Butterfly Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (420)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en358
de22
es14
ru8
fr8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

NL: Netherland242
US: USA110
DE: Germany18
RU: Russia10
OM: Oman8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Butterfly4
Charming Kitten1
Mylobot1
Dorkbot1
CyberGate1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined122
Content Management System28
WordPress Plugin22
Web Server22
Operating System18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined132
Microsoft28
Apache26
D-Link14
Linux10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache HTTP Server14
WordPress10
Linux Kernel10
QNAP QTS8
Apache Tomcat8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.92CVE-2020-12440
2Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.06CVE-2017-0055
3WordPress redirect_guess_404_permalink information disclosure4.84.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.05CVE-2023-5692
4MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013022.91CVE-2007-0354
5Vunet VU Web Visitor Analyst redir.asp sql injection7.37.1$0-$5k$0-$5kHighWorkaround0.001190.08CVE-2010-2338
6LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.24
7Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.12CVE-2014-4078
8Apache HTTP Server mod_rewrite redirect6.76.7$5k-$25k$5k-$25kNot DefinedNot Defined0.002580.05CVE-2020-1927
9MidiCart PHP Shopping Cart item_show.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.05
10ProFTPD mod_sftp/mod_sftp_pam kbdint.c resp_count numeric error7.57.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.023370.05CVE-2013-4359
11MikroTik RouterOS SMB memory corruption8.58.4$0-$5k$0-$5kHighOfficial Fix0.854760.04CVE-2018-7445
12DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.32CVE-2010-0966
13nginx HTTP/2 resource consumption6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.025420.04CVE-2018-16844
14Hospital Management System search.php sql injection7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.001390.05CVE-2022-48120
15CKFinder File Name unrestricted upload7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001550.04CVE-2019-15862
16sitepress-multilingual-cms Plugin class-wp-installer.php cross-site request forgery6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005790.04CVE-2020-10568
17WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.04CVE-2022-21664
18Apache Tomcat JSP File unrestricted upload7.77.5$5k-$25k$0-$5kHighOfficial Fix0.975010.06CVE-2017-12617
19Apache Tomcat CORS Filter Cache Poisoning data authenticity5.85.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.002760.04CVE-2017-7674
20Omron PLC CS/PLC CJ/PLC NJ Brute Force excessive authentication6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.002130.04CVE-2019-18261

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
146.165.237.75Butterfly12/24/2020verifiedLow
2XX.XXX.XXX.XXXxxxxxx.xxxxxxxxxx.xxxXxxxxxxxx12/24/2020verifiedLow
3XXX.XXX.XXX.XXxxxxxxxx12/24/2020verifiedLow
4XXX.XX.X.XXXxxx-xx-x-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxxxxxx12/24/2020verifiedVery Low

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94, CWE-1321Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-120CWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx XxxxxxxxpredictiveHigh
15TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
18TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (187)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/broadcast.phppredictiveHigh
2File/admin/sysmon.phppredictiveHigh
3File/cgi-bin/webviewer_login_pagepredictiveHigh
4File/devinfopredictiveMedium
5File/ecrirepredictiveLow
6File/forum/away.phppredictiveHigh
7File/getcfg.phppredictiveMedium
8File/MicroStrategyWS/happyaxis.jsppredictiveHigh
9File/owa/auth/logon.aspxpredictiveHigh
10File/proc/ioportspredictiveHigh
11File/search.phppredictiveMedium
12File/services/details.asppredictiveHigh
13File/tmppredictiveLow
14File/uncpath/predictiveMedium
15File/Upload.ashxpredictiveMedium
16File/usr/sbin/suexecpredictiveHigh
17File/var/tmp/sess_*predictiveHigh
18File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveHigh
19Fileactivateuser.aspxpredictiveHigh
20Fileadclick.phppredictiveMedium
21Fileadmin/killsourcepredictiveHigh
22Filexxxxx/xxxxx.xxxxxxxxxxxxxxx_xxxx_xxxxx.xxxpredictiveHigh
23Filexxxx-xxxx.xpredictiveMedium
24Filexxx/xxx/xxxxxxx.xpredictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexxxx.xxxpredictiveMedium
27Filexxxxxxxxxx.xxxpredictiveHigh
28Filexxxxxx.xxxpredictiveMedium
29Filexxxxxx/xxxx/x_xxx.xpredictiveHigh
30Filexxxx/xxxxxxx/xxxxxxxxpredictiveHigh
31Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxxx.xxxpredictiveMedium
33Filexxxxxxxxx.xxxpredictiveHigh
34Filexxxxxxxx.xxxpredictiveMedium
35Filexxx/xxx/xxxxxpredictiveHigh
36Filexxxxx.xxxpredictiveMedium
37Filexxxx.xxxpredictiveMedium
38Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveHigh
39Filexxxxxxx.xxxpredictiveMedium
40Filexxx_xxxx.xpredictiveMedium
41Filexxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
42Filexx/xxxxx/xxxxxx.xpredictiveHigh
43Filexxx/xxxxxxxx.xxxpredictiveHigh
44Filexxx/xxxxxx.xxxpredictiveHigh
45Filexxxxxxx/xxxxx/xxx_xxxx.xpredictiveHigh
46Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictiveHigh
47Filexxxxx.xxxpredictiveMedium
48Filexxxxxxxxx/xxxxx/xxx_xxx/xxxx.xxxpredictiveHigh
49Filexxxxx.xxxxxxx.xxxpredictiveHigh
50Filexxxx_xxxx.xxxpredictiveHigh
51Filexxxxxxxx/xxxxxxxxxpredictiveHigh
52Filexxx?xxxx.xxxpredictiveMedium
53Filexxxxxx.xpredictiveMedium
54Filexxxxxx-xxx.xxpredictiveHigh
55Filexxxxx.xxxpredictiveMedium
56Filexxxxx.xxxpredictiveMedium
57Filexxxxxxxx.xxxpredictiveMedium
58Filexxx_xxx_xxxxxx.xpredictiveHigh
59Filexxx_xxxxx_xxxx.xpredictiveHigh
60FilexxxxxxpredictiveLow
61Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
62Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveHigh
63Filexxxxxxxx.xxxpredictiveMedium
64Filexxx.xxxpredictiveLow
65Filexxxxxxx.xxxpredictiveMedium
66Filexxxxx.xxxpredictiveMedium
67Filexxxxxxxxxx.xxxpredictiveHigh
68Filexxx_xxxxxx/xxxxxx/xxxxxxxxxxxxpredictiveHigh
69Filexxxxxxx.xxxpredictiveMedium
70Filexxxxx.xxxpredictiveMedium
71Filexxxxxxxxxx.xxxpredictiveHigh
72Filexxxx.xxxpredictiveMedium
73Filexxx.xpredictiveLow
74Filexxxxxxxx/xxxxxxxx/xxxxx.xxxpredictiveHigh
75Filexxxxxxxx.xxxpredictiveMedium
76Filexxxx-xxxxxx.xpredictiveHigh
77Filexxxx.xxxpredictiveMedium
78Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
79Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
80Filexxxxx-xxxx.xxxpredictiveHigh
81Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
82Filexxxxxxxxx.xxxpredictiveHigh
83Filexx.xxxpredictiveLow
84Filexxxxxx.xxxpredictiveMedium
85Filexxxxxxxx.xxxpredictiveMedium
86Filexxxxx.xxxpredictiveMedium
87Filexxxx/xxxxxxxxx.xpredictiveHigh
88Filexxx/xxx/xxx-xxx/xxxx.xxxpredictiveHigh
89Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
90Filexxxx-xxx-xxxxx-xxxxx.xxxpredictiveHigh
91Filexxxx.xxxpredictiveMedium
92Filexxxxxxxxx-xxxpredictiveHigh
93Filexxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
94Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
95Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxxxxx-xpredictiveHigh
96Filexx-xxxxxxx/xxxxxxxpredictiveHigh
97Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
98Filexxxxxxxxx.xxxpredictiveHigh
99Filexxxxxx.xxxpredictiveMedium
100Filexxxx/xxxx_xxx_xxxxxx.xpredictiveHigh
101File_xxxxxx.xxxpredictiveMedium
102Libraryxxxxxxxx.xxxpredictiveMedium
103Libraryxxxxxxxxxxxx/xxxx/xxxxxxxxxx.xxxpredictiveHigh
104Libraryxxx/xxxxxxx-xxxxxxxxx-x.x.x.xxxpredictiveHigh
105Libraryxxxxxxx/xxx/xxxxxxxxxxxx.xxxpredictiveHigh
106Libraryxxxxxxxxxxxxxx.xxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveHigh
107Libraryxxxxxxx.xxxpredictiveMedium
108Argument-xpredictiveLow
109Argumentxxx_xxxxpredictiveMedium
110ArgumentxxxxxxxxxxxpredictiveMedium
111ArgumentxxxxpredictiveLow
112ArgumentxxxxxxxxxxxxxxpredictiveHigh
113ArgumentxxxxxxxxpredictiveMedium
114ArgumentxxxxxxpredictiveLow
115ArgumentxxxpredictiveLow
116Argumentxxx_xxpredictiveLow
117ArgumentxxxxxxxpredictiveLow
118ArgumentxxxpredictiveLow
119ArgumentxxxpredictiveLow
120Argumentxxxx_xxpredictiveLow
121Argumentxxxxxxx/xxxxxxpredictiveHigh
122Argumentxxxxxxx_xxxx->xxx($xxxxxxxx)predictiveHigh
123ArgumentxxxxxpredictiveLow
124ArgumentxxxxxxxxxxpredictiveMedium
125ArgumentxxxxxxpredictiveLow
126ArgumentxxxxpredictiveLow
127Argumentxxxxx_xxxpredictiveMedium
128ArgumentxxxxxxpredictiveLow
129Argumentxxxxxxxxx->xxxxxxxxxpredictiveHigh
130ArgumentxxxxpredictiveLow
131ArgumentxxxxxxxxxpredictiveMedium
132ArgumentxxxxpredictiveLow
133ArgumentxxpredictiveLow
134ArgumentxxxxxxxpredictiveLow
135ArgumentxxxxxxpredictiveLow
136Argumentxxxx_xxpredictiveLow
137Argumentxxxx_xxxxxx_xxxxx/xxxx_xxxxxx_xxxx_xxxxxxpredictiveHigh
138Argumentxxxx_xxxx/xxxxxpredictiveHigh
139ArgumentxxxxxpredictiveLow
140ArgumentxxxpredictiveLow
141Argumentxx[xxxx]predictiveMedium
142ArgumentxxxxpredictiveLow
143ArgumentxxpredictiveLow
144Argumentxxxxx/xxpredictiveMedium
145Argumentxxxxx/xxxxxxpredictiveMedium
146ArgumentxxxxxxxpredictiveLow
147ArgumentxxxxpredictiveLow
148ArgumentxxxxxxxxpredictiveMedium
149ArgumentxxxxxxxxpredictiveMedium
150ArgumentxxxxxxpredictiveLow
151ArgumentxxxxpredictiveLow
152ArgumentxxxxpredictiveLow
153ArgumentxxxxxxpredictiveLow
154ArgumentxxxxxxpredictiveLow
155ArgumentxxxxxxxxpredictiveMedium
156Argumentxxxxxxx_xxpredictiveMedium
157ArgumentxxxxxxpredictiveLow
158ArgumentxxxpredictiveLow
159ArgumentxxpredictiveLow
160ArgumentxxxxxxxxxpredictiveMedium
161ArgumentxxxxxxxxxpredictiveMedium
162ArgumentxxxxpredictiveLow
163Argumentxxxx_xxpredictiveLow
164ArgumentxxxpredictiveLow
165ArgumentxxxxxxxxpredictiveMedium
166Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
167Argumentx-xxxxxxxxx-xxxpredictiveHigh
168Argumentx-xxxxxxxxx-xxxxpredictiveHigh
169Input Value%xxx%xxxxxxxxx%xxxxxxx(x)>%xxpredictiveHigh
170Input Value.%xx.../.%xx.../predictiveHigh
171Input Value..\..\xxx.xxxxxxpredictiveHigh
172Input Value/xxxx.xxxpredictiveMedium
173Input ValuexxxxpredictiveLow
174Input Value</xxxxxx><xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
175Input ValuexxxxxpredictiveLow
176Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
177Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
178Input Valuexxx?xxxx.xxxpredictiveMedium
179Input Valuexxxxxx|xxx|xxxxxxxpredictiveHigh
180Input Valuexxxx:xxxxxxpredictiveMedium
181Input Value\xpredictiveLow
182Patternxxxxxxx-xxxxxxxxxxx|xx| xxxx-xxxxpredictiveHigh
183Network Portxx xxxxxxx xxx.xx.xx.xxpredictiveHigh
184Network Portxxxx xxxxpredictiveMedium
185Network Portxxx/xx (xxx)predictiveMedium
186Network Portxxx/xxxxpredictiveMedium
187Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!