BEAR Analysis

IOB - Indicator of Behavior (76)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en64
ru8
fr2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ee40
ru12
us8
ua8
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Dropbear SSH4
Geon2
Apple macOS2
Supermicro H8dgu-f2
Nextcloud Lookup-Server2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
2Huawei SmartCare Dashboard Stored cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.040.01055CVE-2017-15312
3Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.410.25090CVE-2017-0055
4IBM Security AppScan Enterprise Enterprise Source Database cryptographic issues9.88.5$5k-$25kCalculatingUnprovenOfficial Fix0.050.01055CVE-2013-3989
5PHP Everywhere Plugin Shortcode Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01086CVE-2022-24663
6Forumer / IPB Board Show Topic index.php sql injection7.37.1$0-$5kCalculatingNot DefinedNot Defined0.010.00000
7WordPress Metadata deserialization8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.17166CVE-2018-20148
8Add Link to Facebook Plugin profile.php cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2018-5214
9ThinkPHP unrestricted upload7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.080.00885CVE-2022-44289
10Microsoft Lync Server/Skype for Business Server unknown vulnerability6.55.9$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.000.02632CVE-2021-24073
11DrayTek Vigor/Vigor3910 wlogin.cgi buffer overflow9.08.9$0-$5k$0-$5kNot DefinedOfficial Fix0.090.00885CVE-2022-32548
12SuiteCRM Accounts/Contacts/Opportunities/Leads csv injection6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2020-15301
13Tuxera NTFS-3G fuse_lib_readdir integer underflow3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.020.01282CVE-2022-30787
14Ivanti Workspace Control File/Folder Security access control5.35.1$0-$5kCalculatingNot DefinedOfficial Fix0.010.00885CVE-2021-36235
15Geon session fixiation7.27.0$0-$5k$0-$5kNot DefinedOfficial Fix0.070.00890CVE-2022-24781
16Apache Mina SSHD SFTP Port Forwarding buffer overflow5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.01627CVE-2021-30129
17Apache HTTP Server printenv.pl ap_send_error_response cross site scripting4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.03718CVE-2000-1205
18Async mapValues access control5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01537CVE-2021-43138
19Formspree thanks.html cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2018-6354
20Joomla CMS sql injection8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2020-10243

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/wlogin.cgipredictiveHigh
2File/index.phppredictiveMedium
3File/uncpath/predictiveMedium
4Fileadd_comment.phppredictiveHigh
5Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
6Filexxxxxxxx.xxxpredictiveMedium
7Filexxxxxx.xxxxpredictiveMedium
8Filexxxxxx.xxxpredictiveMedium
9Filexxxxx.xxxpredictiveMedium
10Filexxxxxxx.xxxpredictiveMedium
11Filexxxxx-xxxxxxx.xxxpredictiveHigh
12Filexxxxxxxx.xxpredictiveMedium
13Filexxxxx.xxxxxxx.xxpredictiveHigh
14Filexxxxxxxxx/xxxxx/xxxxxx.xxxxpredictiveHigh
15Filexx-xxxxx/xxxxxxx.xxxpredictiveHigh
16Libraryxxx/xxxxxxxxx/xxxxxxx/xxxxxxxx/xxx.xxxpredictiveHigh
17Libraryxxx/xxxxxxx-xxxxxxxxx-x.x.x.xxxpredictiveHigh
18Argument-xpredictiveLow
19Argumentxx/xxpredictiveLow
20Argumentxxxxx_xxxxxxxx/xxxxx_xxxxxxxxpredictiveHigh
21Argumentxxxxx_xxxxxxxx_xxpredictiveHigh
22ArgumentxxxxxpredictiveLow
23ArgumentxxpredictiveLow
24ArgumentxxxxxpredictiveLow
25ArgumentxxxxxxxxxpredictiveMedium
26Argumentx[]predictiveLow
27Argumentxxx_xxpredictiveLow
28Argumentxxxxx_xxxpredictiveMedium
29ArgumentxxxxpredictiveLow
30Argumentxxxxxxxx/xxxxpredictiveHigh
31Argument_xxxxpredictiveLow
32Input ValuexxxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!