Esfury Analysis

IOB - Indicator of Behavior (31)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en22
de10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us14
de8
ca4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Chthonic2
Expiro1
Liberty Front Press1
Esfury1
Razy1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined16
Smartphone Operating System4
Content Management System2
WordPress Plugin2
Document Reader Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined14
Apple4
Muhammad A. Muquit2
Vastal2
Google2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress2
InLinks Plugin2
FreePBX2
Poppler2
Apple Mac OS X2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1centreon Contact Groups Form formContactGroup.php sql injection6.35.8$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00954CVE-2022-3827
2Kaoni ezHTTPTrans ActiveX Control Ezhttptrans.ocx code download7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.020.01978CVE-2020-7813
3Apple Mac OS X Stack Guard stack_chk_guard memory corruption5.35.0$5k-$25k$0-$5kProof-of-ConceptNot Defined0.050.00000
4Apple iOS/iPadOS IOMobileFrameBuffer memory corruption7.87.5$25k-$100k$0-$5kHighOfficial Fix0.040.02132CVE-2021-30807
5Appnitro Machform download.php path traversal5.95.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.00954CVE-2018-6409
6Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.420.25090CVE-2017-0055
7Avaya one-X Communicator Client Authentication cryptographic issues5.45.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00890CVE-2019-7006
8PHP ASCII Control Character mail privileges management5.34.8$5k-$25kCalculatingProof-of-ConceptOfficial Fix0.010.03779CVE-2002-0986
9Pulse Secure Desktop Client GUI certificate validation6.96.6$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2018-6374
10WordPress wpdb->prepare sql injection8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01183CVE-2017-16510
11Apache HTTP Server mod_pagespeed input validation5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.01055CVE-2012-4001
12SAP ERP Central Component RFC/SOAP-RFC Call CJDB_FILL_MEMORY_FROM_PPB code injection7.67.3$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.05302CVE-2013-3244
13Google Android DTS Sound Driver access control7.47.4$25k-$100k$25k-$100kNot DefinedNot Defined0.000.01603CVE-2017-0578
14Poppler pdfunite out-of-bounds6.46.1$0-$5kCalculatingNot DefinedOfficial Fix0.000.01537CVE-2018-13988
15FreePBX Configuration Interface page.recordings.php path traversal6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.20307CVE-2010-3490
16Trixbox index.php os command injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000.08927CVE-2017-14535
17WordPress class-wp-posts-list-table.php access control5.44.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.030.01055CVE-2012-6635
18WordPress press-this.php Security Bypass access control4.33.8$5k-$25k$0-$5kUnprovenOfficial Fix0.030.01055CVE-2011-5270
19Kishore Asokan Kish Guest Posting plugin File Upload memory corruption7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.020.05033CVE-2012-5318
20InLinks Plugin options-general.php sql injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.060.00885CVE-2017-16955

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.79.71.205EsfuryverifiedHigh
25.79.71.225EsfuryverifiedHigh
335.229.93.4646.93.229.35.bc.googleusercontent.comEsfuryverifiedMedium
4XX.XXX.XXX.Xx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxverifiedMedium
5XX.XX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxverifiedHigh
6XX.XXX.XX.XXxxxxx.xxXxxxxxverifiedHigh
7XX.XXX.XX.XXxxxxx.xxXxxxxxverifiedHigh
8XX.XXX.XX.XXxxxxx.xxXxxxxxverifiedHigh
9XXX.XX.XX.XXXXxxxxxverifiedHigh
10XXX.XX.XX.XXXXxxxxxverifiedHigh
11XXX.XXX.XXX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxverifiedHigh
12XXX.XXX.XX.XXXxxxx-x.xxxxxxxxxxxxXxxxxxverifiedHigh
13XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3T1059.007CWE-79Cross Site ScriptingpredictiveHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (35)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/maint/modules/home/index.phppredictiveHigh
2File/uncpath/predictiveMedium
3File/wp-admin/options-general.phppredictiveHigh
4Filecgi.cpredictiveLow
5Filecount.cgipredictiveMedium
6Filexxxxxxxx.xxxpredictiveMedium
7Filexxxxxxxxxxxxx.xxxpredictiveHigh
8Filexxxxxxxxxxx.xxxpredictiveHigh
9Filexxxxxxxxxxxx.xxxpredictiveHigh
10Filexx_xxxxxxx.xxxpredictiveHigh
11Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxxxxx.xxxxx.xxxpredictiveHigh
13Filexxxxxx_xxxxxxx.xxxpredictiveHigh
14Filexxxx.xxxxxxxxxx.xxxpredictiveHigh
15Filexxxxx-xxxx.xxxpredictiveHigh
16Filexxxx/xxx/xxx_xxxx.xpredictiveHigh
17Filexxxxxxx_xxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxx_xxxx.xxxpredictiveHigh
19Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx-xxxxx.xxxpredictiveHigh
20Argument$_xxxxxx['xxxxx_xxxxxx']predictiveHigh
21ArgumentxxxxxxxxxxpredictiveMedium
22Argumentxx_xxpredictiveLow
23Argumentxxxx_xxpredictiveLow
24ArgumentxxxxxxxxpredictiveMedium
25ArgumentxxxxxxpredictiveLow
26ArgumentxxpredictiveLow
27ArgumentxxxxxxxpredictiveLow
28ArgumentxxxxpredictiveLow
29ArgumentxxxxxxxxpredictiveMedium
30Argumentxxxxxxxx-xxxx-xxpredictiveHigh
31ArgumentxxxxxxxxpredictiveMedium
32Input Value-xpredictiveLow
33Input ValuexxxxxxpredictiveLow
34Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh
35Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!