Denonia Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en22
it11
zh7
de6
es6

Country

de78

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Serpico cross-site request forgery6.56.2$0-$5k$0-$5kProof-of-ConceptUnavailable0.06CVE-2019-19854
2TopManage OLK Session Cookie cross site scripting5.24.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.07CVE-2020-6845
3Serpico input validation5.34.9$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2019-19859
4Serpico Password Change insufficiently protected credentials6.45.9$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2019-19857
5LabVantage LIMS Database Name information disclosure5.34.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.00CVE-2020-7959
6Serpico list_user Stored cross site scripting3.63.4$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2019-19856
7CIMTechniques CIMScan SOAP WSDL Parser GetSqlData sql injection8.48.4$0-$5k$0-$5kHighNot Defined0.04CVE-2018-16803
8Serpico list_user Stored cross site scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2019-19855
9Jason2605 AdminPanel editPlayer.php sql injection8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-13433
10Serpico UID Stored cross site scripting3.63.4$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2019-19858
11QuickBox Pro cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-45281
12PHP Scripts Mall Citysearch Clone Script restaurants-details.php Reflected cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2019-6248
13WordPress Thumbnail input validation7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.03CVE-2018-1000773
14Automattic Jetpack sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.04CVE-2011-4673
15Apache Tomcat Servlets access control5.95.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2018-1305

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
1116.203.4.0static.0.4.203.116.clients.your-server.deDenoniaverifiedHigh
2XXX.XXX.XX.XXxxxxx.xxxx.xxxx.xxXxxxxxxverifiedHigh
3XXX.XX.XXX.XXx.xx.xxxxxxx.xxxXxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79Cross Site ScriptingpredictiveHigh
2TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
3TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxx Xx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileadmin/add_user/UIDpredictiveHigh
2Fileadmin/list_userpredictiveHigh
3Filexxxxxxxxxxxxx.xxx?xxxxxxxxxx=xxxpredictiveHigh
4Filexxxxxxxxxx.xxxpredictiveHigh
5Filexxxxxxxxxxx-xxxxxxx.xxxpredictiveHigh
6ArgumentxxxxxxpredictiveLow
7Argumentxxxx_xxxxpredictiveMedium
8ArgumentxxxxxxpredictiveLow
9ArgumentxxpredictiveLow
10ArgumentxxxxpredictiveLow
11ArgumentxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!