CryptoPHP Analysis

IOB - Indicator of Behavior (50)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

de34
en14
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us26
pl14
ru6
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

phpMyAdmin6
Siemens EN100 Ethernet Module4
nginx4
Cisco IOS2
Cisco IOS XE2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1RDM Intuitive 650 TDB Controller Password access control7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01055CVE-2016-4505
2Siemens EN100 Ethernet Module Web Server Memory information disclosure5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.01319CVE-2016-4785
3Siemens EN100 Ethernet Module Web Server information disclosure5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01319CVE-2016-4784
4RDM Intuitive 650 TDB Controller cross-site request forgery6.15.8$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01055CVE-2016-4506
5Winn Winn GuestBook addPost cross site scripting4.34.1$0-$5kCalculatingHighOfficial Fix0.010.01917CVE-2011-5026
6PHP Scripts Mall PHP Multivendor Ecommerce shopping-cart.php sql injection8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.050.00885CVE-2017-17951
7Microsoft .NET Framework Code Access Security cryptographic issues9.89.8$5k-$25k$5k-$25kNot DefinedNot Defined0.080.06118CVE-2008-5100
8nginx SMTP Proxy ngx_mail_smtp_starttls command injection5.34.6$0-$5k$0-$5kUnprovenOfficial Fix0.020.02359CVE-2014-3556
9phpBB startup.php cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01408CVE-2015-1431
10WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.01974CVE-2017-5611
11Sixnet BT-5xxx M2M/BT-6xxx M2M information disclosure8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01055CVE-2016-4521
12OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.450.49183CVE-2016-6210
13Google Chrome endAnimationUpdate use after free8.58.5$25k-$100k$25k-$100kNot DefinedNot Defined0.000.00885CVE-2013-6647
14QEMU SCSI MegaRAID SAS HBA Emulation megasas_ctrl_get_info memory corruption7.87.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.010.01034CVE-2015-8613
15MobileIron Virtual Smartphone Platform j_spring_security_check information disclosure7.86.8$0-$5kCalculatingUnprovenOfficial Fix0.040.00954CVE-2014-1409
16ZTE ZXHN H108N R1A Telnet Service credentials management9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.01213CVE-2015-7251
17MyBB member.php sql injection7.37.3$5k-$25k$0-$5kNot DefinedNot Defined0.030.01136CVE-2005-0282
18phpMyAdmin preg_replace code injection9.89.6$5k-$25k$0-$5kHighOfficial Fix0.030.91000CVE-2016-5734
19phpMyAdmin Transformation Header.php CSRF information disclosure7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01408CVE-2016-5739
20phpMyAdmin FormDisplay.php information disclosure5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.080.02172CVE-2016-5730

IOC - Indicator of Compromise (44)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
150.17.195.149ec2-50-17-195-149.compute-1.amazonaws.comCryptoPHPverifiedMedium
278.138.118.195CryptoPHPverifiedHigh
378.138.118.196CryptoPHPverifiedHigh
478.138.118.197CryptoPHPverifiedHigh
578.138.118.198CryptoPHPverifiedHigh
678.138.118.199CryptoPHPverifiedHigh
778.138.118.200CryptoPHPverifiedHigh
878.138.118.201CryptoPHPverifiedHigh
978.138.118.202CryptoPHPverifiedHigh
10XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
11XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
12XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
13XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
14XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
15XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
16XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
17XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
18XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
19XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
20XX.XXX.XXX.XXXxxxxxxxxverifiedHigh
21XX.XXX.XXX.XXXxxxxxxxxverifiedHigh
22XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
23XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
24XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
25XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
26XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
27XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
28XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
29XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
30XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
31XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
32XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
33XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
34XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
35XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
36XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
37XXX.XXX.XXX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxxxverifiedHigh
38XXX.XXX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxxxverifiedHigh
39XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxxXxxxxxxxxverifiedHigh
40XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxxXxxxxxxxxverifiedHigh
41XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxxXxxxxxxxxverifiedHigh
42XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxxXxxxxxxxxverifiedHigh
43XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxxXxxxxxxxxverifiedHigh
44XXX.X.XXX.XXXxxx-x-xxx-xxx.xxxxxx.xxXxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/mics/j_spring_security_checkpredictiveHigh
2Fileexamples/openid.phppredictiveHigh
3FileFormDisplay.phppredictiveHigh
4Filexxxxxxxx/xxxxxxx.xxxpredictiveHigh
5Filexxxxxxxxx/xxxxxx.xxxpredictiveHigh
6Filexxxxxx.xxxpredictiveMedium
7Filexxxxxxxx-xxxx.xxxpredictiveHigh
8Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
9ArgumentxxxxxpredictiveLow
10Argumentx_xxxxxxxxpredictiveMedium
11ArgumentxxxxpredictiveLow
12ArgumentxxxxxxxxpredictiveMedium
13ArgumentxxxxxxxxpredictiveMedium
14ArgumentxxxpredictiveLow
15Network Portxxx/xx (xxxxxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!