Bitter Analysis

IOB - Indicator of Behavior (512)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en452
de34
es8
it4
fr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us248
gb24
tr22
co18
it18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache HTTP Server12
Microsoft Windows12
Google Android10
GitLab Enterprise Edition6
Linux Kernel6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.510.00000
2vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.090.00885CVE-2018-6200
3Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00000
4FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.130.01213CVE-2008-5928
5Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.080.25090CVE-2017-0055
6PHPWind goto.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.020.01213CVE-2015-4135
7Popup Builder Plugin path traversal6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2021-25082
8Interspire Email Marketer Dynamiccontenttags.php sql injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.060.00885CVE-2018-19551
9MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.340.02800CVE-2007-0354
10MiCODUS MV720 GPS Tracker authorization6.36.2$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2022-34150
11PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.020.01213CVE-2015-4134
12Sales / Company Management System member_order.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2018-19925
13Interspire Email Marketer Dynamiccontenttags.php sql injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2018-19549
14Maran PHP Shop prod.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.010.00986CVE-2008-4879
15phpPgAds adclick.php unknown vulnerability5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.210.01055CVE-2005-3791
16Veritas NetBackup Flex Scale/Access Appliance Management Portal Remote Code Execution9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.020.01156CVE-2022-46414
17Vunet VU Web Visitor Analyst redir.asp sql injection7.37.1$0-$5k$0-$5kHighWorkaround0.100.01139CVE-2010-2338
18My Link Trader out.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.00000
19Dahua IP Camera/PTZ Dome Camera password recovery5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00954CVE-2021-33046
20Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable0.080.01055CVE-2008-2052

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (25)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Pathname TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74InjectionpredictiveHigh
4T1059CWE-88, CWE-94Cross Site ScriptingpredictiveHigh
5T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
15TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXXXxxxxxxx Xxxxxxxxx Xx X Xxxxxxxxxxx'x Xxxxx Xx XxxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictiveHigh
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
19TXXXX.XXXCWE-XXXXxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx XxxxxxxxpredictiveHigh
20TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
21TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
22TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
23TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
24TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
25TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (234)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/acms/classes/Master.php?f=delete_cargopredictiveHigh
3File/admin.php/news/admin/topic/savepredictiveHigh
4File/admin/comn/service/update.jsonpredictiveHigh
5File/admin/moduleinterface.phppredictiveHigh
6File/dev/shmpredictiveMedium
7File/dl/dl_print.phppredictiveHigh
8File/etc/gsissh/sshd_configpredictiveHigh
9File/forms/nslookupHandlerpredictiveHigh
10File/forum/away.phppredictiveHigh
11File/getcfg.phppredictiveMedium
12File/index.phppredictiveMedium
13File/modules/profile/index.phppredictiveHigh
14File/news.dtl.phppredictiveHigh
15File/ofcms/company-c-47predictiveHigh
16File/out.phppredictiveMedium
17File/ptms/?page=userpredictiveHigh
18File/systemrw/predictiveMedium
19File/uncpath/predictiveMedium
20File/upload/file.phppredictiveHigh
21File/usr/sbin/httpdpredictiveHigh
22File/util/print.cpredictiveHigh
23File/web/MCmsAction.javapredictiveHigh
24File/wp-admin/admin-ajax.phppredictiveHigh
25File/wp-content/plugins/woocommerce/templates/emails/plain/predictiveHigh
26File5.2.9\syscrb.exepredictiveHigh
27Fileabc-pcie.cpredictiveMedium
28Fileaccounts/payment_history.phppredictiveHigh
29Fileadclick.phppredictiveMedium
30Filexxxxx.xxxpredictiveMedium
31Filexxxxx.xxx/xxxxx/xxxxxxxxx/xxxxx/xxxxx/xxxxxx.xxxxpredictiveHigh
32Filexxxxx/xxxxxxxx.xxx.xxxpredictiveHigh
33Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
34Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
35Filexxxxx/xxxxxx.xxx/xxxxxx.xxx.xxxpredictiveHigh
36Filexxxxxx/predictiveLow
37Filexxxxx-xxx.xpredictiveMedium
38Filexxxxxxxx.xxxpredictiveMedium
39Filexxxxxxxx.xxxpredictiveMedium
40Filexxx-xxxx.xxxpredictiveMedium
41Filexxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
42Filexxxxxxxx.xxxpredictiveMedium
43Filexxxxxxxxx/xxxxxxxx/xxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
44Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
45Filexxxxxxxxx.xpredictiveMedium
46Filexxxxxxx.xxxpredictiveMedium
47Filexxxxxxx/xxx/xx/xxxxxxxxxx.xpredictiveHigh
48Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
49Filexxxxx.xxxpredictiveMedium
50Filexxxxxxxx.xxxpredictiveMedium
51Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
52Filexxxx.xxxpredictiveMedium
53Filexxx/xxx/xxx_xxxxxxxx.xpredictiveHigh
54Filexxxxxxx_x.xpredictiveMedium
55Filexxxxxxx.xxxpredictiveMedium
56Filexxxxxxx-xxxxxx/xxxxxxxx/xxxxx/xxxxxxxx/xxxxxxx_xxxxxxx.xxxpredictiveHigh
57Filexxxx.xxxpredictiveMedium
58Filexxxxx_xxxxxxxx.xxxpredictiveHigh
59Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
60Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
61Filexxxxxxxx/xxxxx/xxxxx/xxxxxxxxxxx.xxxpredictiveHigh
62Filexxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
63Filexxxxx.xxxpredictiveMedium
64Filexxxxx.xxx?xx=xxxxxxx&xxx=xxxpredictiveHigh
65Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictiveHigh
66Filexxxx.xxxpredictiveMedium
67Filexxxxxxxxx/xxxxxxxxx/xxxxxxxxx_xxxxx_xxx.xxxpredictiveHigh
68Filexxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxxpredictiveHigh
69Filexxxxxxxxxx.xxxpredictiveHigh
70Filexxxxxx.xxx/xxxxxx.xxxpredictiveHigh
71Filexxxxxxxx/xxxx_xxxx.xpredictiveHigh
72Filexxxxx.xxxpredictiveMedium
73Filexxxx/xxxxx.xxxpredictiveHigh
74Filexxx_xxxxxx_xxxxxx.xxpredictiveHigh
75Filexxxxxx/xxxxxx_xxxx.xxxpredictiveHigh
76Filexxxxxx/xxxxxx_xxxxx.xxxpredictiveHigh
77Filexxxxxxxxx.xxxpredictiveHigh
78Filexxxxxx/xxxxxxxx/xxx.xxxpredictiveHigh
79Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
80Filexxx_xxx_xxxxxx.xpredictiveHigh
81Filexxx_xxxxx_xxxx.xpredictiveHigh
82Filexxxxxxxxx.xxxpredictiveHigh
83Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveHigh
84Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
85Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
86Filexxxx.xxxpredictiveMedium
87Filexxxxxx/xxx_xxxxxx/xpredictiveHigh
88Filexxxxxxxxxxxx.xxxpredictiveHigh
89Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
90Filexxxxxxx/xx_xxxxx_xxxx/xxxx.xxxpredictiveHigh
91Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
92Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHigh
93Filexxxxxxx.xxxpredictiveMedium
94Filexxxx.xxxpredictiveMedium
95Filexxxxxxxxxxxxxx.xxxpredictiveHigh
96Filexxxxxxxx.xpredictiveMedium
97Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
98Filexxxxxxx.xxxpredictiveMedium
99Filexxxxx.xxxpredictiveMedium
100Filexxxxx.xxxpredictiveMedium
101Filexxxxxxxx.xxpredictiveMedium
102Filexxxxxxxx.xxxpredictiveMedium
103Filexxxxxxxxxx.xxxpredictiveHigh
104Filexxxxxxxx.xxxpredictiveMedium
105Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveHigh
106Filexxxxxxxxxxx.xxxxpredictiveHigh
107Filexxx.xxxpredictiveLow
108Filexxxxxx.xxpredictiveMedium
109Filexxxxxxxx.xxxpredictiveMedium
110Filexxxx.xxxpredictiveMedium
111Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
112Filexxxxxxxxxxxxxx.xxxpredictiveHigh
113Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
114Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
115Filexx_xxxx/xx_xxxxxx.xpredictiveHigh
116Filexxx.xxxpredictiveLow
117Filexxxxx_xxxxx.xxxpredictiveHigh
118Filexxx_xxxxxxxx.xpredictiveHigh
119Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
120Filexxxxxx_xxxxxxxx.xxxpredictiveHigh
121Filexxxxxx/xxx/xx/xxx.xpredictiveHigh
122Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
123Filex_xxxxxx.xxxpredictiveMedium
124Filexxxxxxxx/xxxxxxxxx.xxxxxxx_xxxxxxxxx.xxxpredictiveHigh
125Filexxxxxxxxx/xxxxxxxxx/xxxx-xxx.xxx.xxxpredictiveHigh
126Filexxxx-xxxpredictiveMedium
127Filexxxxxxx/xxxxx.xxxpredictiveHigh
128Filexxxxxxxxxxx_xxxxxx_xxxx.xxxx.xxxpredictiveHigh
129Filexxx.xxxpredictiveLow
130Filexxxxxx.xxxpredictiveMedium
131Filexxx.xxxpredictiveLow
132Filexxxxxxxx/xxxxxxxxpredictiveHigh
133Filexxxxxxx.xpredictiveMedium
134Filexxxxx/xxxxx.xxpredictiveHigh
135Filexxxxxx/xx/xxxx.xxxpredictiveHigh
136Filexxxxxxxx.xxxpredictiveMedium
137Filexxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
138Filexxxxxx_xxxxxx.xxxpredictiveHigh
139Filexxxxxxxxx.xxxpredictiveHigh
140Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
141File_xxxxxx/xxxxxxxx.xpredictiveHigh
142Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
143Libraryxxxxxxx.xxpredictiveMedium
144Libraryx:/xxxxxxx xxxxx/xxxxx/xxxxxxx.xxxpredictiveHigh
145Libraryxxxxxx[xxxxxx_xxxxpredictiveHigh
146Libraryxxx/xxx/xxxx.xxxxx.xxxpredictiveHigh
147Argument$_xxxxxxx["xxx"]predictiveHigh
148Argument-xpredictiveLow
149ArgumentxxxxxxpredictiveLow
150Argumentxxx_xxxxxxxxxxpredictiveHigh
151Argumentxxxxxxxx_x/xxxxxxxx_xpredictiveHigh
152Argumentxxxxx_xxxx/xxx_xxxx/xxxx_xxpredictiveHigh
153Argumentxxxxxxx[]predictiveMedium
154ArgumentxxxxxxxxxpredictiveMedium
155ArgumentxxxpredictiveLow
156ArgumentxxxxxxxxxpredictiveMedium
157Argumentxxxxxxxx[xxxxxxx]predictiveHigh
158ArgumentxxxxxpredictiveLow
159Argumentxxx_xxpredictiveLow
160ArgumentxxxpredictiveLow
161ArgumentxxxxxxxxxxxxxxxpredictiveHigh
162ArgumentxxxxxxxxxpredictiveMedium
163ArgumentxxxxxxxxxpredictiveMedium
164Argumentxxxxxx[xxxxxx_xxxx]predictiveHigh
165Argumentxxxxxx x xxx xxxxxxxxxxpredictiveHigh
166Argumentxx-xxx-xpredictiveMedium
167Argumentx_xxxxxx.xxxx_xxxxxpredictiveHigh
168Argumentx_xxpredictiveLow
169Argumentxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxpredictiveHigh
170ArgumentxxxxpredictiveLow
171Argumentxxxxx/xxxxxxpredictiveMedium
172Argumentxxxxxx_xxxx_xxxxxxxxpredictiveHigh
173ArgumentxxxxxxxxxpredictiveMedium
174Argumentxxxxxxxx-xxxxxxpredictiveHigh
175ArgumentxxxxxxxxxpredictiveMedium
176ArgumentxxxxxxxxxpredictiveMedium
177ArgumentxxxxxxxxxpredictiveMedium
178ArgumentxxxxpredictiveLow
179ArgumentxxpredictiveLow
180Argumentxx/xxxxpredictiveLow
181ArgumentxxxpredictiveLow
182ArgumentxxxxxpredictiveLow
183ArgumentxxxxxxxxxpredictiveMedium
184ArgumentxxxxpredictiveLow
185Argumentxxxx/xxxxxx_xxxxpredictiveHigh
186ArgumentxxxxxxpredictiveLow
187Argumentxx_xxxxxxxxxxxpredictiveHigh
188ArgumentxxxxxxxpredictiveLow
189Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
190ArgumentxxxxpredictiveLow
191ArgumentxxxxpredictiveLow
192ArgumentxxxxxxxxpredictiveMedium
193ArgumentxxxxxxxxxxxxxxpredictiveHigh
194ArgumentxxpredictiveLow
195ArgumentxxxxxpredictiveLow
196ArgumentxxxxpredictiveLow
197ArgumentxxxxxxxxpredictiveMedium
198ArgumentxxxxxxxxpredictiveMedium
199ArgumentxxxxpredictiveLow
200Argumentxxxx_xxxpredictiveMedium
201ArgumentxxxxxpredictiveLow
202ArgumentxxxxxxpredictiveLow
203Argumentxxxxxxx_xx/xxxx_xxpredictiveHigh
204ArgumentxxxxxxxxxxpredictiveMedium
205Argumentx_xxpredictiveLow
206ArgumentxxxxxxpredictiveLow
207ArgumentxxxxxpredictiveLow
208Argumentxxxxxx xxxxpredictiveMedium
209ArgumentxxxxpredictiveLow
210Argumentxxxx_xxxxpredictiveMedium
211ArgumentxxxpredictiveLow
212ArgumentxxxxxxxxxpredictiveMedium
213ArgumentxxxxxxpredictiveLow
214ArgumentxxxxxxpredictiveLow
215Argumentxxxxxx($xxx)predictiveMedium
216ArgumentxxxxxpredictiveLow
217ArgumentxxxxpredictiveLow
218Argumentxxxx/x_xxxxxpredictiveMedium
219ArgumentxxxpredictiveLow
220ArgumentxxxxxxxxpredictiveMedium
221ArgumentxxxxxxxxpredictiveMedium
222Argumentxxxx xxxxpredictiveMedium
223ArgumentxxxxxxxxpredictiveMedium
224Argumentxxxx_xxxxxpredictiveMedium
225ArgumentxxxxxpredictiveLow
226ArgumentxxxxxpredictiveLow
227Argumentx-xxxxxxxxx-xxxpredictiveHigh
228Input Value'"<xxxxxx>xxxxx(/xxxx.xx/)</xxxxxx>predictiveHigh
229Input Value.%xx.../.%xx.../predictiveHigh
230Input Value../predictiveLow
231Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
232Input Value|xxx${xxx}predictiveMedium
233Network PortxxxxxpredictiveLow
234Network PortxxxxxpredictiveLow

References (6)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!