Downeks Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (13)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA8
PW: Palau2
GB: Great Britain2
RU: Russia2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

APT281
Downeks1
Locky1
Exploit Kit1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined8
Database Administration Software2
Mail Server Software2
Forum Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined6
IBM2
Alt-N2
Juniper2
AnyMacro2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

phpMyAdmin2
IBM FileNet Workplace XT2
FUSE2
Alt-N MDaemon2
PunBB2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Alt-N MDaemon Worldclient injection4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.09CVE-2021-27182
2ABBYY FineReader License Server link following6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.04CVE-2019-20383
3FileZilla Server PORT confused deputy4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.13CVE-2015-10003
4FUSE fusermount access control6.56.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001340.06CVE-2018-10906
5AnyMacro AnyMacro Mail System path traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002480.00CVE-2011-2468
6IBM FileNet Workplace XT File Upload unrestricted upload7.57.5$5k-$25k$0-$5kNot DefinedNot Defined0.008980.00CVE-2016-8921
7phpMyAdmin import.php access control7.16.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.001470.03CVE-2013-4729
8OpenWrt/LEDE uhttpd cgi_handle_request Reflected cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000820.00CVE-2018-19630
9OpenWrt Access Control rpcd access control8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.002670.07CVE-2018-11116
10PunBB profile.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001620.05CVE-2005-1051
11Juniper Web Device Manager Authentication hard-coded credentials9.89.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.06
12PHP FastCGI Process Manager php-fpm.conf.in access control5.95.2$25k-$100k$0-$5kUnprovenOfficial Fix0.000450.00CVE-2014-0185
13phpMyAdmin server_privileges.lib.php cross site scripting6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.003060.00CVE-2016-2560

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1185.141.25.68Downeks12/23/2020verifiedLow

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/etc/config/rpcdpredictiveHigh
2Filecgi-bin/predictiveMedium
3Filexxxxxx.xxxpredictiveMedium
4Filexxx-xxx.xxxx.xxpredictiveHigh
5Filexxxxxxx.xxxpredictiveMedium
6Libraryxxxxxxxxx/xxxxxx_xxxxxxxxxx.xxx.xxxpredictiveHigh
7ArgumentxxxxxxxxxxxxxpredictiveHigh
8ArgumentxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!