Esfury Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (109)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en94
de8
sv4
fr2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA44
DE: Germany6
CA: Canada2
GB: Great Britain2
RU: Russia2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Esfury2
Shiz1
XtremeRAT1
Ircbot1
Liberty Front Press1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined46
Programming Language Software8
Web Server4
Smartphone Operating System4
Hospitality Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

SourceCodester32
Not Defined18
Microsoft4
Apple4
Zoho ManageEngine2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

SourceCodester Online Exam System10
SourceCodester Lost and Found Information System4
SourceCodester Multi Language Hotel Management Sof ...2
PHP-Login2
Zoho ManageEngine ServiceDesk Plus2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.042770.74CVE-2006-6168
2Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.000910.09CVE-2011-0643
3SourceCodester Online Exam System GET Parameter updateCourse.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000530.09CVE-2023-2642
4SourceCodester Online Internship Management System POST Parameter login.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.000530.05CVE-2023-2641
5OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment memory leak6.06.0$0-$5k$0-$5kNot definedOfficial fix 0.000370.06CVE-2023-2618
6OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment null pointer dereference5.65.5$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.000400.06CVE-2023-2617
7SourceCodester Online Reviewer System GET Parameter user-update.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot defined 0.000530.06CVE-2023-2596
8SourceCodester Billing Management System POST Parameter ajax_service.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000530.03CVE-2023-2595
9SourceCodester Food Ordering Management System Registration sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.001050.17CVE-2023-2594
10SourceCodester Multi Language Hotel Management Software POST Parameter ajax.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000700.20CVE-2023-2565
11jja8 NewBingGoGo cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000700.03CVE-2023-2560
12External Media without Import Plugin external-media-without-import.php print_media_new_panel cross site scripting4.44.3$0-$5kCalculatingNot definedOfficial fix 0.000850.04CVE-2017-20183
13SourceCodester Online Tours & Travels Management System disapprove_delete.php exec sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000520.06CVE-2023-2619
14PHP-Login POST Parameter class.loginscript.php checkLogin sql injection8.18.0$0-$5k$0-$5kNot definedOfficial fix 0.000440.14CVE-2016-15031
15PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot definedNot defined 0.002850.08CVE-2007-0529
16TikiWiki tiki-index.php path traversal7.37.0$0-$5k$0-$5kNot definedOfficial fix 0.017730.06CVE-2007-5684
17AWStats Config awstats.pl cross site scripting4.34.1$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.004990.03CVE-2006-3681
18vu Mass Mailer Login Page redir.asp sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptNot defined 0.004350.03CVE-2007-6138
19LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot definedUnavailable 0.000000.14
20Suricata Rule path traversal6.96.7$0-$5k$0-$5kNot definedOfficial fix 0.004610.03CVE-2023-35852

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.79.71.205Esfury04/28/2022verifiedLow
25.79.71.225Esfury04/28/2022verifiedLow
335.229.93.4646.93.229.35.bc.googleusercontent.comEsfury04/28/2022verifiedLow
4XX.XXX.XXX.Xx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxx04/28/2022verifiedLow
5XX.XX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxx04/28/2022verifiedLow
6XX.XXX.XX.XXxxxxx.xxXxxxxx04/28/2022verifiedLow
7XX.XXX.XX.XXxxxxx.xxXxxxxx04/28/2022verifiedLow
8XX.XXX.XX.XXxxxxx.xxXxxxxx04/28/2022verifiedLow
9XXX.XX.XX.XXXXxxxxx04/28/2022verifiedLow
10XXX.XX.XX.XXXXxxxxx04/28/2022verifiedLow
11XXX.XXX.XXX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxx04/28/2022verifiedLow
12XXX.XXX.XX.XXXxxxx-x.xxxxxxxxxxxxXxxxxx04/28/2022verifiedLow
13XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxxx04/28/2022verifiedLow

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
4T1068CAPEC-122CWE-264, CWE-269Execution with Unnecessary PrivilegespredictiveHigh
5TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (111)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/budget/manage_budget.phppredictiveHigh
2File/admin/edit_subject.phppredictiveHigh
3File/admin/save_teacher.phppredictiveHigh
4File/admin/service.phppredictiveHigh
5File/building/backmgr/urlpage/mobileurl/configfile/jx2_config.inipredictiveHigh
6File/cas/logoutpredictiveMedium
7File/changeimage.phppredictiveHigh
8File/dosen/datapredictiveMedium
9File/forum/away.phppredictiveHigh
10File/jurusan/datapredictiveHigh
11File/kelas/datapredictiveMedium
12File/kelasdosen/datapredictiveHigh
13File/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05predictiveHigh
14File/mahasiswa/datapredictiveHigh
15File/xxxxx/xxxxxxx/xxxx/xxxxx.xxxpredictiveHigh
16File/xxxxxxxxx/xxxxxx.xxxpredictiveHigh
17File/xxxxxxxx/xxxxxx/xxxxxx/xxxxxx/xxxxxx/xxxxx/xxxx-xxxxxx.xxxpredictiveHigh
18File/xxxx_xxxxx.xxx?xxxxxxxxx=xxxxxxxpredictiveHigh
19File/xxxxxxxx-xxxx/xxx_xx/xxxxxx.xxxxpredictiveHigh
20File/xxxxxxx/predictiveMedium
21File/xx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveHigh
22Filexxxxx/predictiveLow
23Filexxxxx/?xxxx=xxxxxxxxxx/xxxxxx_xxxxxxxxpredictiveHigh
24Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
25Filexxxxx/xxxxx.xxxpredictiveHigh
26Filexxxxx/xxxxxxxx_xxxxx_xxxx.xxxpredictiveHigh
27Filexxxxxxxxxx/xxxxx/xxxxxxx_xxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
28Filexxxxx_xxx.xxx?xxxxxx=xxxpredictiveHigh
29Filexxxx.xxxpredictiveMedium
30Filexxxx_xxxxxxx.xxxpredictiveHigh
31Filexxxxxxx.xxpredictiveMedium
32Filex:\xxxxxxx xxxxx (xxx)\xxxxxxxx\xxx\xxxxxx.xxxpredictiveHigh
33Filexxx.xpredictiveLow
34Filexxxxxxx/xxxxxx.xxx?x=xxxx_xxxxxxxpredictiveHigh
35Filexxxxx.xxxpredictiveMedium
36Filexxxxxxxx.xxxpredictiveMedium
37Filexxxxxxxxxx_xxxxxx.xxxpredictiveHigh
38Filexxxxxxxx.xxxpredictiveMedium
39Filexxxxxxxxxxxxx.xxxpredictiveHigh
40Filexxxxxxxx-xxxxx-xxxxxxx-xxxxxx.xxxpredictiveHigh
41Filexxxxxxxxxxx.xxxpredictiveHigh
42Filexxxxxxxxxxxx.xxxpredictiveHigh
43Filexx_xxxxxxx.xxxpredictiveHigh
44Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
45Filexxxxxxxxxx.xxxxx.xxxpredictiveHigh
46Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
47Filexxxxx.xxxxpredictiveMedium
48Filexxxxx/xxxx.xxxpredictiveHigh
49Filexxxxx/xxxxxxx/xxxxx.xxxxxxxxxxx.xxxpredictiveHigh
50Filexxxxxx_xxxxxxx.xxxpredictiveHigh
51Filexxxx.xxxxxxxxxx.xxxpredictiveHigh
52Filexxxxxx.xpredictiveMedium
53Filexxxxx-xxxx.xxxpredictiveHigh
54Filexxxxxx/xxxxxxx/xxxxxxx_xxx_xxxxxx_xxxxxx.xxxpredictiveHigh
55Filexxxxx.xxxpredictiveMedium
56Filexxxxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveHigh
57Filexxxx/xxx/xxx_xxxx.xpredictiveHigh
58Filexxxxxxx_xxxxxxxxxxxxx.xxxpredictiveHigh
59Filexxxx_xxxx.xxxpredictiveHigh
60Filexxxxxxxx.xxxpredictiveMedium
61Filexxxx-xxxxx.xxxpredictiveHigh
62Filexxxx-xxxxxxxx.xxxpredictiveHigh
63Filexxxxx/xxxx_xxxx.xxxpredictiveHigh
64Filexxxx_xxxxxx.xxxpredictiveHigh
65Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx-xxxxx.xxxpredictiveHigh
66Filexxxxxxx.xxxxpredictiveMedium
67Argument$_xxxxxx['xxxxx_xxxxxx']predictiveHigh
68Argumentxxxxxxxx_xxxxpredictiveHigh
69ArgumentxxxxxxpredictiveLow
70ArgumentxxxxxxxxpredictiveMedium
71ArgumentxxxxxxxxxxpredictiveMedium
72Argumentxx_xxpredictiveLow
73Argumentxxxxxx_xxpredictiveMedium
74Argumentxxxx_xxpredictiveLow
75Argumentxxxxxxx[x][xxxx]predictiveHigh
76Argumentxxxxxxxxx_xxxxpredictiveHigh
77ArgumentxxxxxxpredictiveLow
78Argumentxxxx_xxxxxxxxpredictiveHigh
79ArgumentxxxxxpredictiveLow
80ArgumentxxxxxxxxpredictiveMedium
81ArgumentxxxxxxpredictiveLow
82Argumentxxxxxxxx/xxxxxxx/xxxxxxxpredictiveHigh
83ArgumentxxpredictiveLow
84Argumentxxx_xxxxxxxxpredictiveMedium
85ArgumentxxxxxpredictiveLow
86ArgumentxxxxxxxpredictiveLow
87ArgumentxxxxpredictiveLow
88ArgumentxxxxxxxxxxpredictiveMedium
89ArgumentxxxxpredictiveLow
90ArgumentxxxxxxpredictiveLow
91Argumentxxx_xxxxxxxxpredictiveMedium
92ArgumentxxxxpredictiveLow
93ArgumentxxxxxxxxpredictiveMedium
94ArgumentxxxxxxxpredictiveLow
95ArgumentxxxxxxxpredictiveLow
96Argumentxxxx/xxxxpredictiveMedium
97ArgumentxxxxxxpredictiveLow
98ArgumentxxxpredictiveLow
99Argumentxxx/xxxxx/xxxxx/xxxxxx/xxxx-xxxxpredictiveHigh
100ArgumentxxxxxxxxpredictiveMedium
101Argumentxxxxxxxx-xxxx-xxpredictiveHigh
102Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
103ArgumentxxxxxxxxpredictiveMedium
104Argumentxxxx_xxpredictiveLow
105Input Value-xpredictiveLow
106Input ValuexxxxxxpredictiveLow
107Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveHigh
108Input ValuexxxxxpredictiveLow
109Input ValuexxxxxxpredictiveLow
110Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh
111Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!