CoinLoader Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (318)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en284
zh18
fr4
ru4
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA136
CN: China78
RU: Russia14
GB: Great Britain8
TR: Turkey4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

NetSupportManager RAT13
Cobalt Strike12
SideWinder9
Raccoon8
RecordBreaker7

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined116
Content Management System24
Firewall Software18
WordPress Plugin16
Router Operating System12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined106
Microsoft14
Joomla6
Linux6
Linksys6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress8
Joomla CMS6
Linux Kernel6
Cacti4
cPanel4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.15CVE-2010-0966
2Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot definedOfficial fix 0.003820.00CVE-2013-5033
3Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow8.88.6$0-$5k$0-$5kNot definedOfficial fix 0.007510.00CVE-2021-3056
4WordPress sql injection6.86.7$5k-$25k$0-$5kNot definedOfficial fix 0.075700.00CVE-2022-21664
5VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5k$0-$5kNot definedOfficial fix 0.012560.00CVE-2019-13275
6Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
7Linksys WRT54GL Web Management Interface SysInfo1.htm information disclosure4.34.1$0-$5k$0-$5kProof-of-ConceptNot defined 0.000330.04CVE-2024-1406
8Hikvision Product Message command injection7.67.6$0-$5k$0-$5kAttackedNot definedverified0.944360.05CVE-2021-36260
9Pydio pydio-core proxy.php unrestricted upload8.58.5$0-$5k$0-$5kNot definedNot defined 0.020150.00CVE-2019-9642
10Openads adclick.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.006750.23CVE-2007-2046
11Microsoft Exchange Server privilege escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial fixpossible0.530440.04CVE-2023-32031
12Teclib GLPI unlock_tasks.php sql injection8.58.5$0-$5k$0-$5kNot definedOfficial fixexpected0.858650.05CVE-2019-10232
13Sophos Firewall User Portal/Webadmin improper authentication9.09.0$0-$5k$0-$5kAttackedNot definedverified0.944390.05CVE-2022-1040
14CutePHP CuteNews index.php unrestricted upload7.56.8$0-$5k$0-$5kProof-of-ConceptNot definedpossible0.716010.00CVE-2019-11447
15WordPress Object injection5.35.2$5k-$25k$0-$5kNot definedOfficial fix 0.007410.00CVE-2022-21663
16Microsoft Windows Active Directory Domain Services certificate validation8.88.3$25k-$100k$0-$5kAttackedOfficial fixverified0.917160.00CVE-2022-26923
17QNAP QTS Media Library access control8.58.2$0-$5k$0-$5kHighOfficial fixpossible0.510690.08CVE-2017-13067
18OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial fixexpected0.924870.08CVE-2016-6210
19Samurai Build File util.c canonpath out-of-bounds write6.56.5$0-$5k$0-$5kNot definedNot defined 0.003120.06CVE-2019-19795
20Phpsugar PHP Melody page_manager.php cross site scripting5.24.9$0-$5k$0-$5kNot definedOfficial fix 0.003010.00CVE-2017-15648

IOC - Indicator of Compromise (33)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.252.178.745-252-178-74.mivocloud.comCoinLoader04/08/2024verifiedMedium
294.158.246.124no-rdns.mivocloud.comCoinLoader04/08/2024verifiedMedium
3185.225.16.61no-rdns.mivocloud.comCoinLoader04/08/2024verifiedMedium
4185.225.16.62no-rdns.mivocloud.comCoinLoader04/08/2024verifiedMedium
5185.225.16.63no-rdns.mivocloud.comCoinLoader04/08/2024verifiedMedium
6185.225.16.88no-rdns.mivocloud.comCoinLoader04/08/2024verifiedMedium
7185.225.16.192no-rdns.mivocloud.comCoinLoader04/08/2024verifiedMedium
8XXX.XXX.XX.XXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedMedium
9XXX.XXX.XX.XXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedMedium
10XXX.XXX.XX.XXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedMedium
11XXX.XXX.XX.XXXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedMedium
12XXX.XXX.XX.XXXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedMedium
13XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedMedium
14XXX.XXX.XX.XXXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedMedium
15XXX.XXX.XX.XXXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedMedium
16XXX.XXX.XX.XXXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedMedium
17XXX.XXX.XX.XXXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedMedium
18XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedMedium
19XXX.XXX.XX.XXXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedMedium
20XXX.XXX.XX.XXXxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedHigh
21XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedMedium
22XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedMedium
23XXX.XXX.XX.XXXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedMedium
24XXX.XXX.XX.XXXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedMedium
25XXX.XXX.XX.XXXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedMedium
26XXX.XXX.XX.XXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedMedium
27XXX.XXX.XX.XXXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedMedium
28XXX.XXX.XXX.XXXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedMedium
29XXX.XXX.XXX.XXXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedMedium
30XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedMedium
31XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedMedium
32XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedMedium
33XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxxx.xxxXxxxxxxxxx04/08/2024verifiedMedium

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23, CWE-37Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-XCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxxpredictiveHigh
16TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (141)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/RecordingList/DownloadRecord?file=predictiveHigh
2File/apply.cgipredictiveMedium
3File/cgi-bin/cstecgi.cgipredictiveHigh
4File/dashboard/system/express/entities/forms/save_control/[GUID]predictiveHigh
5File/loginpredictiveLow
6File/netflow/jspui/editProfile.jsppredictiveHigh
7File/php/ajax.phppredictiveHigh
8File/php/ping.phppredictiveHigh
9File/rapi/read_urlpredictiveHigh
10File/scripts/unlock_tasks.phppredictiveHigh
11File/sys/user/queryUserComponentDatapredictiveHigh
12File/SysInfo1.htmpredictiveHigh
13File/sysinfo_json.cgipredictiveHigh
14File/system/dictData/loadDictItempredictiveHigh
15File/system/user/modules/mod_users/controller.phppredictiveHigh
16File/vicidial/user_stats.phppredictiveHigh
17File/xxxx/xxx/xxxxxxx/xxx_xxxxxx.xxxpredictiveHigh
18File/xx-xxxxx/xxxxx-xxxx.xxx?xx_xxxx=x&xxxxxx_xxxxpredictiveHigh
19Filexxxxxxx.xxxpredictiveMedium
20Filexxxxx/xxxxxx/xxxxxxx.xxxpredictiveHigh
21Filexxx/xxx/xxxx-xxxpredictiveHigh
22Filexxx.xxxpredictiveLow
23Filexxxxxxx/xxxx.xxxpredictiveHigh
24Filexxxxxx/xxxxxxx/xxxx/xxxxx.xxxpredictiveHigh
25Filexxx-xxx/xxxxx_xxx_xxxpredictiveHigh
26Filexxx_xxxxxxxx.xxxpredictiveHigh
27Filexxxxxx/xxx.xpredictiveMedium
28Filexxxxxxx=xxxxxxxxxx&xxxx=xxxx&xxxxxxxxxxxxx=/predictiveHigh
29Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
30Filexxxxxx/xxxx_xxxxxxxx.xxxpredictiveHigh
31Filexxxxxxxxx.xxx.xxxpredictiveHigh
32Filexxxxx/xxxxx.xxxpredictiveHigh
33Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
34Filexxxx_xxxxx.xxxpredictiveHigh
35Filexxxxx.xxxpredictiveMedium
36Filexxxxxx.xxxpredictiveMedium
37Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
38Filexx/xx-xx.xpredictiveMedium
39Filexxxxxxxxx.xxx.xxxpredictiveHigh
40Filexxx/xxxx_xxxx.xpredictiveHigh
41Filexxxxxx/xxxxxxxxxxxpredictiveHigh
42Filexxxx_xxxxxx.xpredictiveHigh
43Filexxxxxxxxxx/xxx/xxxx/xxxx/xxx/xxx/xxxxxx/xxxxxx/xxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
44Filexxxx/xxxxxxx.xpredictiveHigh
45Filexxx/xxxxxx.xxxpredictiveHigh
46Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
47Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
48Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveHigh
49Filexxxxx.xxxpredictiveMedium
50Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
51Filexxxxxxxxxx.xxxpredictiveHigh
52Filexxxxxx_xxxx_xxxxxxx.xxxpredictiveHigh
53Filexxxxxx.xxpredictiveMedium
54Filexxxxx.xxxpredictiveMedium
55Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
56Filexxx/xxx.xxxpredictiveMedium
57Filexxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxxx.xxxxpredictiveHigh
58Filexxxx_xxxxxxx.xxxpredictiveHigh
59Filexxx%xx.xxxpredictiveMedium
60Filexxxxxx.xpredictiveMedium
61Filexxxx.xxxpredictiveMedium
62Filexxxxx.xxxpredictiveMedium
63Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
64Filexxxxxxxxxxx_xxxxxx/xxxxxxxxxxxx/xxx_xxxxxxxxxxx.xxxpredictiveHigh
65Filexxxxxxxxxxx.xxxpredictiveHigh
66Filexxxxxxxx.xxxpredictiveMedium
67Filexxx/xxxxxxx_xxxxxxx.xxxpredictiveHigh
68Filexxxx.xxxpredictiveMedium
69Filexxxxx/xxxxx.xxxpredictiveHigh
70Filexxxxxxxx.xxxpredictiveMedium
71Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxpredictiveHigh
72Filexxxx-xxxxxxxx.xxxpredictiveHigh
73Filexxxx.xxxxxxxx.xxxpredictiveHigh
74Filexxxxxxxxx.xxxpredictiveHigh
75Filexxxxxxxxx.xxxpredictiveHigh
76Filexxxx.xpredictiveLow
77FilexxxxxxxxxxpredictiveMedium
78Filexxxxx/xxxxx.xxpredictiveHigh
79Filexxxxxxx/xxxxx.xxxpredictiveHigh
80FilexxxxxxxpredictiveLow
81Filexx-xxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxx.xxxpredictiveHigh
82ArgumentxxxxxxpredictiveLow
83Argumentxxx_xxxxx_xxxpredictiveHigh
84ArgumentxxpredictiveLow
85Argumentxxxxxxx_xxxxpredictiveMedium
86Argumentxxxxxx_xxxxpredictiveMedium
87ArgumentxxxxxxxxpredictiveMedium
88ArgumentxxxpredictiveLow
89ArgumentxxxxpredictiveLow
90ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
91ArgumentxxxxxpredictiveLow
92Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
93ArgumentxxxxpredictiveLow
94Argumentxxxxxx_xxpredictiveMedium
95ArgumentxxxxxpredictiveLow
96ArgumentxxxxpredictiveLow
97ArgumentxxxxpredictiveLow
98ArgumentxxxxxxxxpredictiveMedium
99Argumentxxxx_xxxxxxxxpredictiveHigh
100ArgumentxxxxxxpredictiveLow
101ArgumentxxxxpredictiveLow
102ArgumentxxxxpredictiveLow
103ArgumentxxpredictiveLow
104Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxpredictiveHigh
105ArgumentxxxxxxxxxpredictiveMedium
106Argumentxxxxx_xxxxpredictiveMedium
107Argumentxxxxxxxx[xx]predictiveMedium
108ArgumentxxxpredictiveLow
109ArgumentxxxpredictiveLow
110ArgumentxxxxxxxpredictiveLow
111Argumentxxx_xxxxpredictiveMedium
112Argumentxxxx_xxxxxpredictiveMedium
113ArgumentxxxxxxxxpredictiveMedium
114Argumentxxxxxx_xxpredictiveMedium
115ArgumentxxxxxxxpredictiveLow
116Argumentxxxxxxx/xxxxxpredictiveHigh
117ArgumentxxxxxxxxxxpredictiveMedium
118Argumentxxxxxx_xxxpredictiveMedium
119Argumentxxxx_xxxxxpredictiveMedium
120Argumentxxxx_xxpredictiveLow
121Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
122ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
123Argumentxxxx_xxpredictiveLow
124ArgumentxxxxxxxxpredictiveMedium
125ArgumentxxxpredictiveLow
126ArgumentxxxxpredictiveLow
127ArgumentxxxxxxxxpredictiveMedium
128ArgumentxxxxxxxxpredictiveMedium
129Argumentxxxx/xx/xxxx/xxxpredictiveHigh
130Argumentxxxx->xxxxxxxpredictiveHigh
131Argumentxxxxx_xxxxxxpredictiveMedium
132Input Value.%xx.../.%xx.../predictiveHigh
133Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
134Input Valuexxxxxxx -xxxpredictiveMedium
135Input ValuexxxxxxxxxxpredictiveMedium
136Network PortxxxxpredictiveLow
137Network PortxxxxpredictiveLow
138Network Portxxxx xxxxpredictiveMedium
139Network Portxxx/xxxpredictiveLow
140Network Portxxx/xxxpredictiveLow
141Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!