Djvu Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (340)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en316
es18
fr4
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA328
IR: Iran4
AR: Argentina4
MX: Mexico2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Djvu2
LokiBot2
AgentTesla1
Tofsee1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined76
Operating System46
Web Browser22
Programming Language Software16
Image Processing Software16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined86
Microsoft62
Cisco28
IBM20
Linux10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows36
ImageMagick14
Linux Kernel10
Microsoft Internet Explorer8
Microsoft .NET Framework6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Microsoft .NET Framework Code Access Security cryptographic issues9.89.8$5k-$25k$0-$5kNot definedNot defined 0.277600.00CVE-2008-5100
2Microsoft IIS uncpath cross site scripting5.25.0$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.013870.06CVE-2017-0055
3Microsoft .NET Framework Username Parser access control8.87.9$5k-$25k$0-$5kProof-of-ConceptOfficial fixexpected0.866320.04CVE-2011-3416
4Cisco Wireless LAN Controller IPv6 UDP Ingress input validation6.46.3$5k-$25k$0-$5kNot definedOfficial fix 0.004100.04CVE-2016-9219
5Cisco Mobility Express 2800/Mobility Express 3800 802.11 Ingress Packet resource management4.34.1$0-$5k$0-$5kNot definedOfficial fix 0.001080.00CVE-2016-9220
6Cisco Mobility Express 2800/Mobility Express 3800 802.11 Ingress Connection Authentication resource management4.34.1$0-$5k$0-$5kNot definedOfficial fix 0.003940.04CVE-2016-9221
7Google Chrome Index DB use after free6.36.0$25k-$100k$5k-$25kNot definedOfficial fix 0.002280.08CVE-2022-1853
8Microsoft Windows Malware Protection Service memory corruption8.87.9$100k and more$0-$5kProof-of-ConceptOfficial fixexpected0.897350.00CVE-2017-0290
9PHP unserialize use after free7.36.4$25k-$100k$0-$5kUnprovenOfficial fix 0.000000.08
10Linux Kernel UDP Packet udp.c security check8.58.4$5k-$25k$0-$5kNot definedOfficial fix 0.012910.06CVE-2016-10229
11WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.088390.04CVE-2017-5611
12Oracle Traffic Director NSS information disclosure5.05.0$5k-$25k$0-$5kNot definedOfficial fix 0.003130.00CVE-2018-0495
13Cryout Creations Serious Slider Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot definedNot defined 0.001590.00CVE-2024-33650
14Infinera hiT 7300 SSH Service hard-coded credentials8.88.8$0-$5k$0-$5kNot definedNot defined 0.000560.00CVE-2024-28812
15ZKTeco ZEM800 Backup File authorization5.75.7$0-$5k$0-$5kNot definedNot defined 0.000070.00CVE-2023-4587
16Campcodes Complete Web-Based School Management System show_student1.php sql injection6.76.5$0-$5k$0-$5kProof-of-ConceptNot defined 0.000810.00CVE-2024-4906
17Mozilla Focus Javascript URI cross site scripting6.26.1$5k-$25k$0-$5kNot definedOfficial fix 0.004730.05CVE-2024-1563
18Exim Configuration File access control8.17.9$0-$5k$0-$5kAttackedOfficial fixverified0.117040.07CVE-2010-4345
19nginx request smuggling6.96.9$0-$5k$0-$5kNot definedNot defined 0.000000.11CVE-2020-12440
20AngularJS merge input validation7.47.2$0-$5k$0-$5kNot definedOfficial fix 0.004310.02CVE-2019-10768

IOC - Indicator of Compromise (22)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
12.180.10.7Djvu05/30/2023verifiedMedium
249.12.115.154static.154.115.12.49.clients.your-server.deDjvu05/30/2023verifiedLow
358.235.189.192Djvu05/30/2023verifiedMedium
495.158.162.200Djvu05/30/2023verifiedMedium
5116.202.7.239static.239.7.202.116.clients.your-server.deDjvu05/30/2023verifiedLow
6XXX.XXX.XXX.XXXXxxx05/30/2023verifiedMedium
7XXX.XXX.XXX.XXXxxx05/30/2023verifiedMedium
8XXX.X.XXX.XXXxxxxxxxxxxx-xxx.xxxxxxxx.xxx-xxxxxxx.xxxXxxx05/30/2023verifiedLow
9XXX.XXX.XX.XXXXxxx05/30/2023verifiedMedium
10XXX.XXX.XXX.XXxxx05/30/2023verifiedMedium
11XXX.XXX.XXX.XXXxxx05/30/2023verifiedMedium
12XXX.XXX.XX.XXXxxx05/30/2023verifiedMedium
13XXX.XXX.XX.XXXxxx-xxx-xxx-xx-xxx-xxx.xxxx-xxxxxxxxx.xxx.xxXxxx05/30/2023verifiedVery Low
14XXX.XXX.XX.XXxxx05/30/2023verifiedMedium
15XXX.XXX.XXX.XXXxxx-xxxxxxxxxxxx.xxx.xxxxxxxxx.xxxXxxx05/30/2023verifiedLow
16XXX.XXX.XX.Xxxxxx.xxx-xxx-xx.xxxxxxx.xxx.xxXxxx05/30/2023verifiedMedium
17XXX.XXX.XX.XXXxxx-xxx-xxx-xx-xxx-xxx.xxxx-xxxxxxxxx.xxx.xxXxxx05/30/2023verifiedVery Low
18XXX.XXX.XX.XXXxxx05/30/2023verifiedMedium
19XXX.XX.XX.XXXXxxx05/30/2023verifiedMedium
20XXX.XX.XX.XXXxxx05/30/2023verifiedMedium
21XXX.XXX.XX.XXXXxxx05/30/2023verifiedMedium
22XXX.XXX.XXX.XXXXxxx05/30/2023verifiedMedium

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXX.XXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
18TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (121)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/kerbynetpredictiveHigh
2File/cgi-bin/supervisor/CloudSetup.cgipredictiveHigh
3File/domain/addpredictiveMedium
4File/etc/sudoerspredictiveMedium
5File/index.php/weblinks-categoriespredictiveHigh
6File/plainpredictiveLow
7File/show_group_members.phppredictiveHigh
8File/uncpath/predictiveMedium
9File/view/show_student1.phppredictiveHigh
10File/web/google_analytics.phppredictiveHigh
11Filearchive_endian.hpredictiveHigh
12Filebmp.cpredictiveLow
13Filecgi-bin/jc.cgipredictiveHigh
14Filechecklogin.phppredictiveHigh
15Filexxx.xxxpredictiveLow
16Filexxxxxx/xxx.xpredictiveMedium
17Filexxxxxx/xxx.xpredictiveMedium
18Filexxxxxx\xxxx.xpredictiveHigh
19Filexxxx\xxxxxxxxxxxxxxpredictiveHigh
20Filexxxxxxxx_xxxxxxxxx_xxxxx.xxxpredictiveHigh
21Filexxxxxxx/xxx/xxx/xxxxxx/xxxxxx_xxxxxxx.xpredictiveHigh
22Filexxxxxxx/xxx/xxx-xxxxxxx.xpredictiveHigh
23Filexxxxxxx/xxxxx/xxx/xxxxxxx/xxxxxxx-xxx.xpredictiveHigh
24Filexxxxxxx/xxx/xxxxxx.xpredictiveHigh
25Filexxxxxxx/xxxxxxxxx/xxxx.xpredictiveHigh
26Filexxxxxxx.xxxpredictiveMedium
27Filexx_xxxxxxx.xpredictiveMedium
28Filexxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexxx.xpredictiveLow
30Filexxxx.xpredictiveLow
31Filexx/xxxxxxxx/xxxx.xpredictiveHigh
32Filexx/xxxx/xxxxx.xpredictiveHigh
33Filexxxxxx.xxxpredictiveMedium
34Filexxxx/.xxxxxxxxxxxxxxxpredictiveHigh
35Filexxx/xxx/xxx.xxxpredictiveHigh
36Filexxxxx.xxxpredictiveMedium
37Filexxxxxxx/xxxxx.xxxpredictiveHigh
38Filexxxxxxxxx.xxxpredictiveHigh
39Filexxxx.xxxx.xxxxx.xxxxxxx.xxxxxxxpredictiveHigh
40Filexxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
41Filexxxxxx/xxxxxx/xxxx.xpredictiveHigh
42Filexxxx/xxxx/x_xxxxx.xpredictiveHigh
43Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
44Filexxxxx-xxxxx/xx-xxxxxx.xpredictiveHigh
45Filexxxxxxxx/xxxxxxxx.xpredictiveHigh
46Filexxx.xpredictiveLow
47Filexxx/xxx_xxxxxx/xxx_xxxxxx_xxxxxx.xpredictiveHigh
48Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictiveHigh
49Filexxx/xxxx/xxxx.xpredictiveHigh
50Filexxx/xxx/xx_xxx.xpredictiveHigh
51Filexxx/xxx/xxxxxxx.xpredictiveHigh
52Filexxx/xxxxx/xxx_xxx.xpredictiveHigh
53Filexxx/xxxxxx/xxx.xpredictiveHigh
54Filexxx/xxxxxxx.xpredictiveHigh
55Filexxxxxx_xxx.xpredictiveMedium
56Filexxxxxxx/xxxx-xxxxxx.xpredictiveHigh
57Filexxxxxxx.xxxpredictiveMedium
58Filexxxx.xpredictiveLow
59Filexxx/xxxx.xpredictiveMedium
60Filexxxxxxxx.xpredictiveMedium
61Filexx_xxxx.xpredictiveMedium
62Filexxxxxxxx/xxxxxxxx/xxx.xpredictiveHigh
63Filexxxx_xxxxxx.xxpredictiveHigh
64Filexxx.xpredictiveLow
65Filexxx.xpredictiveLow
66Filexxxxxxxx/xxxxxxx.xpredictiveHigh
67Filexxx.xpredictiveLow
68Filexxxxxx.xxxpredictiveMedium
69Filexxxxxxxxx.xxxxxpredictiveHigh
70Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
71Filexxx_xxxx.xxxpredictiveMedium
72Filexxxx/xxxx_xxxxxxxxx.xpredictiveHigh
73Filexxxx/xxxx_xxxxxx.xpredictiveHigh
74Library/xxx/xxxx/xxxxx.x/xx-xxxx-xxxxxxx.xxxxxpredictiveHigh
75Library/xxx/xxx/xxxx/predictiveHigh
76Libraryxxxxxxxxxxxx_xxx.xxxpredictiveHigh
77Libraryxxxxxxxx.xxxpredictiveMedium
78Libraryxxxxxx.xxxpredictiveMedium
79Libraryxxx/xxx_xxxx_xxxxxx.xpredictiveHigh
80Libraryxxxxxx.xxxpredictiveMedium
81Libraryxxxxxxxx.xxxpredictiveMedium
82Libraryxx_xxxx.x/xxx_xxxx.x/xx_xxx.xpredictiveHigh
83Libraryxxxxx.xxxpredictiveMedium
84Libraryxxxxxx.xxxpredictiveMedium
85ArgumentxxxxxxxxxxxxxxxpredictiveHigh
86ArgumentxxxpredictiveLow
87Argumentxxxxx_xxpredictiveMedium
88ArgumentxxxxxxxxxxpredictiveMedium
89ArgumentxxxpredictiveLow
90ArgumentxxxxxxpredictiveLow
91ArgumentxxxxxxxpredictiveLow
92ArgumentxxxpredictiveLow
93ArgumentxxxxxpredictiveLow
94ArgumentxxxxpredictiveLow
95ArgumentxxpredictiveLow
96ArgumentxxxxxxxpredictiveLow
97Argumentxxxxxxx xxxxpredictiveMedium
98Argumentxxxx_xxxxpredictiveMedium
99ArgumentxxxxpredictiveLow
100ArgumentxxxxxxpredictiveLow
101ArgumentxxxxxxxxpredictiveMedium
102ArgumentxxxxxxxxpredictiveMedium
103ArgumentxxxxxxxxpredictiveMedium
104ArgumentxxxxxxpredictiveLow
105ArgumentxxxxxxxxxxxxxxxpredictiveHigh
106ArgumentxxpredictiveLow
107ArgumentxxxxxxxxxpredictiveMedium
108ArgumentxxxxxxxxpredictiveMedium
109ArgumentxxxxxxxxpredictiveMedium
110Input Value%xx%xxxxx%xx/xxx/xxxxxx%xx%xxpredictiveHigh
111Input Value' xx 'x'='xpredictiveMedium
112Input Valuex%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xxpredictiveHigh
113Input ValuexxxxxxpredictiveLow
114Input Value<xxxxxx>xxxxx(xxxxxxxx. xxxxxx)</xxxxxx>predictiveHigh
115Input ValuexxpredictiveLow
116Pattern|xx|xx|xx|predictiveMedium
117Network Portxxx/xx (xxxxxx)predictiveHigh
118Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh
119Network PortxxxpredictiveLow
120Network Portxxx/xxx (xxx)predictiveHigh
121Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!