Elephant Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (468)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en444
ru10
fr6
pt2
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA70
TR: Turkey56
GB: Great Britain18
RU: Russia10
CN: China10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Elephant3
Raccoon2
RedLine Stealer2
Cobalt Strike2
Pawn Storm1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined170
Chip Software26
Content Management System24
Database Software20
Operating System20

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined116
Oracle106
Qualcomm24
Tracker Software16
Cisco14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Qualcomm Snapdragon Mobile20
Qualcomm Snapdragon Auto18
Qualcomm Snapdragon Compute16
Tracker Software PDF-XChange Editor16
Qualcomm Snapdragon Consumer IOT16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd resource injection5.95.8$0-$5k$0-$5kNot DefinedNot Defined0.001940.04CVE-2022-41479
2TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010750.43CVE-2006-6168
3eSyndicat Directory Software suggest-listing.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.19
4CodeAstro Hospital Management System Add Laboratory Equipment Page his_admin_add_lab_equipment.php cross site scripting4.14.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000840.19CVE-2024-11676
5Redis heap-based overflow7.27.0$0-$5k$0-$5kNot DefinedOfficial Fix0.012700.06CVE-2023-41056
6Zabbix SAML authentication spoofing8.28.2$0-$5k$0-$5kHighNot Defined0.971860.04CVE-2022-23131
7janobe Online Ordering System controller.php unrestricted upload6.36.2$0-$5k$0-$5kNot DefinedNot Defined0.001560.00CVE-2022-36580
8Google Android PowerVR GPU Kernel Driver memory corruption5.45.3$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000440.00CVE-2022-20235
9WordPress Pingback server-side request forgery5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.002640.02CVE-2022-3590
10Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.00CVE-2014-4078
11Microsoft Exchange Server PowerShell ProxyNotShell deserialization7.47.1$25k-$100k$0-$5kHighOfficial Fix0.051940.03CVE-2022-41082
12nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002410.19CVE-2020-12440
13Django Admin Interface debug.py cross site scripting6.15.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.004110.09CVE-2016-6186
14YFCMF Ajax.php path traversal6.16.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.003890.10CVE-2023-3057
15code-projects Hospital Management System Edit Doctor Details Page manage-doctors.php cross site scripting2.42.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-12983
16SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001930.96CVE-2022-28959
17MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.014340.29CVE-2007-0354
18WPBakery Plugin file inclusion5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000490.02CVE-2024-5709
19Next.js Cache-Control Header denial of service5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000710.00CVE-2023-46298
20Progress Telerik UI for WinForms Hyperlink command injection8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.00CVE-2024-7679

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.84.0.116vm1904340.stark-industries.solutionsElephant02/12/2024verifiedHigh
2XX.XX.XX.XXXXxxxxxxx02/12/2024verifiedHigh
3XX.XXX.XXX.XXXXxxxxxxx02/12/2024verifiedHigh
4XX.XXX.XXX.XXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxx02/12/2024verifiedHigh
5XXX.XX.XX.XXXXxxxxxxx02/12/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-24Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-XCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
18TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (140)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/adfs/lspredictiveMedium
2File/admin/edit_user.phppredictiveHigh
3File/admin/products/controller.php?action=addpredictiveHigh
4File/admin/question/editpredictiveHigh
5File/api/predictiveLow
6File/backend/admin/his_admin_add_lab_equipment.phppredictiveHigh
7File/bifs/field_decode.cpredictiveHigh
8File/bin/proc.cgipredictiveHigh
9File/bitrix/admin/ldap_server_edit.phppredictiveHigh
10File/cgi-bin/system_mgr.cgipredictiveHigh
11File/Core/Ap4File.cpppredictiveHigh
12File/csms/?page=contact_uspredictiveHigh
13File/debug/pprofpredictiveMedium
14File/DXR.axdpredictiveMedium
15File/hospital/hms/admin/manage-doctors.phppredictiveHigh
16File/index.phppredictiveMedium
17File/xxxxx.xxx?xxxxx=xxxxxxxxx/xxxxxx/xx_xxxxxx_xxxx_xx/xxxxxx_xxxxpredictiveHigh
18File/xxxxxxxx/xxx_xxxxx.xpredictiveHigh
19File/xxxxxxxx/xxxx.xpredictiveHigh
20File/xxxxxxxx/xxxxx/xxxxxx_xxxxxxx-xxxxxxxxxx.xxxpredictiveHigh
21File/xxx_xxxxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
22File/xxxxx_xxxxxx/xxxxxx_xxxx.xxxpredictiveHigh
23File/xxxxx_xxxxxxx/xxxxx_xxxx.xpredictiveHigh
24File/xxxxxpredictiveLow
25File/xxxx.xxxpredictiveMedium
26File/xxxx_xxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
27File/xxx/xxx/xxxxxxpredictiveHigh
28File/xx-xxxxx/xxxxxxx.xxxpredictiveHigh
29File/_xxxxpredictiveLow
30Filexxxxxxxxxx/xxx/xxxxxx_xxxxxxxx/xxxxxxxxxx/xxxxxxxxx/xxxxxx/_xxxxx.xxxx.xxxpredictiveHigh
31Filexxxxx/xxxxxx/xxxxxxx.xxxpredictiveHigh
32Filexxxxx/xxxxx-xxxx.xxxpredictiveHigh
33Filexxxxxxx/xxxxxxxxxx.xxx&xx=xxxxxxx&xxxxpredictiveHigh
34Filexxxx_xxxxx.xxxpredictiveHigh
35Filexxxxxxxxxxx.xxxpredictiveHigh
36Filexxx/xxxxx/xxxxxxxxxx/xxxx.xxxpredictiveHigh
37Filexxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
38Filexxxxxxxxxx.xxxpredictiveHigh
39Filexxxxxxx.xxxpredictiveMedium
40Filexxxxxxxxxx\xxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
41Filexxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
42Filexxxxxxx/xxx/xxx/xxxxx.xpredictiveHigh
43Filexxx_xxxxxxxx.xpredictiveHigh
44Filexxxxxxxxxxx.xxxpredictiveHigh
45Filexxxxxxxx.xxxpredictiveMedium
46Filexxxxx.xxxpredictiveMedium
47Filexxx/xxxx/xxxx.xpredictiveHigh
48Filexxxxxxxxxxxxxx.xxxxpredictiveHigh
49Filexx/xxxx/xxxx.xpredictiveHigh
50Filexxxxxxx/xxxxxx.xxxpredictiveHigh
51Filexxx.xxxpredictiveLow
52Filexxxxxx_xxxxx_xxxxx.xpredictiveHigh
53Filexxx/xxxxxx.xxxpredictiveHigh
54Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictiveHigh
55Filexxxxx.xxxpredictiveMedium
56Filexx/xxxxxxx.xpredictiveMedium
57Filexxxxxxxx/xxxx_xxxxxx.xpredictiveHigh
58Filexxxxx.xxxpredictiveMedium
59Filexxxxx.xxxpredictiveMedium
60Filexxxxxxx.xxxpredictiveMedium
61Filexxx%xx.xxxpredictiveMedium
62Filexxxxxxxx.xxxpredictiveMedium
63Filexxxx.xxxpredictiveMedium
64Filexx-xxx.xxxpredictiveMedium
65Filexxxxxxx.xxxpredictiveMedium
66Filexxxxxx.xxxpredictiveMedium
67Filexxxxxxxxxx.xxpredictiveHigh
68Filexxxxxx.xxxpredictiveMedium
69Filexxxx.xxxpredictiveMedium
70Filexxx/xxxxxxx/xx.xxxpredictiveHigh
71Filexxxxxxxxxxxxxx/xxxxx.xxpredictiveHigh
72Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
73Filexxxxxx.xxxpredictiveMedium
74Filexxxxxxxxx/xxxx/xxxxxx_xxxxxxxxxx.xxxpredictiveHigh
75Filexxxx-xxxxx.xxxpredictiveHigh
76Filexxxx-xxxxxxxx.xxxpredictiveHigh
77Filexxxxx/xxx/xxx/xxxxxx.xpredictiveHigh
78Filexxxxxx.xxxpredictiveMedium
79Filexxxxxx\xxxxxx\xxxxxxxxx-xxxxxx-xxxxxxx\xxx\xxxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
80Filexxxxxxx.xxxpredictiveMedium
81Filexxxxx/xxxxx.xxpredictiveHigh
82Filexxx/xxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
83Filexxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxxpredictiveHigh
84Filexx-xxxxx.xxxpredictiveMedium
85Filexx/xx/xxxxxpredictiveMedium
86File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxx.xxxpredictiveHigh
87Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
88Libraryxxxxxxxxxxxxxx.xxxpredictiveHigh
89Libraryxxx/xxxxxxxx.xxxpredictiveHigh
90Argumentxxx_xxxxx_xx /xxxx_xxxxx_xx /xxx_xxxxx_xx /xxxxxxx_xxxxx_xxpredictiveHigh
91ArgumentxxxxxxxxpredictiveMedium
92ArgumentxxxxxxxpredictiveLow
93ArgumentxxxxxxxxpredictiveMedium
94ArgumentxxxxxxxxxxxxxxxpredictiveHigh
95ArgumentxxxpredictiveLow
96ArgumentxxxxxxxxxxxxxxpredictiveHigh
97ArgumentxxxxxxxxxxxpredictiveMedium
98Argumentxxxxxx xxxxpredictiveMedium
99Argumentxxxxxx_xxxxpredictiveMedium
100Argumentxxx_xxxx/xxx_xxxx/xxx_xxxxxx/xxx_xxxx/xxx_xxxx/xxx_xxxxxx/xxx_xxxpredictiveHigh
101ArgumentxxxxpredictiveLow
102ArgumentxxxxxxxxpredictiveMedium
103Argumentxxxx[]predictiveLow
104ArgumentxxxpredictiveLow
105ArgumentxxxxpredictiveLow
106ArgumentxxxxpredictiveLow
107ArgumentxxpredictiveLow
108ArgumentxxpredictiveLow
109ArgumentxxxxxxxxxpredictiveMedium
110ArgumentxxxxxpredictiveLow
111ArgumentxxxxpredictiveLow
112Argumentxxxx/xxxxxxxxxpredictiveHigh
113ArgumentxxxxpredictiveLow
114ArgumentxxxxxpredictiveLow
115Argumentxxxx_xxxpredictiveMedium
116ArgumentxxxxxxpredictiveLow
117ArgumentxxxxxpredictiveLow
118ArgumentxxxxxxxxpredictiveMedium
119Argumentxxxxxx_xxxxpredictiveMedium
120ArgumentxxxxxxxpredictiveLow
121Argumentxxxxxxx_xxxpredictiveMedium
122ArgumentxxxxpredictiveLow
123Argumentxxxxxx/xxxxxpredictiveMedium
124ArgumentxxxxxxpredictiveLow
125ArgumentxxxxpredictiveLow
126ArgumentxxxxxxxxpredictiveMedium
127ArgumentxxxxxpredictiveLow
128ArgumentxxxxxpredictiveLow
129ArgumentxxxxxxxxxxxpredictiveMedium
130ArgumentxxxxpredictiveLow
131Argumentxxx_xxxpredictiveLow
132ArgumentxxxxxxxxpredictiveMedium
133Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
134Argumentxxxxx[_xxxxxxxx]predictiveHigh
135ArgumentxxxxxpredictiveLow
136Argumentxxx_xxx_xxxxxxxxpredictiveHigh
137Argumentxxxx-xxxxxpredictiveMedium
138Argumentxxxxx_xxxxxxxxxx_xxxxxpredictiveHigh
139Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
140Input Value…/.predictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!