Butterfly Analysis

IOB - Indicator of Behavior (418)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en374
de16
es10
fr6
ru4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

nl236
us112
de14
ru8
se8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress18
Microsoft Windows10
Apache HTTP Server8
QNAP QTS8
OpenSSH8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.30CVE-2020-12440
2Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.08CVE-2017-0055
3WordPress redirect_guess_404_permalink information disclosure4.84.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2023-5692
4MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.86CVE-2007-0354
5Vunet VU Web Visitor Analyst redir.asp sql injection7.37.1$0-$5k$0-$5kHighWorkaround0.001190.00CVE-2010-2338
6LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.83
7Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.08CVE-2014-4078
8Apache HTTP Server mod_rewrite redirect6.76.7$5k-$25k$5k-$25kNot DefinedNot Defined0.002580.04CVE-2020-1927
9MidiCart PHP Shopping Cart item_show.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
10ProFTPD mod_sftp/mod_sftp_pam kbdint.c resp_count numeric error7.57.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.019800.05CVE-2013-4359
11MikroTik RouterOS SMB memory corruption8.58.4$0-$5k$0-$5kHighOfficial Fix0.880650.08CVE-2018-7445
12DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.90CVE-2010-0966
13nginx HTTP/2 resource consumption6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.025420.00CVE-2018-16844
14Hospital Management System search.php sql injection7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.001400.04CVE-2022-48120
15CKFinder File Name unrestricted upload7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001550.05CVE-2019-15862
16sitepress-multilingual-cms Plugin class-wp-installer.php cross-site request forgery6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005790.04CVE-2020-10568
17WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.05CVE-2022-21664
18Apache Tomcat JSP File unrestricted upload7.77.5$5k-$25k$0-$5kHighOfficial Fix0.975010.00CVE-2017-12617
19Apache Tomcat CORS Filter Cache Poisoning data authenticity5.85.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.002760.04CVE-2017-7674
20Omron PLC CS/PLC CJ/PLC NJ Brute Force excessive authentication6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.002130.04CVE-2019-18261

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (183)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/broadcast.phppredictiveHigh
2File/admin/sysmon.phppredictiveHigh
3File/cgi-bin/webviewer_login_pagepredictiveHigh
4File/ecrirepredictiveLow
5File/forum/away.phppredictiveHigh
6File/getcfg.phppredictiveMedium
7File/MicroStrategyWS/happyaxis.jsppredictiveHigh
8File/owa/auth/logon.aspxpredictiveHigh
9File/proc/ioportspredictiveHigh
10File/search.phppredictiveMedium
11File/services/details.asppredictiveHigh
12File/tmppredictiveLow
13File/uncpath/predictiveMedium
14File/Upload.ashxpredictiveMedium
15File/usr/sbin/suexecpredictiveHigh
16File/var/tmp/sess_*predictiveHigh
17File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveHigh
18Fileactivateuser.aspxpredictiveHigh
19Fileadclick.phppredictiveMedium
20Fileadmin/killsourcepredictiveHigh
21Fileadmin/orion.extfeedbackform_efbf_forms.phppredictiveHigh
22Filexxxx-xxxx.xpredictiveMedium
23Filexxx/xxx/xxxxxxx.xpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxxx.xxxpredictiveMedium
26Filexxxxxxxxxx.xxxpredictiveHigh
27Filexxxxxx.xxxpredictiveMedium
28Filexxxxxx/xxxx/x_xxx.xpredictiveHigh
29Filexxxx/xxxxxxx/xxxxxxxxpredictiveHigh
30Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
31Filexxxxxxx.xxxpredictiveMedium
32Filexxxxxxxxx.xxxpredictiveHigh
33Filexxxxxxxx.xxxpredictiveMedium
34Filexxx/xxx/xxxxxpredictiveHigh
35Filexxxxx.xxxpredictiveMedium
36Filexxxx.xxxpredictiveMedium
37Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveHigh
38Filexxxxxxx.xxxpredictiveMedium
39Filexxx_xxxx.xpredictiveMedium
40Filexxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
41Filexx/xxxxx/xxxxxx.xpredictiveHigh
42Filexxx/xxxxxxxx.xxxpredictiveHigh
43Filexxx/xxxxxx.xxxpredictiveHigh
44Filexxxxxxx/xxxxx/xxx_xxxx.xpredictiveHigh
45Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictiveHigh
46Filexxxxx.xxxpredictiveMedium
47Filexxxxxxxxx/xxxxx/xxx_xxx/xxxx.xxxpredictiveHigh
48Filexxxxx.xxxxxxx.xxxpredictiveHigh
49Filexxxx_xxxx.xxxpredictiveHigh
50Filexxxxxxxx/xxxxxxxxxpredictiveHigh
51Filexxx?xxxx.xxxpredictiveMedium
52Filexxxxxx.xpredictiveMedium
53Filexxxxxx-xxx.xxpredictiveHigh
54Filexxxxx.xxxpredictiveMedium
55Filexxxxx.xxxpredictiveMedium
56Filexxxxxxxx.xxxpredictiveMedium
57Filexxx_xxx_xxxxxx.xpredictiveHigh
58Filexxx_xxxxx_xxxx.xpredictiveHigh
59FilexxxxxxpredictiveLow
60Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
61Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveHigh
62Filexxxxxxxx.xxxpredictiveMedium
63Filexxx.xxxpredictiveLow
64Filexxxxxxx.xxxpredictiveMedium
65Filexxxxx.xxxpredictiveMedium
66Filexxxxxxxxxx.xxxpredictiveHigh
67Filexxx_xxxxxx/xxxxxx/xxxxxxxxxxxxpredictiveHigh
68Filexxxxxxx.xxxpredictiveMedium
69Filexxxxx.xxxpredictiveMedium
70Filexxxxxxxxxx.xxxpredictiveHigh
71Filexxxx.xxxpredictiveMedium
72Filexxx.xpredictiveLow
73Filexxxxxxxx/xxxxxxxx/xxxxx.xxxpredictiveHigh
74Filexxxxxxxx.xxxpredictiveMedium
75Filexxxx-xxxxxx.xpredictiveHigh
76Filexxxx.xxxpredictiveMedium
77Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
78Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
79Filexxxxx-xxxx.xxxpredictiveHigh
80Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
81Filexxxxxxxxx.xxxpredictiveHigh
82Filexx.xxxpredictiveLow
83Filexxxxxx.xxxpredictiveMedium
84Filexxxxxxxx.xxxpredictiveMedium
85Filexxxx/xxxxxxxxx.xpredictiveHigh
86Filexxx/xxx/xxx-xxx/xxxx.xxxpredictiveHigh
87Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
88Filexxxx-xxx-xxxxx-xxxxx.xxxpredictiveHigh
89Filexxxx.xxxpredictiveMedium
90Filexxxxxxxxx-xxxpredictiveHigh
91Filexxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
92Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
93Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxxxxx-xpredictiveHigh
94Filexx-xxxxxxx/xxxxxxxpredictiveHigh
95Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
96Filexxxxxxxxx.xxxpredictiveHigh
97Filexxxxxx.xxxpredictiveMedium
98Filexxxx/xxxx_xxx_xxxxxx.xpredictiveHigh
99File_xxxxxx.xxxpredictiveMedium
100Libraryxxxxxxxx.xxxpredictiveMedium
101Libraryxxxxxxxxxxxx/xxxx/xxxxxxxxxx.xxxpredictiveHigh
102Libraryxxx/xxxxxxx-xxxxxxxxx-x.x.x.xxxpredictiveHigh
103Libraryxxxxxxx/xxx/xxxxxxxxxxxx.xxxpredictiveHigh
104Libraryxxxxxxxxxxxxxx.xxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveHigh
105Libraryxxxxxxx.xxxpredictiveMedium
106Argument-xpredictiveLow
107Argumentxxx_xxxxpredictiveMedium
108ArgumentxxxxxxxxxxxpredictiveMedium
109ArgumentxxxxxxxxxxxxxxpredictiveHigh
110ArgumentxxxxxxxxpredictiveMedium
111ArgumentxxxxxxpredictiveLow
112ArgumentxxxpredictiveLow
113Argumentxxx_xxpredictiveLow
114ArgumentxxxxxxxpredictiveLow
115ArgumentxxxpredictiveLow
116ArgumentxxxpredictiveLow
117Argumentxxxx_xxpredictiveLow
118Argumentxxxxxxx/xxxxxxpredictiveHigh
119Argumentxxxxxxx_xxxx->xxx($xxxxxxxx)predictiveHigh
120ArgumentxxxxxpredictiveLow
121ArgumentxxxxxxxxxxpredictiveMedium
122ArgumentxxxxxxpredictiveLow
123ArgumentxxxxpredictiveLow
124Argumentxxxxx_xxxpredictiveMedium
125ArgumentxxxxxxpredictiveLow
126Argumentxxxxxxxxx->xxxxxxxxxpredictiveHigh
127ArgumentxxxxpredictiveLow
128ArgumentxxxxxxxxxpredictiveMedium
129ArgumentxxxxpredictiveLow
130ArgumentxxpredictiveLow
131ArgumentxxxxxxxpredictiveLow
132ArgumentxxxxxxpredictiveLow
133Argumentxxxx_xxpredictiveLow
134Argumentxxxx_xxxxxx_xxxxx/xxxx_xxxxxx_xxxx_xxxxxxpredictiveHigh
135Argumentxxxx_xxxx/xxxxxpredictiveHigh
136ArgumentxxxxxpredictiveLow
137ArgumentxxxpredictiveLow
138Argumentxx[xxxx]predictiveMedium
139ArgumentxxxxpredictiveLow
140ArgumentxxpredictiveLow
141Argumentxxxxx/xxpredictiveMedium
142Argumentxxxxx/xxxxxxpredictiveMedium
143ArgumentxxxxxxxpredictiveLow
144ArgumentxxxxpredictiveLow
145ArgumentxxxxxxxxpredictiveMedium
146ArgumentxxxxxxxxpredictiveMedium
147ArgumentxxxxxxpredictiveLow
148ArgumentxxxxpredictiveLow
149ArgumentxxxxpredictiveLow
150ArgumentxxxxxxpredictiveLow
151ArgumentxxxxxxpredictiveLow
152ArgumentxxxxxxxxpredictiveMedium
153Argumentxxxxxxx_xxpredictiveMedium
154ArgumentxxxxxxpredictiveLow
155ArgumentxxxpredictiveLow
156ArgumentxxpredictiveLow
157ArgumentxxxxxxxxxpredictiveMedium
158ArgumentxxxxxxxxxpredictiveMedium
159ArgumentxxxxpredictiveLow
160Argumentxxxx_xxpredictiveLow
161ArgumentxxxpredictiveLow
162ArgumentxxxxxxxxpredictiveMedium
163Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
164Argumentx-xxxxxxxxx-xxxpredictiveHigh
165Argumentx-xxxxxxxxx-xxxxpredictiveHigh
166Input Value%xxx%xxxxxxxxx%xxxxxxx(x)>%xxpredictiveHigh
167Input Value.%xx.../.%xx.../predictiveHigh
168Input Value..\..\xxx.xxxxxxpredictiveHigh
169Input Value/xxxx.xxxpredictiveMedium
170Input ValuexxxxpredictiveLow
171Input Value</xxxxxx><xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
172Input ValuexxxxxpredictiveLow
173Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
174Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
175Input Valuexxx?xxxx.xxxpredictiveMedium
176Input Valuexxxx:xxxxxxpredictiveMedium
177Input Value\xpredictiveLow
178Patternxxxxxxx-xxxxxxxxxxx|xx| xxxx-xxxxpredictiveHigh
179Network Portxx xxxxxxx xxx.xx.xx.xxpredictiveHigh
180Network Portxxxx xxxxpredictiveMedium
181Network Portxxx/xx (xxx)predictiveMedium
182Network Portxxx/xxxxpredictiveMedium
183Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!