Delf Analysisinfo

IOB - Indicator of Behavior (15)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

pl14
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

KaiOS8
Apache Struts2
SoftradeWeb SNC WP SMART CRM2
Cacti2
Mike Rooijackers Recall Products2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1path-parse Package Regular Expression splitPathRe denial of service5.35.3$0-$5k$0-$5kNot definedNot defined 0.005060.07CVE-2021-23343
2Mike Rooijackers Recall Products admin.php Stored cross site scripting4.44.4$0-$5k$0-$5kNot definedNot defined 0.001620.06CVE-2020-25380
3Apache Struts File Upload permissions6.46.4$5k-$25k$5k-$25kNot definedNot defined 0.068580.06CVE-2019-0233
4Ericsson RX8200 Reflected cross site scripting5.25.2$0-$5k$0-$5kNot definedNot defined 0.002400.05CVE-2020-22158
5SoftradeWeb SNC WP SMART CRM cross site scripting4.44.4$0-$5k$0-$5kNot definedNot defined 0.001780.00CVE-2020-25375
6AccessPress Themes WP Floating Menu cross site scripting5.25.2$0-$5k$0-$5kNot definedNot defined 0.002070.00CVE-2020-25378
7Mike Rooijackers Recall Products sql injection7.57.5$0-$5k$0-$5kNot definedNot defined 0.024330.00CVE-2020-25379
8KaiOS Email Application cross site scripting5.25.2$0-$5k$0-$5kNot definedNot defined 0.002400.00CVE-2019-14756
9KaiOS Contacts Application cross site scripting5.25.2$0-$5k$0-$5kNot definedNot defined 0.002400.00CVE-2019-14757
10KaiOS File Manager cross site scripting5.25.2$0-$5k$0-$5kNot definedNot defined 0.002400.00CVE-2019-14758
11KaiOS Radio Application injection4.94.9$0-$5k$0-$5kNot definedNot defined 0.001010.00CVE-2019-14759
12KaiOS Recorder Application injection4.94.9$0-$5k$0-$5kNot definedNot defined 0.001010.00CVE-2019-14760
13KaiOS Note Application injection4.94.9$0-$5k$0-$5kNot definedNot defined 0.001010.00CVE-2019-14761
14Cacti Utility api_poller.php sql injection7.37.0$0-$5k$0-$5kNot definedOfficial fix 0.011470.04CVE-2013-1434
15Tubeace Tube Ace sql injection7.37.1$0-$5k$0-$5kHighUnavailablepossible0.023720.06CVE-2012-1029

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
150.63.202.36ip-50-63-202-36.ip.secureserver.netDelf04/08/2022verifiedLow
252.5.103.164ec2-52-5-103-164.compute-1.amazonaws.comDelf04/08/2022verifiedVery Low
3XX.XX.XXX.XXXxxx-xx-xx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxx04/08/2022verifiedVery Low
4XX.XX.XXX.XXxx-xx-xxx-xx.xxx.xxx.xxXxxx04/08/2022verifiedLow
5XXX.XX.X.XXXXxxx04/08/2022verifiedLow
6XXX.XXX.XXX.XXXXxxx04/08/2022verifiedLow
7XXX.XXX.XXX.XXxx-xxx-xxx-xxx-xx.xx.xxxxxxxxxxxx.xxxXxxx04/08/2022verifiedLow
8XXX.XX.XXX.XXXxxxxxxxxxxx.xxxxxxxxx.xxxXxxx04/08/2022verifiedLow
9XXX.XXX.XX.XXXxxx04/08/2022verifiedLow

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
2TXXXX.XXXCAPEC-XXXCWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
3TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileadmin.phppredictiveMedium
2Fileapi_poller.phppredictiveHigh
3Argumentxxxxxxxx xxxx/xxx xxxx/xxxxx xxxx/xxxxxxx/xxxx/xxxxx/xxxxxx/xxxxx xx xxxxx/xxx xxxx/xxx xxxxxx/xxxx xxxx/xxx/xxxxx/xxxxxpredictiveHigh
4ArgumentxxpredictiveLow
5Argumentxxxxxxxxxxxx[]predictiveHigh
6Argumentxxxx/xxxxxxxx+xxpredictiveHigh
7Argumentxxxxxx xxxxxxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!