East Europe Unknown Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (266)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en168
zh68
ru18
pl4
ar2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China104
US: USA88
RU: Russia48
CA: Canada6
PL: Poland4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Curious Gorge5
United States of America4
Cobalt Strike3
BadBazaar2
RedLine Stealer2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined92
Operating System12
Web Server10
Application Server Software10
Web Browser8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined82
Microsoft14
SourceCodester8
IBM6
VMware6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

PHPMailer6
Microsoft IIS6
Postfix6
Mozilla Firefox4
Linux Kernel4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Ignite Realtime Openfire Administration Console improper authentication7.87.7$0-$5k$0-$5kAttackedOfficial fixverified0.944390.08CVE-2023-32315
2Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptNot defined 0.003300.02CVE-2009-4935
3Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot definedNot defined 0.000000.30
4RoundCube sql injection8.68.5$0-$5k$0-$5kAttackedOfficial fixverified0.714970.03CVE-2021-44026
5Apple Mac OS X TCP Timestamp information disclosure5.35.1$5k-$25k$0-$5kNot definedOfficial fix 0.003460.00CVE-2003-0882
6HP Router/Switch SNMP information disclosure3.73.4$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.013440.00CVE-2012-3268
7Esoftpro Online Guestbook Pro ogp_show.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable 0.013460.03CVE-2009-2441
8Plesk Obsidian Reflected cross site scripting5.25.2$0-$5k$0-$5kNot definedNot defined 0.013780.03CVE-2020-11583
9OpenVPN Access Server Web Portal entropy5.65.5$0-$5k$0-$5kNot definedOfficial fix 0.002760.00CVE-2022-33738
10Essential Addons for Elementor Plugin password recovery8.07.9$0-$5k$0-$5kNot definedNot definedexpected0.928250.00CVE-2023-32243
11Apache Struts ExceptionDelegator input validation8.88.4$5k-$25k$0-$5kAttackedOfficial fixverified0.908770.05CVE-2012-0391
12Schneider Electric Vijeo Designer path traversal5.55.3$0-$5k$0-$5kNot definedOfficial fix 0.006010.00CVE-2021-22704
13Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot definedOfficial fixexpected0.911381.02CVE-2020-15906
14OpenX adclick.php redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable 0.004560.06CVE-2014-2230
15MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailablepossible0.018020.09CVE-2007-0354
16Hscripts PHP File Browser Script index.php path traversal5.95.9$0-$5k$0-$5kNot definedNot defined 0.009770.00CVE-2018-16549
17Matomo safemode.twig Path information disclosure4.34.3$0-$5k$0-$5kNot definedNot defined 0.000550.03CVE-2019-12215
18Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial fix 0.155470.06CVE-2014-4078
19Microsoft Windows Win32k use after free8.17.8$25k-$100k$0-$5kAttackedOfficial fixverified0.845760.02CVE-2021-40449
20Sphinx missing authentication7.47.3$0-$5k$0-$5kNot definedWorkaround 0.006740.00CVE-2019-14511

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.188.108.119free.dsEast Europe Unknown06/01/2022verifiedLow
245.154.12.167East Europe Unknown06/01/2022verifiedLow
3XX.XXX.XXX.XXXxxx Xxxxxx Xxxxxxx06/01/2022verifiedLow
4XXX.XX.XXX.XXXxxx Xxxxxx Xxxxxxx06/01/2022verifiedLow
5XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxx.xxxXxxx Xxxxxx Xxxxxxx05/11/2022verifiedVery Low
6XXX.XXX.XX.XXXXxxx Xxxxxx Xxxxxxx06/01/2022verifiedLow

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-XCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx XxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-XXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
18TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (123)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/admin/user/listpredictiveHigh
2File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
3File/classes/Master.phppredictiveHigh
4File/classes/Master.php?f=delete_servicepredictiveHigh
5File/etc/postfix/sender_loginpredictiveHigh
6File/file/upload/1predictiveHigh
7File/filemanager/ajax_calls.phppredictiveHigh
8File/index.phppredictiveMedium
9File/Items/*/RemoteImages/DownloadpredictiveHigh
10File/members/view_member.phppredictiveHigh
11File/mhds/clinic/view_details.phppredictiveHigh
12File/owa/auth/logon.aspxpredictiveHigh
13File/rest/api/latest/projectvalidate/keypredictiveHigh
14File/restapi/v1/certificates/FFM-SSLInspectpredictiveHigh
15File/secure/QueryComponent!Default.jspapredictiveHigh
16File/xxxxxxx/xxxxxxxxx/%xxxxx%/xxxxxpredictiveHigh
17File/xxxxxxx/predictiveMedium
18File/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx/xxx/predictiveHigh
19File/xxxxxxx/xxx/xxxxxxx_xxx.xxxpredictiveHigh
20Filexxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
21Filexxxxxxx.xxxpredictiveMedium
22Filexxxxxxxxx.xxxpredictiveHigh
23Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
24Filexxxxx/?xxxx=xxxx/xxxxxx_xxxxpredictiveHigh
25Filexxxx_xxxxx.xxxpredictiveHigh
26Filexxxxxxx.xxxpredictiveMedium
27Filexxxxxxx.xxxxpredictiveMedium
28Filexxxxxx.xxxpredictiveMedium
29Filexxx/xxx.xxxpredictiveMedium
30Filexxx-xxx/xxxxx_xxx_xxxpredictiveHigh
31Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxxpredictiveHigh
32Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
33Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictiveHigh
34Filexxxxxxx.xxxpredictiveMedium
35Filexxxxx.xxxpredictiveMedium
36Filexxx/xxxx/xxxx.xpredictiveHigh
37Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
38Filexxxx/xxxx.xxpredictiveMedium
39Filexxxxxxxxx.xxx.xxxpredictiveHigh
40Filexx_xxx_xx.xpredictiveMedium
41Filexxxxx.xxxxpredictiveMedium
42Filexxx/xxxxxx.xxxpredictiveHigh
43Filexxxxx.xxxpredictiveMedium
44Filexxxxxxxx/xx/xxxx.xxpredictiveHigh
45Filexxxxxxxx.xxxpredictiveMedium
46Filexxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxxpredictiveHigh
47Filexxxxxxx.xxxpredictiveMedium
48Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictiveHigh
49Filexxx/xxxxxpredictiveMedium
50Filexxxxx.xpredictiveLow
51Filexxx_xxxx.xxxpredictiveMedium
52Filexxxxxxxx.xxxpredictiveMedium
53Filexxxxxx.xpredictiveMedium
54Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
55Filexxxxxxxxx.xxxpredictiveHigh
56Filexxxxxxxx.xxxpredictiveMedium
57Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
58Filexxxx.xxxpredictiveMedium
59Filexxxxxxxxxx.xxxpredictiveHigh
60Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
61Filexxxx-xxx/xxxxxxxx.xxx?xxxx=xxx_xxxxx.xxxpredictiveHigh
62Filexxxxxx.xxxpredictiveMedium
63Filexxxxxxxxxxxxx.xxxxpredictiveHigh
64Filexxx_xxxxx.xxxpredictiveHigh
65Filexxxx.xxxpredictiveMedium
66Filexxxx-xxxxx.xxxpredictiveHigh
67Filexxx.xpredictiveLow
68Filexxxxxx-xxxxxx.xxpredictiveHigh
69Filexxxxxxxx/predictiveMedium
70Filexxxxxx.xxxpredictiveMedium
71Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
72Libraryxxx.xxxpredictiveLow
73Libraryxxx/xxxxxx.xpredictiveMedium
74ArgumentxxxxxxxxpredictiveMedium
75Argumentxxx_xxpredictiveLow
76Argumentxxx_xxxxpredictiveMedium
77ArgumentxxxxxxxxxpredictiveMedium
78ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
79ArgumentxxxxpredictiveLow
80ArgumentxxxxxxxpredictiveLow
81ArgumentxxxxxxxxpredictiveMedium
82ArgumentxxxxxxpredictiveLow
83ArgumentxxxxxpredictiveLow
84ArgumentxxxxpredictiveLow
85ArgumentxxxxxxxxpredictiveMedium
86Argumentxx_xxpredictiveLow
87ArgumentxxxxpredictiveLow
88ArgumentxxpredictiveLow
89ArgumentxxxxxxxpredictiveLow
90ArgumentxxxxxxxxpredictiveMedium
91ArgumentxxxxpredictiveLow
92ArgumentxxxpredictiveLow
93Argumentxxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxxpredictiveHigh
94ArgumentxxxxpredictiveLow
95ArgumentxxxxxxxpredictiveLow
96ArgumentxxxxpredictiveLow
97ArgumentxxxxxxxxpredictiveMedium
98ArgumentxxxxxxxxpredictiveMedium
99ArgumentxxxxpredictiveLow
100ArgumentxxxxxxxxxxxxxpredictiveHigh
101Argumentxxx xxxpredictiveLow
102ArgumentxxxxxxxpredictiveLow
103ArgumentxxpredictiveLow
104ArgumentxxxxxxpredictiveLow
105ArgumentxxxxxxxxxxxpredictiveMedium
106Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
107Argumentxxxx_xxxxxpredictiveMedium
108ArgumentxxxpredictiveLow
109ArgumentxxxxxxxxxxxxpredictiveMedium
110ArgumentxxxpredictiveLow
111Argumentxxxxxx[]predictiveMedium
112ArgumentxxxpredictiveLow
113ArgumentxxxpredictiveLow
114ArgumentxxxxpredictiveLow
115ArgumentxxxxxxxxpredictiveMedium
116ArgumentxxxxxpredictiveLow
117ArgumentxxxxxxxxxxxpredictiveMedium
118Argumentx-xxxxxxxxx-xxxxxxpredictiveHigh
119Input Value../predictiveLow
120Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
121Input Value\xxx\xxxpredictiveMedium
122Network PortxxxxxpredictiveLow
123Network Portxxx/xxx (xxxx)predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!