Carbanak Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (208)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en134
ru24
de20
zh8
es6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

RU: Russia78
US: USA76
DE: Germany8
IR: Iran6
FR: France4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

BianLian3
Carbanak3
Cobalt Strike2
Havoc2
Loda1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined76
Content Management System12
Web Server12
Operating System10
Groupware Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined54
Microsoft16
SourceCodester10
F56
Oracle4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows10
Microsoft Exchange Server4
SeedDMS4
Sentraweb Indexu2
Fortinet FortiADC2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1MGB OpenSource Guestbook email.php sql injection7.37.3$2k-$5k$0-$1kHighUnavailablepossible0.018020.00CVE-2007-0354
2DUware DUpaypal detail.asp sql injection7.36.6$2k-$5k$0-$1kProof-of-ConceptNot defined 0.017070.06CVE-2006-6365
3WP-Planet Plugin magpie_debug.php cross site scripting5.75.7$1k-$2k$0-$1kNot definedNot defined 0.016060.00CVE-2014-4592
4Safe Exam Browser Clipboard Management information disclosure5.75.7$0-$1k$0-$1kNot definedOfficial fix 0.001030.07CVE-2024-37742
5Oicgroup CMS magpie_debug.php cross site scripting4.34.2$1k-$2k$0-$1kHighUnavailablepossible0.017050.04CVE-2007-2337
6Allegro RomPager memory corruption7.36.4$2k-$5k$0-$1kUnprovenOfficial fix 0.057040.04CVE-2014-9223
7Tiki Admin Password tiki-login.php improper authentication8.07.7$1k-$2k$0-$1kNot definedOfficial fixexpected0.869681.42CVE-2020-15906
8TikiWiki tiki-register.php input validation7.36.6$2k-$5k$0-$1kProof-of-ConceptOfficial fix 0.042771.71CVE-2006-6168
9PAD Site Scripts rss.php cross site scripting4.34.1$0-$1k$0-$1kProof-of-ConceptNot defined 0.001380.00CVE-2009-3191
10Microsoft Windows rndismp6.sys untrusted pointer dereference6.86.2$10k-$25k$10k-$25kUnprovenOfficial fix 0.004940.00CVE-2024-26252
11F5 NGINX Service Mesh Control Plane Endpoint missing authentication6.46.2$2k-$5k$0-$1kNot definedOfficial fix 0.001140.00CVE-2022-27495
12Apache Tomcat JNDI Realm improper authentication5.55.5$5k-$10k$2k-$5kNot definedNot defined 0.002510.00CVE-2021-30640
13Huawei SXXX VRP MPLS LSP Ping information disclosure5.35.1$5k-$10k$0-$1kNot definedOfficial fix 0.001110.00CVE-2014-8570
14hyper Crate Transfer-Encoding integer overflow5.35.1$2k-$5k$0-$1kNot definedOfficial fix 0.003990.00CVE-2021-32714
15Microsoft Windows Remote Desktop Protocol Client information disclosure5.85.3$25k-$50k$5k-$10kUnprovenOfficial fix 0.008270.00CVE-2023-28267
16nginx request smuggling6.96.9$2k-$5k$0-$1kNot definedNot defined 0.000000.24CVE-2020-12440
17Porto Plugin porto_ajax_posts file inclusion6.36.1$1k-$2k$1k-$2kNot definedNot definedpossible0.409320.00CVE-2024-3806
18apusthemes WP Job Board Pro Plugin privileges assignment9.89.6$2k-$5k$2k-$5kNot definedNot defined 0.000730.06CVE-2024-12213
19Jaws magpie_debug.php cross site scripting4.34.1$0-$1k$0-$1kHighOfficial fixpossible0.064130.07CVE-2005-3955
20phpMyAdmin preg_replace code injection9.89.6$10k-$25k$0-$1kHighOfficial fixpossible0.776930.00CVE-2016-5734

Campaigns (3)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (181)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.1.83.133mail.printonrug.comCarbanak12/16/2020verifiedLow
25.45.179.173mail.kincoss.infoCarbanak12/23/2020verifiedLow
35.45.179.185Carbanak12/23/2020verifiedLow
45.45.192.117Carbanak12/23/2020verifiedLow
55.61.32.118Carbanak12/16/2020verifiedLow
65.61.38.52Carbanak12/16/2020verifiedLow
75.101.146.1843928081.securefastserver.comCarbanak12/16/2020verifiedLow
85.135.111.89Carbanak12/16/2020verifiedLow
95.199.169.188Carbanak12/16/2020verifiedLow
1010.74.5.100Carbanak12/16/2020verifiedLow
1123.227.196.9923-227-196-99.static.hvvc.usCarbanak12/23/2020verifiedLow
1231.3.155.123swe-net-ip.as51430.netCarbanak12/23/2020verifiedLow
1331.131.17.79Carbanak12/16/2020verifiedLow
1431.131.17.81Carbanak12/16/2020verifiedLow
1531.131.17.125Carbanak12/16/2020verifiedLow
1631.131.17.128Carbanak12/23/2020verifiedLow
1737.46.114.148bg.as51430.netCarbanak12/16/2020verifiedLow
1837.59.202.124ip124.ip-37-59-202.euCarbanak12/16/2020verifiedLow
1937.235.54.4848.54.235.37.in-addr.arpaCarbanak12/16/2020verifiedLow
2045.63.23.13545.63.23.135.vultr.comCarbanak12/23/2020verifiedVery Low
2145.63.96.21645.63.96.216.vultr.comCarbanak12/23/2020verifiedVery Low
2245.140.146.184vm237488.pq.hostingFIN7Carbanak12/27/2022verifiedLow
2350.62.171.62ip-50-62-171-62.ip.secureserver.netCarbanak12/23/2020verifiedLow
2450.115.127.3650.115.127.36.static.westdc.netCarbanak12/16/2020verifiedLow
2550.115.127.37mail.ingrampartners.comCarbanak12/16/2020verifiedLow
2651.254.95.99ip99.ip-51-254-95.euCarbanak12/23/2020verifiedLow
2751.254.95.100ip100.ip-51-254-95.euCarbanak12/23/2020verifiedLow
2855.198.6.56Carbanak12/16/2020verifiedLow
2959.55.142.171Carbanak12/23/2020verifiedLow
3060.228.38.213cpe-60-228-38-213.bpe6-r-962.pie.wa.bigpond.net.auCarbanak12/23/2020verifiedLow
31XX.X.XXX.XXXxxxxxxx12/16/2020verifiedLow
32XX.XX.XXX.XXXxxxxxxx.xxxxxxxxxxxxxx.xxXxxxxxxx12/16/2020verifiedLow
33XX.XXX.XX.XXXxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxXxxxx Xxxx12/23/2020verifiedLow
34XX.XX.XXX.XXXXxxxxxxx12/16/2020verifiedLow
35XX.XX.XXX.XXxx-xx-xxx-xx.xxxxxx.xxxXxxxxxxx12/16/2020verifiedLow
36XX.XXX.XXX.XXXxxxxxxxx.xxxxxxxxxx.xxxXxxxxxxx12/23/2020verifiedVery Low
37XX.XXX.XXX.XXXx-xx-xxx-xxx-xxx.xxxx.xx.xxxxxxxxxxxxxx.xxxXxxxxxxx12/16/2020verifiedLow
38XX.XX.XX.XXXxxxxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx12/16/2020verifiedLow
39XX.XX.XXX.XXx-xx-xx-xxx-xx.xxxx.xx.xxxxxxx.xxxXxxxxxxx12/23/2020verifiedLow
40XX.XXX.XX.XXxx.xx.xxx.xx.xxxxxx.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx12/23/2020verifiedLow
41XX.XXX.XX.XXXxxxxxxx12/23/2020verifiedLow
42XX.XXX.XXX.XXXXxxxxxxx12/16/2020verifiedLow
43XX.XXX.XX.XXXxxxxxxx12/23/2020verifiedLow
44XX.XXX.XX.XXXxxxxxxx12/23/2020verifiedLow
45XX.XXX.XX.XXXXxxxxxxx12/23/2020verifiedLow
46XX.XXX.XX.XXXXxxxxxxx12/23/2020verifiedLow
47XX.XXX.XXX.XXxxxxxxx12/16/2020verifiedLow
48XX.XX.X.XXXxx-xx-x-xxx-xxxxxx.xxxxxx.xxxXxxxxxxx12/16/2020verifiedLow
49XX.XX.XXX.XXXxxxxxxxxxxx.xxxXxxxxxxx12/23/2020verifiedLow
50XX.XX.XXX.XXXxxxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx12/23/2020verifiedLow
51XX.XX.XX.XXxx-xx-xx-xx.xxxxxxxxxx.xxxxxxxxxx.xxx.xxXxxxxxxxXxxxx Xxxx12/23/2020verifiedLow
52XX.XX.XX.XXxx-xx-xx-xx.xxxxxxxxxx.xxxxxxxxxx.xxx.xxXxxxxxxxXxxxx Xxxx12/23/2020verifiedLow
53XX.X.XXX.XXXxxxxxxxx.xxxx.xxXxxxxxxx12/16/2020verifiedLow
54XX.XX.XX.XXXXxxxxxxxXxxxx Xxxx12/23/2020verifiedLow
55XX.XXX.XX.XXXxxxxxxxxxxx.xxxxxxxxxxx.xxxXxxxxxxx12/23/2020verifiedLow
56XX.XX.XX.XXXxx.xxxxxx.xxXxxxxxxx12/16/2020verifiedLow
57XX.XXX.XXX.XXXXxxxxxxx12/16/2020verifiedLow
58XX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxx.xxxxx.xxXxxxxxxx12/23/2020verifiedVery Low
59XX.XXX.XX.XXXxxxxxxx12/16/2020verifiedLow
60XX.XXX.X.XXXXxxxxxxx12/23/2020verifiedLow
61XX.XX.XX.XXXxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxx12/16/2020verifiedLow
62XX.XX.XXX.XXXxxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxx12/16/2020verifiedLow
63XX.XX.XXX.XXXxxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxx12/16/2020verifiedLow
64XX.XXX.XXX.XXXXxxxxxxx12/23/2020verifiedLow
65XX.XX.X.XXXxxxxxxx12/23/2020verifiedLow
66XX.XX.XXX.XXxxxx.xx-xx-xx-xxx.xxXxxxxxxx12/16/2020verifiedLow
67XX.XX.XXX.Xxxxx.xxxxxx.xxXxxxxxxx12/23/2020verifiedLow
68XX.XXX.X.XXXXxxxxxxx12/16/2020verifiedLow
69XX.XXX.XX.XXXxxxxxxx12/23/2020verifiedLow
70XX.XXX.XXX.XXXXxxxxxxx12/23/2020verifiedLow
71XX.XXX.XXX.XXXxxxxxx.xx-xxx-xxx-xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxx12/16/2020verifiedVery Low
72XX.XXX.XX.XXXXxxxxxxx07/15/2024verifiedVery High
73XX.XXX.XX.XXXxxxxxxx12/23/2020verifiedLow
74XX.XXX.XXX.XXxxxxxxxXxxxx Xxxx12/23/2020verifiedLow
75XX.XXX.XXX.XXxxxxxxxXxxxx Xxxx12/23/2020verifiedLow
76XX.XXX.XXX.XXXxxxxxxx12/16/2020verifiedLow
77XX.XXX.XXX.XXXxxxxxxx12/16/2020verifiedLow
78XX.XXX.XXX.XXXxxxxxxx12/16/2020verifiedLow
79XX.XXX.XXX.XXXxxxxxxx12/16/2020verifiedLow
80XX.XXX.XXX.XXXxxxxxxx12/16/2020verifiedLow
81XX.XXX.XXX.XXXxxxxxxx12/16/2020verifiedLow
82XX.XXX.XXX.XXXxxxxxxx12/16/2020verifiedLow
83XX.XX.XX.XXXxxxxxxxxxxx.xxx.xxXxxxxxxx12/16/2020verifiedLow
84XX.XX.XXX.XXXxxxxxxxxxxx.xxx.xxXxxxxxxx12/16/2020verifiedLow
85XX.XXX.XXX.XXXXxxxxxxx12/23/2020verifiedLow
86XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxx.xxXxxxxxxx12/16/2020verifiedLow
87XX.X.XXX.XXXxx.x.xxx.xxx.xxxxxx.xxxxx.xxx.xxXxxxxxxx12/16/2020verifiedLow
88XX.XX.XX.XXXXxxxxxxx12/23/2020verifiedLow
89XX.XXX.XX.XXXxxxxxxxXxxxx Xxxx12/23/2020verifiedLow
90XX.XXX.XX.XXXxxxxxxxXxxxx Xxxx12/23/2020verifiedLow
91XX.XXX.XX.XXXxxxxxx.xxxxxxxxx.xxxxxxxXxxxxxxx12/23/2020verifiedLow
92XX.XXX.XX.XXXxxxxxx.xxxxxxx.xxXxxxxxxx12/23/2020verifiedLow
93XX.XXX.XX.XXxx-xx.xxxxx.xxxxxxxxxx.xxXxxxxxxx12/23/2020verifiedLow
94XX.XXX.XX.XXxxxxxx-xx.xxxxxxxxxx.xxXxxxxxxx12/23/2020verifiedVery Low
95XX.XXX.XX.XXxxxxxx-xx.xxxxxxxxxx.xxXxxxxxxx12/23/2020verifiedVery Low
96XX.XXX.XX.XXxx.xxxxxxxx.xxx.xxxxxxxx.xxXxxxxxxxXxxxxx12/23/2020verifiedLow
97XX.XXX.XX.XXXxxxxxxx12/23/2020verifiedLow
98XX.XXX.XX.XXXXxxxxxxx12/23/2020verifiedLow
99XX.XXX.XX.XXXXxxxxxxx12/23/2020verifiedLow
100XX.XXX.XX.XXxxxxxxx12/23/2020verifiedLow
101XX.XXX.XX.XXXxxxxxxx12/23/2020verifiedLow
102XX.XXX.XX.XXxxxxxxxx.xxXxxxxxxx12/23/2020verifiedLow
103XX.XXX.XX.XXXXxxxxxxx12/23/2020verifiedLow
104XX.XXX.XX.XXXXxxxxxxxXxxxx Xxxx12/23/2020verifiedLow
105XX.XXX.XX.XXXXxxxxxxxXxxxx Xxxx12/23/2020verifiedLow
106XX.XXX.XX.XXXxx-xxx.xxxxxx.xxxxxx.xxXxxxxxxxXxxxx Xxxx12/23/2020verifiedLow
107XX.XXX.XX.XXXxxx.xx.xxx.xxxxxxxxx.xxxxxx.xxXxxxxxxxXxxxx Xxxx12/23/2020verifiedLow
108XX.XXX.XX.XXXxxxxx.xxxxxxxx.xxxXxxxxxxx12/23/2020verifiedLow
109XX.XXX.XX.XXXxxx-xx-xxx-xx.xxxx.xxxxx.xxxXxxxxxxx12/23/2020verifiedVery Low
110XX.XXX.XX.XXXxxxx.xxxxxxxxxxxxx.xxxxXxxxxxxx12/23/2020verifiedLow
111XX.XXX.XXX.XXXXxxxxxxx12/23/2020verifiedLow
112XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxx.xxxXxxxxxxx12/16/2020verifiedVery Low
113XXX.XX.X.XXXxxxxxxxx.xxxx.xxxXxxxxxxx12/16/2020verifiedVery Low
114XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxx-xx.xxxxx.xxxXxxxxxxx12/16/2020verifiedLow
115XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxx-xxxxxx-xxx.xxx.xxxx.xxxXxxxxxxx12/23/2020verifiedLow
116XXX.XX.XXX.XXXxxxxxxx12/16/2020verifiedLow
117XXX.XXX.XX.Xxxxxxx.x.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxx12/16/2020verifiedVery Low
118XXX.XX.XXX.XXXXxxxxxxx12/16/2020verifiedLow
119XXX.XX.XXX.Xxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxx07/15/2024verifiedVery High
120XXX.XXX.XXX.XXXxxxxxxx12/23/2020verifiedLow
121XXX.XX.XXX.XXXxxxxx.xxxx.xxXxxxxxxx12/16/2020verifiedLow
122XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxx.xxXxxxxxxx12/23/2020verifiedLow
123XXX.XXX.XXX.XXXxxxxxxx12/16/2020verifiedLow
124XXX.XXX.XXX.XXXxxxxxx.xxxxxxxxxx.xxxxx.xxXxxxxxxx12/16/2020verifiedLow
125XXX.XXX.XX.XXxxxxxx.xx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxXxxxx Xxxx12/23/2020verifiedVery Low
126XXX.XX.X.XXXxxxxxxx12/23/2020verifiedLow
127XXX.XX.XXX.XXXxxxxxxx12/23/2020verifiedLow
128XXX.XXX.XXX.XXxx.xxx.xxx.xxx.xx-xxxx.xxxxXxxxxxxx12/16/2020verifiedLow
129XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xx-xxxx.xxxxXxxxxxxx12/16/2020verifiedLow
130XXX.XXX.XXX.XXXXxxxxxxx07/15/2024verifiedVery High
131XXX.XXX.XX.XXXxx-xxx-xxx-xx-xxx.xx.xxxxxxxxxxxx.xxxXxxxxxxx12/16/2020verifiedLow
132XXX.XXX.XXX.XXXXxxxxxxx12/16/2020verifiedLow
133XXX.XXX.XXX.XXXXxxxxxxx12/16/2020verifiedLow
134XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxXxxxxxxx12/23/2020verifiedLow
135XXX.XX.XXX.XXxxxxxxxx.xx.xxxxxxxXxxxxxxx05/22/2023verifiedMedium
136XXX.XX.XXX.XXxxxxxxxxx.xxxXxxxxxxxXxxxx Xxxx12/23/2020verifiedLow
137XXX.XX.XXX.XXxxxxxx-xxxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxXxxxx Xxxx12/23/2020verifiedLow
138XXX.XX.XX.XXxxx-xx-xx-x.xx.xxx.xxxxx-xxxxx.xxxxxxxxxx.xxxXxxxxxxx12/23/2020verifiedLow
139XXX.XX.XX.XXxxx-xxx-xx.xxxxxxx.xxxXxxxxxxx12/16/2020verifiedLow
140XXX.XX.XX.XXXxxx.xxxxxxxxxxx.xxx.xxXxxxxxxx12/16/2020verifiedLow
141XXX.XX.X.XXxx-x-xx.xxxxxxxx.xxXxxxxxxx12/23/2020verifiedLow
142XXX.XX.X.XXxx-x-xx.xxxxxxxx.xxXxxxxxxx12/23/2020verifiedLow
143XXX.XX.XXX.XXXxxxxxxx12/23/2020verifiedLow
144XXX.XX.XXX.XXXx-xxxxxxxxxxxx.xx.xxxxXxxxxxxx12/23/2020verifiedLow
145XXX.XX.XXX.XXXxxxxxxx12/23/2020verifiedLow
146XXX.XX.XXX.XXXXxxxxxxx12/23/2020verifiedLow
147XXX.XX.XXX.XXXXxxxxxxx12/23/2020verifiedLow
148XXX.XXX.XX.XXxxxxxx.xxxxxx.xxxXxxxxxxx12/23/2020verifiedLow
149XXX.XXX.XX.XXXxxxxxxx12/23/2020verifiedLow
150XXX.XXX.XX.XXXxxxxxxx12/23/2020verifiedLow
151XXX.XX.XXX.XXxxxxxx.xx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxx12/16/2020verifiedVery Low
152XXX.XXX.XX.XXXxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxx12/16/2020verifiedLow
153XXX.XXX.XX.XXXxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx12/16/2020verifiedLow
154XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxxx.xxx.xxXxxxxxxx12/23/2020verifiedLow
155XXX.XX.XXX.XXXxxxxxxxx.xxxxxxxxx.xxxXxxxxxxx12/16/2020verifiedLow
156XXX.XX.XXX.XXxxxxxx.xxxxxxxxxx.xxxXxxxxxxx12/23/2020verifiedVery Low
157XXX.XX.XX.XXXxx.xxxxxxx.xxXxxxxxxxXxxxx Xxxx12/23/2020verifiedLow
158XXX.XXX.XX.XXxxxx.xxxxxxxxxxx.xxx.xxXxxxxxxx12/23/2020verifiedLow
159XXX.XX.XXX.XXXXxxxxxxx12/16/2020verifiedLow
160XXX.XXX.XXX.XXxxxxx.xxxxxxxx.xxxXxxxxxxx12/23/2020verifiedLow
161XXX.XXX.XX.XXXxxxxx.xxxxxx.xxx.xxxx.xxXxxxxxxx12/16/2020verifiedVery Low
162XXX.XXX.XX.XXxx.xxxxxxxxxxxxxxxxxxxxxx.xxXxxxxxxx12/23/2020verifiedLow
163XXX.XX.XXX.XXXxxx-xx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxx12/23/2020verifiedLow
164XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxx12/23/2020verifiedLow
165XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxxx-xxx.xxxXxxxxxxx12/16/2020verifiedVery Low
166XXX.XX.XX.XXxxx.xx.xx-xx.xxxxxxxxxxxxxxxxxxxx.xxxXxxxxxxx12/16/2020verifiedLow
167XXX.XXX.XXX.XXxxxxxx-xxx-xxx-xxx-xx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xx-xxxx.xxxxXxxxxxxx12/16/2020verifiedLow
168XXX.XXX.XXX.XXXXxxxxxxx12/16/2020verifiedLow
169XXX.XXX.XXX.XXXXxxxXxxxxxxx12/27/2022verifiedMedium
170XXX.XXX.XXX.XXXxx-xxx-xxx-xxx-xxx.xx.xxxxxxxxxxxx.xxxXxxxxxxx12/16/2020verifiedLow
171XXX.XXX.XX.Xxxx.xxx.xx.x.xxxxx.xxxXxxxxxxx12/16/2020verifiedVery Low
172XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxx.xxxxxxxxxxxx.xxXxxxxxxxXxxxx Xxxx12/23/2020verifiedVery Low
173XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxx.xxxXxxxxxxx12/23/2020verifiedLow
174XXX.XXX.XXX.XXXXxxxxxxx12/23/2020verifiedLow
175XXX.XXX.XXX.XXxxxxxxx12/16/2020verifiedLow
176XXX.XXX.XXX.XXXxxxxxxx12/16/2020verifiedLow
177XXX.XXX.XXX.XXXXxxxxxxx12/23/2020verifiedLow
178XXX.XXX.XXX.XXXxxxxxxxxxx.xxxxxxxxxxxxxx.xxXxxxxxxx12/16/2020verifiedLow
179XXX.XXX.XXX.XXXxxxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxx12/16/2020verifiedLow
180XXX.XX.XXX.XXXXxxxxxxx12/16/2020verifiedLow
181XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxx-xx.xxxxx.xxxXxxxxxxx12/23/2020verifiedLow

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx XxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (127)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/order.phppredictiveHigh
2File/adminPage/conf/saveCmdpredictiveHigh
3File/car.phppredictiveMedium
4File/category.phppredictiveHigh
5File/core/admin/categories.phppredictiveHigh
6File/forum/away.phppredictiveHigh
7File/goform/set_ntppredictiveHigh
8File/librarian/bookdetails.phppredictiveHigh
9File/multi-vendor-shopping-script/product-list.phppredictiveHigh
10File/pharmacy-sales-and-inventory-system/manage_user.phppredictiveHigh
11File/preview.phppredictiveMedium
12File/psrs/admin/fields/manage_field.phppredictiveHigh
13File/see_more_details.phppredictiveHigh
14File/subpage.phppredictiveMedium
15File/vood/cgi-bin/vood_view.cgi?act=index&lang=EN#predictiveHigh
16Fileactive.logpredictiveMedium
17Filexxxxxxx.xxxpredictiveMedium
18Filexxxxx/xxxxx.xxxpredictiveHigh
19Filexxxxx/xxxxxxxxxxx/xxxxxx_xxxxxxxxxx.xxxpredictiveHigh
20Filexxxxx/xxxxxxxx.xxxpredictiveHigh
21Filexxxxx/xxxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
22Filexxxxx_xxxx.xxxpredictiveHigh
23Filexxx/xxxxxx/xxxx_xxxx.xxxpredictiveHigh
24Filexxxxxxx.xxxpredictiveMedium
25Filexxxxxxxx.xxxpredictiveMedium
26Filexxxxxxx.xxpredictiveMedium
27Filexxxxxxxxx.xpredictiveMedium
28Filexxxxx.xxxpredictiveMedium
29Filexxxxxx_xxxxxx.xxxpredictiveHigh
30Filexxxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
31Filexxx-xxx/xxxxxpredictiveHigh
32Filexx_xxxx.xxxpredictiveMedium
33Filexxxxxxxxxx_xxxxx.xxxpredictiveHigh
34Filexx_xxxxxxxxxx.xxxpredictiveHigh
35Filexx_xxxxxxx.xxxpredictiveHigh
36Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
37Filexxxxxx.xxxpredictiveMedium
38Filexxxxxx.xxxpredictiveMedium
39Filexxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
40Filexxxxxxxxx.xxxpredictiveHigh
41Filexxxxx.xxxpredictiveMedium
42Filexxxxx.xxxpredictiveMedium
43Filexxxxxxxx_xxxxxxxxxxxxxx.xxxpredictiveHigh
44Filexxxxxxx.xxxpredictiveMedium
45Filexxxxxxx/xx/xxxxxxxx/xxxxxx/xxxxxx.xxxpredictiveHigh
46Filexxxxxxx/xxxxxx/xxxx_xxxxxx/xxxxxxxxxx/xxxxxx_xxxx.xxxpredictiveHigh
47Filexxxxxxxx/xxxxx.xxx.xxxpredictiveHigh
48Filexxxxx.xxxpredictiveMedium
49Filexxxxxxx.xxxpredictiveMedium
50Filexxxxx.xxxpredictiveMedium
51Filexxxxxx_xxxxx.xxxpredictiveHigh
52Filexxxxxx_xxxxxx.xxxpredictiveHigh
53Filexxx.xxxpredictiveLow
54Filexxxxxxxxx/xxxxx.xxxpredictiveHigh
55Filexxxx-xxxx_xxxxxxx.xxpredictiveHigh
56Filexxx.xxxxxx.xxxpredictiveHigh
57Filexxxxxxx_xxxx.xxxpredictiveHigh
58Filexx_xxxx.xxxpredictiveMedium
59Filexx_xxxxxxxx.xxxpredictiveHigh
60Filexxxxx_xxxxxx_xxx.xxxpredictiveHigh
61Filexxx.xxxxx/xxxxxxx/xxxxxx_xxxxx.xxxpredictiveHigh
62Filexxx.xxxpredictiveLow
63Filexxxxxx/xxxxx.xxxpredictiveHigh
64Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
65Filexxxxxxxx.xxxpredictiveMedium
66Filexxxx_xxxxx.xxxpredictiveHigh
67Filexxxxxxxx-xxxxxxxxxxx.xxxpredictiveHigh
68Filexxxxxxxx.xxxpredictiveMedium
69Filexxxx-xxxxx.xxxpredictiveHigh
70Filexxxx-xxxxxxxx.xxxpredictiveHigh
71Filexxxx.xxxpredictiveMedium
72Libraryxxxxxxxxxx.xxxpredictiveHigh
73Libraryxxxxxxxx.xxxpredictiveMedium
74ArgumentxxxxxxxxpredictiveMedium
75ArgumentxxxxpredictiveLow
76ArgumentxxxxxxpredictiveLow
77Argumentx/xxpredictiveLow
78ArgumentxxxpredictiveLow
79Argumentxxx_xxpredictiveLow
80ArgumentxxxxxxpredictiveLow
81Argumentxx_xxx_xxpredictiveMedium
82ArgumentxxpredictiveLow
83Argumentxxxxxxx[xxxx_xx_xxxx]predictiveHigh
84Argumentxxxxxx_xxxxx_xxxxxxxxxxxxxpredictiveHigh
85Argumentxxxx/xxxxpredictiveMedium
86ArgumentxxxxxxxxpredictiveMedium
87Argumentx_xxpredictiveLow
88Argumentxxxxxx_xxxpredictiveMedium
89Argumentxxx_xxxxpredictiveMedium
90ArgumentxxxxxxpredictiveLow
91ArgumentxxxpredictiveLow
92ArgumentxxxxxxpredictiveLow
93ArgumentxxxxxxxxpredictiveMedium
94ArgumentxxxxpredictiveLow
95Argumentxxxxx_xxpredictiveMedium
96ArgumentxxpredictiveLow
97ArgumentxxxxxxxxxpredictiveMedium
98Argumentxx_xxxxxxxxpredictiveMedium
99Argumentxx_xxxxxxpredictiveMedium
100Argumentxxxxx_xxpredictiveMedium
101ArgumentxxxxpredictiveLow
102Argumentxxxxxxxx_xxxpredictiveMedium
103ArgumentxxxxpredictiveLow
104Argumentxxxxxxx/xxxxxxxpredictiveHigh
105ArgumentxxxxxxxxxpredictiveMedium
106Argumentxxx_xxxx_xxxpredictiveMedium
107Argumentxxxx/xxxx_xxpredictiveMedium
108ArgumentxxpredictiveLow
109Argumentxxxxxx_xxpredictiveMedium
110ArgumentxxpredictiveLow
111Argumentxxx_xxxpredictiveLow
112ArgumentxxxxpredictiveLow
113Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
114ArgumentxxpredictiveLow
115ArgumentxxxpredictiveLow
116Argumentxxxxxx/xxxxpredictiveMedium
117Argumentxxxx_xxxxxpredictiveMedium
118ArgumentxxxxpredictiveLow
119Argumentxxx:xxxxpredictiveMedium
120Argumentx-xxxxx-xxxxxxxpredictiveHigh
121Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh
122Input Value-xxxx%xx%xxxxxxx%xxxxx%xxxxxxxx%xxxxxx,xxxxxxxx(),xxxx(),xxxx,xxxx,xxxx,xxxx--%xx-predictiveHigh
123Input Value../predictiveLow
124Input Valuex</xx><xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
125Input Valuexxx@xx.xxx' xx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxx xxxxx xx x)x)-- xxxxpredictiveHigh
126Input Value=xx' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictiveHigh
127Network Portxxx/xxxpredictiveLow

References (13)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!