Big Head Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (71)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en70
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

TR: Turkey72

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Big Head1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined22
Programming Language Software8
Operating System6
Content Management System6
Web Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined32
Microsoft4
Apple4
Cisco2
Nagios2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

OpenSSH4
PHP4
WordPress4
PostgreSQL2
nginx2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Google Chrome WebRTC heap-based overflow7.57.4$25k-$100k$5k-$25kHighOfficial Fix0.153730.00CVE-2022-2294
2nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002410.75CVE-2020-12440
3Telegram information disclosure4.94.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2021-27205
4Joget Workflow account_new csv injection7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.001660.00CVE-2019-14352
5KLog Server authenticate.php os command injection5.55.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.969620.00CVE-2020-35729
6Zoho ManageEngine PAM360 cross site scripting4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.005460.00CVE-2024-27313
7Pexip Infinity Connect code injection5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002220.03CVE-2021-29655
8Havelsan Dialogue ACL permission assignment8.38.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-3375
9Nagios XI monitoringwizard.php sql injection8.07.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000430.04CVE-2024-24401
10Microsoft Windows code injection9.99.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.770260.02CVE-2009-2512
11Python SimpleHTTPServer Module SimpleHTTPServer.py list_directory cross site scripting6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.004220.07CVE-2011-4940
12CKeditor Paste cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001110.04CVE-2018-17960
13CKEditor4 Advanced Content Filter cross site scripting5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.005320.04CVE-2021-41164
14OpenSSH improper authentication7.37.3$5k-$25k$5k-$25kNot DefinedNot Defined0.015650.03CVE-2010-4478
15MikroTik RouterOS Web Server out-of-bounds write6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001290.04CVE-2023-30800
16Microsoft .NET Framework Array Copy memory corruption7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.452790.06CVE-2015-2504
17CodeBard Patron Button and Widgets for Patreon Plugin cross site scripting5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000500.00CVE-2023-30491
18phpBB Error Message memberlist.php input validation5.35.1$0-$5kCalculatingNot DefinedOfficial Fix0.018030.00CVE-2006-2219
19WordPress REST API class-wp-rest-users-controller.php information disclosure5.35.1$5k-$25k$0-$5kFunctionalOfficial Fix0.131420.07CVE-2017-5487
20Ovidentia CMS index.php sql injection4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.001580.00CVE-2021-29343

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
113.107.21.200Big Head08/10/2023verifiedHigh
220.99.133.109Big Head08/10/2023verifiedHigh
320.99.184.37Big Head08/10/2023verifiedHigh
423.41.86.106a23-41-86-106.deploy.static.akamaitechnologies.comBig Head08/10/2023verifiedHigh
5XX.XX.XX.XXXxxx-xx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh
6XX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh
7XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh
8XX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh
9XX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh
10XX.XXX.XX.XXxx.xx.xxx.xx.xxx.xxxx.xxxXxx Xxxx08/10/2023verifiedHigh
11XXX.XX.XXX.XXxxxx-xx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh
12XXX.XXX.XXX.XXXxxxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh
13XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx.xxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh
14XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx.xxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh
15XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx.xxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh
16XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx.xxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh
17XXX.XX.XXX.XXXxx-xxx-xx-xxx-xxx-xxx.xxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh
18XXX.XXX.X.XXxx Xxxx08/10/2023verifiedHigh
19XXX.XXX.XXX.XXXXxx Xxxx08/10/2023verifiedHigh
20XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79Basic Cross Site ScriptingpredictiveHigh
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (36)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/alumni/admin/ajax.php?action=save_settingspredictiveHigh
2File/cwp_{SESSION_HASH}/admin/loader_ajax.phppredictiveHigh
3Fileactions/authenticate.phppredictiveHigh
4Fileadmin/dashboard.phppredictiveHigh
5Filecollege_website/admin/ajax.php?action=loginpredictiveHigh
6Filexxxxxxxxxx/xxx.xxpredictiveHigh
7Filexxxxxxxxx/xxxxxxx/xxxx.xxxpredictiveHigh
8Filexxxxxxxxxxx.xxxpredictiveHigh
9Filexxxxxxxx/xxxxxxxx.xpredictiveHigh
10Filexxx/xxxxxxx.xxxpredictiveHigh
11Filexxxxxxx_xxxx_xxxxxx.xxxpredictiveHigh
12Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
13Filexxxxx.xxxpredictiveMedium
14Filexx/xxx/xxxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxx_xxxxx/_/xxxxxxx_xxxpredictiveHigh
15Filexxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxxx/xxxx/xxxx_xxxx.xxpredictiveHigh
17Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxx/xxxxxx/xx_xxxxxx.xpredictiveHigh
19Filexxxxxxxxxxxxxxxx.xxpredictiveHigh
20Filexxx/xxxxxxx.xpredictiveHigh
21Filexxxxxxxxx.xpredictiveMedium
22Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
23File\xxx\xxxxx_xxxxxxxxxxxx.xxxpredictiveHigh
24Libraryxxxxxxxx.xxxpredictiveMedium
25Argumentxxxxxxx xx/xxxxxxx xxxxpredictiveHigh
26ArgumentxxxxxxxxxxxpredictiveMedium
27ArgumentxxxxxxxxpredictiveMedium
28ArgumentxxpredictiveLow
29ArgumentxxxxxxxxxxxxxxxpredictiveHigh
30ArgumentxxxxxxxxxpredictiveMedium
31Argumentxxxx_xxxxxxxpredictiveMedium
32ArgumentxxxxpredictiveLow
33ArgumentxxxxpredictiveLow
34Input ValuexxxxxxxxpredictiveMedium
35Input Valuexxxx+x@!xxxx+predictiveHigh
36Pattern() {predictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!