Conficker Analysis

IOB - Indicator of Behavior (491)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en466
fr10
pl8
it4
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us110
nl20
tr10
pl8
it6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress28
Microsoft Windows10
ImageMagick6
Moodle6
Phusion Passenger6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Flat PHP Board path traversal3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00000
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
3JContentSubscription register.php Local Privilege Escalation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.010.00000
4Ultimate PHP Board UPB Error Message add.php Path information disclosure5.35.1$0-$5kCalculatingNot DefinedOfficial Fix0.010.01136CVE-2002-2276
5IBM WebSphere Service Registry/Repository Access Restriction access control4.34.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.030.01061CVE-2014-6160
6Dreaxteam Xt-News add_comment.php cross site scripting4.34.2$0-$5kCalculatingHighUnavailable0.010.02945CVE-2006-6746
7Enigma2 Coppermine Bridge e2_header.inc.php file inclusion9.89.8$0-$5kCalculatingNot DefinedNot Defined0.000.06790CVE-2006-6864
8Apache HTTP Server mod_session input validation5.85.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.06425CVE-2018-1283
9WordPress sql injection8.58.4$5k-$25kCalculatingNot DefinedOfficial Fix0.000.01537CVE-2017-14723
10pyload code injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.09029CVE-2023-0297
11Apache HTTP Server mod_proxy server-side request forgery7.37.3$25k-$100k$25k-$100kNot DefinedNot Defined0.060.97224CVE-2021-40438
12Chainfire SuperSU access control9.89.4$0-$5kCalculatingNot DefinedOfficial Fix0.020.00885CVE-2013-6775
13WordPress HTML5 kses.php wp_kses_bad_protocol input validation9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.01108CVE-2019-20041
14Asgaros Forum Plugin REST sql injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2022-0411
15Microsoft Windows Network File System Remote Code Execution9.88.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.22240CVE-2022-34715
16Microsoft Office Remote Code Execution7.56.6$5k-$25k$0-$5kUnprovenOfficial Fix0.040.01601CVE-2022-34717
17Microsoft Visual Studio Remote Code Execution8.07.5$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.01601CVE-2022-35827
18Microsoft Visual Studio Remote Code Execution8.07.5$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.01601CVE-2022-35826
19Microsoft Visual Studio Remote Code Execution7.56.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.01601CVE-2022-35825
20Microsoft Exchange Server Privilege Escalation8.47.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.01150CVE-2022-21980

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (108)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.DS_StorepredictiveMedium
2File/api/adduserspredictiveHigh
3File/ndxzstudio/install.php?p=2predictiveHigh
4File/public/login.htmpredictiveHigh
5File/rom-0predictiveLow
6File/tmp/csman/0predictiveMedium
7File/tmp/phpglibccheckpredictiveHigh
8File/uncpath/predictiveMedium
9File/websocket/execpredictiveHigh
10Fileadd.phppredictiveLow
11Fileadd_comment.phppredictiveHigh
12Fileadmin/adminsignin.htmlpredictiveHigh
13Filexxxxx/xxxxx.xxxpredictiveHigh
14Filexxxxx/xxxxxxx/xxxxxxxxxxxx/xxx.xxxpredictiveHigh
15Filexxxxx/xxxxxxxxx.xxxpredictiveHigh
16Filexxxxx/xxxxxxxx.xxxxpredictiveHigh
17Filexxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.xpredictiveHigh
19Filexxxx/xxxxxxx.xpredictiveHigh
20Filexxxxxx.xpredictiveMedium
21Filexxxxxx/xxx.xpredictiveMedium
22Filexxxxxx/xxx.xpredictiveMedium
23Filexxxxxx/xxx.xpredictiveMedium
24Filexxxxxx/xxxxx/xxxxxxx.xpredictiveHigh
25Filexxxxxxxxxx/xxx_xxxxx/xxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
26Filexxxxxx.xxxpredictiveMedium
27Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
28Filexxxxxx/xxxxx-xxxxxxx.xxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexxxx_xxx.xxxpredictiveMedium
31Filexxxxxxx/xxxx/xxxxxxx/xxx_xxxx.xpredictiveHigh
32Filexx_xxxxxx.xxx.xxxpredictiveHigh
33Filexxxxx.xxxpredictiveMedium
34Filexxx/xxxx/xxxx.xpredictiveHigh
35Filexxxxxx.xxxpredictiveMedium
36Filexxxxxxxxx.xxxpredictiveHigh
37Filexxxxx.xxxpredictiveMedium
38Filexxxxxx.xpredictiveMedium
39Filexxxxx.xxx.xxxpredictiveHigh
40Filexxxxxx.xxxpredictiveMedium
41Filexxxxxxxxxx/xxxxxx.xpredictiveHigh
42Filexxx/xxxx_xxx.xxxpredictiveHigh
43Filexxx_xxxxx.xpredictiveMedium
44Filexxxxxx/xxxxxx:xxxxxxxxxxxxxxxxxpredictiveHigh
45Filexxxxxxxxxx/?x=xxxxxxpredictiveHigh
46Filexxxxxx.xxxpredictiveMedium
47Filexxx-xxxxxxxx/xxx-xxxxxxxx.xxxpredictiveHigh
48Filexxxxxxxxx.xxxpredictiveHigh
49Filexxxxxxxx.xxxpredictiveMedium
50Filexxxxxxxxx/xx/xx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxpredictiveHigh
51Filexxxxx/xxxxx.xxxpredictiveHigh
52Filexxxx.xxxpredictiveMedium
53Filexxxx.xpredictiveLow
54Filexxxx/xxxxxxxx.xxxpredictiveHigh
55Filexxxxxxxxxx-xxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
56Filexx-xxx.xxxpredictiveMedium
57Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
58Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
59Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
60Filexx-xxxxx.xxxpredictiveMedium
61Filexxxxxx.xxxpredictiveMedium
62FilexxxxxxxxxxxxpredictiveMedium
63Libraryxxxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
64Libraryxxx/xxxx/xxxxxxxxxxxx.xxxpredictiveHigh
65Libraryxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
66Libraryxxxxxxxxxxxxxxxx/xxxxxxxxpredictiveHigh
67Argument$xxxxpredictiveLow
68Argument$xxx_xxxx)predictiveMedium
69Argument()predictiveLow
70Argument--xxxx=xxxpredictiveMedium
71ArgumentxxxxxxxpredictiveLow
72Argumentxxx_xxxxpredictiveMedium
73ArgumentxxxxxxpredictiveLow
74ArgumentxxxxxxxxpredictiveMedium
75Argumentxxxx_xxpredictiveLow
76ArgumentxxxxxxxxxpredictiveMedium
77ArgumentxxxxxpredictiveLow
78ArgumentxxxxxxpredictiveLow
79ArgumentxxxxxxxxpredictiveMedium
80ArgumentxxxxpredictiveLow
81ArgumentxxxxxxxxpredictiveMedium
82Argumentxxxxxxx[xxx][xx][xxxx]predictiveHigh
83Argumentxxxx_xxxxxxxpredictiveMedium
84ArgumentxxpredictiveLow
85Argumentxx_xxxxpredictiveLow
86Argumentxxxxxxxxx_xxxxpredictiveHigh
87Argumentxxxx_xxpredictiveLow
88ArgumentxxxpredictiveLow
89ArgumentxxxxpredictiveLow
90Argumentxxxx_xxxxpredictiveMedium
91ArgumentxxxxxxxpredictiveLow
92Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
93ArgumentxxxxxpredictiveLow
94Argumentxx-xxxxx-xxxxxxpredictiveHigh
95ArgumentxxxxxxxxxxxxxxpredictiveHigh
96ArgumentxxxxxxpredictiveLow
97Argumentxxxx_xxpredictiveLow
98ArgumentxxxpredictiveLow
99ArgumentxxxxxxxpredictiveLow
100Argumentxxxx_xxxxxxpredictiveMedium
101ArgumentxxxxxpredictiveLow
102ArgumentxxxxxxxxxxpredictiveMedium
103ArgumentxxxxxxxxpredictiveMedium
104Argumentxxxx->xxxxxxxpredictiveHigh
105Input Value../predictiveLow
106Input Value./../predictiveLow
107Input Value</xxxxxx><xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
108Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!