DePriMon Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (292)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en262
es10
zh10
fr6
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA150
CN: China62
TR: Turkey6
RU: Russia6
CE: Chechnya6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike13
NetSupportManager RAT13
Raccoon10
RecordBreaker9
SideWinder8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined98
Content Management System22
WordPress Plugin16
Firewall Software12
Groupware Software10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined80
IBM16
Microsoft12
Linux8
Siemens6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel8
WordPress6
Microsoft Exchange Server6
QNAP QTS6
Siemens SPPA-T3000 Application Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009701.23CVE-2010-0966
2Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot definedOfficial fix 0.003820.04CVE-2013-5033
3Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow8.88.6$0-$5k$0-$5kNot definedOfficial fix 0.007510.00CVE-2021-3056
4WordPress sql injection6.86.7$5k-$25k$0-$5kNot definedOfficial fix 0.067480.04CVE-2022-21664
5VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5k$0-$5kNot definedOfficial fix 0.012560.04CVE-2019-13275
6OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial fixpossible0.920080.46CVE-2016-6210
7Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
8DeDeCMS list.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptNot defined 0.003350.00CVE-2011-5200
9Linksys WRT54GL Web Management Interface SysInfo1.htm information disclosure4.34.1$0-$5k$0-$5kProof-of-ConceptNot defined 0.000780.00CVE-2024-1406
10Teclib GLPI unlock_tasks.php sql injection8.58.5$0-$5k$0-$5kNot definedOfficial fix 0.870370.04CVE-2019-10232
11Sophos Firewall User Portal/Webadmin improper authentication9.09.0$0-$5k$0-$5kHighNot definedverified0.944230.03CVE-2022-1040
12CutePHP CuteNews index.php unrestricted upload7.56.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.677710.05CVE-2019-11447
13WordPress Object injection5.35.2$5k-$25k$0-$5kNot definedOfficial fix 0.005060.08CVE-2022-21663
14Microsoft Windows Active Directory Domain Services certificate validation8.88.3$25k-$100k$0-$5kHighOfficial fixverified0.913520.00CVE-2022-26923
15QNAP QTS Media Library access control8.58.2$0-$5k$0-$5kHighOfficial fixpossible0.521750.02CVE-2017-13067
16Veritas NetBackup pbx_exchange Process access control8.38.1$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.002410.03CVE-2017-6407
17XenForo privileges management8.67.9$0-$5k$0-$5kNot definedOfficial fix 0.000000.00
18Linux Kernel HugeTLB Page hugetlbfs_fill_super null pointer dereference6.66.6$0-$5k$0-$5kNot definedNot defined 0.000600.05CVE-2024-0841
19Linux Kernel netfilter nf_reject_ip6_tcphdr_put uninitialized resource6.76.6$5k-$25k$0-$5kNot definedOfficial fix 0.003240.46CVE-2024-47685
20Liferay Portal ommand absolute path traversal8.48.2$0-$5k$0-$5kProof-of-ConceptNot defined 0.443330.06CVE-2021-33990

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.226.168.124124.168.226.5.techserverdns.comDePriMon05/31/2021verifiedLow
246.151.212.201call3.viber-marketing.netDePriMon05/31/2021verifiedLow
3XX.XXX.XXX.XXXxxxx-xx-xxx-xxx-xxx.xxxxxxxxx.xxxXxxxxxxx05/31/2021verifiedLow
4XX.XXX.XXX.XXxxxxx.xxxxxxxxxxx.xxxXxxxxxxx05/31/2021verifiedLow
5XXX.XX.XX.XXxxxxxx.xxxxxxxx.xxx.xxXxxxxxxx05/31/2021verifiedLow
6XXX.XX.XX.XXXXxxxxxxx05/31/2021verifiedLow
7XXX.XXX.XX.XXxx-xxxx.xxxxxxxxx.xxxXxxxxxxx05/31/2021verifiedVery Low
8XXX.XXX.XX.XXXXxxxxxxx05/31/2021verifiedLow
9XXX.X.XXX.XXXXxxxxxxx05/31/2021verifiedLow

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23, CWE-37Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-XCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
18TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (127)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/api/RecordingList/DownloadRecord?file=predictiveHigh
3File/apply.cgipredictiveMedium
4File/apply/index.phppredictiveHigh
5File/cgi-bin/cstecgi.cgipredictiveHigh
6File/include/file.phppredictiveHigh
7File/netflow/jspui/editProfile.jsppredictiveHigh
8File/php/ping.phppredictiveHigh
9File/rapi/read_urlpredictiveHigh
10File/scripts/unlock_tasks.phppredictiveHigh
11File/SysInfo1.htmpredictiveHigh
12File/sysinfo_json.cgipredictiveHigh
13File/system/dictData/loadDictItempredictiveHigh
14File/system/user/modules/mod_users/controller.phppredictiveHigh
15File/xxxx/xxx/xxxxxxx/xxx_xxxxxx.xxxpredictiveHigh
16File/xx-xxxxx/xxxxx-xxxx.xxx?xx_xxxx=x&xxxxxx_xxxxpredictiveHigh
17Filexxxxx/xxxxxx_xxxxxx_xxxxxxx/xxxxx-xxx-xxxxx.xxxpredictiveHigh
18Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
19Filexxxxxxx/xxxx.xxxpredictiveHigh
20Filexxxxxx/xxxxxxx/xxxx/xxxxx.xxxpredictiveHigh
21Filexxx-xxx/xxxxx_xxx_xxxpredictiveHigh
22Filexxxxx/xxxxx/xxxxx_xxxx.xxxpredictiveHigh
23Filexxxxxx/xxx.xpredictiveMedium
24Filexxxxxxx=xxxxxxxxxx&xxxx=xxxx&xxxxxxxxxxxxx=/predictiveHigh
25Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
26Filexxxxxxxxx.xxx.xxxpredictiveHigh
27Filexxxxx/xxxxx.xxxpredictiveHigh
28Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexxxx_xxxxx.xxxpredictiveHigh
30Filexxxxx.xxxpredictiveMedium
31Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
32Filexx/xx-xx.xpredictiveMedium
33Filexxx/xxxx_xxxx.xpredictiveHigh
34Filexxxxxx/xxxxxxxxxxxpredictiveHigh
35Filexxxx_xxxxxx.xpredictiveHigh
36Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
37Filexxxx/xxxxxxx.xpredictiveHigh
38Filexxx/xxxxxx.xxxpredictiveHigh
39Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
40Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
41Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveHigh
42Filexxxxxxxx/xxxxxxx.xxxpredictiveHigh
43Filexxxxx.xxxpredictiveMedium
44Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
45Filexxxxxxxxxx.xxxpredictiveHigh
46Filexxxxxx.xpredictiveMedium
47Filexxxxxxxxxx.xxxpredictiveHigh
48Filexxxxxx_xxxx_xxxxxxx.xxxpredictiveHigh
49Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
50Filexxxxx.xxxpredictiveMedium
51Filexxxx.xxxpredictiveMedium
52Filexx.xpredictiveLow
53Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
54Filexxx/xxx.xxxpredictiveMedium
55Filexxx/xxxxxx.xpredictiveMedium
56Filexxx%xx.xxxpredictiveMedium
57Filexxxxxx.xpredictiveMedium
58Filexxxx.xxxpredictiveMedium
59Filexxxxx.xxxpredictiveMedium
60Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
61Filexxx.xxxpredictiveLow
62Filexxxxxxxxxxx.xxxpredictiveHigh
63Filexxxxxxxx.xxxpredictiveMedium
64Filexxxx.xxxpredictiveMedium
65Filexxxxx/xxxxx.xxxpredictiveHigh
66Filexxxxx.xxxpredictiveMedium
67Filexxxxxxxx.xxxpredictiveMedium
68Filexxxx.xxxxxxxx.xxxpredictiveHigh
69Filexxxxxxxxx.xxxpredictiveHigh
70Filexxxxxxxxx.xxxpredictiveHigh
71Filexxxxxxxx.xxpredictiveMedium
72FilexxxxxxxxxxpredictiveMedium
73Filexxxxxxx/xxxxx.xxxpredictiveHigh
74Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
75Libraryxxxxx.xxxpredictiveMedium
76Libraryxxxxxxx.xxxpredictiveMedium
77ArgumentxxxxpredictiveLow
78ArgumentxxxxxxpredictiveLow
79Argumentxxxxxxx_xxxxpredictiveMedium
80ArgumentxxxxxpredictiveLow
81Argumentxxxxxx_xxxxpredictiveMedium
82ArgumentxxxxxxxxpredictiveMedium
83ArgumentxxxpredictiveLow
84ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
85ArgumentxxxxxpredictiveLow
86Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
87Argumentxxxxxx_xxpredictiveMedium
88ArgumentxxxxxpredictiveLow
89ArgumentxxxxpredictiveLow
90ArgumentxxxxpredictiveLow
91ArgumentxxxxxxxxpredictiveMedium
92ArgumentxxxxxxpredictiveLow
93ArgumentxxxxpredictiveLow
94ArgumentxxxxxxxxxpredictiveMedium
95ArgumentxxxxpredictiveLow
96ArgumentxxpredictiveLow
97Argumentxxxxxxxx[xx]predictiveMedium
98ArgumentxxxpredictiveLow
99ArgumentxxxpredictiveLow
100ArgumentxxxxxxxpredictiveLow
101Argumentxxx_xxxxpredictiveMedium
102ArgumentxxxxxxxxpredictiveMedium
103ArgumentxxxxxxxpredictiveLow
104Argumentxxxxxxx/xxxxxpredictiveHigh
105ArgumentxxxxxxxxxxpredictiveMedium
106Argumentxxxxxx_xxxpredictiveMedium
107Argumentxxxxxxxxx/xxxpredictiveHigh
108Argumentxxxx_xxpredictiveLow
109Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
110ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
111Argumentxxxx_xxpredictiveLow
112ArgumentxxxpredictiveLow
113ArgumentxxxxpredictiveLow
114ArgumentxxxxxxxxpredictiveMedium
115ArgumentxxxxxxxxpredictiveMedium
116Argumentxxxx/xx/xxxx/xxxpredictiveHigh
117Input Value.%xx.../.%xx.../predictiveHigh
118Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
119Input Valuexxxxxxx -xxxpredictiveMedium
120Input ValuexxxxxxxxxxpredictiveMedium
121Network PortxxxxpredictiveLow
122Network PortxxxxpredictiveLow
123Network Portxxxx xxxxpredictiveMedium
124Network Portxxx/xxxpredictiveLow
125Network Portxxx/xxxpredictiveLow
126Network Portxxx/xxxxpredictiveMedium
127Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!