DEV-0322 Analysis

IOB - Indicator of Behavior (89)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en58
zh20
pl4
fr2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn48
us40

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Adobe Magento Commerce8
Symantec pcAnywhere4
MailEnable2
PostgreSQL2
shadowsocks-libev2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.89CVE-2007-0354
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
3VMware Horizon Client/Horizon Message Framework Library out-of-bounds6.46.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.003180.05CVE-2018-6970
4parisneo lollms-webui open_file command injection9.19.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.03CVE-2024-4267
5Atlassian Confluence Data Center Privilege Escalation8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.056030.05CVE-2024-21683
6D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection8.18.1$5k-$25k$0-$5kHighWorkaround0.934670.20CVE-2024-3273
7Sustainsys.Saml2 authentication bypass by alternate name6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.00CVE-2023-41890
8WeiYe-Jing datax-web HTTP POST Request killJob os command injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002560.05CVE-2023-7116
9cskefu permission6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.000840.04CVE-2022-36521
10Apple macOS AppleMobileFileIntegrity information disclosure3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.05CVE-2023-23499
11Tesla Model 3 Mobile App Phone Key Authentication authentication spoofing6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000470.00CVE-2022-37709
12SSH SSH-1 Protocol cryptographic issues7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002580.00CVE-2001-1473
13Laravel PendingBroadcast.php __destruct deserialization6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2022-31279
14EmdedThis GoAhead unrestricted upload5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.048430.00CVE-2021-42342
15Next.js URL denial of service6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.003740.04CVE-2021-43803
16Next.js _error.js redirect5.04.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000660.05CVE-2021-37699
17Swagger UI CSS injection7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.017410.04CVE-2019-17495
18OpenSSL c_rehash os command injection5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.106490.30CVE-2022-1292
19Hikvision Product Message command injection5.55.5$0-$5k$0-$5kHighNot Defined0.974830.05CVE-2021-36260
20HD-Network Real-time Monitoring System Parameter lang pathname traversal5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.054040.03CVE-2021-45043

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (42)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/log/killJobpredictiveHigh
2File/cgi-bin/nas_sharing.cgipredictiveHigh
3File/language/langpredictiveHigh
4Fileadmin/conf_users_edit.phppredictiveHigh
5Filec_rehashpredictiveMedium
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
7Filexxxxx.xxxpredictiveMedium
8Filexxxx.xxxpredictiveMedium
9Filexxxxxx/xxxxxxxxxxxxpredictiveHigh
10Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
11Filexxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxx_xxxxxxx.xxxpredictiveHigh
13Filexxxxxxx.xpredictiveMedium
14Filexxxxxxx.xxxpredictiveMedium
15Filexxxxx/_xxxxx.xxpredictiveHigh
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxxxx.xxxpredictiveMedium
18Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
19Filexxxxxxxx_xxxx.xxxpredictiveHigh
20Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
21Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
22Filexx/xxxxxxxxx/xxpredictiveHigh
23Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
24Filexxx/xxx-xxxxxxxxxx/xxxx-xxxxxx/xxxxxx.xxxpredictiveHigh
25Filexx-xxxxx.xxxpredictiveMedium
26Filexx/xx/xxxxxpredictiveMedium
27Argument--xxxxxx/--xxxxxxxxpredictiveHigh
28ArgumentxxxxxxxxxxpredictiveMedium
29Argumentxxxxx_xxxxxxpredictiveMedium
30ArgumentxxpredictiveLow
31ArgumentxxpredictiveLow
32ArgumentxxxxxpredictiveLow
33Argumentxxxxxxx_xxxpredictiveMedium
34ArgumentxxxxxxxxxpredictiveMedium
35Argumentxxxxxx_xxxpredictiveMedium
36ArgumentxxxxxxpredictiveLow
37Argumentx_xxxxxxxxpredictiveMedium
38Argumentxxxxxxx.xx-xxxxx-xxxxpredictiveHigh
39Input Value/../predictiveLow
40Input Value[]xxxxxx{}/x["xxx"]predictiveHigh
41PatternxxxxxxxxxxxpredictiveMedium
42Network Portxxx/xxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!