ENT11 Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (309)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en234
pl42
zh10
de10
es6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA242
RU: Russia22
CN: China22
PL: Poland10
DE: Germany4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

MuddyWater12
ENT117
Mirai7
Bashlite6
Cobalt Strike5

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined96
Content Management System24
Operating System10
Forum Software10
WordPress Plugin10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined88
Microsoft18
D-Link6
code-projects4
Apache4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows8
phpMyAdmin6
Microsoft IIS6
WordPress4
Microsoft Office4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.15CVE-2010-0966
3TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.042770.60CVE-2006-6168
4PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot definedNot defined 0.002850.06CVE-2007-0529
5Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot definedOfficial fixexpected0.869680.35CVE-2020-15906
6LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot definedUnavailable 0.000000.25
7AWStats awstats.pl Path information disclosure5.35.3$0-$5k$0-$5kNot definedNot defined 0.002440.04CVE-2018-10245
8SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot definedOfficial fix 0.010200.20CVE-2022-28959
9vBulletin redirector.php6.66.6$0-$5k$0-$5kNot definedNot defined 0.055600.06CVE-2018-6200
10SourceCodester Online Flight Booking Management System POST Parameter review_search.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000570.00CVE-2023-0283
11D-Link IP Cameras lums.cgi information disclosure4.84.6$5k-$25k$0-$5kProof-of-ConceptOfficial fixpossible0.374200.00CVE-2013-1601
12PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot definedNot defined 0.003650.08CVE-2015-4134
13Microsoft IIS uncpath cross site scripting5.25.0$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.013870.10CVE-2017-0055
14ZTE ZXHN Z500/ZXHN F670L Rule Configuration input validation4.54.4$0-$5k$0-$5kNot definedOfficial fix 0.001420.00CVE-2020-6879
15eSyndicat Directory Software suggest-listing.php cross site scripting3.53.5$0-$5k$0-$5kNot definedNot defined 0.000000.20
16Citrix NetScaler ADC/NetScaler Gateway OpenID openid-configuration ns_aaa_oauthrp_send_openid_config CitrixBleed memory corruption8.38.2$100k and more$0-$5kHighOfficial fixverified0.943780.02CVE-2023-4966
17deV!Lz deV!L z Clanportal Gamebase Addon index.php sql injection7.37.3$0-$5k$0-$5kHighUnavailablepossible0.006160.05CVE-2012-0905
18YaPIG view.php cross site scripting6.36.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.013210.06CVE-2005-4799
19Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot definedNot defined 0.000000.60
20Vunet VU Web Visitor Analyst redir.asp sql injection7.37.1$0-$5k$0-$5kHighWorkaroundpossible0.012320.06CVE-2010-2338

IOC - Indicator of Compromise (34)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
123.94.7.9unsupervised.etcharb.comENT1102/16/2024verifiedHigh
223.94.7.134landau.etcharb.comENT1102/16/2024verifiedHigh
323.94.24.7623-94-24-76-host.colocrossing.comENT1102/16/2024verifiedHigh
423.94.24.7723-94-24-77-host.colocrossing.comENT1102/16/2024verifiedHigh
523.94.24.7823-94-24-78-host.colocrossing.comENT1102/16/2024verifiedHigh
623.95.8.14923-95-8-149-host.colocrossing.comENT1102/16/2024verifiedHigh
737.187.204.27smtp1.hosterdaddy.comENT1102/16/2024verifiedHigh
8XX.XXX.XX.XXXxxxxxxxxxxx.xxx.xxxxx.xxxXxxxx02/16/2024verifiedHigh
9XX.XXX.XX.XXXxxxx.xxxxxxxxxxxx.xxXxxxx02/16/2024verifiedHigh
10XX.XX.XXX.XXxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
11XX.X.XXX.XXXxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
12XX.X.XXX.XXXxxxxxxxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
13XXX.XXX.XX.XXXxxxxxxxx.xxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
14XXX.XXX.XXX.XXxxx-xxx-xxx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
15XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
16XXX.XXX.XX.XXxxx-xxx-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
17XXX.XXX.XX.XXXxxxxxxxxxx.xxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
18XXX.XXX.XX.XXXxxxxxxx.xxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
19XXX.XXX.XXX.XXxxxxx.xxxxxxx.xxxxXxxxx02/16/2024verifiedHigh
20XXX.XXX.XXX.XXxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
21XXX.XXX.XXX.XXxxxxxxxxxxx.xxx.xxxxx.xxxXxxxx02/16/2024verifiedHigh
22XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
23XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
24XXX.XX.XX.XXxxxx02/16/2024verifiedHigh
25XXX.XX.XXX.XXXXxxxx02/16/2024verifiedHigh
26XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
27XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
28XXX.XXX.XX.XXxxxx02/16/2024verifiedHigh
29XXX.XXX.XX.XXxxx-xxx-xx-xx.xxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
30XXX.X.XXX.XXXxxxxx.xxxxxxx.xxxXxxxx02/16/2024verifiedHigh
31XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
32XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
33XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
34XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (153)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/attendance_action.phppredictiveHigh
2File/ajaxpredictiveLow
3File/campaign.phppredictiveHigh
4File/cgi-bin/cstecgi.cgipredictiveHigh
5File/cgi-bin/koha/acqui/supplier.pl?op=enterpredictiveHigh
6File/cgi-bin/system_mgr.cgipredictiveHigh
7File/dede/article_string_mix.phppredictiveHigh
8File/downloadpredictiveMedium
9File/forum/away.phppredictiveHigh
10File/include/helpers/upload.helper.phppredictiveHigh
11File/oauth/idp/.well-known/openid-configurationpredictiveHigh
12File/opt/IBM/es/lib/libffq.cryptionjni.sopredictiveHigh
13File/PROD_ar/twbkwbis.P_FirstMenupredictiveHigh
14File/register.phppredictiveHigh
15File/rom-0predictiveLow
16File/spip.phppredictiveMedium
17File/uncpath/predictiveMedium
18File/WWW//app/admin/controller/admincontroller.phppredictiveHigh
19Fileadclick.phppredictiveMedium
20Filexxx_xxxxxxx.xxxpredictiveHigh
21Filexxxxx/xxxxxxxxxx/xxxx.xxxx?xxxx=../predictiveHigh
22Filexxxxxxxxxxx.xxxpredictiveHigh
23Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
24Filexxxxxxxxxxxxxx.xxxpredictiveHigh
25Filexxxxx_xxxxxx.xxxpredictiveHigh
26Filexxxxxxx_xxxxxx_xxx.xxxpredictiveHigh
27Filexxxxxxx.xxpredictiveMedium
28Filexxxxx.xxxpredictiveMedium
29Filexxxxxxxx.xxxpredictiveMedium
30Filexxx-xxx/xxxxxxx.xxpredictiveHigh
31Filexxxxxx/xxxxxxx.xpredictiveHigh
32Filexxxxx.xxxpredictiveMedium
33Filexxx/xxxxxx-xxxxxxx.xxxpredictiveHigh
34Filexxxxxx/xxx.xpredictiveMedium
35Filexxxxxxx.xxxpredictiveMedium
36Filexxxxxxxxxx\xxxx.xxxpredictiveHigh
37Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
38Filexxx.xpredictiveLow
39Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveHigh
40Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
41Filexxxxxx.xxxpredictiveMedium
42Filexxxx.xxxpredictiveMedium
43Filexxxxxxxxx.xxxpredictiveHigh
44Filexxxxx.xxxpredictiveMedium
45Filexxx/xxxxxx.xxxpredictiveHigh
46Filexxxxxxx/xxxxxxx.xxxpredictiveHigh
47Filexxxxx.xxxxpredictiveMedium
48Filexxxxx.xxxpredictiveMedium
49Filexxx_xxxxxxxxx.xxxpredictiveHigh
50Filexxxxxxxxx.xxxpredictiveHigh
51Filexxxxx.xxxxpredictiveMedium
52Filexxxxx.xxxpredictiveMedium
53Filexxx_xxxxxx.xpredictiveMedium
54Filexxxxxxxx.xxxpredictiveMedium
55Filexxxxxxxxxx.xxxpredictiveHigh
56Filexx-xxxxx/xxxx-xxxx.xxxpredictiveHigh
57Filexx/xxxx.xxxpredictiveMedium
58Filexxx/xxx_xxx_xxxxxxx.xpredictiveHigh
59Filexxxxxxx/xxx.xxxpredictiveHigh
60Filexxx_xxxx.xxxpredictiveMedium
61Filexxxx.xxxpredictiveMedium
62Filexxxxxxx.xxxpredictiveMedium
63Filexxxx.xxxpredictiveMedium
64Filexxxxx.xxxpredictiveMedium
65Filexxxxx.xxxpredictiveMedium
66Filexxxxxxxx.xxxpredictiveMedium
67Filexxxxxxxxxx.xxxpredictiveHigh
68Filexxxxxxxx.xxxpredictiveMedium
69Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
70Filexxxxxxxxxxxx_xxxxxxxx.xxxpredictiveHigh
71Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
72Filexxxxxx_xxxxxx.xxxpredictiveHigh
73Filexxxxxxxx.xxxpredictiveMedium
74Filexxxx-xxxxxx.xpredictiveHigh
75Filexxxxxxxxxxxxxx.xxxpredictiveHigh
76Filexxxxxxxx_xxxxxxxxx.xxxpredictiveHigh
77Filexxxxxxx/xxxx/xxx_xxx.xxxpredictiveHigh
78Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
79Filexxxxxxx_xxxxxxxx.xxxpredictiveHigh
80Filexxxxxxxx.xxxxpredictiveHigh
81Filexxxx-xxxxxxxx.xxxpredictiveHigh
82Filexxxx-xxxxx.xxxpredictiveHigh
83Filexxxx-xxxxxxxx.xxxpredictiveHigh
84Filexxxx_xxxx.xpredictiveMedium
85Filexxxx/xxx-xxx.xxxpredictiveHigh
86Filexxxx.xxxpredictiveMedium
87Filexxxxxxx/xxxxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
88Libraryxxxxxxxxx/xxx-xxxxxx/xxxxxxxx.xxxpredictiveHigh
89Libraryxxx/xxx/xx/xxx/xxxxxx.xxxxxxxxxxx.xxpredictiveHigh
90ArgumentxxxxxxxxxxpredictiveMedium
91Argumentxxxxxxxxxx_xxpredictiveHigh
92ArgumentxxxxxxxxxxxpredictiveMedium
93ArgumentxxxxxxpredictiveLow
94ArgumentxxxxxxxxpredictiveMedium
95ArgumentxxxxpredictiveLow
96ArgumentxxxxxxpredictiveLow
97ArgumentxxxpredictiveLow
98ArgumentxxxxxxxxxpredictiveMedium
99ArgumentxxxxxxxxxxpredictiveMedium
100ArgumentxxxxxpredictiveLow
101ArgumentxxxpredictiveLow
102ArgumentxxxxxxxxxxxxxpredictiveHigh
103ArgumentxxxxxxpredictiveLow
104ArgumentxxxxxxxpredictiveLow
105ArgumentxxxpredictiveLow
106Argumentxxxxx[]predictiveLow
107Argumentxxxxx_xxxpredictiveMedium
108ArgumentxxxxxpredictiveLow
109ArgumentxxxxxxxxpredictiveMedium
110ArgumentxxxxxxxxpredictiveMedium
111Argumentxxxxxxxxx/xxxxxxpredictiveHigh
112Argumentxx_xxxxxxpredictiveMedium
113ArgumentxxxxxxpredictiveLow
114Argumentxxxxxxxxxxxxxx[xxxxxxxxxxxxxxxxxx]predictiveHigh
115Argumentxxxxxxx[xx_xxx_xxxx]predictiveHigh
116ArgumentxxxxpredictiveLow
117Argumentxxxx_xxxxxpredictiveMedium
118Argumentxxxxx_xxpredictiveMedium
119ArgumentxxpredictiveLow
120Argumentxxxxxxxxxxx_xxpredictiveHigh
121ArgumentxxxxpredictiveLow
122ArgumentxxxxxxpredictiveLow
123Argumentxxxx_xxxxpredictiveMedium
124ArgumentxxxxxxxxxpredictiveMedium
125ArgumentxxxxpredictiveLow
126Argumentxxxx/xxxxxx/xxxxxxxpredictiveHigh
127ArgumentxxpredictiveLow
128ArgumentxxpredictiveLow
129ArgumentxxxxpredictiveLow
130ArgumentxxxxxxxxpredictiveMedium
131ArgumentxxxxxxxxpredictiveMedium
132ArgumentxxxxpredictiveLow
133Argumentxxxx_xxxxpredictiveMedium
134Argumentxxxxx_xxxx_xxxxpredictiveHigh
135Argumentxxxx/xxxxxpredictiveMedium
136ArgumentxxxxxxpredictiveLow
137ArgumentxxxxxxpredictiveLow
138ArgumentxxxxxxxxxpredictiveMedium
139ArgumentxxxxxxpredictiveLow
140ArgumentxxxxxxxxxxxpredictiveMedium
141ArgumentxxxpredictiveLow
142ArgumentxxxxxpredictiveLow
143ArgumentxxxxxxxxxpredictiveMedium
144Argumentxx_xxxx_xxxpredictiveMedium
145ArgumentxxxpredictiveLow
146ArgumentxxxxpredictiveLow
147Argumentxxxx_xxpredictiveLow
148ArgumentxxxxxxxxxpredictiveMedium
149Input Value..predictiveLow
150Input Value|<xxxxxxx>predictiveMedium
151Patternxxxxxxx-xxxxxxxxxxx|xx| xxxx-xxxxpredictiveHigh
152Pattern|xx|xx|xx|predictiveMedium
153Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!