Bonanza Analysisinfo

IOB - Indicator of Behavior (326)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en224
ru42
sv16
es12
it10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel6
phpBB4
Active Auction House4
Zentrack4
Apple Mac OS X Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001930.84CVE-2022-28959
2TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010750.75CVE-2006-6168
3Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.13
4SourceCodester Online Employee Leave Management System addemployee.php cross-site request forgery5.85.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001030.07CVE-2022-3121
5OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001750.03CVE-2005-1612
6Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.919800.54CVE-2020-15906
7Apple Mac OS X Server Wiki Server cross site scripting4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.002630.06CVE-2009-2814
8eSyndicat Directory Software suggest-listing.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.32
9Vienuke Vieboard viewtopic.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.00CVE-2003-1196
10MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.014340.06CVE-2007-0354
11Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.003390.13CVE-2015-5911
12Oracle Communications Cloud Native Core Security Edge Protection Proxy SEPP code injection10.09.8$25k-$100k$0-$5kHighOfficial Fix0.974940.06CVE-2022-22947
13MacCMS index.php command injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.151060.07CVE-2017-17733
14Advisto Peel SHOPPING caddie_ajout.php cross-site request forgery6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.003810.08CVE-2018-20848
15Promosi-web ardguest ardguest.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.006140.00CVE-2009-3668
16Haas Controller Ethernet Q Commands Service insufficient granularity of access control9.89.6$0-$5k$0-$5kNot DefinedNot Defined0.001040.00CVE-2022-2475
17PHPizabi template.class.php assignuser information disclosure4.34.2$0-$5k$0-$5kHighUnavailable0.004580.02CVE-2008-2018
18DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.028200.17CVE-2010-0966
19ESecurityServices GPS Userdata Form allows Persistent cross site scripting5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
185.217.144.143Bonanza11/09/2023verifiedHigh
2109.107.182.2hosted-by.yeezyhost.netBonanza11/09/2023verifiedMedium
3XXX.XX.XX.XXXXxxxxxx11/09/2023verifiedHigh
4XXX.XX.XX.XXXXxxxxxx11/09/2023verifiedHigh
5XXX.XX.XX.XXXXxxxxxx11/09/2023verifiedHigh
6XXX.XXX.XXX.XXXxxxxxx11/09/2023verifiedHigh
7XXX.XXX.XX.XXXxxxxxx11/09/2023verifiedHigh
8XXX.XXX.XXX.XXXXxxxxxx11/09/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (250)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/?r=email/api/mark&op=delFromSendpredictiveHigh
2File/admin/addemployee.phppredictiveHigh
3File/advanced-tools/nova/bin/netwatchpredictiveHigh
4File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
5File/film-rating.phppredictiveHigh
6File/forum/away.phppredictiveHigh
7File/index.phppredictiveMedium
8File/librarian/bookdetails.phppredictiveHigh
9File/pages/faculty_sched.phppredictiveHigh
10File/php_action/createUser.phppredictiveHigh
11File/spip.phppredictiveMedium
12File/student/bookdetails.phppredictiveHigh
13Fileaccount.asppredictiveMedium
14Fileaddguest.cgipredictiveMedium
15Fileadd_comment.phppredictiveHigh
16Fileadmin.phppredictiveMedium
17Fileadmin/admin_users.phppredictiveHigh
18Fileadmin/conf_users_edit.phppredictiveHigh
19FileAdmin/edit-admin.phppredictiveHigh
20Fileadmin/establishment/manage.phppredictiveHigh
21Fileadmin/inquiries/view_details.phppredictiveHigh
22Fileadmin/skins.phppredictiveHigh
23Fileadmin/versions.htmlpredictiveHigh
24Fileadmindocumentworker.jsppredictiveHigh
25Fileadmin_feature.phppredictiveHigh
26Filealbum_portal.phppredictiveHigh
27Fileannounce.phppredictiveMedium
28Fileapply.cgipredictiveMedium
29Fileardguest.phppredictiveMedium
30Filebb_usage_stats.phppredictiveHigh
31Filebwdates-report-result.phppredictiveHigh
32Filexxxxxxxx.xxxpredictiveMedium
33Filexxxxxxxx_xxxx.xxxpredictiveHigh
34Filexxx-xxx/xxxxx_xxx_xxxpredictiveHigh
35Filexxx-xxx/xxxxx_xxxx.xxx?xxxxxx=xxxxxxxpredictiveHigh
36Filexxxxx.xxxxx.xxxpredictiveHigh
37Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
38Filexxxxxx.xxxpredictiveMedium
39Filexxxxxx.xxx.xxxpredictiveHigh
40Filexxx.xxxpredictiveLow
41Filexxxxxxx.xxxpredictiveMedium
42Filexxxxxx.xxxpredictiveMedium
43Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
44Filexxxxxxxx.xxxpredictiveMedium
45Filexxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
46Filexxxxxxx/xxx/x_xxxxx.xpredictiveHigh
47Filexxxxxxx/xxxxx/xxxxx/xxxxxx-xxx.xpredictiveHigh
48Filexxxx-xxxxxxx.xxxpredictiveHigh
49Filexxxxx.xxxpredictiveMedium
50Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictiveHigh
51Filexx_xxx.xxxpredictiveMedium
52Filexxxxx.xxxpredictiveMedium
53Filexx/xxxx/xxxxxxx.xpredictiveHigh
54Filexxxxxxx.xxxpredictiveMedium
55Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
56Filexxxxx.xxxpredictiveMedium
57Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
58Filexxxxxx.xxxpredictiveMedium
59Filexxxx.xxxpredictiveMedium
60Filexx-xxx/xxxx.xxxpredictiveHigh
61Filexxxxx_xxxxxx.xxxpredictiveHigh
62Filexxx/xxxxxx.xxxpredictiveHigh
63Filexxx/xxxxxxxxx.xxx.xxxpredictiveHigh
64Filexxxxxxx.xxxpredictiveMedium
65Filexxxxx.xxxpredictiveMedium
66Filexxxxx.xxxxpredictiveMedium
67Filexxxxx.xxxpredictiveMedium
68Filexxxxxxx/xxxxxx.xxxpredictiveHigh
69Filexxxx_xxxx.xxxpredictiveHigh
70Filexxxx.xxxpredictiveMedium
71Filexxxxx.xxxpredictiveMedium
72Filexxxxx.xx/xxxxxxxxxxx.xxx/xxxxx.xxxpredictiveHigh
73Filexxxxxxxxx.xxxpredictiveHigh
74Filexxxxxxxxxxxx.xxxpredictiveHigh
75Filexxx/xxxx_xxx.xxxpredictiveHigh
76Filexxxx/xxxxxxx_xxxx.xpredictiveHigh
77Filexxx/xxx.xxxpredictiveMedium
78Filexxxxxxx/xxx_xxxxxxxx.xxxpredictiveHigh
79Filexxx_xxxxxxxx.xxxpredictiveHigh
80Filexxxxxxxx.xxxpredictiveMedium
81Filexxxx-xxxxxx.xxxpredictiveHigh
82Filexxxxxxxx.xxxpredictiveMedium
83Filexxx_xxxx.xxxpredictiveMedium
84Filexxxxxxx_xxxx.xxxpredictiveHigh
85Filexxxxx.xxxpredictiveMedium
86Filexxxxx_xxxxx_xxx.xxxpredictiveHigh
87FilexxxxxpredictiveLow
88Filexxxxxxxx.xxxpredictiveMedium
89Filexxxxx/xxxxxxx.xxxpredictiveHigh
90Filexxxxx-xxx.xpredictiveMedium
91Filexxxxx.xxxpredictiveMedium
92Filexxxxx/xxxxxxxxxxx/xxxxx.xxxpredictiveHigh
93Filexxxx.xxxpredictiveMedium
94Filexxxxxxxxxxxxxx.xxxpredictiveHigh
95Filexxxx.xxxpredictiveMedium
96Filexxxxxxxx-x.xxpredictiveHigh
97Filexxxxxxxx.xxxpredictiveMedium
98Filexxxxxxxxxxx-xxxxxxx.xxxpredictiveHigh
99Filexxxx/xxx/xxx_xxxx.xpredictiveHigh
100Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
101Filexxxxxx.xxxpredictiveMedium
102Filexxxxxx.xxxpredictiveMedium
103Filexxxxxxxx.xxxpredictiveMedium
104Filexxxxxx_xxx_xxxxxx.xxxpredictiveHigh
105Filexxxxx.xxxpredictiveMedium
106Filexxxxxxx/xxxxxx.xxxpredictiveHigh
107Filexxxxxxx.xxxpredictiveMedium
108Filexxxx_xxxxx.xxxxpredictiveHigh
109Filexxxxx.xxxpredictiveMedium
110Filexxxxx_xxxxx.xxxpredictiveHigh
111Filexxxxx.xxxpredictiveMedium
112Filexxxxxxx-xxxxxxxx.xxxpredictiveHigh
113Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
114Filexxxxxxx_xxxxxxxx.xxxpredictiveHigh
115Filexxxxxxxx.xxxxx.xxxpredictiveHigh
116Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxpredictiveHigh
117Filexxxxxxxxxxxxxxxxxxx.xxx/xxxxxxxx_xxxxx_xxxx_xxxxxxxx_xxxxxxxxxx.xxxpredictiveHigh
118Filexxxxx-xxxx.xxxpredictiveHigh
119Filexxxx-xxxxx.xxxpredictiveHigh
120Filexxxx-xxxxxxxx.xxxpredictiveHigh
121Filexxxx.xxxpredictiveMedium
122Filexxx.xxxpredictiveLow
123Filexxxxxxx-x-x-x.xxxpredictiveHigh
124Filexxxxxx.xxxpredictiveMedium
125Filexxxxxx_xxxxxxxx.xxxpredictiveHigh
126Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
127Filexxxx.xxxpredictiveMedium
128Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
129Filexxxxxxxxx.xxxpredictiveHigh
130Filexxxx_xxxx.xxxpredictiveHigh
131Filexxxx_xxxxxxx.xxxpredictiveHigh
132Filexxxxxxxxxxxxx.xxxpredictiveHigh
133Filexxx/xxxxxxx.xxxpredictiveHigh
134Filexxxxxxx.xxxxpredictiveMedium
135Filexxxxxxxxxx.xxxxpredictiveHigh
136Filexxxxxx.xxxpredictiveMedium
137Library/xxxxxxxxx/xxxxxxxxxxxxxx.xxxpredictiveHigh
138Libraryxxxxxx[xxxxxx_xxxxpredictiveHigh
139Libraryxxxxxxxx.xxxpredictiveMedium
140Libraryxxxxxxxxxxx.xxxpredictiveHigh
141Libraryxxxxxxx_xxxxxx_xxxxxxxpredictiveHigh
142Argument$_xxxxxx['xxxxx_xxxxxx']predictiveHigh
143ArgumentxxxxxxpredictiveLow
144ArgumentxxxxxxxxxxxxpredictiveMedium
145ArgumentxxxxxxxxpredictiveMedium
146ArgumentxxxxxxxxpredictiveMedium
147Argumentxxxx_xxxpredictiveMedium
148Argumentxxx_xxxpredictiveLow
149ArgumentxxxpredictiveLow
150Argumentxxx_xxpredictiveLow
151ArgumentxxxpredictiveLow
152Argumentxxxx_xxpredictiveLow
153ArgumentxxxxxxxpredictiveLow
154ArgumentxxxxxxpredictiveLow
155ArgumentxxxxxxxxxxpredictiveMedium
156Argumentxxxxxx[xxxxxx_xxxx]predictiveHigh
157Argumentxxxxxx[xxxx]predictiveMedium
158Argumentxxxxxx[xxx_xxxx_xxxx]predictiveHigh
159Argumentxxxxxxxxx[x]predictiveMedium
160ArgumentxxxxxpredictiveLow
161Argumentxxxxxx_xx/xxxx/xxxxxxxpredictiveHigh
162ArgumentxxxxxxxxxxxpredictiveMedium
163ArgumentxxxxxxxpredictiveLow
164ArgumentxxxxxpredictiveLow
165ArgumentxxxxxxxxxxpredictiveMedium
166Argumentxxxx_xxxxxxxxpredictiveHigh
167ArgumentxxxxxpredictiveLow
168ArgumentxxxxxxxxpredictiveMedium
169Argumentxxxxx_xxxpredictiveMedium
170ArgumentxxxxxpredictiveLow
171ArgumentxxxxxxxpredictiveLow
172Argumentxxxx/xxxxpredictiveMedium
173Argumentxx_xxxxpredictiveLow
174Argumentxxxx_xxpredictiveLow
175ArgumentxxxxxxxpredictiveLow
176Argumentxxxxx_xxpredictiveMedium
177ArgumentxxxxxxxxxxpredictiveMedium
178ArgumentxxxxxxxpredictiveLow
179ArgumentxxxxxxxpredictiveLow
180ArgumentxxpredictiveLow
181ArgumentxxxxxxxxpredictiveMedium
182ArgumentxxpredictiveLow
183ArgumentxxpredictiveLow
184Argumentxx=predictiveLow
185Argumentxxxxx/xxxxpredictiveMedium
186Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxpredictiveHigh
187ArgumentxxxxpredictiveLow
188ArgumentxxxxpredictiveLow
189ArgumentxxxxxxpredictiveLow
190ArgumentxxxxxpredictiveLow
191ArgumentxxxxxxxxpredictiveMedium
192ArgumentxxxxpredictiveLow
193Argumentxxxx_xxxxpredictiveMedium
194Argumentxxxx_xxxpredictiveMedium
195Argumentxxxxx_xxxxpredictiveMedium
196Argumentxxx_xxxxxxx_xxxpredictiveHigh
197ArgumentxxxxpredictiveLow
198ArgumentxxxpredictiveLow
199Argumentxx_xxxxxxxxpredictiveMedium
200ArgumentxxxxxxxxpredictiveMedium
201Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
202ArgumentxxxxxpredictiveLow
203Argumentxxxx_xxxxpredictiveMedium
204ArgumentxxpredictiveLow
205Argumentxxxxxxx xxxxxxpredictiveHigh
206ArgumentxxxxpredictiveLow
207ArgumentxxxxxxpredictiveLow
208ArgumentxxxxxxxxpredictiveMedium
209ArgumentxxxxpredictiveLow
210Argumentxxxx_xx_xx_xxxpredictiveHigh
211Argumentxxxxx_xxxx_xxxxpredictiveHigh
212ArgumentxxxxxpredictiveLow
213ArgumentxxxxxxxxpredictiveMedium
214Argumentxxxxxxx_xxpredictiveMedium
215ArgumentxxxxxpredictiveLow
216ArgumentxxxxxxxxxpredictiveMedium
217ArgumentxxxxxxxpredictiveLow
218ArgumentxxxxxxpredictiveLow
219ArgumentxxxxxxxxpredictiveMedium
220ArgumentxxxxxxxxxpredictiveMedium
221ArgumentxxxpredictiveLow
222ArgumentxxxpredictiveLow
223ArgumentxxxxxxpredictiveLow
224ArgumentxxxxxxxxxxpredictiveMedium
225ArgumentxxxpredictiveLow
226ArgumentxxxpredictiveLow
227Argumentxxxxxxxxx_xxxxxx_xxxpredictiveHigh
228ArgumentxxxxpredictiveLow
229ArgumentxxxxpredictiveLow
230ArgumentxxxxpredictiveLow
231ArgumentxxxxxxxxxxpredictiveMedium
232ArgumentxxxxpredictiveLow
233ArgumentxxxpredictiveLow
234ArgumentxxxxxpredictiveLow
235ArgumentxxxxxxpredictiveLow
236ArgumentxxxpredictiveLow
237ArgumentxxxxpredictiveLow
238ArgumentxxxxxxxxpredictiveMedium
239ArgumentxxxxxxxxpredictiveMedium
240Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
241ArgumentxxpredictiveLow
242Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh
243Input Value'xx''='predictiveLow
244Input Value' xx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxx xxxxx xx x)x)-- xxxxpredictiveHigh
245Input Value-xpredictiveLow
246Input Value<xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveHigh
247Input Valuexxxx<xxx xxx="" xxxxxxx=xxxxx(x)>predictiveHigh
248Input Valuexxxxxxx%xxxxxxxxx.xxx'%xx%xx<xxxxxx%xx>xxxxx(xxxx)</xxxxxx>predictiveHigh
249Input Value\xxx../../../../xxx/xxxxxxpredictiveHigh
250Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!