East Europe Unknown Analysis

IOB - Indicator of Behavior (154)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en108
zh20
ru10
pt4
jp4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn56
us50
ru24
ca4
pt4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Curious Gorge5
RedLine2
Tofsee1
Moobot1
APT411

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined70
Content Management System16
Operating System10
Forum Software8
Programming Language Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined74
Microsoft6
Apache6
Apple4
Nfec.de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

PHPMailer6
Postfix6
gnuboard54
ThinkPHP4
MediaWiki4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined1.350.00000
2Apple Mac OS X TCP Timestamp information disclosure5.35.1$5k-$25kCalculatingNot DefinedOfficial Fix0.020.01055CVE-2003-0882
3HP Router/Switch SNMP information disclosure3.73.4$5k-$25kCalculatingProof-of-ConceptOfficial Fix0.000.01815CVE-2012-3268
4MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.760.02800CVE-2007-0354
5Hscripts PHP File Browser Script index.php path traversal5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2018-16549
6Matomo safemode.twig Path information disclosure4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.080.00885CVE-2019-12215
7Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.110.29797CVE-2014-4078
8Microsoft Windows Win32k Privilege Escalation8.37.7$100k and more$0-$5kFunctionalOfficial Fix0.050.09099CVE-2021-40449
9Sphinx missing authentication7.47.2$0-$5kCalculatingNot DefinedWorkaround0.010.01108CVE-2019-14511
10vsftpd deny_file unknown vulnerability3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.060.01136CVE-2015-1419
11vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.220.00885CVE-2018-6200
12Telerik Progress UI for ASP.NET AJAX Telerik.Web.UI inadequate encryption8.58.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.51031CVE-2017-11317
13Sterc Google Analytics Dashboard for MODX Internal Search widget.analytics.tpl cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.390.01108CVE-2017-20155
14WFS HeavenBurnsRed privileges management6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.030.01404CVE-2022-42046
15Ovidentia index.php sql injection6.36.1$0-$5k$0-$5kHighUnavailable0.000.01232CVE-2008-4423
16DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.380.04187CVE-2010-0966
17Linux Kernel Thread Local Storage tls.c access control4.03.5$5k-$25k$0-$5kUnprovenOfficial Fix0.050.01547CVE-2014-8133
18gnuboard5 Email Address inadequate encryption5.45.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-1252
19gnuboard5 FAQ Key ID faq.php cross site scripting4.14.1$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2022-3963
20Mozilla Firefox/Firefox ESR/Thunderbird Top-Level Await code injection6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.030.16660CVE-2022-1802

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.188.108.119free.dsEast Europe UnknownverifiedHigh
245.154.12.167East Europe UnknownverifiedHigh
3XX.XXX.XXX.XXXxxx Xxxxxx XxxxxxxverifiedHigh
4XXX.XX.XXX.XXXxxx Xxxxxx XxxxxxxverifiedHigh
5XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxx.xxxXxxx Xxxxxx XxxxxxxverifiedHigh
6XXX.XXX.XX.XXXXxxx Xxxxxx XxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxxxxxxxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (89)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
2File/etc/postfix/sender_loginpredictiveHigh
3File/filemanager/ajax_calls.phppredictiveHigh
4File/index.phppredictiveMedium
5File/Items/*/RemoteImages/DownloadpredictiveHigh
6File/members/view_member.phppredictiveHigh
7File/owa/auth/logon.aspxpredictiveHigh
8File/restapi/v1/certificates/FFM-SSLInspectpredictiveHigh
9File/SSOPOST/metaAlias/%realm%/idpv2predictiveHigh
10File/uncpath/predictiveMedium
11File/usr/local/WowzaStreamingEngine/bin/predictiveHigh
12Filexxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxx.xxxpredictiveMedium
14Filexxxxxxxxx.xxxpredictiveHigh
15Filexxxxxxx.xxxpredictiveMedium
16Filexxxxxxx.xxxxpredictiveMedium
17Filexxxxxx.xxxpredictiveMedium
18Filexxx/xxx.xxxpredictiveMedium
19Filexxx-xxx/xxxxx_xxx_xxxpredictiveHigh
20Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxxpredictiveHigh
21Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
22Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictiveHigh
23Filexxxxxxx.xxxpredictiveMedium
24Filexxxxx.xxxpredictiveMedium
25Filexxx/xxxx/xxxx.xpredictiveHigh
26Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
27Filexxxxxxxxx.xxx.xxxpredictiveHigh
28Filexx_xxx_xx.xpredictiveMedium
29Filexxxxx.xxxxpredictiveMedium
30Filexxx/xxxxxx.xxxpredictiveHigh
31Filexxxxx.xxxpredictiveMedium
32Filexxxxxxxx/xx/xxxx.xxpredictiveHigh
33Filexxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxxpredictiveHigh
34Filexxxxxxx.xxxpredictiveMedium
35Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictiveHigh
36Filexxx/xxxxxpredictiveMedium
37Filexxxxx.xpredictiveLow
38Filexxxxxx.xpredictiveMedium
39Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
40Filexxxxxxxxx.xxxpredictiveHigh
41Filexxxxxxxx.xxxpredictiveMedium
42Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
43Filexxxx.xxxpredictiveMedium
44Filexxxxxxxxxx.xxxpredictiveHigh
45Filexxxxxx.xxxpredictiveMedium
46Filexxx_xxxxx.xxxpredictiveHigh
47Filexxxx.xxxpredictiveMedium
48Filexxx.xpredictiveLow
49Filexxxxxx-xxxxxx.xxpredictiveHigh
50Filexxxxxxxx/predictiveMedium
51Libraryxxx.xxxpredictiveLow
52ArgumentxxxxxxxxpredictiveMedium
53Argumentxxx_xxpredictiveLow
54Argumentxxx_xxxxpredictiveMedium
55ArgumentxxxxpredictiveLow
56ArgumentxxxxxxxxpredictiveMedium
57ArgumentxxxxxxpredictiveLow
58ArgumentxxxxpredictiveLow
59Argumentxx_xxpredictiveLow
60ArgumentxxxxpredictiveLow
61ArgumentxxpredictiveLow
62ArgumentxxxxxxxpredictiveLow
63ArgumentxxxxxxxxpredictiveMedium
64ArgumentxxxxpredictiveLow
65ArgumentxxxpredictiveLow
66ArgumentxxxxxxxpredictiveLow
67ArgumentxxxxpredictiveLow
68ArgumentxxxxxxxxpredictiveMedium
69ArgumentxxxxxxxxpredictiveMedium
70ArgumentxxxxpredictiveLow
71ArgumentxxxxxxxxxxxxxpredictiveHigh
72Argumentxxx xxxpredictiveLow
73ArgumentxxxxxxxpredictiveLow
74ArgumentxxpredictiveLow
75ArgumentxxxxxxpredictiveLow
76ArgumentxxxxxxxxxxxpredictiveMedium
77Argumentxxxx_xxxxxpredictiveMedium
78ArgumentxxxpredictiveLow
79ArgumentxxxpredictiveLow
80Argumentxxxxxx[]predictiveMedium
81ArgumentxxxpredictiveLow
82ArgumentxxxpredictiveLow
83ArgumentxxxxpredictiveLow
84ArgumentxxxxxxxxpredictiveMedium
85Argumentx-xxxxxxxxx-xxxxxxpredictiveHigh
86Input Value../predictiveLow
87Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
88Input Value\xxx\xxxpredictiveMedium
89Network Portxxx/xxx (xxxx)predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!