DNSBirthday Analysis

IOB - Indicator of Behavior (240)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en140
es54
de28
fr8
it6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us188
ru48
io4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

MantisBT4
YaPIG2
SourceCodester Free Hospital Management System for ...2
Facebook WhatsApp2
Facebook WhatsApp Business2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2Void Contact Form 7 Widget for Elementor Page Builder Plugin void_cf7_opt_in_user_data_track cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000630.00CVE-2022-47166
3Facebook WhatsApp/WhatsApp Business/WhatsApp Desktop RTCP Flag Parser out-of-bounds6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001380.00CVE-2021-24043
4Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit cross site scripting3.23.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001270.08CVE-2018-25085
5Cisco IOS/IOS XE/Meraki/NX-OS/Small Business Switch IPv6 RA Guard/ARP Inspection authentication spoofing5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000620.04CVE-2021-27853
6Linux Kernel FXSAVE x87 Register cryptographic issues4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001010.05CVE-2006-1056
7SourceCodester Free and Open Source Inventory Management System Add Supplier cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.05CVE-2023-46450
8Cisco Common Services Platform Collector Web-based Management Interface cross site scripting5.25.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001360.00CVE-2022-20671
9Netentsec NS-ASG Application Security Gateway list_addr_fwresource_ip.php sql injection5.55.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000610.07CVE-2023-5681
10Tesla Model 3 Mobile App Phone Key Authentication authentication spoofing6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000470.04CVE-2022-37709
11Contec FXA3200 Wireless LAN Manager Interface mnt_cmd.cgi permission8.48.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000760.00CVE-2022-36158
12ramank775 Chat Server Access Token Validator this.authProvider.verifyAccessKey improper authentication8.28.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001930.00CVE-2022-31013
13Xoops URL Filter index.php redirect6.66.4$0-$5k$0-$5kNot DefinedNot Defined0.000620.04CVE-2017-12138
14MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.64CVE-2007-0354
15Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System login.aspx sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.08CVE-2023-5828
16SourceCodester Free Hospital Management System for Small Practices Parameter doctors.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.04CVE-2023-5587
17Sangfor Next-Gen Application Firewall HTTP POST Request login.cgi os command injection9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.046630.00CVE-2023-30806
18Dienstleistung, Entwicklung & Vertrieb GmbH cashIT Serving Solutions HTTP Endpoint routine9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.012290.00CVE-2023-3656
19SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002200.07CVE-2023-2090
20SourceCodester Food Ordering Management System POST Parameter router.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001700.05CVE-2022-3332

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1176.31.106.50ns392559.ip-176-31-106.euDNSBirthday05/31/2021verifiedHigh
2XXX.XXX.XXX.XXxxx-xxxx-xxxxxx.xxxxxxxx.xxxXxxxxxxxxxx05/31/2021verifiedHigh
3XXX.XXX.XX.XXXxxxxxxxxxx05/31/2021verifiedHigh
4XXX.XXX.XX.XXXxxxxxxxxxx05/31/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (47)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/list_addr_fwresource_ip.phppredictiveHigh
2File/admin/maintenance/view_designation.phppredictiveHigh
3File/cgi-bin/login.cgipredictiveHigh
4File/forum/away.phppredictiveHigh
5File/modules/profile/index.phppredictiveHigh
6File/probe?targetpredictiveHigh
7File/xxxxxxxxx.xxxxpredictiveHigh
8File/xxxxxxxx/xxx.xxxpredictiveHigh
9File/xxx/xxx/xx/xxx_xxx.xxxpredictiveHigh
10File/xx/xxxxx/xxxxxxx.xxxpredictiveHigh
11Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxx.xxxpredictiveMedium
13Filexxxx.xxxpredictiveMedium
14Filexxx-xxxxxx-xxx.xpredictiveHigh
15Filexxx-xxxxx.xxxpredictiveHigh
16Filexxx/xxxxxx.xxxpredictiveHigh
17Filexxxxx.xxxpredictiveMedium
18Filexxxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxx.xxxxpredictiveMedium
20Filexxxxx_xxxxxx_xxx.xxxpredictiveHigh
21Filexxxxx.xxxpredictiveMedium
22Filexxxxxxxx.xxxpredictiveMedium
23Filexxxxxxxxxx.xxxpredictiveHigh
24Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
25Filexxxxxx.xxxpredictiveMedium
26Filexxxxxxxxxxxxxxxxxxx.xxx/xxxxxxxx_xxxxx_xxxx_xxxxxxxx_xxxxxxxxxx.xxxpredictiveHigh
27Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
28Filexxxx-xxx-xxxxx-xxxxx.xxxpredictiveHigh
29Filexxxx.xxxpredictiveMedium
30Filexxxx_xxx_xxx_xxxx.xxxpredictiveHigh
31Libraryxxxxxxxx.xxxpredictiveMedium
32Argumentxxxxx xxxx xxxxpredictiveHigh
33ArgumentxxxxxxxxpredictiveMedium
34ArgumentxxxpredictiveLow
35Argumentxxxx_xxxxxxpredictiveMedium
36ArgumentxxxxpredictiveLow
37ArgumentxxpredictiveLow
38Argumentxxxxxxxx_xxxxpredictiveHigh
39ArgumentxxxxxxpredictiveLow
40Argumentxxxxxxx_xxpredictiveMedium
41ArgumentxxxxxxxxxxxxpredictiveMedium
42ArgumentxxxxxxpredictiveLow
43ArgumentxxxxxxxxxxxpredictiveMedium
44ArgumentxxxxpredictiveLow
45ArgumentxxxpredictiveLow
46ArgumentxxxxxxxxpredictiveMedium
47Input ValuexxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!