxxxxx/xxxxxx/xxxxx.xxxpredictiveHigh
36Filexx/xxxxxxxx/xxxx.xpredictiveHigh
37Filexx/xxxx/xxxxx.xpredictiveHigh
38Filexxxxxx.xxxpredictiveMedium
39Filexxxxx/xxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
40Filexxxx/.xxxxxxxxxxxxxxxpredictiveHigh
41Filexxx/xxxxxx.xxxpredictiveHigh
42Filexxx/xxx/xxx.xxxpredictiveHigh
43Filexxxxx.xxxpredictiveMedium
44Filexxxxxxx/xxxxx.xxxpredictiveHigh
45Filexxxxxxxxx.xxxpredictiveHigh
46Filexxxx.xxxx.xxxxx.xxxxxxx.xxxxxxxpredictiveHigh
47Filexxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
48Filexxxxxx/xxxxxx/xxxx.xpredictiveHigh
49Filexxxx/xxxx/x_xxxxx.xpredictiveHigh
50Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
51Filexxxxx-xxxxx/xx-xxxxxx.xpredictiveHigh
52Filexxxxx.xxxpredictiveMedium
53Filexxxxx.xxxpredictiveMedium
54Filexxxxxxxxxxxxx.xxxpredictiveHigh
55Filexxxxxxxx/xxxxxxxx.xpredictiveHigh
56Filexxx.xpredictiveLow
57Filexxx/xxx_xxxxxx/xxx_xxxxxx_xxxxxx.xpredictiveHigh
58Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictiveHigh
59Filexxx/xxxx/xxxx.xpredictiveHigh
60Filexxx/xxx/xx_xxx.xpredictiveHigh
61Filexxx/xxx/xxxxxxx.xpredictiveHigh
62Filexxx/xxxxx/xxx_xxx.xpredictiveHigh
63Filexxx/xxxxxx/xxx.xpredictiveHigh
64Filexxx/xxxxxxx.xpredictiveHigh
65Filexxxxxx_xxx.xpredictiveMedium
66Filexxxxxxx/xxxx-xxxxxx.xpredictiveHigh
67Filexxxxxxx.xxxpredictiveMedium
68Filexxxx.xpredictiveLow
69Filexxx/xxxx.xpredictiveMedium
70Filexxxxxxxx.xpredictiveMedium
71Filexx_xxxx.xpredictiveMedium
72Filexxxxxxxx/xxxxxxxx/xxx.xpredictiveHigh
73Filexxxx.xxxpredictiveMedium
74Filexxxxxxxxxx.xpredictiveMedium
75Filexxxx_xxxxxx.xxpredictiveHigh
76Filexxx.xpredictiveLow
77Filexxx.xpredictiveLow
78Filexxxxxxxx/xxxxxxx.xpredictiveHigh
79Filexxx.xpredictiveLow
80Filexxxxxx.xxxpredictiveMedium
81Filexx/xxxxxx/xxxxxpredictiveHigh
82Filexxxxxxxxx.xxxxxpredictiveHigh
83Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
84Filexxx_xxxx.xxxpredictiveMedium
85Filexxxx/xxxx_xxxxxxxxx.xpredictiveHigh
86Filexxxx/xxxx_xxxxxx.xpredictiveHigh
87Library/xxx/xxxx/xxxxx.x/xx-xxxx-xxxxxxx.xxxxxpredictiveHigh
88Library/xxx/xxx/xxxx/predictiveHigh
89Libraryxxxxxxxxxxxx_xxx.xxxpredictiveHigh
90Libraryxxxxxxxx.xxxpredictiveMedium
91Libraryxxxxxx.xxxpredictiveMedium
92Libraryxxx/xxx_xxxx_xxxxxx.xpredictiveHigh
93Libraryxxxxxx.xxxpredictiveMedium
94Libraryxxxxxxxx.xxxpredictiveMedium
95Libraryxx_xxxx.x/xxx_xxxx.x/xx_xxx.xpredictiveHigh
96Libraryxxxxx.xxxpredictiveMedium
97Libraryxxxxxx.xxxpredictiveMedium
98Libraryxxxxxx.xxxpredictiveMedium
99Argumentxx/xxpredictiveLow
100ArgumentxxxxxxpredictiveLow
101ArgumentxxxxxxxxxxxxxxxpredictiveHigh
102ArgumentxxxpredictiveLow
103ArgumentxxxxxxxxpredictiveMedium
104Argumentxxx_xxxxxx_xpredictiveMedium
105Argumentxxxxx_xxpredictiveMedium
106ArgumentxxxxxxxxxxpredictiveMedium
107ArgumentxxxpredictiveLow
108ArgumentxxxpredictiveLow
109ArgumentxxxpredictiveLow
110ArgumentxxxxxxpredictiveLow
111ArgumentxxxxxxxpredictiveLow
112ArgumentxxxpredictiveLow
113ArgumentxxxxpredictiveLow
114ArgumentxxpredictiveLow
115ArgumentxxxxxxxpredictiveLow
116ArgumentxxxxxxpredictiveLow
117Argumentxxxxxx xxxxpredictiveMedium
118Argumentxxxxxxx xxxxpredictiveMedium
119Argumentxxxx_xxxxpredictiveMedium
120ArgumentxxxxpredictiveLow
121ArgumentxxxxxxpredictiveLow
122ArgumentxxxxxxxxpredictiveMedium
123ArgumentxxxxxxxxpredictiveMedium
124ArgumentxxxxpredictiveLow
125Argumentxxxxx_xxxx_xxxxpredictiveHigh
126ArgumentxxxxxxxxpredictiveMedium
127ArgumentxxxxxxpredictiveLow
128ArgumentxxxxxxxxxxxxxxxpredictiveHigh
129ArgumentxxpredictiveLow
130ArgumentxxxxxxxxxpredictiveMedium
131ArgumentxxxxxxxxpredictiveMedium
132Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
133ArgumentxxxxxpredictiveLow
134ArgumentxxxxxxxxpredictiveMedium
135Input Value%xx%xxxxx%xx/xxx/xxxxxx%xx%xxpredictiveHigh
136Input Value' xx 'x'='xpredictiveMedium
137Input Value..predictiveLow
138Input Valuex%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xxpredictiveHigh
139Input ValuexxxxxxpredictiveLow
140Input Value<xxxxxx>xxxxx(xxxxxxxx. xxxxxx)</xxxxxx>predictiveHigh
141Input ValuexxpredictiveLow
142Patternxxxxxxx-xxxxxx|xx| x|xx xx|xxxxxx|xx| xxxxxxpredictiveHigh
143Pattern|xx|xx|xx|predictiveMedium
144Network Portxxx/xx (xxxxxx)predictiveHigh
145Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh
146Network PortxxxpredictiveLow
147Network Portxxx/xxx (xxx)predictiveHigh
148Network Portxxx/xxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!