Butterfly Analysis

IOB - Indicator of Behavior (341)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en296
de20
es12
pl4
fr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

nl228
us50
de16
ru12
es8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel10
Apache HTTP Server10
WordPress10
Microsoft Windows8
nginx8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.430.25090CVE-2017-0055
2LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable1.390.00000
3Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.750.29797CVE-2014-4078
4nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined5.890.00000CVE-2020-12440
5Vunet VU Web Visitor Analyst redir.asp sql injection7.37.1$0-$5k$0-$5kHighWorkaround0.750.01139CVE-2010-2338
6Apache HTTP Server mod_rewrite redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.210.07767CVE-2020-1927
7MidiCart PHP Shopping Cart item_show.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00000
8ProFTPD mod_sftp/mod_sftp_pam kbdint.c resp_count numeric error7.57.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.040.01319CVE-2013-4359
9MikroTik RouterOS SMB memory corruption8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.110.12131CVE-2018-7445
10DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.610.04187CVE-2010-0966
11MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.700.02800CVE-2007-0354
12Pegasus Imaging ImagXpress ActiveX Control pegasusimaging.activex.thumnailxpress1.dll compactfile path traversal4.84.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.10995CVE-2007-5320
13Google Chrome Unload Event authentication spoofing9.89.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.050.01136CVE-2010-2106
14Openads adclick.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.01213CVE-2007-2046
15onesignal-free-web-push-notifications Plugin cross site scripting3.53.4$0-$5kCalculatingNot DefinedOfficial Fix0.050.00890CVE-2019-15827
16AuYou Wireless Smart Outlet Socket Remote Control Straisand improper authentication6.35.8$5k-$25kCalculatingProof-of-ConceptWorkaround0.040.00000
17Zabbix CControllerAuthenticationUpdate cross-site request forgery3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.250.00885CVE-2021-27927
18Host Web Server phpinfo.php phpinfo information disclosure5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.060.00000
19OpenSSH Readonly Mode sftp-server.c process_open permission5.35.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.070.01537CVE-2017-15906
20OpenSSH GSS2 auth-gss2.c Username information disclosure5.35.2$5k-$25k$5k-$25kNot DefinedWorkaround0.000.05736CVE-2018-15919

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (159)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/broadcast.phppredictiveHigh
2File/admin/sysmon.phppredictiveHigh
3File/cgi-bin/webviewer_login_pagepredictiveHigh
4File/ecrirepredictiveLow
5File/forum/away.phppredictiveHigh
6File/getcfg.phppredictiveMedium
7File/proc/ioportspredictiveHigh
8File/services/details.asppredictiveHigh
9File/tmppredictiveLow
10File/uncpath/predictiveMedium
11File/Upload.ashxpredictiveMedium
12File/var/tmp/sess_*predictiveHigh
13File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveHigh
14Fileactivateuser.aspxpredictiveHigh
15Fileadclick.phppredictiveMedium
16Fileadmin/killsourcepredictiveHigh
17Fileadmin/orion.extfeedbackform_efbf_forms.phppredictiveHigh
18Fileauth-gss2.cpredictiveMedium
19Filexxx/xxx/xxxxxxx.xpredictiveHigh
20Filexxxxx.xxxpredictiveMedium
21Filexxxx.xxxpredictiveMedium
22Filexxxxxxxxxx.xxxpredictiveHigh
23Filexxxxxx.xxxpredictiveMedium
24Filexxxxxx/xxxx/x_xxx.xpredictiveHigh
25Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
26Filexxxxxxx.xxxpredictiveMedium
27Filexxxxxxxxx.xxxpredictiveHigh
28Filexxxxxxxx.xxxpredictiveMedium
29Filexxx/xxx/xxxxxpredictiveHigh
30Filexxxxx.xxxpredictiveMedium
31Filexxxx.xxxpredictiveMedium
32Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveHigh
33Filexxxxxxx.xxxpredictiveMedium
34Filexxx_xxxx.xpredictiveMedium
35Filexxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
36Filexx/xxxxx/xxxxxx.xpredictiveHigh
37Filexxx/xxxxxxxx.xxxpredictiveHigh
38Filexxx/xxxxxx.xxxpredictiveHigh
39Filexxxxxxx/xxxxx/xxx_xxxx.xpredictiveHigh
40Filexxxxx.xxxpredictiveMedium
41Filexxxxxxxxx/xxxxx/xxx_xxx/xxxx.xxxpredictiveHigh
42Filexxxxx.xxxxxxx.xxxpredictiveHigh
43Filexxxx_xxxx.xxxpredictiveHigh
44Filexxx?xxxx.xxxpredictiveMedium
45Filexxxxxx.xpredictiveMedium
46Filexxxxxx-xxx.xxpredictiveHigh
47Filexxxxx.xxxpredictiveMedium
48Filexxxxx.xxxpredictiveMedium
49Filexxxxxxxx.xxxpredictiveMedium
50Filexxx_xxx_xxxxxx.xpredictiveHigh
51Filexxx_xxxxx_xxxx.xpredictiveHigh
52FilexxxxxxpredictiveLow
53Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
54Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveHigh
55Filexxxxxxxx.xxxpredictiveMedium
56Filexxx.xxxpredictiveLow
57Filexxxxxxx.xxxpredictiveMedium
58Filexxxxx.xxxpredictiveMedium
59Filexxxxxxxxxx.xxxpredictiveHigh
60Filexxx_xxxxxx/xxxxxx/xxxxxxxxxxxxpredictiveHigh
61Filexxxxxxx.xxxpredictiveMedium
62Filexxxxx.xxxpredictiveMedium
63Filexxx.xpredictiveLow
64Filexxxxxxxx/xxxxxxxx/xxxxx.xxxpredictiveHigh
65Filexxxx-xxxxxx.xpredictiveHigh
66Filexxxx.xxxpredictiveMedium
67Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
68Filexxxxx-xxxx.xxxpredictiveHigh
69Filexxxxxxxxx.xxxpredictiveHigh
70Filexx.xxxpredictiveLow
71Filexxxxxx.xxxpredictiveMedium
72Filexxxx/xxxxxxxxx.xpredictiveHigh
73Filexxx/xxx/xxx-xxx/xxxx.xxxpredictiveHigh
74Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
75Filexxxx.xxxpredictiveMedium
76Filexxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
77Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
78Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxxxxx-xpredictiveHigh
79Filexx-xxxxxxx/xxxxxxxpredictiveHigh
80Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
81Filexxxxxxxxx.xxxpredictiveHigh
82Filexxxxxx.xxxpredictiveMedium
83Filexxxx/xxxx_xxx_xxxxxx.xpredictiveHigh
84Libraryxxxxxxxx.xxxpredictiveMedium
85Libraryxxxxxxxxxxxx/xxxx/xxxxxxxxxx.xxxpredictiveHigh
86Libraryxxx/xxxxxxx-xxxxxxxxx-x.x.x.xxxpredictiveHigh
87Libraryxxxxxxx/xxx/xxxxxxxxxxxx.xxxpredictiveHigh
88Libraryxxxxxxxxxxxxxx.xxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveHigh
89Libraryxxxxxxx.xxxpredictiveMedium
90Argument-xpredictiveLow
91Argumentxxx_xxxxpredictiveMedium
92ArgumentxxxxxxxxxxxxxxpredictiveHigh
93ArgumentxxxxxxxxpredictiveMedium
94ArgumentxxxxxxpredictiveLow
95ArgumentxxxpredictiveLow
96Argumentxxx_xxpredictiveLow
97ArgumentxxxpredictiveLow
98ArgumentxxxpredictiveLow
99Argumentxxxx_xxpredictiveLow
100Argumentxxxxxxx_xxxx->xxx($xxxxxxxx)predictiveHigh
101ArgumentxxxxxpredictiveLow
102ArgumentxxxxxxxxxxpredictiveMedium
103ArgumentxxxxxxpredictiveLow
104ArgumentxxxxpredictiveLow
105Argumentxxxxx_xxxpredictiveMedium
106Argumentxxxxxxxxx->xxxxxxxxxpredictiveHigh
107ArgumentxxxxxxxxxpredictiveMedium
108ArgumentxxxxpredictiveLow
109ArgumentxxpredictiveLow
110ArgumentxxxxxxpredictiveLow
111Argumentxxxx_xxpredictiveLow
112Argumentxxxx_xxxxxx_xxxxx/xxxx_xxxxxx_xxxx_xxxxxxpredictiveHigh
113Argumentxxxx_xxxx/xxxxxpredictiveHigh
114ArgumentxxxxxpredictiveLow
115ArgumentxxxpredictiveLow
116Argumentxx[xxxx]predictiveMedium
117ArgumentxxxxpredictiveLow
118ArgumentxxpredictiveLow
119Argumentxxxxx/xxpredictiveMedium
120Argumentxxxxx/xxxxxxpredictiveMedium
121ArgumentxxxxxxxpredictiveLow
122ArgumentxxxxxxxxpredictiveMedium
123ArgumentxxxxxxxxpredictiveMedium
124ArgumentxxxxxxpredictiveLow
125ArgumentxxxxpredictiveLow
126ArgumentxxxxpredictiveLow
127ArgumentxxxxxxpredictiveLow
128ArgumentxxxxxxpredictiveLow
129ArgumentxxxxxxxxpredictiveMedium
130Argumentxxxxxxx_xxpredictiveMedium
131ArgumentxxxxxxpredictiveLow
132ArgumentxxxpredictiveLow
133ArgumentxxpredictiveLow
134ArgumentxxxxxxxxxpredictiveMedium
135ArgumentxxxxxxxxxpredictiveMedium
136ArgumentxxxxpredictiveLow
137Argumentxxxx_xxpredictiveLow
138ArgumentxxxpredictiveLow
139ArgumentxxxxxxxxpredictiveMedium
140Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
141Argumentx-xxxxxxxxx-xxxpredictiveHigh
142Input Value%xxx%xxxxxxxxx%xxxxxxx(x)>%xxpredictiveHigh
143Input Value.%xx.../.%xx.../predictiveHigh
144Input Value..\..\xxx.xxxxxxpredictiveHigh
145Input Value/xxxx.xxxpredictiveMedium
146Input ValuexxxxpredictiveLow
147Input Value</xxxxxx><xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
148Input ValuexxxxxpredictiveLow
149Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
150Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
151Input Valuexxx?xxxx.xxxpredictiveMedium
152Input Valuexxxx:xxxxxxpredictiveMedium
153Input Value\xpredictiveLow
154Patternxxxxxxx-xxxxxxxxxxx|xx| xxxx-xxxxpredictiveHigh
155Network Portxx xxxxxxx xxx.xx.xx.xxpredictiveHigh
156Network Portxxxx xxxxpredictiveMedium
157Network Portxxx/xx (xxx)predictiveMedium
158Network Portxxx/xxxxpredictiveMedium
159Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!