Equation Analysis

IOB - Indicator of Behavior (59)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en42
es18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

es30
us22
gb6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Equation5

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined20
Operating System8
Network Management Software4
Router Operating System4
Mailing List Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined16
Microsoft8
Red Hat4
HPE4
TP-LINK4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
HP Support Assistant2
Red Hat Linux2
Technicolor TC73002
Highcharts JS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Host Web Server phpinfo.php phpinfo information disclosure5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.000.00000
2Cisco Wireless LAN Controller SSH Access Control access control5.35.3$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00885CVE-2019-1805
3Atlassian Confluence Server/Data Center OGNL injection9.89.4$25k-$100k$0-$5kHighOfficial Fix0.040.94167CVE-2022-26134
4TP-LINK AC1750 Service Port 20002 hard-coded key7.27.0$0-$5k$0-$5kNot DefinedWorkaround0.000.01005CVE-2020-10884
5Red Hat JBoss Enterprise JMXInvokerHAServlet improper authentication5.34.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.45994CVE-2012-0874
6Cisco Catalyst Web Configuration Interface privileges management9.89.4$5k-$25k$0-$5kHighOfficial Fix0.020.82502CVE-2000-0945
7MacroVision Update Service ActiveX Control isusweb.dll memory corruption10.09.5$0-$5k$0-$5kHighOfficial Fix0.020.78095CVE-2007-5660
8Apache Tomcat Client Connection race condition3.13.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01246CVE-2021-43980
9Microsoft IIS code injection10.09.0$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.030.46718CVE-2008-0075
10Digium Asterisk res_format_attr_h264.c h264_format_attr_sdp_parse memory corruption7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.090.05822CVE-2013-2685
11Questions For Confluence App hard-coded credentials8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.16531CVE-2022-26138
12Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k and more$0-$5kProof-of-ConceptOfficial Fix0.040.02288CVE-2022-26923
13Highcharts JS Regular Expression SvgRenderer.js incorrect regex6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.05736CVE-2018-20801
14Microsoft Windows LUAFV Driver luafv.sys access control7.97.5$25k-$100k$5k-$25kNot DefinedOfficial Fix0.010.02185CVE-2019-0836
15PHPList Subscription sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00885CVE-2017-20032
16PHPList Edit Subscription index.php sql injection7.97.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.080.00885CVE-2017-20029
17Google Go Encoding XML Package encoding error7.37.1$5k-$25k$5k-$25kNot DefinedWorkaround0.010.00885CVE-2020-29511
18nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined1.370.00000CVE-2020-12440
19CrushFTP redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2018-18288
20Microsoft Windows .NET Framework input validation8.58.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.26405CVE-2016-0132

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Gauss

IOC - Indicator of Compromise (30)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
141.222.35.7070.35.static.rdns.co.zaEquationverifiedHigh
262.216.152.67EquationverifiedHigh
364.76.82.52c647682-52.static.impsat.com.coEquationverifiedHigh
480.77.4.3EquationverifiedHigh
581.31.34.17581-31-34-175.static.masterinter.netEquationverifiedHigh
681.31.36.174vl504.sl509s.r1-3.dc1.4d.prg.masterinter.netEquationverifiedHigh
7XX.XX.XX.XXXxx-xx-xx-xxx.xxxxxx.xxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
8XX.XX.XX.XXXxx-xx-xx-xxx.xxxxxx.xxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
9XX.XXX.XXX.XXXxxxxxxxverifiedHigh
10XX.XXX.X.XXXxxxxxxxverifiedHigh
11XX.XXX.XX.XXxxxxxxxverifiedHigh
12XX.XX.XXX.Xxx-xx-xxx-x.xxxxxxxxx.xxxXxxxxxxxverifiedHigh
13XXX.XX.XX.XXXxxxx-xxx.xxxxxxxxxxx.xxXxxxxxxxXxxxxverifiedHigh
14XXX.XX.XX.XXxxxxxxxverifiedHigh
15XXX.XXX.XXX.XXXXxxxxxxxXxxxxverifiedHigh
16XXX.XXX.XXX.XXXXxxxxxxxXxxxxverifiedHigh
17XXX.XXX.XXX.XXXXxxxxxxxXxxxxverifiedHigh
18XXX.XX.XXX.XXXxxxxxxxxx.xxxxxxxxx.xxxXxxxxxxxXxxxxverifiedHigh
19XXX.XX.XXX.Xx.xxx.xx.xxx.xxxxxx.xxxx.xxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
20XXX.XXX.XX.XXXXxxxxxxxverifiedHigh
21XXX.XX.XX.XXXxxxxxxxverifiedHigh
22XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
23XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
24XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
25XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
26XXX.XX.XX.XXXxxxxxxxverifiedHigh
27XXX.XXX.XXX.XXxxxxxx.xxxxx.xxxXxxxxxxxverifiedHigh
28XXX.XXX.XXX.XXxxxxxx.xxxxx.xxxXxxxxxxxverifiedHigh
29XXX.XX.XX.XXXXxxxxxxxverifiedHigh
30XXX.XX.XX.XXXxxxxxx.xxxxxxxx.xxXxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/data/wps.setup.jsonpredictiveHigh
2File/exec/predictiveLow
3File/lists/index.phppredictiveHigh
4File/xxxx/x_xxxxxx_xxxxxxxx_xxxxxpredictiveHigh
5File/xxxxxxxxxx.xxxpredictiveHigh
6Filexxxxxxxx.xxxpredictiveMedium
7Filexx/xxxxx/xxxxxxxxxxx.xxpredictiveHigh
8Filexxxxxxx.xxxpredictiveMedium
9Filexxxxxxx.xxxpredictiveMedium
10Filexxx/xxx_xxxxxx_xxxx_xxxx.xpredictiveHigh
11Filexxx.xxxxxpredictiveMedium
12Filexxxxx.xxxxpredictiveMedium
13Libraryxxxxxx.xxxpredictiveMedium
14Libraryxxxxxxx.xxxpredictiveMedium
15Libraryxxxxx.xxxpredictiveMedium
16Argumentxxxxxxxxx xxxxxxxpredictiveHigh
17Argumentx_xxxxxxxxpredictiveMedium
18Argumentxxx_xxxxx_xxxpredictiveHigh
19Network Portxxxxx xxx-xxxpredictiveHigh
20Network Portxxx/xxxx (xxx)predictiveHigh
21Network Portxxx/xxxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!