Delf Analysis

IOB - Indicator of Behavior (15)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

pl14
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Delf2
Lazarus1
LokiBot1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined8
WordPress Plugin6
Programming Tool Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
Mike Rooijackers4
SoftradeWeb2
Apache2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

KaiOS6
Mike Rooijackers Recall Products4
SoftradeWeb SNC WP SMART CRM2
Apache Struts2
path-parse Package2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1path-parse Package Regular Expression splitPathRe denial of service5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.010.01018CVE-2021-23343
2Mike Rooijackers Recall Products admin.php Stored cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2020-25380
3Apache Struts File Upload permissions6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.010.01900CVE-2019-0233
4Ericsson RX8200 Reflected cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2020-22158
5SoftradeWeb SNC WP SMART CRM cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2020-25375
6AccessPress Themes WP Floating Menu cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2020-25378
7Mike Rooijackers Recall Products sql injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2020-25379
8KaiOS Email Application cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.060.00885CVE-2019-14756
9KaiOS Contacts Application cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2019-14757
10KaiOS File Manager cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2019-14758
11KaiOS Radio Application injection4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2019-14759
12KaiOS Recorder Application injection4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2019-14760
13KaiOS Note Application injection4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2019-14761
14Cacti Utility api_poller.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01974CVE-2013-1434
15Tubeace Tube Ace sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.030.01139CVE-2012-1029

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
150.63.202.36ip-50-63-202-36.ip.secureserver.netDelfverifiedHigh
252.5.103.164ec2-52-5-103-164.compute-1.amazonaws.comDelfverifiedMedium
3XX.XX.XXX.XXXxxx-xx-xx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxverifiedMedium
4XX.XX.XXX.XXxx-xx-xxx-xx.xxx.xxx.xxXxxxverifiedHigh
5XXX.XX.X.XXXXxxxverifiedHigh
6XXX.XXX.XXX.XXXXxxxverifiedHigh
7XXX.XXX.XXX.XXxx-xxx-xxx-xxx-xx.xx.xxxxxxxxxxxx.xxxXxxxverifiedHigh
8XXX.XX.XXX.XXXxxxxxxxxxxx.xxxxxxxxx.xxxXxxxverifiedHigh
9XXX.XXX.XX.XXXxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1055CWE-74InjectionpredictiveHigh
2TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
3TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
4TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileadmin.phppredictiveMedium
2Fileapi_poller.phppredictiveHigh
3Argumentxxxxxxxx xxxx/xxx xxxx/xxxxx xxxx/xxxxxxx/xxxx/xxxxx/xxxxxx/xxxxx xx xxxxx/xxx xxxx/xxx xxxxxx/xxxx xxxx/xxx/xxxxx/xxxxxpredictiveHigh
4ArgumentxxpredictiveLow
5Argumentxxxxxxxxxxxx[]predictiveHigh
6Argumentxxxx/xxxxxxxx+xxpredictiveHigh
7Argumentxxxxxx xxxxxxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!