Boostwrite and RDFSniffer Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (23)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en	20
sv	4

Country

US: USA	18
RU: Russia	2
SE: Sweden	2
CN: China	2

Actors

Feodo	1
Boostwrite and RDFSniffer	1
ISFB	1
Gootkit	1
SharkBot	1

Activities

Interest

Timeline

Type

Not Defined	12
Application Server Software	2
SCADA Software	2
Cloud Software	2
Peer-to-Peer Software	2

Vendor

Oracle	2
ANNKE	2
Schneider Electric	2
Symantec	2
Apple	2

Product

Oracle WebLogic Server	2
ANNKE SP1 HD Wireless Camera	2
Schneider Electric EcoStruxure Building Operation ...	2
Symantec Messaging Gateway	2
Apple iCloud	2

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#	Vulnerability	Base	Temp	0day	Today	Exp	Cou	KEV	EPSS	CTI	CVE
1	Microsoft Exchange Server Mail memory corruption	8.5	8.4	$5k-$25k	$0-$5k	Not defined	Official fix		0.17465	0.00	CVE-2018-8302
2	Demososo DM Enterprise Website Building System Cookie indexDM_load.php dmlogin improper authentication	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00045	0.04	CVE-2024-1817
3	Delta Electronics ASDA-Soft Project File out-of-bounds write	7.0	6.9	$0-$5k	$0-$5k	Not defined	Official fix		0.00151	0.00	CVE-2022-1403
4	Fujitsu ETERNUS CentricStor CS8000 grel.php grel_finfo os command injection	6.3	6.0	$0-$5k	$0-$5k	Not defined	Official fix		0.02868	0.00	CVE-2022-31795
5	Oracle WebLogic Server Web Container information disclosure	7.5	7.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official fix	expected	0.94222	0.04	CVE-2022-21371
6	Palo Alto PAN-OS Web Interface os command injection	8.0	7.8	$0-$5k	$0-$5k	Not defined	Official fix		0.01040	0.00	CVE-2021-3058
7	Schneider Electric EcoStruxure Building Operation WebStation Web Page Generation cross site scripting	4.8	4.8	$0-$5k	$0-$5k	Not defined	Not defined		0.00373	0.08	CVE-2020-28210
8	Tiandy IP Cameras Service Port 3001 information disclosure	6.4	6.1	$0-$5k	$0-$5k	Proof-of-Concept	Workaround		0.04438	0.05	CVE-2017-15236
9	Shenzhen Hichip Vision Technology V20 P2P Service buffer overflow	8.5	8.5	$5k-$25k	$5k-$25k	Not defined	Not defined		0.07578	0.00	CVE-2020-9527
10	Shenzhen Hichip Vision Technology V20 privileges management	8.0	8.0	$0-$5k	$0-$5k	Not defined	Not defined		0.02335	0.04	CVE-2020-9529
11	ANNKE SP1 HD Wireless Camera SSID cross site scripting	5.2	5.2	$0-$5k	$0-$5k	Not defined	Not defined		0.00240	0.00	CVE-2017-18483
12	Mobotix IP Network Camera cross site scripting	3.5	3.3	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00000	0.00
13	Multiple Vendor DVR download.rsp Credentials credentials management	7.5	7.4	$0-$5k	$0-$5k	Not defined	Workaround		0.00546	0.00	CVE-2018-10676
14	Dahua Web P2P Key information disclosure	4.4	4.4	$0-$5k	$0-$5k	Not defined	Not defined		0.00129	0.05	CVE-2020-9501
15	AVTECH IP Camera/NVR/DVR PwdGrp.cgi command injection	9.8	9.2	$5k-$25k	$0-$5k	Attacked	Unavailable		0.00000	0.02
16	Microsoft Exchange Server deserialization	8.3	8.2	$25k-$100k	$0-$5k	Attacked	Official fix	verified	0.94418	0.00	CVE-2020-0688
17	Apple iCloud Foundation state issue	4.4	4.2	$5k-$25k	$0-$5k	Not defined	Official fix		0.00116	0.00	CVE-2020-10002
18	Go Doc Dot Org Package path traversal	8.5	8.5	$0-$5k	$0-$5k	Not defined	Official fix		0.02804	0.00	CVE-2018-12976
19	Symantec Messaging Gateway server-side request forgery	7.3	7.3	$5k-$25k	$5k-$25k	Not defined	Not defined		0.00932	0.02	CVE-2019-18379
20	Cisco Embedded Device X.509 Certificate certificate validation	5.7	5.6	$5k-$25k	$0-$5k	Not defined	Official fix		0.01967	0.06	CVE-2015-6358

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	109.230.199.227	reserved07.theonlygreeting.com	Boostwrite and RDFSniffer		10/10/2019	verified	Low

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
3	TXXXX.XXX	CAPEC-XXX	CWE-XX, CWE-XX	Xxxxx Xxxxx Xxxx Xxxxxxxxx	predictive	High
4	TXXXX	CAPEC-XXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX	CAPEC-XXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
6	TXXXX		CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
7	TXXXX.XXX	CAPEC-XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
8	TXXXX	CAPEC-XXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/cgi-bin/supervisor/PwdGrp.cgi	predictive	High
2	File	download.rsp	predictive	Medium
3	File	xxxx.xxx	predictive	Medium
4	File	xxxxxxx_xxxx.xxx	predictive	High
5	Argument	xxx_xxxxx_xxxx_xxxxxxx	predictive	High
6	Argument	xx_xxxxx	predictive	Medium
7	Argument	xxxx/xx/xxxx	predictive	Medium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

This view requires CTI permissions

Just purchase a CTI license today!