DPRK Analysis

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	712
zh	282
ja	6

Country

hk	1000

Actors

Indexsinas	1
RedEcho	1
DPRK	1

Activities

Interest

Timeline

Type

Not Defined	372
Operating System	62
Web Browser	36
Web Server	28
Firewall Software	24

Vendor

Not Defined	274
Microsoft	80
Apache	46
Adobe	34
Google	28

Product

Microsoft Windows	42
Tuxera ntfs-3g	24
Google Chrome	22
Apple iOS	16
Adobe Acrobat Reader	16

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	D-Link DIR-645 Interface Wireless command injection	9.8	8.8	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.04	0.07584	CVE-2015-2051
2	Symantec Gateway ipchange.php exec access control	8.8	8.4	$5k-$25k	$0-$5k	High	Official Fix	0.01	0.81590	CVE-2012-0297
3	Fortinet FortiOS/FortiProxy Administrative Interface authentication bypass	9.8	9.7	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	0.89292	CVE-2022-40684
4	Palo Alto PAN-OS GlobalProtect Portal stack-based overflow	9.8	9.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.01086	CVE-2021-3064
5	Apache Ambari pathname traversal	6.5	6.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.01	0.00885	CVE-2020-13924
6	OpenSSL AES OCB Mode missing encryption	5.6	5.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.01537	CVE-2022-2097
7	Cisco ASA/Firepower Threat Defense DNS Inspection resource consumption	8.0	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.01055	CVE-2022-20760
8	Apple iOS/iPadOS Kernel out-of-bounds write	7.8	7.5	$25k-$100k	$5k-$25k	High	Official Fix	0.00	0.01455	CVE-2022-32917
9	Microsoft Windows Support Diagnostic Tool Follina Remote Code Execution	7.3	7.1	$25k-$100k	$0-$5k	High	Workaround	0.04	0.69589	CVE-2022-30190
10	Apache Log4j Incomplete Fix CVE-2021-44228 deserialization	4.5	4.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.71951	CVE-2021-45046
11	Fortinet FortiOS sslvpnd heap-based overflow	9.8	9.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.11	0.01156	CVE-2022-42475
12	RainyGao DocSys ZIP File Decompression path traversal	5.5	5.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.00890	CVE-2022-4402
13	maku-boot Scheduled Task AbstractScheduleJob.java doExecute injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.00890	CVE-2022-4322
14	Oracle Communications Messaging Server Apache PDFBox denial of service	5.5	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.12	0.05242	CVE-2021-31812
15	Apache Shiro RequestDispatcher improper authentication	8.0	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.01246	CVE-2022-40664
16	nginx request smuggling	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	1.36	0.00000	CVE-2020-12440
17	Microsoft App Installer Privilege Escalation	7.1	6.2	$5k-$25k	$0-$5k	Unproven	Official Fix	0.01	0.01150	CVE-2021-43890
18	Apache Log4j JMSAppender deserialization	8.8	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.68637	CVE-2021-4104
19	Apache Tomcat HTTP Header request smuggling	7.3	7.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.07	0.05242	CVE-2021-33037
20	Microsoft Exchange Server Privilege Escalation	8.8	8.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00	0.31667	CVE-2021-42321

Campaigns (6)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (136)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Type	Confidence
1	5.62.56.160	r-160.56.62.5.ptr.avast.com	DPRK		verified	High
2	5.62.56.161	r-161.56.62.5.ptr.avast.com	DPRK		verified	High
3	5.62.56.162	r-162.56.62.5.ptr.avast.com	DPRK		verified	High
4	5.62.56.163	r-163.56.62.5.ptr.avast.com	DPRK		verified	High
5	5.62.61.64	r-64.61.62.5.ptr.avast.com	DPRK		verified	High
6	5.62.61.65	r-65.61.62.5.ptr.avast.com	DPRK		verified	High
7	5.62.61.66	r-66.61.62.5.ptr.avast.com	DPRK		verified	High
8	5.62.61.67	r-67.61.62.5.ptr.avast.com	DPRK		verified	High
9	14.140.116.172	14-140-116-172-sapient.com	DPRK	Hoplight	verified	High
10	21.252.107.198		DPRK	HOPLIGHT	verified	High
11	26.165.218.44		DPRK	HOPLIGHT	verified	High
12	45.33.2.79	li956-79.members.linode.com	DPRK	AppleJeus	verified	High
13	45.33.23.183	li977-183.members.linode.com	DPRK	AppleJeus	verified	High
14	45.42.151.0		DPRK		verified	High
15	45.42.151.11		DPRK		verified	High
16	45.42.151.12		DPRK		verified	High
17	45.42.151.13		DPRK		verified	High
18	45.42.151.14		DPRK		verified	High
19	45.56.79.23	li929-23.members.linode.com	DPRK	AppleJeus	verified	High
20	45.79.19.196	li1118-196.members.linode.com	DPRK	AppleJeus	verified	High
21	45.199.63.220		DPRK	AppleJeus	verified	High
22	46.36.203.81		DPRK		verified	High
23	46.36.203.82		DPRK		verified	High
24	47.206.4.145	static-47-206-4-145.srst.fl.frontiernet.net	DPRK	HOPLIGHT	verified	High
25	51.68.152.96	ns3122934.ip-51-68-152.eu	DPRK	BLINDINGCAN	verified	High
26	54.241.91.49	ec2-54-241-91-49.us-west-1.compute.amazonaws.com	DPRK	BLINDINGCAN	verified	Medium
27	57.73.224.0		DPRK		verified	High
28	70.224.36.194	adsl-70-224-36-194.dsl.sbndin.ameritech.net	DPRK	HOPLIGHT	verified	High
29	XX.XX.XXX.XX	xx-xxx-xx-xx.xxxxxxxxxx.xxxxxxxxxx.xxx.xx	Xxxx	Xxxxxxxx	verified	High
30	XX.XX.XXX.XXX	xxx-xxx-xx-xx.xxxxxxxxxx.xxxxxxxxxx.xxx.xx	Xxxx	Xxxxxxxx	verified	High
31	XX.XX.XXX.XXX	xxx.xx-xx-xxx.xxxxxxxxxx.xxx	Xxxx	Xxxxxxxx	verified	High
32	XX.XXX.XXX.X		Xxxx		verified	High
33	XX.XXX.XXX.XXX	xxxxx-xxx.xxxxxxx.xxxxxx.xxx	Xxxx	Xxxxxxxxx	verified	High
34	XX.XX.XX.XXX	xxx-xxx-xxx-xxx.xxx.xxxxxxxx.xxx	Xxxx	Xxxxxxxx	verified	High
35	XXX.XXX.XXX.XX	xxxxx-xxxxxx.xxxxxxxxxxxx.xxx	Xxxx	Xxxxxxxxx	verified	High
36	XXX.XXX.XX.XXX		Xxxx	Xxxxxxxxx	verified	High
37	XXX.XXX.XX.XX	xxxx.xxxxxxxx.xx.xx	Xxxx	Xxxxxxxx	verified	High
38	XXX.XXX.XXX.XXX		Xxxx	Xxxxxxxx	verified	High
39	XXX.XXX.XXX.X		Xxxx	Xxxxxxxx	verified	High
40	XXX.XX.XXX.XXX		Xxxx	Xxxxxxxx	verified	High
41	XXX.XXX.XXX.XXX	xxxx-xxxx-xxx.xxxx.xxx.xxx	Xxxx	Xxxxxxxx	verified	High
42	XXX.XXX.XXX.XXX		Xxxx	Xxxxxxxx	verified	High
43	XXX.XX.XXX.XX		Xxxx	Xxxxxxxxxxxx	verified	High
44	XXX.XXX.XXX.XX		Xxxx	Xxxxxxxxx	verified	High
45	XXX.XXX.XX.XXX	xxx-xxxxxxx.xxxxxxx.xxx	Xxxx	Xxxxxxxxx	verified	High
46	XXX.X.XXX.XX	xx.xxxxxxxxxxx.xx	Xxxx		verified	High
47	XXX.XX.X.X		Xxxx		verified	High
48	XXX.XX.XX.XXX		Xxxx		verified	High
49	XXX.XX.XX.XXX		Xxxx	Xxxxxxxxx	verified	High
50	XXX.XX.XXX.X		Xxxx		verified	High
51	XXX.XX.XXX.X		Xxxx		verified	High
52	XXX.XX.XXX.X		Xxxx		verified	High
53	XXX.XX.XXX.X		Xxxx		verified	High
54	XXX.XX.XXX.XX		Xxxx		verified	High
55	XXX.XX.XXX.XX		Xxxx		verified	High
56	XXX.XX.XXX.XX		Xxxx		verified	High
57	XXX.XX.XXX.XX	xxx.xxxx.xx	Xxxx		verified	High
58	XXX.XX.XXX.XX	xxx.xxxx.xx	Xxxx		verified	High
59	XXX.XX.XXX.XX		Xxxx		verified	High
60	XXX.XX.XXX.XX	xxxxxxx.xxx.xx	Xxxx		verified	High
61	XXX.XX.XXX.XX		Xxxx		verified	High
62	XXX.XX.XXX.XX		Xxxx		verified	High
63	XXX.XX.XXX.XX		Xxxx		verified	High
64	XXX.XX.XXX.XX		Xxxx		verified	High
65	XXX.XX.XXX.XX		Xxxx		verified	High
66	XXX.XX.XXX.XX		Xxxx		verified	High
67	XXX.XX.XXX.XX		Xxxx		verified	High
68	XXX.XX.XXX.XX		Xxxx		verified	High
69	XXX.XX.XXX.XX		Xxxx		verified	High
70	XXX.XX.XXX.XX		Xxxx		verified	High
71	XXX.XX.XXX.XX		Xxxx		verified	High
72	XXX.XX.XXX.XX		Xxxx		verified	High
73	XXX.XX.XXX.XX		Xxxx		verified	High
74	XXX.XX.XXX.XX		Xxxx		verified	High
75	XXX.XX.XXX.X		Xxxx		verified	High
76	XXX.XX.XXX.XX		Xxxx		verified	High
77	XXX.XX.XXX.XX		Xxxx		verified	High
78	XXX.XX.XXX.XX		Xxxx		verified	High
79	XXX.XX.XXX.XXX		Xxxx		verified	High
80	XXX.XX.XXX.X		Xxxx		verified	High
81	XXX.XX.XXX.X		Xxxx		verified	High
82	XXX.XX.XXX.XX	xxxx.xxxx-xx.xxx.xx	Xxxx		verified	High
83	XXX.XX.XXX.XX		Xxxx		verified	High
84	XXX.XX.XXX.XXX		Xxxx		verified	High
85	XXX.XX.XXX.X		Xxxx		verified	High
86	XXX.XX.XXX.XX		Xxxx		verified	High
87	XXX.XX.XXX.XX		Xxxx		verified	High
88	XXX.XX.XXX.XX	xxxx.xxxx.xxx.xx	Xxxx		verified	High
89	XXX.XX.XXX.XX	xxx.xxxx.xxx.xx	Xxxx		verified	High
90	XXX.XX.XXX.XXX		Xxxx		verified	High
91	XXX.XX.XXX.XXX		Xxxx	Xxxxxxxx	verified	High
92	XXX.XXX.XXX.XX	xx-xxx-xxx-xxx-xx.xx.xxxxxxxxxxxx.xxx	Xxxx	Xxxxxxxxx	verified	High
93	XXX.XXX.XXX.XX	xx-xxx-xxx-xxx-xx.xx.xxxxxxxxxxxx.xxx	Xxxx	Xxxxxxxxx	verified	High
94	XXX.XX.XXX.XXX		Xxxx		verified	High
95	XXX.XXX.XXX.XXX		Xxxx	Xxxxxxxxx	verified	High
96	XXX.XXX.XXX.XX	xxxxx.xxxx.xxx	Xxxx	Xxxxxxxxx	verified	High
97	XXX.XXX.X.XXX		Xxxx	Xxxxxxxx	verified	High
98	XXX.XX.XX.XX	xxxxxxxx.xx-xxx-xx-xx.xxx	Xxxx	Xxxxxxxxxxx	verified	High
99	XXX.XXX.XXX.XX		Xxxx	Xxxxxxxx	verified	High
100	XXX.XXX.XXX.XX	xxx-xx-xxx.xxx.xx.xx	Xxxx	Xxxxxxxx	verified	High
101	XXX.XX.XXX.XXX		Xxxx	Xxxxxxxxx	verified	High
102	XXX.XX.XXX.XXX		Xxxx	Xxxxxxxxx	verified	High
103	XXX.XX.XXX.XXX		Xxxx	Xxxxxxxxx	verified	High
104	XXX.XX.XXX.XXX		Xxxx	Xxxxxxxxx	verified	High
105	XXX.XX.XXX.XXX	xxxxx-xxx.xxxxxxx.xxxxxx.xxx	Xxxx	Xxxxxxxxx	verified	High
106	XXX.XXX.XX.XX	xxxxxxxxx-x.xxx-xxxxxxx.xxx	Xxxx	Xxxxxxxxx	verified	High
107	XXX.XXX.XX.XX		Xxxx	Xxxxxxxxx	verified	High
108	XXX.XX.XX.XX	xxx.xx.xx-xx.xxxxxxxxxxxxxxxxxxxx.xxx	Xxxx	Xxxxxxxxxxx	verified	High
109	XXX.XX.XXX.XX		Xxxx	Xxxxxxxxx	verified	High
110	XXX.XX.XX.XX	xxx-xx-xx-xx.xxx.xxxxxxxxxxx.xxx	Xxxx	Xxxxxxxxx	verified	High
111	XXX.XX.XXX.X		Xxxx		verified	High
112	XXX.XXX.XXX.XXX		Xxxx	Xxxxxxxxxxxx	verified	High
113	XXX.XXX.XXX.XXX		Xxxx	Xxxxxxxxxxxx	verified	High
114	XXX.XXX.XXX.XXX		Xxxx	Xxxxxxxxxxxx	verified	High
115	XXX.XXX.XXX.XXX		Xxxx	Xxxxxxxxxxxx	verified	High
116	XXX.XXX.XXX.XXX		Xxxx	Xxxxxxxxxxxx	verified	High
117	XXX.XXX.XXX.XXX		Xxxx	Xxxxxxxxxxxx	verified	High
118	XXX.XXX.XXX.XXX		Xxxx	Xxxxxxxxxxxx	verified	High
119	XXX.XXX.XXX.XXX		Xxxx	Xxxxxxxxxxxx	verified	High
120	XXX.XXX.XXX.XXX		Xxxx	Xxxxxxxxxxxx	verified	High
121	XXX.XXX.XXX.XXX		Xxxx	Xxxxxxxxxxxx	verified	High
122	XXX.XXX.XXX.XXX		Xxxx	Xxxxxxxxxxxx	verified	High
123	XXX.XXX.XXX.XXX		Xxxx	Xxxxxxxxxxxx	verified	High
124	XXX.XXX.XXX.XXX		Xxxx	Xxxxxxxxxxxx	verified	High
125	XXX.XXX.XXX.XXX		Xxxx	Xxxxxxxxxxxx	verified	High
126	XXX.XXX.XXX.XXX		Xxxx	Xxxxxxxxxxxx	verified	High
127	XXX.XXX.XXX.XXX		Xxxx	Xxxxxxxxxxxx	verified	High
128	XXX.XXX.XXX.XXX		Xxxx	Xxxxxxxxxxxx	verified	High
129	XXX.XXX.XXX.XXX		Xxxx	Xxxxxxxxxxxx	verified	High
130	XXX.XXX.XXX.XXX		Xxxx	Xxxxxxxxxxxx	verified	High
131	XXX.XXX.XXX.XXX		Xxxx	Xxxxxxxxxxxx	verified	High
132	XXX.XXX.XXX.XXX		Xxxx	Xxxxxxxxxxxx	verified	High
133	XXX.XXX.X.XX		Xxxx	Xxxxxxxx	verified	High
134	XXX.XXX.X.XXX		Xxxx	Xxxxxxxx	verified	High
135	XXX.XXX.XX.XXX	xxxxxx.xxxxxxx.xxx.xxx.xx	Xxxx	Xxxxxxxx	verified	High
136	XXX.XXX.XX.XXX		Xxxx	Xxxxxxxx	verified	High

TTP - Tactics, Techniques, Procedures (24)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CWE-21, CWE-22, CWE-23, CWE-24, CWE-425	Pathname Traversal	predictive	High
2	T1040	CWE-319	Authentication Bypass by Capture-replay	predictive	High
3	T1055	CWE-74	Injection	predictive	High
4	T1059	CWE-94, CWE-1321	Cross Site Scripting	predictive	High
5	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	High
6	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
7	TXXXX.XXX	CWE-XXX, CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx Xxxxxxxx	predictive	High
8	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxxxxxx	predictive	High
9	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
10	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
11	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
12	TXXXX	CWE-XXX	Xxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxx	predictive	High
13	TXXXX	CWE-XX, CWE-XX	Xxx Xxxxxxxxx	predictive	High
14	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	High
15	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx Xxxx	predictive	High
16	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
17	TXXXX.XXX	CWE-XXX	Xxxxxxxxx Xxxxxxxxx	predictive	High
18	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	High
19	TXXXX.XXX	CWE-XXX, CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
20	TXXXX.XXX	CWE-XXX	Xxxxxxxx	predictive	High
21	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx	predictive	High
22	TXXXX.XXX	CWE-XX	Xxxxxxxxxxxxx	predictive	High
23	TXXXX	CWE-XXX, CWE-XXX	X2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx Xxxxxxxxxx	predictive	High
24	TXXXX.XXX	CWE-XXX	Xxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (238)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/admin-panel1.php	predictive	High
2	File	/admin/academic/studenview_left.php	predictive	High
3	File	/admin/controller/JobLogController.java	predictive	High
4	File	/admin/login.php	predictive	High
5	File	/ad_js.php	predictive	Medium
6	File	/alerts/alertConfigField.php	predictive	High
7	File	/API/system/admins/session	predictive	High
8	File	/cgi-bin/ExportALLSettings.sh	predictive	High
9	File	/config/config.php	predictive	High
10	File	/context/%2e/WEB-INF/web.xml	predictive	High
11	File	/core/conditions/AbstractWrapper.java	predictive	High
12	File	/DataHandler/AM/AM_Handler.ashx	predictive	High
13	File	/DataHandler/HandlerAlarmGroup.ashx	predictive	High
14	File	/DataHandler/HandlerEnergyType.ashx	predictive	High
15	File	/DataHandler/Handler_CFG.ashx	predictive	High
16	File	/ECT_Provider/	predictive	High
17	File	/etc/passwd	predictive	Medium
18	File	/face-recognition-php/facepay-master/camera.php	predictive	High
19	File	/fuel/index.php/fuel/logs/items	predictive	High
20	File	/fuel/index.php/fuel/pages/items	predictive	High
21	File	/image_zoom.php	predictive	High
22	File	/include/config.cache.php	predictive	High
23	File	/index.php	predictive	Medium
24	File	/mkshop/Men/profile.php	predictive	High
25	File	/plugin/ajax.php	predictive	High
26	File	/proxy/	predictive	Low
27	File	/public/plugins/	predictive	High
28	File	/rest/api/2/search	predictive	High
29	File	/rest/api/latest/projectvalidate/key	predictive	High
30	File	/rom-0	predictive	Low
31	File	/xxxxxxx/xxxxxxxx.xxx	predictive	High
32	File	/xxx	predictive	Low
33	File	/xxxxxxx/	predictive	Medium
34	File	/xxxxxx	predictive	Low
35	File	/xxxxxxx/xxxx	predictive	High
36	File	/xxxxx/xxxxxxxxxxxxxx	predictive	High
37	File	xxxxxxxxxxxxxxxxxxx.xxxx	predictive	High
38	File	xxxxx.xxx	predictive	Medium
39	File	xxxxx/xxxxxxxxx.xxx	predictive	High
40	File	xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxx.xxx	predictive	High
41	File	xxx_xxxxxxx.xxx	predictive	High
42	File	xxxxxx.xxx	predictive	Medium
43	File	xxxxxx.x	predictive	Medium
44	File	xxxxxxxxxxxxxxxxxxx.xxxx	predictive	High
45	File	xxx_xxxx_xxxx.x	predictive	High
46	File	xxx.xxx	predictive	Low
47	File	xxx-xxxx.xxx	predictive	Medium
48	File	xxx/xxxxxxx.xx	predictive	High
49	File	xxxxxxx.xxx	predictive	Medium
50	File	xxxxxx_xxxxxxxx.x	predictive	High
51	File	xxxxxx_xxxxx.xx	predictive	High
52	File	xxxxxx.xxx	predictive	Medium
53	File	xxxxxx.xxx	predictive	Medium
54	File	xxxxxxx.x	predictive	Medium
55	File	xxxxxxxxx.xxxxxxx.xxx	predictive	High
56	File	xxxxxxxxxx/xxxx.xxx	predictive	High
57	File	xxxxxxx/xxxx.xxx	predictive	High
58	File	xxxxxx/xxxx/xxxxxxxx.x	predictive	High
59	File	xxxxxxx/xxx/xxx/xxx/xxxx_xxx.x	predictive	High
60	File	xxxxxxx/xxx/xxx_xxxxxxx.x	predictive	High
61	File	xxxxxxx/xxxxx/xxxxx/xxxxxxx.x	predictive	High
62	File	xx/xxxx/xxxxxx.x	predictive	High
63	File	xx/xxxxx/xxxxxxx.x	predictive	High
64	File	xxxx/xxxxxxx/xxxx/xxxxxxxxxxx/xxxxx.xxx	predictive	High
65	File	xxxx_xxxxxxx.xxx.xxx	predictive	High
66	File	x/x	predictive	Low
67	File	xxxxx.xxx	predictive	Medium
68	File	xxxxx.xxx/xxxxxxx/xxxxx/xxxxx	predictive	High
69	File	xxxxx.xxx/xxxxxxx/xxxxx/xxxxxxxxx	predictive	High
70	File	xxxxx.xxx/xxxxxxx/xxxx/xxxxxxxxxxx	predictive	High
71	File	xxxxx.xxx/xxxxxxx/xxxx/xxxxx	predictive	High
72	File	xxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxx	predictive	High
73	File	xxxxx.xxx?x=/xxxx/xxxxxxxxxxxx/xxxxxxx	predictive	High
74	File	xxxxx.xxx?x=/xxxx/xxxxxxxxxxxx/xxxxxxxx	predictive	High
75	File	xxxxxx.x	predictive	Medium
76	File	xxxx_xxxxx.xxx	predictive	High
77	File	xxx.x/xxxxxx.x	predictive	High
78	File	xxxxxxxxxxxxxx.xxx	predictive	High
79	File	xxxxxxxxx/xxxxxxx/xxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxxxxxxxx.xxx	predictive	High
80	File	xxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxx	predictive	High
81	File	xxxxxxx/xxx_xxx.x	predictive	High
82	File	xxxxx.xxx	predictive	Medium
83	File	xxxxx.xxx	predictive	Medium
84	File	xxxxxxxxxx.xxx	predictive	High
85	File	xxx-xxxxxxxx/xxxx.xxx	predictive	High
86	File	xxxxxxxx_xxxx.xxx	predictive	High
87	File	xxxxxxxx.xx	predictive	Medium
88	File	xxxxxxx/xxxxx/xx_xxxxxx.x	predictive	High
89	File	xxx_xxxxx.x	predictive	Medium
90	File	xxx/xxxx/xxxxxx.x	predictive	High
91	File	xxxx.xxxxxx.xx	predictive	High
92	File	xxx_xxxxxxxx.x	predictive	High
93	File	xxxxxxxxxxx.xxx	predictive	High
94	File	xxx_xxxx.x	predictive	Medium
95	File	xx_xxx.x	predictive	Medium
96	File	xxxxxxxx.xxx	predictive	Medium
97	File	xxxxxxxxxxx-xxxx.xx	predictive	High
98	File	xx/xxxx	predictive	Low
99	File	xxxxxxxx/xxxxxx-xxxxx/xxxxxxxxxxx/xxxx.xx	predictive	High
100	File	xxxxxxxxxx.xx	predictive	High
101	File	xxxxxxx.xxx	predictive	Medium
102	File	xxxxxxx/xxxxx/xxxxx-xxxxxxxxx.x	predictive	High
103	File	xxxxx/xxxxxxx.x	predictive	High
104	File	xxxxxxxxxx.xxx	predictive	High
105	File	xxxx\xxxxxxx\xxxxxxx\xxxxxxxx_xxxxxx.xxx	predictive	High
106	File	xxx.xxx	predictive	Low
107	File	xxxxxxxxxxxxxxxxxxxx	predictive	High
108	File	xxxxxxxxxx.xx	predictive	High
109	File	xxxxxx.xxx	predictive	Medium
110	File	xxxx_xxx_xx.x	predictive	High
111	File	xxxxxxx/xxxxxxx/xxxxxxxx.xxxx	predictive	High
112	File	xxxxxxx.x	predictive	Medium
113	File	xxxxxx.xx	predictive	Medium
114	File	xxxxxx.xxx	predictive	Medium
115	File	xxxxxxx.x	predictive	Medium
116	File	xxxx/xxxxxx.xxx	predictive	High
117	File	xxxxxxx.xxx	predictive	Medium
118	File	xxxxxxxxxx.x	predictive	Medium
119	File	xxx_xxxx.x	predictive	Medium
120	File	xxxxxx.x	predictive	Medium
121	File	xxxxxxxxx.xxx	predictive	High
122	File	xx/xxx.x	predictive	Medium
123	File	xxxxxx.xxx	predictive	Medium
124	File	xxxx/xxxxxxxx/xxxxxxxx.xxxx	predictive	High
125	File	xxxxxxxx/	predictive	Medium
126	File	xxxxxxxxxx.xxxx	predictive	High
127	File	xxxxxx-xxxxx.xxx	predictive	High
128	File	xxx.xxxx	predictive	Medium
129	File	xxxxxxx/xxxx/xxx/xxxx.xxx	predictive	High
130	File	xxxxxxx.xxx.xxx	predictive	High
131	File	xxxxxxxxx.x	predictive	Medium
132	File	xxxxx/xxxxxxxx	predictive	High
133	File	xxxxxxxx.x	predictive	Medium
134	File	\xxxxxxxx.xxx	predictive	High
135	File	~/xxxxx-xxxxx.xxx	predictive	High
136	File	~/xxxxxx-xxxx.xxx	predictive	High
137	File	~/xxxxx-xxxxxxxx.xxx	predictive	High
138	File	~/xxxxxx-xxxxx.xxx	predictive	High
139	File	~/xxx/xxxxxxxxx/xxxx/xxxx/xxxxxx.xxx	predictive	High
140	File	~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxx	predictive	High
141	File	~/xxxxxxxxxxxxx-xxxxxxxxxxxxxx.xxx	predictive	High
142	File	~/xxx/xxxxxxxxx/xxxxxxxxxxxx.xxx	predictive	High
143	File	~/xxxxxxx-xxxxxxx-xxxxxx.xxx	predictive	High
144	File	~/xxxx-xxxxxxxxxx-xxxxx.xxx	predictive	High
145	File	~/xxxx/xxxxxxxxxx.xxx	predictive	High
146	File	~/xxxxx/xxxxxxxxxxxxx.xxxx.xxx	predictive	High
147	Library	xxxxx.xxx	predictive	Medium
148	Library	xxxxxx.xxx	predictive	Medium
149	Library	xx_xxx.xxx	predictive	Medium
150	Library	xxx/xxxxxxx/xxxxxxxxx.xxx	predictive	High
151	Library	xxx/xxxxxx/xxxxx_xxxx.xx	predictive	High
152	Library	xxx/xxx/xxxxx.xx	predictive	High
153	Library	xxxxxxxxxxx.x	predictive	High
154	Library	xxxxxx.xxx	predictive	Medium
155	Library	xxxxxxxx.xxx	predictive	Medium
156	Argument	$xxxxxxx['xxx_xxxx']	predictive	High
157	Argument	$_xxxxxx["xxx_xxxx"]	predictive	High
158	Argument	xxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:	predictive	High
159	Argument	xxxx	predictive	Low
160	Argument	xxxxxx	predictive	Low
161	Argument	xxxxxxxxxxxxx	predictive	High
162	Argument	xxxxxx	predictive	Low
163	Argument	xxxxxxxx_xxxx	predictive	High
164	Argument	xxx	predictive	Low
165	Argument	xxxxxx	predictive	Low
166	Argument	xxxxxxx	predictive	Low
167	Argument	xxxxxxxxx xxxx	predictive	High
168	Argument	xxxxxxx-xxxxxx	predictive	High
169	Argument	xx xxxx	predictive	Low
170	Argument	xxxxxxxxxxxx	predictive	Medium
171	Argument	xxxxxxxxxx	predictive	Medium
172	Argument	xxxxx	predictive	Low
173	Argument	xxxxxxxxx	predictive	Medium
174	Argument	xxxxxxxxxxxxxxx	predictive	High
175	Argument	xxxxx	predictive	Low
176	Argument	xx_xxxxx_xx	predictive	Medium
177	Argument	xxxxx	predictive	Low
178	Argument	xxxxxxx	predictive	Low
179	Argument	xxxxx_xxxx_xxxx	predictive	High
180	Argument	xxxxx	predictive	Low
181	Argument	xxxxx xxxx/xxxx xxxx	predictive	High
182	Argument	xxxxxxxxxxxxxxxxxxx	predictive	High
183	Argument	xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxx/xxxxxxx/xxxxxxxxxxx/xxxxxxxxxxx	predictive	High
184	Argument	xx	predictive	Low
185	Argument	xx/xxxxxxxxxxx	predictive	High
186	Argument	xxxxxx_xxx_xxxx	predictive	High
187	Argument	xxx	predictive	Low
188	Argument	xxx	predictive	Low
189	Argument	xxxx	predictive	Low
190	Argument	xxxxxxx	predictive	Low
191	Argument	xx_xxxxxxx	predictive	Medium
192	Argument	xxxx_xxxxxx	predictive	Medium
193	Argument	xxxx_xxxx	predictive	Medium
194	Argument	xxxx	predictive	Low
195	Argument	xxxxxxx	predictive	Low
196	Argument	xxxxxxx	predictive	Low
197	Argument	xxxx	predictive	Low
198	Argument	xxxxxx	predictive	Low
199	Argument	xxxx_xx	predictive	Low
200	Argument	xxx_xx_xxxx/xxx_xx_xxxxxxxx	predictive	High
201	Argument	xxx	predictive	Low
202	Argument	xxxxxxx	predictive	Low
203	Argument	xxxxxx	predictive	Low
204	Argument	xxxxxx_xxxx	predictive	Medium
205	Argument	xxxxxxxx_xxxx	predictive	High
206	Argument	xxxxxxxxxx	predictive	Medium
207	Argument	xxxxxxxxxxxx	predictive	Medium
208	Argument	xxxx	predictive	Low
209	Argument	xxxxxx	predictive	Low
210	Argument	xxxxxxxxx	predictive	Medium
211	Argument	xxxxxxxxx	predictive	Medium
212	Argument	xxxxxx_xxxx_xxx	predictive	High
213	Argument	xxx	predictive	Low
214	Argument	xxx	predictive	Low
215	Argument	xxxxx	predictive	Low
216	Argument	xxxxxxxx-xxxxxxxx	predictive	High
217	Argument	xxxx	predictive	Low
218	Argument	xxx-xxx	predictive	Low
219	Argument	xxx	predictive	Low
220	Argument	xxxx	predictive	Low
221	Argument	xxxxxx	predictive	Low
222	Argument	xxxxxxxx	predictive	Medium
223	Argument	xxxxxxxxxxx	predictive	Medium
224	Argument	xxxx_xxxxxxxxx	predictive	High
225	Argument	xxxx	predictive	Low
226	Argument	xxx	predictive	Low
227	Argument	xxxxx_xxxxxxxxxx_xxxxx	predictive	High
228	Argument	_xxxxxxxx	predictive	Medium
229	Input Value	%xx%xx	predictive	Low
230	Input Value	../	predictive	Low
231	Input Value	xxxxxx	predictive	Low
232	Input Value	\xxxxx	predictive	Low
233	Input Value	\xxx\xxx\xxx\xxx	predictive	High
234	Pattern	xxxx	predictive	Low
235	Network Port	xxx/xx (xxx)	predictive	Medium
236	Network Port	xxx/xx (xxxxxx)	predictive	High
237	Network Port	xxx/xxx (xxxx)	predictive	High
238	Network Port	xxx xxxxxx xxxx	predictive	High

References (13)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!