BelialDemon Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en20

Country

tt7
co1

Actors

BelialDemon20

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1SonicBOOM riscv-boom authorization5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-29561
2United Planet Intrexx Professional cross site scripting4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-24188
3Huawei Mate 20 Digital Balance authorization3.93.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-1831
4Aviatrix Controller Web Interface cross-site request forgery5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-13416
5thinkphp-bjyblog AdminBaseController.class.php exit cross site scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-43682
6WPG Plugin memory corruption8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-27362
7ownCloud input validation6.86.5$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2020-28645
8Star Practice Management Web WIP Detail improper authorization4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-28401
9Microsoft .NET Framework XML data processing6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2018-0764
10Wireshark Dissection Engine memory leak4.24.0$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-26419
11Sympa SOAP API authenticateAndRun access control6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-29668
12Symantec Messaging Gateway Web UI information disclosure4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-12595
13Google Chrome Omnibox authentication spoofing6.46.1$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-6565
14osTicket ajax.draft.php _uploadInlineImage cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-24917
15uppy Package server-side request forgery7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-8205

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Matanbuchus

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameCampaignsConfidence
134.94.151.129129.151.94.34.bc.googleusercontent.comMatanbuchusMedium
234.105.89.8282.89.105.34.bc.googleusercontent.comMatanbuchusMedium
334.106.243.174174.243.106.34.bc.googleusercontent.comMatanbuchusMedium

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79Cross Site ScriptingHigh
2T1068CWE-264Execution with Unnecessary PrivilegesHigh
3T1499CWE-401Resource ConsumptionHigh
4TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxHigh

IOA - Indicator of Attack (3)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1FileAdminBaseController.class.phpHigh
2Fileinclude/ajax.draft.phpHigh
3ArgumentrequestLow

References (1)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!