Barys Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (50)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

zh42
en6
ar2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China48
US: USA2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Barys2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined30
Programming Language Software4
Content Management System2
JavaScript Library2
E-Commerce Management Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined26
Apache4
ZEIT2
Progress2
itsourcecode2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Django2
bouncycastle2
ZEIT Next.js2
Progress Sitefinity2
woocommerce-gutenberg-products-block2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Git Plugin Build authorization6.56.5$0-$5k$0-$5kNot definedNot definedpossible0.665120.07CVE-2022-36883
2Etcd pagewriter.go PageWriter.write denial of service5.95.8$0-$5k$0-$5kNot definedOfficial fix 0.003880.00CVE-2022-34038
3Oracle JD Edwards EnterpriseOne Tools Deployment SEC5.35.2$5k-$25k$0-$5kNot definedOfficial fix 0.006850.04CVE-2020-13956
4SiteServer CMS sql injection6.36.3$0-$5k$0-$5kNot definedNot defined 0.000940.00CVE-2021-42655
5Liferay Portal ommand absolute path traversal8.48.2$0-$5k$0-$5kProof-of-ConceptNot definedpossible0.443330.00CVE-2021-33990
6spring-boot-actuator-logview path traversal6.36.3$0-$5k$0-$5kNot definedOfficial fixexpected0.929700.03CVE-2021-21234
7Postfix Email Message protection mechanism4.84.8$5k-$25k$5k-$25kNot definedNot defined 0.218460.04CVE-2023-51764
8jeecg-boot loadTableData injection7.07.0$0-$5k$0-$5kNot definedNot definedpossible0.580250.02CVE-2023-41544
9jeecg-boot queryFieldBySql sql injection8.07.9$0-$5k$0-$5kNot definedNot defined 0.220800.04CVE-2023-40989
10Grafana Labs Permission improper authentication9.08.8$0-$5k$0-$5kHighOfficial fixverified0.943500.00CVE-2021-39226
11Adobe ColdFusion access control6.46.3$5k-$25k$0-$5kHighOfficial fixverified0.937170.00CVE-2023-38205
12Django Header FileResponse information disclosure3.53.4$0-$5k$0-$5kNot definedOfficial fix 0.003470.02CVE-2022-36359
13quartz-jobs code injection7.67.6$0-$5k$0-$5kNot definedNot defined 0.004860.00CVE-2023-39017
14dom4.j SAXReader setFeature information disclosure5.95.9$0-$5k$0-$5kNot definedNot defined 0.000000.08CVE-2023-45960
15Bouncy Castle Signature infinite loop6.66.5$0-$5k$0-$5kNot definedOfficial fix 0.001020.00CVE-2024-30172
16Progress Sitefinity Page Editing Area cross site scripting5.65.6$0-$5k$0-$5kNot definedOfficial fix 0.001130.03CVE-2024-1636
17bouncycastle Self-Signed Certificate X509LDAPCertStoreSpi.java ldap injection3.93.9$0-$5k$0-$5kNot definedOfficial fix 0.001610.02CVE-2023-33201
18itsourcecode Bakery Online Ordering System index.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.002620.00CVE-2024-5636
19CoreDNS CD Bit Response access control5.45.4$0-$5k$0-$5kNot definedNot defined 0.004320.04CVE-2024-0874

IOC - Indicator of Compromise (86)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
113.107.21.200Barys01/29/2022verifiedLow
213.107.22.200Barys01/29/2022verifiedLow
314.204.51.240Barys12/10/2022verifiedMedium
414.204.51.250Barys12/10/2022verifiedMedium
520.36.253.92Barys05/05/2022verifiedMedium
623.6.69.99a23-6-69-99.deploy.static.akamaitechnologies.comBarys05/05/2022verifiedMedium
723.225.145.234Barys01/29/2022verifiedLow
831.170.160.103srv39.000webhost.comBarys05/05/2022verifiedMedium
934.232.187.93ec2-34-232-187-93.compute-1.amazonaws.comBarys05/05/2022verifiedLow
1036.248.43.231Barys12/10/2022verifiedMedium
1141.38.1.86host-41.38.1.86.tedata.netBarys04/29/2022verifiedMedium
1241.239.65.189host-41.239.65.189.tedata.netBarys04/29/2022verifiedMedium
1347.246.136.160Barys01/29/2022verifiedLow
1452.137.90.34Barys09/03/2021verifiedLow
1552.185.71.28Barys09/03/2021verifiedLow
1658.158.177.10258x158x177x102.ap58.ftth.ucom.ne.jpBarys05/11/2022verifiedMedium
1758.215.145.95Barys01/29/2022verifiedLow
1858.215.157.250Barys01/29/2022verifiedLow
19XX.XXX.XXX.XXXXxxxx01/29/2022verifiedLow
20XX.XXX.XXX.XXXXxxxx01/29/2022verifiedLow
21XX.XXX.XXX.XXXXxxxx12/10/2022verifiedMedium
22XX.XXX.XXX.XXXXxxxx01/29/2022verifiedLow
23XX.XX.XX.XXXXxxxx05/05/2022verifiedMedium
24XX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxx09/03/2021verifiedLow
25XXX.XX.XX.XXXxxxx09/03/2021verifiedLow
26XXX.XX.XX.XXXXxxxx01/29/2022verifiedLow
27XXX.XXX.XXX.XXxxxx-xxx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxx05/05/2022verifiedMedium
28XXX.XXX.XX.XXXXxxxx01/29/2022verifiedLow
29XXX.XXX.XX.XXXxxxx01/29/2022verifiedLow
30XXX.XX.XX.XXXXxxxx01/29/2022verifiedLow
31XXX.XX.XX.XXXXxxxx01/29/2022verifiedLow
32XXX.XX.XX.XXxxxx01/29/2022verifiedLow
33XXX.XX.XX.XXxxxx01/29/2022verifiedLow
34XXX.XXX.XXX.XXXxxxx01/29/2022verifiedLow
35XXX.X.X.XXXXxxxx12/10/2022verifiedMedium
36XXX.XXX.XXX.XXXxxxx01/29/2022verifiedLow
37XXX.XXX.XXX.XXXxxxx12/10/2022verifiedMedium
38XXX.XXX.XXX.XXXXxxxx12/10/2022verifiedMedium
39XXX.XXX.X.XXXXxxxx12/10/2022verifiedMedium
40XXX.XXX.XXX.XXXXxxxx12/10/2022verifiedMedium
41XXX.XXX.XXX.XXXxxxx12/10/2022verifiedMedium
42XXX.XX.XXX.XXXxxxx01/29/2022verifiedLow
43XXX.XXX.XX.XXXxxxx12/10/2022verifiedMedium
44XXX.XX.XXX.XXxx.xxx.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxXxxxx01/29/2022verifiedVery Low
45XXX.XXX.XXX.XXXxxxx12/10/2022verifiedMedium
46XXX.XX.XXX.Xxx-xxx-xx-xxx-x-xxx.xxxxxx.xxxXxxxx05/05/2022verifiedMedium
47XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxx.xxxxxxxxx.xxxXxxxx04/29/2022verifiedMedium
48XXX.XXX.XXX.XXXXxxxx05/05/2022verifiedMedium
49XXX.XXX.XXX.XXXXxxxx05/05/2022verifiedMedium
50XXX.XXX.XXX.XXXXxxxx05/05/2022verifiedMedium
51XXX.XXX.X.XXXxxxx05/05/2022verifiedMedium
52XXX.XXX.XXX.XXXXxxxx12/10/2022verifiedMedium
53XXX.XXX.XXX.XXXXxxxx12/10/2022verifiedMedium
54XXX.XXX.XXX.XXXXxxxx12/10/2022verifiedMedium
55XXX.XXX.XXX.XXXXxxxx12/10/2022verifiedMedium
56XXX.XX.XXX.XXXxxxx01/29/2022verifiedLow
57XXX.XXX.X.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxx05/05/2022verifiedMedium
58XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxx09/03/2021verifiedLow
59XXX.XXX.XX.XXXxx-xx-xxxx.xxxxx.xxxXxxxx05/05/2022verifiedMedium
60XXX.XXX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxxx09/03/2021verifiedLow
61XXX.XXX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxxx09/03/2021verifiedLow
62XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxx09/03/2021verifiedLow
63XXX.XXX.XX.XXXxxxx05/06/2022verifiedMedium
64XXX.XX.XX.XXxxxx04/29/2022verifiedLow
65XXX.XX.XXX.XXXXxxxx12/10/2022verifiedMedium
66XXX.XXX.X.XXXxxxxxxxxxx.xxx.xxXxxxx07/17/2021verifiedLow
67XXX.XXX.XX.XXXxxxxxxxxx.xxx.xxXxxxx07/17/2021verifiedLow
68XXX.XXX.XXX.XXxxxxxxxxxxxx.xxx.xxXxxxx07/17/2021verifiedLow
69XXX.XXX.XXX.XXXxxxx01/29/2022verifiedLow
70XXX.XX.XX.XXxxxx.xxxxxx.xxxXxxxx12/10/2022verifiedLow
71XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxx05/05/2022verifiedMedium
72XXX.XXX.XXX.XXXXxxxx04/29/2022verifiedMedium
73XXX.XX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxx09/03/2021verifiedLow
74XXX.XX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxxx09/03/2021verifiedLow
75XXX.XX.XXX.XXXXxxxx12/10/2022verifiedMedium
76XXX.XX.XXX.XXXXxxxx12/10/2022verifiedMedium
77XXX.XX.XXX.XXXXxxxx12/10/2022verifiedMedium
78XXX.XX.XX.XXXXxxxx12/10/2022verifiedMedium
79XXX.XXX.XX.XXXXxxxx02/06/2023verifiedMedium
80XXX.XXX.XXX.XXxxxx-xx.xxxxxxxxxxxx.xxxXxxxx04/12/2022verifiedMedium
81XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxxXxxxx08/29/2021verifiedLow
82XXX.XX.XXX.XXXXxxxx01/29/2022verifiedLow
83XXX.XXX.XXX.XXXxxxx05/11/2022verifiedMedium
84XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxx-xxxx.xx.xxXxxxx12/10/2022verifiedLow
85XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxx-xxxx.xx.xxXxxxx12/10/2022verifiedLow
86XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxx-xxxx.xx.xxXxxxx12/10/2022verifiedLow

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-37Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3TXXXXCAPEC-XXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/jmreport/loadTableDatapredictiveHigh
2File/_nextpredictiveLow
3Fileadminer.phppredictiveMedium
4Filexxxxxxx=xxxxxxxxxx&xxxx=xxxx&xxxxxxxxxxxxx=/predictiveHigh
5Filexxxxxxxxxx.xxpredictiveHigh
6Filexxxxxxx/xxx/xxxxxxx/xxxxxx/xxxx-xxxxxxxxxx/<xxxxxx>/xx.xxxpredictiveHigh
7Filexxxxxx/xxxxx.xxxpredictiveHigh
8Filexxxxxx/xxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxpredictiveHigh
9Filexx/xxxxx/xxxxxxxx/xxxxxxxxxx-xxxx?xxxxxxxxx_xxxxxxxxx_xxxxxx[][xxxxxxxx]predictiveHigh
10Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
11Argumentxxxxxxxxx xxxxpredictiveHigh
12Argumentxxxxxxx-xxxxxxxxxxxpredictiveHigh
13ArgumentxxxpredictiveLow
14Argumentxxxxx xxxx/xxxxxx xxxx/xxxx xxxxpredictiveHigh
15ArgumentxxxxxxxxpredictiveMedium

References (12)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!