DEV-1084 Analysisinfo

IOB - Indicator of Behavior (281)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en264
zh8
fr2
es2
ar2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel50
Xen14
Mozilla Firefox12
Mozilla Firefox ESR10
Palo Alto PAN-OS8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1jeecg-boot check sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000700.00CVE-2023-41543
2PHP Jabbers Appointment Scheduler preview.php cross site scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000630.03CVE-2023-36126
3SAP NetWeaver Application Server ABAP and ABAP Platform unrestricted upload9.29.0$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000430.03CVE-2024-33006
4Joomla sql injection6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001420.04CVE-2022-23797
5Dahua Smart Park Management devicePoint_addImgIco unrestricted upload7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.044450.05CVE-2023-3836
6Zoom Client for Meetings buffer overflow7.37.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.003520.00CVE-2021-34423
7phpMyAdmin grab_globals.lib.php path traversal4.84.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.015980.12CVE-2005-3299
8jQuery html cross site scripting6.25.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.023020.04CVE-2020-11023
9Xen denial of service5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2020-25597
10Xen PCI Passthrough backdoor7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2020-25595
11Xen Timer Migration race condition4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.03CVE-2020-25604
12Xen RCU denial of service5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2020-25598
13Linux Kernel DAX Huge Page memory corruption6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000540.00CVE-2020-10757
14Linux Kernel VFIO PCI Driver exceptional condition6.46.4$5k-$25k$0-$5kNot DefinedNot Defined0.000470.00CVE-2020-12888
15Linux Kernel af9005.c af9005_identify_state resource consumption6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.004000.03CVE-2019-18809
16MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013021.10CVE-2007-0354
17LotusCMS Fraise index.php path traversal5.65.6$0-$5k$0-$5kHighNot Defined0.509400.08CVE-2011-0518
18Zimbra Collaboration Suite zmmailboxdmgr exceptional condition7.87.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-27442
19ESRI ArcGIS path traversal6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.002400.07CVE-2022-38202
20Smart Office Main.aspx weak password3.73.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-3735

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.56.162.111lendflower.asherpath.comDEV-108404/09/2023verifiedHigh
245.86.230.20mta0.officeportal-centers.gqDEV-108404/09/2023verifiedHigh
346.249.35.243uhteronia.xyzDEV-108404/09/2023verifiedHigh
4XXX.XXX.XXX.XXXXxx-xxxx04/09/2023verifiedHigh
5XXX.XX.XX.XXXxxxx.xxxxxxxxxxxxx.xxxXxx-xxxx04/09/2023verifiedHigh
6XXX.XX.XXX.XXXxx-xxxx04/09/2023verifiedHigh
7XXX.XX.XXX.XXXxxxx.xxxxxxxxxxxx.xxxXxx-xxxx04/09/2023verifiedHigh
8XXX.XX.XXX.XXXxxx.xxxxxxxx.xxxXxx-xxxx04/09/2023verifiedHigh
9XXX.XXX.X.XXXxx-xxxx04/09/2023verifiedHigh
10XXX.XXX.XX.Xxxxxxxxxxxxx.xxxxxxxxxxx.xxxxxxx.xxXxx-xxxx04/09/2023verifiedMedium
11XXX.XX.XXX.XXXxx-xxxx04/09/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (83)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/emap/devicePoint_addImgIco?hasSubsystem=truepredictiveHigh
2File/forum/away.phppredictiveHigh
3File/oauth/idp/.well-known/openid-configurationpredictiveHigh
4File/rukovoditel/index.php?module=dashboard/ajax_requestpredictiveHigh
5File/searchpredictiveLow
6File/sys/replicate/checkpredictiveHigh
7File/wordpress/wp-admin/options-general.phppredictiveHigh
8Fileadclick.phppredictiveMedium
9Filearch/powerpc/kernel/entry_64.SpredictiveHigh
10Fileauth2-gss.cpredictiveMedium
11Filexxxxx-xxxx/xxxxxx.xpredictiveHigh
12Filexxxxx/xxx-xxxxxxx.xpredictiveHigh
13Filexxxxxxxx.xxxpredictiveMedium
14Filexxxx.xxxpredictiveMedium
15Filexxxxxxx.xxxpredictiveMedium
16Filexxxxxxx.xxxpredictiveMedium
17Filexxxxxxx/xxxx/xxxx/xxxx_xxxxxxxxxx.xpredictiveHigh
18Filexxxxxxx/xxxxxx/xxx/xxx-xxx.xpredictiveHigh
19Filexxxxxxx/xxx/xxx/xxx/xxxxxx/xxxxxx_xxx.xpredictiveHigh
20Filexxxxxxx/xxx/xxxxxx/xxxxxx.xpredictiveHigh
21Filexxxxxxx/xxx/xxx/xxxx_xxxxxx.xpredictiveHigh
22Filexxxxxxx/xxxxx/xxxxx.xpredictiveHigh
23Filexxxxxxx/xxxxx/xxx/xxxxxxx/xxxxxxx-xx.xpredictiveHigh
24Filexxxxxxx/xxxxx/xxxxxxxx/xxxxxpredictiveHigh
25Filexxxxxxx/xxxxx/xxx/xxx-xxx/xxxxxx.xpredictiveHigh
26Filexxxxxxx/xxxxx/xxx/xxxxx/xxxxxxx_xxx.xpredictiveHigh
27Filexxxxxxx/xxx/xxx/xxx/xx_xxx.xpredictiveHigh
28Filexxxxxxx/xxx/xxxxxxxx/xxxxx/xxxx/xxxx_xxxx.xpredictiveHigh
29Filexxxxxxx/xxx/xxxxx/xxxxxx/xx-xxxxxx.xpredictiveHigh
30Filexxxxxxx/xxx/xxxxxxxx/xxx/xxxxx/xxx_xxx.xpredictiveHigh
31Filexxxxxxx/xxx/xxxxxxxx/xxxxxxx/xxxxxxx/xxxx.xpredictiveHigh
32Filexxxxxxx/xxx/xxxxxxxx/xxxxxxx/xxxxxxx/xxx.xpredictiveHigh
33Filexxxxxxx/xxx/xxxxxxxx/xxxxxxx/xxxxxxx/xx.xpredictiveHigh
34Filexxxxxxx/xx/xxxxxxxx.xpredictiveHigh
35Filexxxxxxx/xxx/xxx-xx.xpredictiveHigh
36Filexxxxx.xxxpredictiveMedium
37Filexxxx/xxxxxxxxxx/xxxxxx-xxxxx.xpredictiveHigh
38Filexxxx/xxxxxxxxxx/xxxxxx-xxxxx.xpredictiveHigh
39Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
40Filexxxx\xxxxx\xxxxxxx\xxxxxxx\xxxxx\xxxx.xxxpredictiveHigh
41Filexxxxx.xxxxpredictiveMedium
42Filexxxxx.xxxpredictiveMedium
43Filexxxxxxxxxxxxx.xxxpredictiveHigh
44Filexxxxxxx.xpredictiveMedium
45Filexxxxxxxxx/xxxxxxx/xxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
46Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
47Filexxxxxxx.xxxpredictiveMedium
48Filexxx_xxxxx.xxxpredictiveHigh
49Filexxxx.xxxxpredictiveMedium
50Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveHigh
51Filexxx/xxxx/xxxxxx_xxx_xxxx.xpredictiveHigh
52Filexxx/xxx/xxx_xxxx.xpredictiveHigh
53Filexxxxxxx.xxxpredictiveMedium
54Filexxxxxxxx.xxpredictiveMedium
55Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
56Filexxx.xpredictiveLow
57Filexxxxxxxx.xxxpredictiveMedium
58Filexxxxx/xxxx/xxxxx.xpredictiveHigh
59Filexxx_xxx_xxxxx.xxxpredictiveHigh
60Filexxxxxxx.xxxxpredictiveMedium
61Filexxxx.xpredictiveLow
62Filexxxxxxxxxxxxxx.xxxxpredictiveHigh
63Filexxxx/xxxxxx.xpredictiveHigh
64FilexxxxxxxxxxxxxpredictiveHigh
65File~/xxxxxxxx/xxxxx/xxxxx-xx-xxxxxx-xxxxx-xxxx-xxxx.xxxpredictiveHigh
66File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxx.xxxpredictiveHigh
67Libraryxxxx/xxx/xxxxxx.xxxpredictiveHigh
68Libraryxxx/xxxxxxxxx.xxxxxx.xxx.xxxpredictiveHigh
69ArgumentxxxxxxxxpredictiveMedium
70Argumentxxxxxxx_xxxx_xxxxpredictiveHigh
71Argumentxxxxxx[xxxxxxx]/xxxxxx[xxxxx]predictiveHigh
72ArgumentxxxxxxpredictiveLow
73ArgumentxxxxxxpredictiveLow
74ArgumentxxpredictiveLow
75Argumentxxx_xxxx_xxxxpredictiveHigh
76Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictiveHigh
77Argumentxxxxxxx_xxpredictiveMedium
78Argumentxxxxxxx/xxxxxxxxxpredictiveHigh
79ArgumentxxxxxxpredictiveLow
80ArgumentxxxxxpredictiveLow
81ArgumentxxxxxxpredictiveLow
82Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
83Input Value"><xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!