Bunitu Analysis

IOB - Indicator of Behavior (945)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en900
de18
es14
fr6
ru6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us256
es24
ru12
de6
be4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Bunitu7
IcedID3
Cuba Ransomware2
Novter2
Cobalt Strike2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined410
Operating System42
Content Management System40
Cloud Software26
Web Browser24

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined298
IBM38
Microsoft36
Apache24
Cisco24

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows20
TYPO310
Google Android8
Mozilla Firefox8
Apache HTTP Server8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.01621CVE-2007-1192
2rollup-plugin-serve readFileFromContentBase path traversal7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00515CVE-2020-7683
3gVectors wpDiscuz Plugin wpdLoadMoreComments sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00183CVE-2020-13640
4Joomla CMS weblinks-categories sql injection7.37.1$5k-$25k$0-$5kHighUnavailable0.030.00130CVE-2014-7981
5Tenhot TWS-100 Network Diagnostic os command injection8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00317CVE-2022-37861
6nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined4.310.00000CVE-2020-12440
7Adobe After Effects information disclosure4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00063CVE-2021-35995
8Pimcore CustomReportController.php downloadCsvAction file inclusion5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00074CVE-2021-23340
9Apache HTTP Server mod_rewrite redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.040.00138CVE-2020-1927
10nginx Error Page request smuggling6.36.1$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00203CVE-2019-20372
11Apache HTTP Server mod_proxy_fcgi.c handle_headers memory corruption5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.150.00585CVE-2014-3583
12SageCRM Component Manager aspshell.asp 7pk security8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00228CVE-2017-5219
13Red Hat Ansible Tower API User information exposure5.55.5$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00134CVE-2020-14337
14vsftpd deny_file unknown vulnerability3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.260.00312CVE-2015-1419
15Monstra CMS edit authorization6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.010.00182CVE-2020-8439
16Druva inSync Windows Client os command injection6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00164CVE-2019-3999
17IBM Jazz Foundation information disclosure4.34.3$5k-$25k$5k-$25kNot DefinedNot Defined0.010.00057CVE-2019-4457
18Hashicorp Nomad/Nomad Enterprise resource consumption6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00098CVE-2020-7218
19Steve Poulsen GuildFTPd Password Storage default.usr missing encryption5.95.8$0-$5k$0-$5kNot DefinedWorkaround0.000.00042CVE-2001-0768
20vzctl DiskDescriptor.xml link following5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00068CVE-2015-6927

IOC - Indicator of Compromise (29)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.61.40.13Bunitu05/11/2022verifiedHigh
25.61.42.235Bunitu05/11/2022verifiedHigh
35.104.230.200hosted-by.snel.comBunitu04/29/2022verifiedHigh
45.199.174.223Bunitu05/11/2022verifiedHigh
518.133.158.66ec2-18-133-158-66.eu-west-2.compute.amazonaws.comBunitu05/11/2022verifiedMedium
623.21.42.25ec2-23-21-42-25.compute-1.amazonaws.comBunitu05/11/2022verifiedMedium
7XX.XX.XXX.XXxxx-xx-xx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxx05/11/2022verifiedMedium
8XX.XXX.XXX.XXXxxxxx05/11/2022verifiedHigh
9XX.XX.XXX.XXxxx.xxxxxxxx.xxxXxxxxx05/11/2022verifiedHigh
10XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxx05/11/2022verifiedMedium
11XX.XX.XXX.XXXxxxxxx.xxxxxxxxxxxxxx.xxxXxxxxx04/29/2022verifiedHigh
12XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxx.xxxx.xxxXxxxxx04/29/2022verifiedHigh
13XX.XXX.XXX.XXXxxxxxxxxx.xxxx.x-xxxxxxxxx.xxXxxxxx05/11/2022verifiedHigh
14XX.XXX.XXX.XXXxxxxx04/29/2022verifiedHigh
15XXX.XX.X.XXxxxxx.xxxxx.xxx.xxxXxxxxx05/11/2022verifiedHigh
16XXX.XX.XX.Xxxxxxx.x.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx05/11/2022verifiedHigh
17XXX.XX.X.XXXxxxxx05/11/2022verifiedHigh
18XXX.XXX.X.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxx04/29/2022verifiedHigh
19XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxx05/11/2022verifiedHigh
20XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxx05/11/2022verifiedHigh
21XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxx05/11/2022verifiedHigh
22XXX.XX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxx05/11/2022verifiedHigh
23XXX.XXX.XXX.XXXxxxxxx.xxxxx.xxxXxxxxx05/11/2022verifiedHigh
24XXX.XXX.XX.XXXXxxxxx05/11/2022verifiedHigh
25XXX.XX.XX.XXXxxxxxxxx.xxxxxx.xxxXxxxxx05/11/2022verifiedHigh
26XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxxx05/11/2022verifiedHigh
27XXX.XXX.XXX.XXxxxx.xxxxx.xxxXxxxxx05/11/2022verifiedHigh
28XXX.XX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxx04/29/2022verifiedHigh
29XXX.XX.XXX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxx05/11/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (29)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22, CWE-23Pathname TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74InjectionpredictiveHigh
4T1059CWE-88, CWE-94Cross Site ScriptingpredictiveHigh
5T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6T1068CWE-250, CWE-264, CWE-266, CWE-269, CWE-284J2EE Misconfiguration: Weak Access Permissions for EJB MethodspredictiveHigh
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
17TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXX.XXXCWE-XXXXxxxxxxxxx XxxxxxxxxpredictiveHigh
19TXXXX.XXXCWE-XXXXxxxxxxxx XxxxxxxxxpredictiveHigh
20TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
21TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
22TXXXX.XXXCWE-XXXXxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx XxxxxxxxpredictiveHigh
23TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
24TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
25TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
26TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
27TXXXX.XXXCWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
28TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh
29TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (333)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File..\WWWRoot\CustomPages\aspshell.asppredictiveHigh
2File/09/business/upgrade/upcfgAction.php?download=truepredictiveHigh
3File/32predictiveLow
4File/admin/maintenance/view_designation.phppredictiveHigh
5File/admin/usermanagement.phppredictiveHigh
6File/assets/something/services/AppModule.classpredictiveHigh
7File/bcms/admin/?page=reports/daily_court_rental_reportpredictiveHigh
8File/cgi-bin/kerbynetpredictiveHigh
9File/cgi-bin/luci;stok=/localepredictiveHigh
10File/cgi-bin/passpredictiveHigh
11File/ctpms/admin/?page=applications/view_applicationpredictiveHigh
12File/dev/tcx0predictiveMedium
13File/dev/urandompredictiveMedium
14File/etc/environmentpredictiveHigh
15File/etc/keystone/user-project-map.jsonpredictiveHigh
16File/etc/passwdpredictiveMedium
17File/home.jsppredictiveMedium
18File/inc/campaign/view-campaign-list.phppredictiveHigh
19File/include/menu_v.inc.phppredictiveHigh
20File/index.php/weblinks-categoriespredictiveHigh
21File/servlet/webaccpredictiveHigh
22File/student-grading-system/rms.php?page=school_yearpredictiveHigh
23File/system?action=ServiceAdminpredictiveHigh
24File/usr/predictiveLow
25File/usr/bin/pkexecpredictiveHigh
26File/wp-admin/admin.php?page=cpabc_appointments.phppredictiveHigh
27FileActiveMQConnection.javapredictiveHigh
28Fileadmin-ajax.phppredictiveHigh
29Fileadmin.phppredictiveMedium
30Fileadmin/ad_list.phppredictiveHigh
31Fileadmin/panels/uploader/admin.uploader.phppredictiveHigh
32Fileadmin/status/realtime/bandwidth_statuspredictiveHigh
33Fileagent.cpredictiveLow
34Fileajax_crons.phppredictiveHigh
35Fileansi.cpredictiveLow
36Fileapi.php/List/indexpredictiveHigh
37FileAPI/api/VersionpredictiveHigh
38Filexxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
39Filexxx_xxxxxxxpredictiveMedium
40Filexxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
41Filexxxxxxx.xxpredictiveMedium
42Filexxxxxxx/xxxxx/xxxx/predictiveHigh
43Filexxxxxxxx.xxxpredictiveMedium
44Filexxx/xxxxxx_xxxxxxx.xxxpredictiveHigh
45Filexxxx.xxxpredictiveMedium
46Filexxxx.xpredictiveLow
47Filexxxxx_xxx.xpredictiveMedium
48Filexxxxxxxxxxxx/xxxxx/xxxxxxxx/xxxxx.xxxpredictiveHigh
49Filexxxxxxx/xxxxxxxxxxx/xxxxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
50Filex:\xxxxxxxxpredictiveMedium
51Filex:\xxxxxxx\xxxxxxxx\xxxxxxxxx.xxxpredictiveHigh
52Filex:\xxxxxxxx\xxxxxxxxx.xxxpredictiveHigh
53Filexxxxxxxxxxx.xxxpredictiveHigh
54Filexxxxx/xxxxxxxxx.xpredictiveHigh
55Filexxx-xxx/xxx_xxx_xxxxxx.xxxpredictiveHigh
56Filexxx-xxx/xxxxxxxx.xxxpredictiveHigh
57Filexxx-xxx/xx.xxxpredictiveHigh
58Filexxx-xxx/xx_xxxxxx_xxxxxx.xxxpredictiveHigh
59Filexxx/xxx?xxxxpredictiveMedium
60Filexxx/xxxxxxpredictiveMedium
61Filexxxxxxxx.xxxpredictiveMedium
62FilexxxxxpredictiveLow
63Filexxxxx-xx-xxxxxx-xxxxx.xxxpredictiveHigh
64Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
65Filexxxxxxx/xxxxx.xxxxx.xxxpredictiveHigh
66Filexxx.xxxpredictiveLow
67Filexxxxxx/xxx.xpredictiveMedium
68Filexxxxxx/xxxx.xpredictiveHigh
69Filexxxxxxx.xxxpredictiveMedium
70Filexxxxxx/xxxx.xxxpredictiveHigh
71Filexxxx/xxxxxxx/xxxxxxx_xxx.xxpredictiveHigh
72Filexxxxx_xxxxxxxxxxxx_xxxxx_xxx_xxxxxxxx_xxxx.xxx.xxxpredictiveHigh
73Filexxxxx_xxxxxxxxxxxx_xxxxx_xxx_xxxxxxxx_xxxx.xxx.xxxpredictiveHigh
74Filexxxxx-xxx.xpredictiveMedium
75Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
76Filexxxx_xxxxx.xxxpredictiveHigh
77Filexxxxxxxxx.xpredictiveMedium
78Filexxxxxxx.xxxpredictiveMedium
79Filexxxxxxx_xxxxxxxx.xxxxx.xxxpredictiveHigh
80Filexxxxxx.xxxpredictiveMedium
81Filexxxxxxxxx.xxxpredictiveHigh
82Filexxxxxx.xxxpredictiveMedium
83Filexxx_xxxxxx_xxx_xxxxxx.xpredictiveHigh
84Filexxxxx_xxxxxxxxxxx.xxxpredictiveHigh
85Filexxxxxxxxxxxxx.xxxpredictiveHigh
86Filexxxx/xxxxxxxxxx/xxxxxx-xxxxxxxxx.xpredictiveHigh
87Filexxxxx.xxxpredictiveMedium
88Filexxxxx/xxxxxxxx.xxpredictiveHigh
89Filexxxx.xxxxpredictiveMedium
90Filexxxx-xxxx.xpredictiveMedium
91Filexxxxxx/xxx/xxxx.xpredictiveHigh
92Filexxxxx/predictiveLow
93Filexxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
94Filexxxxxxxxx.xxxpredictiveHigh
95Filexxx.xxxpredictiveLow
96Filexxxx.xpredictiveLow
97Filexxxxx.xxxpredictiveMedium
98Filexxxx.xxxpredictiveMedium
99Filexxxxxxxxxxx.xpredictiveHigh
100Filexxxxxx_xxxxx_xxxxx_xxxxxx.xpredictiveHigh
101Filexxxxx/xxxxxxxxxxxxxxpredictiveHigh
102Filexxxxxx/xxxxxxxxxpredictiveHigh
103Filexxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
104Filexxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
105Filexxxxxxxx/xxxxxx_xxxxxxxxxxx.xxxpredictiveHigh
106Filexxxxx.xxpredictiveMedium
107Filexxxxx.xxxpredictiveMedium
108Filexxxxx.xxx/xxxxx/xxxxxxpredictiveHigh
109Filexxxxx.xxx?xxxxxx=xpredictiveHigh
110Filexxxxx.xxpredictiveMedium
111Filexxxxxxxx.xxxpredictiveMedium
112Filexxxxxxxx/xxx_xxxx_xxxx.xpredictiveHigh
113Filexxxxxxxx/xxx_xxxx_xxx.xpredictiveHigh
114Filexxxxxxxx/xxx_xxxx.xpredictiveHigh
115Filexxxxxxxx/xxx_xxxxx.xpredictiveHigh
116Filexxxxxx.xxxpredictiveMedium
117Filexxxxxxxxxxxxx.xxxxpredictiveHigh
118Filexxxxxxx_xxxxx.xxxpredictiveHigh
119Filexxxxxxxxxx/xxxxxx.xpredictiveHigh
120Filexxxxxxxxxx/xxxxxxx.xpredictiveHigh
121Filexxxxxxxxxx/xxxxxx.xpredictiveHigh
122Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
123Filexxxxxxx/xxxxxxxx.xpredictiveHigh
124Filexxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
125Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxx/xxxxxx_xxxx_xx_xxx?xxx_xxxpredictiveHigh
126Filexxxxxxxxx.xxxpredictiveHigh
127Filexxx.xpredictiveLow
128Filexxx_xxxxxx_xxxxxx.xxpredictiveHigh
129Filexxxxxxxxxx/xxxxxxx.xpredictiveHigh
130Filexxx.xxxpredictiveLow
131FilexxxxxxpredictiveLow
132Filexxxxxxxx.xxxpredictiveMedium
133Filexxxxxxxxx.xpredictiveMedium
134Filexxxxx.xxx.xxxpredictiveHigh
135Filexxxxxxxxxxxxxx.xxxpredictiveHigh
136Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
137Filexxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxx.xxxpredictiveHigh
138Filexxx_xxxxx_xxx/xxx_xxxxx_xxx.xpredictiveHigh
139Filexxx_xxxxx_xxxx.xpredictiveHigh
140Filexxx/xxxx/xxxx_xxxx.xpredictiveHigh
141Filexxxxxxxxxxxxxx.xxxxpredictiveHigh
142Filexxx/xxxxx_xxxx.xpredictiveHigh
143Filexxxxxxxxx/xxxxxxxx-xxxxxxx-xxxxxx-xxxxxxxxpredictiveHigh
144Filexxxxxxx.xxxpredictiveMedium
145Filexxxx_xxx.xpredictiveMedium
146Filexxxxxxxx.xxxpredictiveMedium
147Filexxxxxxxx/xxxx_xxxxpredictiveHigh
148Filexxxx.xxxxxxxxx.xxxpredictiveHigh
149Filexxxxxxx_xxxxxxx/xxxxxxx/xxxxx_xxxxxxxxx.xxxpredictiveHigh
150Filexxxxxxx_xxxxxx.xxxx.xxxpredictiveHigh
151Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
152Filexxxxxx.xxxpredictiveMedium
153Filexxxxxxxxx.xxxpredictiveHigh
154Filexxxx.xxxpredictiveMedium
155Filexxxxx.xxxpredictiveMedium
156Filexxxxxxxx.xxxpredictiveMedium
157Filexxxxxxx.xxxpredictiveMedium
158Filexxxxxxx.xxxpredictiveMedium
159Filexxxxxxxxx/xxxxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
160Filexxxxxxxxxxx.xpredictiveHigh
161Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
162Filexxxxxxxxxxxxxx.xxxpredictiveHigh
163Filexxxx.xpredictiveLow
164Filexxxxxx.xxxpredictiveMedium
165Filexxxxxxxxx.xxxpredictiveHigh
166Filexxxx.xxx/xxxxxxxxxxxxxx.xxxpredictiveHigh
167Filexxxxx_xxxxx_xxxxx.xxxpredictiveHigh
168Filexxxx-xxx/xxxxxxxx.xxx?xxxx=xxxx_xxxx.xxxpredictiveHigh
169Filexxxx-xxxxxxx.xpredictiveHigh
170Filexxxxxxxxx.xxxpredictiveHigh
171Filexxxxx.xxx?xxxx=xxxx_xxx_xxxxxxxpredictiveHigh
172Filexxx_xxx.xxx?xxx=xxx.xxx.x.x&xxxx=xx&xxxx=xxxpredictiveHigh
173Filexxxxxxxxxxxxxxxx.xxpredictiveHigh
174Filexxxxxxx.xxx.xxxpredictiveHigh
175Filexxxxx/xxx/xxxxx.xpredictiveHigh
176Filexxxxxx.xpredictiveMedium
177Filexxxxxxxx.xxxpredictiveMedium
178Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxpredictiveHigh
179Filexxxx-xxxxxx.xxxpredictiveHigh
180Filexxxxxxxx.xpredictiveMedium
181Filexxxxx.xpredictiveLow
182Filexxx/xxxxx_xxxxxx.xxxpredictiveHigh
183Filexxxxxx.xxxpredictiveMedium
184Filexxxxxxxxxxxxx_xxxxx.xxxxpredictiveHigh
185Filexxxxx/xx/xxxxpredictiveHigh
186Filexxxx_xxxxxxx/xxxxxx_xxx.xxxpredictiveHigh
187Filexxxx_xxxxx.xxxpredictiveHigh
188Filexxxx_xxxxxxx.xxxpredictiveHigh
189Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
190Filexxxx/xxx.xxpredictiveMedium
191Filexxxxxxx.xpredictiveMedium
192Filexxx.xpredictiveLow
193Filexxxxxxxx.xxxpredictiveMedium
194Filexxxx_xxxx.xxxxpredictiveHigh
195Filexxxxx-xxxx.xxxpredictiveHigh
196Filexxxxxxxxxxxx.xxxpredictiveHigh
197Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
198Filexxxxxxxxxxxxxx.xxxxpredictiveHigh
199Filexx-xxxxx/xxxxx-xxxx.xxx?xxxx=xxxxxxxxxpredictiveHigh
200Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
201File\xxxxx\xxxx_xxxxxxxx.xxxpredictiveHigh
202File~/xxxxxxxx/xxx_xxxxxxx.xxxpredictiveHigh
203Libraryxxxxxxxxxxx/xxxxxxxxx/xxx/xx_xxxxxxxxx_xxx_xxxxxx.xxxpredictiveHigh
204Libraryxxx_xxxx.xxxpredictiveMedium
205Libraryxxxxxxxxxxxxx.xxxpredictiveHigh
206Libraryxxxxxx.xxxpredictiveMedium
207Libraryxxxxxxx/xxx/xxxxx.xxxxxxxxxxxxxx.xxxpredictiveHigh
208Libraryxxxxxxx.xxxpredictiveMedium
209Libraryxxx/xxxx/xxxxxx.xxxx.xxxpredictiveHigh
210Libraryxxx/xxx/xxxxx.xxpredictiveHigh
211Libraryxxx/xxxxxxxxxx.xxxpredictiveHigh
212Libraryxxx/xxxxxxxxx/xxxxxxxx.xxpredictiveHigh
213Libraryxxxxxxxx.xxxpredictiveMedium
214Libraryxxxxxx.xxxpredictiveMedium
215Libraryxx/xxx.xxx.xxxpredictiveHigh
216Libraryxxxxxxxx/xxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
217Libraryxxxxxxxxxxxx_xxxxxx.xxxpredictiveHigh
218Libraryxxxxx/xxxxxx/xxx/xxxxx/xxxxx.xxxxx_xx.xxxpredictiveHigh
219Libraryxxxxxxxx.xxxpredictiveMedium
220Libraryxxxxxx.xxxpredictiveMedium
221Library_xxx/xxxxx.xxx.xxxpredictiveHigh
222ArgumentxxxxxpredictiveLow
223Argumentxxx_xxpredictiveLow
224Argumentxxxxxx_xxxxxxpredictiveHigh
225ArgumentxxxxpredictiveLow
226Argumentxxx_xxx/xxxxxxx_xxxx_xxx/xxxxxxxx_xx/xxx_xxx/xxxxxxxxpredictiveHigh
227ArgumentxxxxxxxxxpredictiveMedium
228ArgumentxxxpredictiveLow
229Argumentxxx_xxpredictiveLow
230ArgumentxxxxxxxxxxpredictiveMedium
231ArgumentxxxxxxxxxpredictiveMedium
232ArgumentxxxxxxxxxxxxxpredictiveHigh
233ArgumentxxxxxxxxxxxxxpredictiveHigh
234ArgumentxxxxxxxpredictiveLow
235Argumentxxxxxxx-xxxxxxpredictiveHigh
236ArgumentxxxxxxpredictiveLow
237ArgumentxxxxxpredictiveLow
238ArgumentxxxxxxxpredictiveLow
239ArgumentxxxxxxxxxxpredictiveMedium
240Argumentxxxxxxx_xxxx/xxxxxx_xxxx_xxxxxxxxx_xxxxxxx/xxxxxx_xxxx_xxxxxxx_xxxx/xxxx/xxxx #x/xxxxxxxx/xxxxxxxx #x/xxxxxxxpredictiveHigh
241ArgumentxxxxpredictiveLow
242ArgumentxxxxxpredictiveLow
243ArgumentxxxxxxxxxxxpredictiveMedium
244ArgumentxxxpredictiveLow
245ArgumentxxxxxxxxxpredictiveMedium
246ArgumentxxxxxxxpredictiveLow
247Argumentxxxxxx_xxxxpredictiveMedium
248ArgumentxxxxxpredictiveLow
249ArgumentxxxxxxxxxxpredictiveMedium
250ArgumentxxxxxxxxpredictiveMedium
251Argumentxxxx xxxxpredictiveMedium
252ArgumentxxxxxpredictiveLow
253Argumentxxxxxxx_xxxxxxxpredictiveHigh
254Argumentxxxxxx/xxxxxpredictiveMedium
255ArgumentxxxxxxxxpredictiveMedium
256ArgumentxxxxpredictiveLow
257ArgumentxxpredictiveLow
258Argumentxx_xxxpredictiveLow
259Argumentxx_xxx_xxxxpredictiveMedium
260ArgumentxxxxxxxpredictiveLow
261Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxpredictiveHigh
262Argumentxxxx_xxpredictiveLow
263ArgumentxxxxxxxpredictiveLow
264Argumentxxxxxxx_xxxxxxxxpredictiveHigh
265Argumentxxx_xxxxxxx_xxxpredictiveHigh
266Argumentxxxxxxxxxx.xxxxxxxpredictiveHigh
267ArgumentxxxxxxxxxpredictiveMedium
268Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
269ArgumentxxxpredictiveLow
270Argumentxxxxx.xxxxpredictiveMedium
271ArgumentxxxxpredictiveLow
272ArgumentxxxpredictiveLow
273Argumentxxx_xxxxxxxx_x/xxx_xxxxxxxx_xpredictiveHigh
274Argumentxxxx_xxxxxxpredictiveMedium
275Argumentx/xpredictiveLow
276ArgumentxxxxxxpredictiveLow
277ArgumentxxxxxxxxxxpredictiveMedium
278ArgumentxxxxxpredictiveLow
279ArgumentxxxxxxxxpredictiveMedium
280ArgumentxxxxpredictiveLow
281Argumentxxxxx_xxxx_xxxxpredictiveHigh
282ArgumentxxxxxxxpredictiveLow
283ArgumentxxxxxxxxxxpredictiveMedium
284Argumentxx_xxxxpredictiveLow
285ArgumentxxxxpredictiveLow
286ArgumentxxxpredictiveLow
287ArgumentxxxxxpredictiveLow
288ArgumentxxxxxxxxpredictiveMedium
289Argumentxxxxxxxx_xxpredictiveMedium
290ArgumentxxxxxpredictiveLow
291ArgumentxxxxxxxxpredictiveMedium
292ArgumentxxxxxxpredictiveLow
293ArgumentxxxxxxpredictiveLow
294ArgumentxxxxxxpredictiveLow
295Argumentxxxxxxx_xxpredictiveMedium
296ArgumentxxxxxxxxpredictiveMedium
297ArgumentxxxpredictiveLow
298ArgumentxxxxxxxxpredictiveMedium
299Argumentxxxxx xxpredictiveMedium
300Argumentxxxxxxxx_xpredictiveMedium
301Argumentxxxxxx_xxxxpredictiveMedium
302ArgumentxxxxxpredictiveLow
303ArgumentxxpredictiveLow
304Argumentxx_xxxxxpredictiveMedium
305Argumentxxxxxx_xxxpredictiveMedium
306ArgumentxxxpredictiveLow
307ArgumentxxxxpredictiveLow
308ArgumentxxxxpredictiveLow
309Argumentxxxx/xxxxpredictiveMedium
310ArgumentxxxxxxxxpredictiveMedium
311Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
312Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
313Argumentxxxx_xxxxxxpredictiveMedium
314ArgumentxxxxxxxpredictiveLow
315ArgumentxxxxpredictiveLow
316Argumentx-xxxxxxxxx-xxxpredictiveHigh
317ArgumentxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
318Input Value%xx%xxxxx%xx/xxx/xxxxxx%xx%xxpredictiveHigh
319Input Value**@xxxxxxpredictiveMedium
320Input Value--predictiveLow
321Input Value../predictiveLow
322Input Value..//predictiveLow
323Input Value/..\..\..\..\..\..\..\..\..\..\xxxxxx.xxxpredictiveHigh
324Input Valuex%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xxpredictiveHigh
325Input Valuexxxxxxxxxx' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictiveHigh
326Input Value<xxxxx>predictiveLow
327Input Value<xxxxxx>xxxxx(xxx)</xxxxxx>predictiveHigh
328Input ValuexxxxxxpredictiveLow
329Network Portxxx xxxxxpredictiveMedium
330Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh
331Network Portxxx/xxxxpredictiveMedium
332Network Portxxx/xxx (xxxx)predictiveHigh
333Network Portxxx xxxxxx xxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!