Beapy Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (181)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en146
zh32
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China94
US: USA60

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Beapy4
Cobalt Strike2
United States of America2
APT291
FontOnLake1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined78
Operating System14
Router Operating System8
Bug Tracking Software6
Content Management System6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined54
Cisco10
Microsoft10
Apache8
Oracle8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Cisco IOS6
Cisco IOS XE6
Cisco Meraki6
Cisco NX-OS6
Cisco Small Business Switch6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1VMware vSphere Replication command injection6.76.4$10k-$25k$0-$1kNot DefinedOfficial Fix0.001750.00CVE-2021-21976
2Oracle MySQL Server InnoDB access control5.55.4$5k-$10k$0-$1kNot DefinedOfficial Fix0.001450.00CVE-2018-3185
3Jenkins Queue authorization5.55.5$1k-$2k$0-$1kNot DefinedNot Defined0.000500.05CVE-2021-21670
4NAS4Free exec.php code injection6.36.3$2k-$5k$0-$1kHighNot Defined0.485340.00CVE-2013-3631
5Penta WAPPLES access control7.57.5$2k-$5k$1k-$2kNot DefinedNot Defined0.000870.00CVE-2022-35582
6Samba Kerberos Library/AD DC integer overflow5.04.8$1k-$2k$0-$1kNot DefinedOfficial Fix0.017150.00CVE-2022-42898
7protobuf.js prototype pollution7.06.9$1k-$2k$0-$1kNot DefinedOfficial Fix0.010730.06CVE-2023-36665
8Microsoft Windows Scripting Language out-of-bounds write8.88.5$100k and more$25k-$50kHighOfficial Fix0.065470.00CVE-2022-41128
9Apache Commons Text Variable Interpolation code injection8.07.9$10k-$25k$1k-$2kNot DefinedOfficial Fix0.973180.04CVE-2022-42889
10Shirne CMS controller.php path traversal5.45.4$1k-$2k$0-$1kNot DefinedNot Defined0.008760.00CVE-2022-37299
11Acer Quick Access QAAdminAgent.exe untrusted search path6.56.5$1k-$2k$0-$1kNot DefinedNot Defined0.001300.05CVE-2019-18670
12Advanced SystemCare Ultimate Driver Monitor_win7_x64.sys input validation7.27.2$1k-$2k$0-$1kNot DefinedNot Defined0.000420.00CVE-2018-9006
13Progress MOVEit Transfer REST API MOVEit.DMZ.WebApi.dll sql injection8.38.2$1k-$2k$0-$1kNot DefinedOfficial Fix0.004780.00CVE-2019-16383
14BaserCMS ThemeFilesController.php cross site scripting6.75.9$0-$1kCalculatingNot DefinedOfficial Fix0.005590.00CVE-2020-15159
15IBM Security Secret Server SSL Certificate Validator improper authentication3.13.0$5k-$10k$0-$1kNot DefinedOfficial Fix0.000710.00CVE-2020-4340
16Cisco Web Security Appliance API Framework Header Injection response splitting6.05.8$25k-$50k$2k-$5kNot DefinedOfficial Fix0.000870.00CVE-2020-3117
17Cisco IOS XR DVMRP resource consumption7.57.4$10k-$25k$0-$1kHighOfficial Fix0.003710.00CVE-2020-3569
18Aruba CX Switch Cisco Discovery Protocol denial of service3.33.2$0-$1k$0-$1kNot DefinedOfficial Fix0.000990.00CVE-2020-7122
19Openexpert expert_wizard.php sql injection6.36.0$2k-$5k$0-$1kProof-of-ConceptNot Defined0.000000.00
20Asus WL-330NUL WPA2-PSK information disclosure4.84.6$2k-$5k$0-$1kNot DefinedOfficial Fix0.002460.00CVE-2015-7787

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
127.102.107.137Beapy04/30/2019verifiedLow
227.102.130.126Beapy04/30/2019verifiedLow
3123.129.254.12Beapy04/30/2019verifiedLow
4XXX.XXX.XXX.XXXXxxxx04/30/2019verifiedLow
5XXX.XXX.XXX.XXXXxxxx04/30/2019verifiedLow
6XXX.XXX.XXX.XXXXxxxx04/30/2019verifiedLow
7XXX.XXX.XXX.XXXXxxxx04/30/2019verifiedLow
8XXX.XXX.XXX.XXXXxxxx04/30/2019verifiedLow
9XXX.XXX.XXX.XXXXxxxx04/30/2019verifiedLow
10XXX.XXX.XXX.XXXXxxxx04/30/2019verifiedLow
11XXX.XX.X.XXXxxxx04/30/2019verifiedLow
12XXX.XXX.XXX.XXXXxxxx04/30/2019verifiedLow

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-425Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94, CWE-1321Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
12TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
15TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (54)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/admin/index2.htmlpredictiveHigh
3File/cgi-bin/webprocpredictiveHigh
4File/crmeb/crmeb/services/UploadService.phppredictiveHigh
5File/envpredictiveLow
6File/expert_wizard.phppredictiveHigh
7File/x/predictiveLow
8File/xxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxxpredictiveHigh
9File/xxxxxxpredictiveLow
10File/xx/#/predictiveLow
11Filexxxxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
12Filexxxxxxx/xxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
13Filexxxxxxxxxxx\xxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
14Filexxxxxx.xxxpredictiveMedium
15Filexxxx.xpredictiveLow
16Filexxxxxxx/xxx/xxx/xxxxx.xpredictiveHigh
17Filexxxx.xxxxpredictiveMedium
18Filexxxx.xxxpredictiveMedium
19Filexxxxxxx.xxxpredictiveMedium
20Filexxxxxxx.xxxpredictiveMedium
21Filexxxxxxx-xxxxxxxxx>/xxxxxxxxxx/xxx-xxxpredictiveHigh
22Filexxxxxx/xxxxxx.xpredictiveHigh
23Filexxxx/xxxxxx.xxxpredictiveHigh
24Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
25Filexxxxxxxxxxxx.xxxpredictiveHigh
26Filexxxxx.xxxpredictiveMedium
27Filexxx/xxxx/xxxx/xxx.xxxxxxxx.xxxxxxx/xxxxxxx/xxx/xxxxxx.xxxxpredictiveHigh
28Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
30File_x_/xxxx/_x_/xxx/xxxxxx_xxxxxxxxxxxxxpredictiveHigh
31Libraryxxxxx.xxxpredictiveMedium
32Libraryxxxx.xxxpredictiveMedium
33Libraryxxxxxxx_xxxx_xxx.xxxpredictiveHigh
34Libraryxxxxxx.xxx.xxxxxx.xxxpredictiveHigh
35Libraryxxxxxxxxxxxxx.xxxpredictiveHigh
36Libraryxxxxx.xxxpredictiveMedium
37Argument-x/-xpredictiveLow
38Argumentxxxx_xxpredictiveLow
39ArgumentxxxxxxxpredictiveLow
40Argumentxxxxxxx xxxxpredictiveMedium
41ArgumentxxxxxxxpredictiveLow
42ArgumentxxxxxxxxpredictiveMedium
43ArgumentxxpredictiveLow
44ArgumentxxxxxxpredictiveLow
45Argumentxxxxxxxxxx[xxx][x]predictiveHigh
46ArgumentxxxxpredictiveLow
47ArgumentxxpredictiveLow
48ArgumentxxxpredictiveLow
49ArgumentxxxxxxxxpredictiveMedium
50Argumentxxxx->xxxxxxxpredictiveHigh
51Input Value..\predictiveLow
52Input Valuex'predictiveLow
53Network PortxxxxpredictiveLow
54Network PortxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!