East Europe Unknown Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (249)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en164
zh58
ru16
pl4
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China114
US: USA70
RU: Russia34
CA: Canada10
PT: Portugal4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Curious Gorge5
Cobalt Strike2
BadBazaar2
Sliver2
Tofsee1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined88
Operating System12
Content Management System12
Application Server Software8
File Transfer Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined90
Microsoft16
Apache8
SourceCodester6
VMware6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows8
Postfix8
Apache Tomcat6
Traefik6
Microsoft IIS4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Ignite Realtime Openfire Administration Console improper authentication7.87.7$0-$5k$0-$5kHighOfficial Fix0.973570.03CVE-2023-32315
2Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.05CVE-2009-4935
3Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.71
4Apple Mac OS X TCP Timestamp information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.002430.04CVE-2003-0882
5HP Router/Switch SNMP information disclosure3.73.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.002850.03CVE-2012-3268
6Esoftpro Online Guestbook Pro ogp_show.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.002090.07CVE-2009-2441
7Plesk Obsidian Reflected cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001510.04CVE-2020-11583
8OpenVPN Access Server Web Portal entropy5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001510.05CVE-2022-33738
9Essential Addons for Elementor Plugin password recovery8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.096730.00CVE-2023-32243
10Apache Struts ExceptionDelegator input validation8.88.4$5k-$25k$0-$5kHighOfficial Fix0.308380.04CVE-2012-0391
11Schneider Electric Vijeo Designer path traversal5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002760.00CVE-2021-22704
12Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.90CVE-2020-15906
13OpenX adclick.php redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.004400.05CVE-2014-2230
14MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013021.47CVE-2007-0354
15Hscripts PHP File Browser Script index.php path traversal5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.001510.00CVE-2018-16549
16Matomo safemode.twig Path information disclosure4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2019-12215
17Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.14CVE-2014-4078
18Microsoft Windows Win32k Privilege Escalation8.37.8$25k-$100k$0-$5kHighOfficial Fix0.000950.00CVE-2021-40449
19Sphinx missing authentication7.47.3$0-$5k$0-$5kNot DefinedWorkaround0.010380.04CVE-2019-14511
20vsftpd deny_file unknown vulnerability3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003120.05CVE-2015-1419

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.188.108.119free.dsEast Europe Unknown06/01/2022verifiedMedium
245.154.12.167East Europe Unknown06/01/2022verifiedMedium
3XX.XXX.XXX.XXXxxx Xxxxxx Xxxxxxx06/01/2022verifiedMedium
4XXX.XX.XXX.XXXxxx Xxxxxx Xxxxxxx06/01/2022verifiedMedium
5XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxx.xxxXxxx Xxxxxx Xxxxxxx05/11/2022verifiedLow
6XXX.XXX.XX.XXXXxxx Xxxxxx Xxxxxxx06/01/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94, CWE-1321Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-1CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-120CWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx XxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-59CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (116)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/admin/user/listpredictiveHigh
2File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
3File/classes/Master.phppredictiveHigh
4File/classes/Master.php?f=delete_servicepredictiveHigh
5File/etc/postfix/sender_loginpredictiveHigh
6File/file/upload/1predictiveHigh
7File/filemanager/ajax_calls.phppredictiveHigh
8File/index.phppredictiveMedium
9File/Items/*/RemoteImages/DownloadpredictiveHigh
10File/members/view_member.phppredictiveHigh
11File/mhds/clinic/view_details.phppredictiveHigh
12File/owa/auth/logon.aspxpredictiveHigh
13File/rest/api/latest/projectvalidate/keypredictiveHigh
14File/restapi/v1/certificates/FFM-SSLInspectpredictiveHigh
15File/xxxxxx/xxxxxxxxxxxxxx!xxxxxxx.xxxxpredictiveHigh
16File/xxxxxxx/xxxxxxxxx/%xxxxx%/xxxxxpredictiveHigh
17File/xxxxxxx/predictiveMedium
18File/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx/xxx/predictiveHigh
19File/xxxxxxx/xxx/xxxxxxx_xxx.xxxpredictiveHigh
20Filexxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
21Filexxxxxxx.xxxpredictiveMedium
22Filexxxxxxxxx.xxxpredictiveHigh
23Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
24Filexxxxx/?xxxx=xxxx/xxxxxx_xxxxpredictiveHigh
25Filexxxx_xxxxx.xxxpredictiveHigh
26Filexxxxxxx.xxxpredictiveMedium
27Filexxxxxxx.xxxxpredictiveMedium
28Filexxxxxx.xxxpredictiveMedium
29Filexxx/xxx.xxxpredictiveMedium
30Filexxx-xxx/xxxxx_xxx_xxxpredictiveHigh
31Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxxpredictiveHigh
32Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
33Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictiveHigh
34Filexxxxxxx.xxxpredictiveMedium
35Filexxxxx.xxxpredictiveMedium
36Filexxx/xxxx/xxxx.xpredictiveHigh
37Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
38Filexxxxxxxxx.xxx.xxxpredictiveHigh
39Filexx_xxx_xx.xpredictiveMedium
40Filexxxxx.xxxxpredictiveMedium
41Filexxx/xxxxxx.xxxpredictiveHigh
42Filexxxxx.xxxpredictiveMedium
43Filexxxxxxxx/xx/xxxx.xxpredictiveHigh
44Filexxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxxpredictiveHigh
45Filexxxxxxx.xxxpredictiveMedium
46Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictiveHigh
47Filexxx/xxxxxpredictiveMedium
48Filexxxxx.xpredictiveLow
49Filexxx_xxxx.xxxpredictiveMedium
50Filexxxxxxxx.xxxpredictiveMedium
51Filexxxxxx.xpredictiveMedium
52Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
53Filexxxxxxxxx.xxxpredictiveHigh
54Filexxxxxxxx.xxxpredictiveMedium
55Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
56Filexxxx.xxxpredictiveMedium
57Filexxxxxxxxxx.xxxpredictiveHigh
58Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
59Filexxxxxx.xxxpredictiveMedium
60Filexxxxxxxxxxxxx.xxxxpredictiveHigh
61Filexxx_xxxxx.xxxpredictiveHigh
62Filexxxx.xxxpredictiveMedium
63Filexxxx-xxxxx.xxxpredictiveHigh
64Filexxx.xpredictiveLow
65Filexxxxxx-xxxxxx.xxpredictiveHigh
66Filexxxxxxxx/predictiveMedium
67Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
68Libraryxxx.xxxpredictiveLow
69Libraryxxx/xxxxxx.xpredictiveMedium
70ArgumentxxxxxxxxpredictiveMedium
71Argumentxxx_xxpredictiveLow
72Argumentxxx_xxxxpredictiveMedium
73ArgumentxxxxxxxxxpredictiveMedium
74ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
75ArgumentxxxxpredictiveLow
76ArgumentxxxxxxxpredictiveLow
77ArgumentxxxxxxxxpredictiveMedium
78ArgumentxxxxxxpredictiveLow
79ArgumentxxxxxpredictiveLow
80ArgumentxxxxpredictiveLow
81ArgumentxxxxxxxxpredictiveMedium
82Argumentxx_xxpredictiveLow
83ArgumentxxxxpredictiveLow
84ArgumentxxpredictiveLow
85ArgumentxxxxxxxpredictiveLow
86ArgumentxxxxxxxxpredictiveMedium
87ArgumentxxxxpredictiveLow
88ArgumentxxxpredictiveLow
89Argumentxxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxxpredictiveHigh
90ArgumentxxxxpredictiveLow
91ArgumentxxxxxxxpredictiveLow
92ArgumentxxxxpredictiveLow
93ArgumentxxxxxxxxpredictiveMedium
94ArgumentxxxxxxxxpredictiveMedium
95ArgumentxxxxpredictiveLow
96ArgumentxxxxxxxxxxxxxpredictiveHigh
97Argumentxxx xxxpredictiveLow
98ArgumentxxxxxxxpredictiveLow
99ArgumentxxpredictiveLow
100ArgumentxxxxxxpredictiveLow
101ArgumentxxxxxxxxxxxpredictiveMedium
102Argumentxxxx_xxxxxpredictiveMedium
103ArgumentxxxpredictiveLow
104ArgumentxxxxxxxxxxxxpredictiveMedium
105ArgumentxxxpredictiveLow
106Argumentxxxxxx[]predictiveMedium
107ArgumentxxxpredictiveLow
108ArgumentxxxpredictiveLow
109ArgumentxxxxpredictiveLow
110ArgumentxxxxxxxxpredictiveMedium
111ArgumentxxxxxpredictiveLow
112Argumentx-xxxxxxxxx-xxxxxxpredictiveHigh
113Input Value../predictiveLow
114Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
115Input Value\xxx\xxxpredictiveMedium
116Network Portxxx/xxx (xxxx)predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!