CryptoPHP Analysis

IOB - Indicator of Behavior (68)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

de38
en22
fr4
pl4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us40
pl14
ru4
fr2
id2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

phpMyAdmin6
Google Chrome4
PHPGurukul Bank Locker Management System4
SourceCodester Online Tours & Travels Management S ...4
RDM Intuitive 650 TDB Controller4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1RDM Intuitive 650 TDB Controller Password access control7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00206CVE-2016-4505
2Siemens EN100 Ethernet Module Web Server Memory information disclosure5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00516CVE-2016-4785
3Siemens EN100 Ethernet Module Web Server information disclosure5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00516CVE-2016-4784
4RDM Intuitive 650 TDB Controller cross-site request forgery6.15.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00069CVE-2016-4506
5Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix5.500.00936CVE-2020-15906
6Winn Winn GuestBook addPost cross site scripting4.34.1$0-$5k$0-$5kHighOfficial Fix0.020.00336CVE-2011-5026
7TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix10.000.01009CVE-2006-6168
8PrestaShop blocklayered-ajax.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00290CVE-2015-1175
9PHP _php_stream_scandir memory corruption9.08.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.050.21380CVE-2012-2688
10GoAutoDial GoAdmin CE go_login.php sql injection7.37.0$0-$5kCalculatingHighOfficial Fix0.000.01806CVE-2015-2843
11PHP crypt memory corruption10.09.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.01182CVE-2011-3268
12PHP cgi_main.c input validation7.36.6$25k-$100k$0-$5kHighOfficial Fix0.000.97411CVE-2012-1823
13phpMyAdmin setup.php access control4.84.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.10058CVE-2010-3055
14SourceCodester Online Tours & Travels Management System s.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00126CVE-2023-0561
15SourceCodester Online Tours & Travels Management System practice_pdf.php sql injection5.55.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00126CVE-2023-0560
16PHPGurukul Bank Locker Management System Login index.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.02218CVE-2023-0562
17PHPGurukul Bank Locker Management System Assign Locker add-locker-form.php cross site scripting3.93.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00249CVE-2023-0563
18SourceCodester Online Tours & Travels Management System booking_report.php sql injection4.74.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00078CVE-2023-0531
19SourceCodester Online Tours & Travels Management System expense_report.php sql injection4.74.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00078CVE-2023-0533
20SourceCodester Online Tours & Travels Management System disapprove_user.php sql injection4.74.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00078CVE-2023-0532

IOC - Indicator of Compromise (44)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
150.17.195.149ec2-50-17-195-149.compute-1.amazonaws.comCryptoPHP05/31/2021verifiedMedium
278.138.118.195CryptoPHP05/31/2021verifiedHigh
378.138.118.196CryptoPHP05/31/2021verifiedHigh
478.138.118.197CryptoPHP05/31/2021verifiedHigh
578.138.118.198CryptoPHP05/31/2021verifiedHigh
678.138.118.199CryptoPHP05/31/2021verifiedHigh
778.138.118.200CryptoPHP05/31/2021verifiedHigh
878.138.118.201CryptoPHP05/31/2021verifiedHigh
978.138.118.202CryptoPHP05/31/2021verifiedHigh
10XX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
11XX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
12XX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
13XX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
14XX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
15XX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
16XX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
17XX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
18XX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
19XX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
20XX.XXX.XXX.XXXxxxxxxxx05/31/2021verifiedHigh
21XX.XXX.XXX.XXXxxxxxxxx05/31/2021verifiedHigh
22XX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
23XX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
24XX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
25XX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
26XX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
27XX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
28XX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
29XX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
30XX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
31XX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
32XX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
33XX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
34XX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
35XX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
36XX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
37XXX.XXX.XXX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxxx05/31/2021verifiedHigh
38XXX.XXX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxxx05/31/2021verifiedHigh
39XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxxXxxxxxxxx05/31/2021verifiedHigh
40XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxxXxxxxxxxx05/31/2021verifiedHigh
41XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxxXxxxxxxxx05/31/2021verifiedHigh
42XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxxXxxxxxxxx05/31/2021verifiedHigh
43XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxxXxxxxxxxx05/31/2021verifiedHigh
44XXX.X.XXX.XXXxxx-x-xxx-xxx.xxxxxx.xxXxxxxxxxx05/31/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (40)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/mics/j_spring_security_checkpredictiveHigh
2File/user/s.phppredictiveMedium
3Fileadd-locker-form.phppredictiveHigh
4Fileadmin/booking_report.phppredictiveHigh
5Fileadmin/disapprove_user.phppredictiveHigh
6Filexxxxx/xxxxxxx_xxxxxx.xxxpredictiveHigh
7Filexxxxx/xxxxxxxx_xxx.xxxpredictiveHigh
8Filexxxxxxxxxxxx-xxxx.xxxpredictiveHigh
9Filexxxxxxxx/xxxxxx.xxxpredictiveHigh
10Filexxxxxxxxxxx.xxxpredictiveHigh
11Filexx_xxxxx.xxxpredictiveMedium
12Filexxxxxx/xxxxx/xxxx_xxxxx.xxxpredictiveHigh
13Filexxxxxxxx/xxxxxxx.xxxpredictiveHigh
14Filexxxxx.xxxpredictiveMedium
15Filexxxxxxxxx/xxxxxx.xxxpredictiveHigh
16Filexxxxxx.xxxpredictiveMedium
17Filexxxx/xxx/xxx_xxxx.xpredictiveHigh
18Filexxxxx.xxxpredictiveMedium
19Filexxxxxxxx-xxxx.xxxpredictiveHigh
20Filexxxx-xxxxx.xxxpredictiveHigh
21Filexxxx-xxxxxxxx.xxxpredictiveHigh
22Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
23Argument$_xxxxxx['xxxxx_xxxxxx']predictiveHigh
24ArgumentxxxxxxpredictiveLow
25ArgumentxxxxxpredictiveLow
26Argumentxxxx_xxxxpredictiveMedium
27ArgumentxxpredictiveLow
28Argumentx_xxxxxxxxpredictiveMedium
29Argumentxxxxxxx_xxxxx_xxxxxxpredictiveHigh
30ArgumentxxxxpredictiveLow
31ArgumentxxxxxxxxpredictiveMedium
32ArgumentxxxxpredictiveLow
33ArgumentxxxxxxxxpredictiveMedium
34Argumentxx_xxxxpredictiveLow
35ArgumentxxxpredictiveLow
36ArgumentxxxxxxxxpredictiveMedium
37Argumentxxxx_xxxx/xxxx_xxxxpredictiveHigh
38Input Value-xpredictiveLow
39Network Portxxx/xx (xxxxxx)predictiveHigh
40Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!