DownEx Analysisinfo

IOB - Indicator of Behavior (34)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en20
ru10
zh4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

MikroTik RouterOS4
Huawei E5186 4G LTE Router2
PHP2
VMware vCenter Server2
VMware Cloud Foundation2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1FusionPBX fax_send.php command injection7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001210.00CVE-2022-35153
2Dropbear TCP Listener double free7.26.8$0-$5k$0-$5kNot DefinedOfficial Fix0.004990.04CVE-2017-9078
3MikroTik RouterOS Winbox improper authentication8.28.0$0-$5k$0-$5kHighOfficial Fix0.973740.04CVE-2018-14847
4nginx SPDY memory corruption7.36.4$0-$5k$0-$5kUnprovenOfficial Fix0.037110.00CVE-2014-0133
5OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.106670.19CVE-2016-6210
6Adobe ColdFusion access control8.68.5$5k-$25k$0-$5kHighOfficial Fix0.963280.04CVE-2023-26360
7CloudPanel 2 File Manager improper authentication8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.331230.04CVE-2023-35885
8Chamilo LMS wsConvertPpt command injection7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.836280.03CVE-2023-34960
9PHP File Upload form-data Remote Code Execution8.87.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.932740.04CVE-2005-3390
10VMware vCenter Server/Cloud Foundation DCERPC Protocol uninitialized pointer8.78.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.002130.00CVE-2023-20892
11Huawei E5186 4G LTE Router DNS Query Packet input validation7.06.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.003250.00CVE-2015-8265
12PHP mysqli_real_escape_string integer overflow8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.009320.04CVE-2017-9120
13Juniper Web Device Manager Authentication hard-coded credentials9.89.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.00
14FusionPBX login.php cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001470.00CVE-2021-37524
15Microsoft Windows RPC DCOM PerformScmStage memory corruption5.65.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.966820.03CVE-2003-0605
16Microsoft Windows RPCSS memory corruption5.65.1$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.680840.03CVE-2003-0715
17MikroTik RouterOS SMB memory corruption8.58.4$0-$5k$0-$5kHighOfficial Fix0.822090.07CVE-2018-7445
18XiongMai uc-httpd memory corruption8.58.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.022010.04CVE-2018-10088
19MinIO Admin API authentication bypass9.08.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001160.03CVE-2020-11012
20phpMyAdmin Privileges.php sql injection7.17.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001430.04CVE-2020-10804

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
184.32.188.123DownEx03/20/2024verifiedVery High
2XXX.XX.XXX.XXXxxxxx03/20/2024verifiedVery High
3XXX.XXX.XXX.XXXXxxxxx03/20/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/fax/fax_send.phppredictiveHigh
2File/tmp/csman/0predictiveMedium
3File/WebMstr7/servlet/mstrWebpredictiveHigh
4Filex_xxxxxxxx_xxxxxpredictiveHigh
5Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
6Filexxxxxxxxx/xxxx-xxxxpredictiveHigh
7Filexxxxxxxxx/xxxxx.xxxpredictiveHigh
8Filexxxxxx.xxxpredictiveMedium
9Argumentxxxx_xxxpredictiveMedium
10Argumentx_xxxxxxxxpredictiveMedium
11ArgumentxxxxxxxxpredictiveMedium
12ArgumentxxxxpredictiveLow
13Argumentxxxxxxx[xxxx]predictiveHigh
14ArgumentxxxxxxxpredictiveLow
15Input Value../..predictiveLow
16Pattern|xx xx xx xx xx xx xx xx|predictiveHigh
17Pattern|xx xx xx|predictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!