East Europe Unknown Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (244)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en148
zh68
ru16
pl6
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn110
us80
ru36
ca6
gb4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Curious Gorge5
RedLine Stealer3
Cobalt Strike2
BadBazaar2
Stealth Soldier1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined90
Content Management System14
Web Server10
Firewall Software10
WordPress Plugin8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined86
Microsoft12
Fortinet6
SourceCodester6
Apache6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Traefik6
PHPMailer6
nginx4
Fortinet FortiOS4
WordPress4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Ignite Realtime Openfire Administration Console improper authentication7.87.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.97384CVE-2023-32315
2Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.150.00108CVE-2009-4935
3Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.480.00000
4Apple Mac OS X TCP Timestamp information disclosure5.35.1$5k-$25kCalculatingNot DefinedOfficial Fix0.050.00342CVE-2003-0882
5HP Router/Switch SNMP information disclosure3.73.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.00285CVE-2012-3268
6Esoftpro Online Guestbook Pro ogp_show.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.040.00209CVE-2009-2441
7Plesk Obsidian Reflected cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00151CVE-2020-11583
8OpenVPN Access Server Web Portal entropy5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00151CVE-2022-33738
9Essential Addons for Elementor Plugin password recovery8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.020.03267CVE-2023-32243
10Apache Struts ExceptionDelegator input validation8.88.4$5k-$25k$0-$5kHighOfficial Fix0.020.36440CVE-2012-0391
11Schneider Electric Vijeo Designer path traversal5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00246CVE-2021-22704
12Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix5.550.00936CVE-2020-15906
13OpenX adclick.php redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.820.00440CVE-2014-2230
14MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.520.01302CVE-2007-0354
15Hscripts PHP File Browser Script index.php path traversal5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00153CVE-2018-16549
16Matomo safemode.twig Path information disclosure4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00058CVE-2019-12215
17Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.030.00817CVE-2014-4078
18Microsoft Windows Win32k Privilege Escalation8.37.7$100k and more$0-$5kFunctionalOfficial Fix0.000.00148CVE-2021-40449
19Sphinx missing authentication7.47.3$0-$5k$0-$5kNot DefinedWorkaround0.030.01038CVE-2019-14511
20vsftpd deny_file unknown vulnerability3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00312CVE-2015-1419

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.188.108.119free.dsEast Europe Unknown06/01/2022verifiedHigh
245.154.12.167East Europe Unknown06/01/2022verifiedHigh
3XX.XXX.XXX.XXXxxx Xxxxxx Xxxxxxx06/01/2022verifiedHigh
4XXX.XX.XXX.XXXxxx Xxxxxx Xxxxxxx06/01/2022verifiedHigh
5XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxx.xxxXxxx Xxxxxx Xxxxxxx05/11/2022verifiedHigh
6XXX.XXX.XX.XXXXxxx Xxxxxx Xxxxxxx06/01/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CWE-94, CWE-1321Argument InjectionpredictiveHigh
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx XxxxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (115)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
2File/classes/Master.phppredictiveHigh
3File/classes/Master.php?f=delete_servicepredictiveHigh
4File/etc/postfix/sender_loginpredictiveHigh
5File/file/upload/1predictiveHigh
6File/filemanager/ajax_calls.phppredictiveHigh
7File/index.phppredictiveMedium
8File/Items/*/RemoteImages/DownloadpredictiveHigh
9File/members/view_member.phppredictiveHigh
10File/mhds/clinic/view_details.phppredictiveHigh
11File/owa/auth/logon.aspxpredictiveHigh
12File/rest/api/latest/projectvalidate/keypredictiveHigh
13File/restapi/v1/certificates/FFM-SSLInspectpredictiveHigh
14File/secure/QueryComponent!Default.jspapredictiveHigh
15File/xxxxxxx/xxxxxxxxx/%xxxxx%/xxxxxpredictiveHigh
16File/xxxxxxx/predictiveMedium
17File/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx/xxx/predictiveHigh
18File/xxxxxxx/xxx/xxxxxxx_xxx.xxxpredictiveHigh
19Filexxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxxxxx.xxxpredictiveMedium
21Filexxxxxxxxx.xxxpredictiveHigh
22Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
23Filexxxxx/?xxxx=xxxx/xxxxxx_xxxxpredictiveHigh
24Filexxxx_xxxxx.xxxpredictiveHigh
25Filexxxxxxx.xxxpredictiveMedium
26Filexxxxxxx.xxxxpredictiveMedium
27Filexxxxxx.xxxpredictiveMedium
28Filexxx/xxx.xxxpredictiveMedium
29Filexxx-xxx/xxxxx_xxx_xxxpredictiveHigh
30Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxxpredictiveHigh
31Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
32Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictiveHigh
33Filexxxxxxx.xxxpredictiveMedium
34Filexxxxx.xxxpredictiveMedium
35Filexxx/xxxx/xxxx.xpredictiveHigh
36Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
37Filexxxxxxxxx.xxx.xxxpredictiveHigh
38Filexx_xxx_xx.xpredictiveMedium
39Filexxxxx.xxxxpredictiveMedium
40Filexxx/xxxxxx.xxxpredictiveHigh
41Filexxxxx.xxxpredictiveMedium
42Filexxxxxxxx/xx/xxxx.xxpredictiveHigh
43Filexxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxxpredictiveHigh
44Filexxxxxxx.xxxpredictiveMedium
45Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictiveHigh
46Filexxx/xxxxxpredictiveMedium
47Filexxxxx.xpredictiveLow
48Filexxx_xxxx.xxxpredictiveMedium
49Filexxxxxxxx.xxxpredictiveMedium
50Filexxxxxx.xpredictiveMedium
51Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
52Filexxxxxxxxx.xxxpredictiveHigh
53Filexxxxxxxx.xxxpredictiveMedium
54Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
55Filexxxx.xxxpredictiveMedium
56Filexxxxxxxxxx.xxxpredictiveHigh
57Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
58Filexxxxxx.xxxpredictiveMedium
59Filexxxxxxxxxxxxx.xxxxpredictiveHigh
60Filexxx_xxxxx.xxxpredictiveHigh
61Filexxxx.xxxpredictiveMedium
62Filexxxx-xxxxx.xxxpredictiveHigh
63Filexxx.xpredictiveLow
64Filexxxxxx-xxxxxx.xxpredictiveHigh
65Filexxxxxxxx/predictiveMedium
66Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
67Libraryxxx.xxxpredictiveLow
68Libraryxxx/xxxxxx.xpredictiveMedium
69ArgumentxxxxxxxxpredictiveMedium
70Argumentxxx_xxpredictiveLow
71Argumentxxx_xxxxpredictiveMedium
72ArgumentxxxxxxxxxpredictiveMedium
73ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
74ArgumentxxxxpredictiveLow
75ArgumentxxxxxxxpredictiveLow
76ArgumentxxxxxxxxpredictiveMedium
77ArgumentxxxxxxpredictiveLow
78ArgumentxxxxxpredictiveLow
79ArgumentxxxxpredictiveLow
80ArgumentxxxxxxxxpredictiveMedium
81Argumentxx_xxpredictiveLow
82ArgumentxxxxpredictiveLow
83ArgumentxxpredictiveLow
84ArgumentxxxxxxxpredictiveLow
85ArgumentxxxxxxxxpredictiveMedium
86ArgumentxxxxpredictiveLow
87ArgumentxxxpredictiveLow
88Argumentxxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxxpredictiveHigh
89ArgumentxxxxpredictiveLow
90ArgumentxxxxxxxpredictiveLow
91ArgumentxxxxpredictiveLow
92ArgumentxxxxxxxxpredictiveMedium
93ArgumentxxxxxxxxpredictiveMedium
94ArgumentxxxxpredictiveLow
95ArgumentxxxxxxxxxxxxxpredictiveHigh
96Argumentxxx xxxpredictiveLow
97ArgumentxxxxxxxpredictiveLow
98ArgumentxxpredictiveLow
99ArgumentxxxxxxpredictiveLow
100ArgumentxxxxxxxxxxxpredictiveMedium
101Argumentxxxx_xxxxxpredictiveMedium
102ArgumentxxxpredictiveLow
103ArgumentxxxxxxxxxxxxpredictiveMedium
104ArgumentxxxpredictiveLow
105Argumentxxxxxx[]predictiveMedium
106ArgumentxxxpredictiveLow
107ArgumentxxxpredictiveLow
108ArgumentxxxxpredictiveLow
109ArgumentxxxxxxxxpredictiveMedium
110ArgumentxxxxxpredictiveLow
111Argumentx-xxxxxxxxx-xxxxxxpredictiveHigh
112Input Value../predictiveLow
113Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
114Input Value\xxx\xxxpredictiveMedium
115Network Portxxx/xxx (xxxx)predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!