Eternity Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (282)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en210
ru22
ja12
de8
es6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ru98
us24
cn22
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Lilith3
RedLine Stealer3
CredStealer1
TeamTNT1
BlackByte1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined130
WordPress Plugin22
Operating System18
Content Management System14
Forum Software12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined98
Google10
Cisco8
Microsoft6
Apple6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome6
4Site CMS4
Dahua DHI-HCVR7216A-S34
Microsoft Windows4
Cisco Firepower Threat Defense4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.470.00954CVE-2010-0966
2Dahua DHI-HCVR7216A-S3 SmartPSS Auto Login Hash access control6.76.7$0-$5kCalculatingNot DefinedNot Defined0.040.00331CVE-2017-6342
3Cyr to Lat Plugin sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000.00000CVE-2022-4290
4nophp index.php os command injection7.47.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00058CVE-2023-28854
5SourceCodester Simple Task Allocation System manage_user.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00063CVE-2023-1791
6SourceCodester Young Entrepreneur E-Negosyo System login.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00076CVE-2023-1737
7Lighthouse Development Squirrelcart cart_content.php file inclusion6.55.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.03261CVE-2006-2483
8Jelsoft impex ImpExData.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.04317CVE-2006-1382
9phpBG forum.php input validation7.36.9$0-$5kCalculatingProof-of-ConceptNot Defined0.040.21735CVE-2007-4636
10Linux Foundation Xen EFLAGS Register SYSENTER input validation6.25.9$5k-$25kCalculatingNot DefinedOfficial Fix0.040.00062CVE-2013-1917
11PHPWind goto.php redirect6.36.3$0-$5kCalculatingNot DefinedNot Defined0.120.00348CVE-2015-4134
12HPE Onboard Administrator Reflected cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.040.00050CVE-2020-7132
13woo-popup Plugin class-woo-popup-admin.php cross site scripting4.44.3$0-$5kCalculatingNot DefinedOfficial Fix0.040.00077CVE-2015-10095
14D-Link DIR-600M wan.htm improper authentication7.37.3$5k-$25k$5k-$25kNot DefinedNot Defined0.040.03717CVE-2019-13101
15Unisoc S8000 urild Service out-of-bounds write4.24.2$0-$5k$0-$5kNot DefinedNot Defined0.040.00042CVE-2023-38468
16RoundCube Webmail information disclosure6.46.3$0-$5kCalculatingNot DefinedOfficial Fix0.070.00453CVE-2015-5383
17Dahua DHI-HCVR7216A-S3 MD5 access control5.95.9$0-$5kCalculatingNot DefinedNot Defined0.000.31255CVE-2017-6343
18Supermicro CMS Image File images.php denial of service3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00046CVE-2021-25856
19CKeditor4 Instance Destroying cross site scripting5.05.0$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00056CVE-2023-28439
20Undertow MultipartConfig Handling denial of service5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00000CVE-2023-3223

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • LilithBot

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.9.148.203EternityLilithBot10/09/2022verifiedHigh
2XX.XX.XXX.XXXxxxxxxxXxxxxxxxx10/09/2022verifiedHigh
3XX.XXX.XX.XXXXxxxxxxxXxxxxxxxx10/09/2022verifiedHigh
4XXX.X.XX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxxxxXxxxxxxxx10/09/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22, CWE-425Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5T1068CWE-264, CWE-269, CWE-284J2EE Misconfiguration: Weak Access Permissions for EJB MethodspredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
14TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
19TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
20TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
21TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (166)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin.php/admin/art/data.htmlpredictiveHigh
2File/ajax.php?action=read_msgpredictiveHigh
3File/debug/pprofpredictiveMedium
4File/envpredictiveLow
5File/forum/away.phppredictiveHigh
6File/goform/SetNetControlListpredictiveHigh
7File/librarian/bookdetails.phppredictiveHigh
8File/ptipupgrade.cgipredictiveHigh
9File/secure/admin/InsightDefaultCustomFieldConfig.jspapredictiveHigh
10File/src/chatbotapp/chatWindow.javapredictiveHigh
11File/staff/bookdetails.phppredictiveHigh
12Fileabout.phppredictiveMedium
13Fileadmin.color.phppredictiveHigh
14Fileadmin/addons/archive/archive.phppredictiveHigh
15Fileadmin/categories_industry.phppredictiveHigh
16Fileadmin/class-woo-popup-admin.phppredictiveHigh
17Fileadmin/content/postcategorypredictiveHigh
18Fileadmincp/auth/secure.phppredictiveHigh
19FileAdminstrator/Users/Edit/predictiveHigh
20Filexxxxxxxxx.xxxpredictiveHigh
21Filexxxxx.xxxpredictiveMedium
22Filexxx_xx_xxx_xxx.xxxpredictiveHigh
23Filexxxxxxx/xxxx.xxxpredictiveHigh
24Filexxxxxxxx.xxxpredictiveMedium
25Filexxxxxxxx.xxxxxxx.xxxpredictiveHigh
26Filexxxx_xxxxxxxx.xxxpredictiveHigh
27Filexxx.xpredictiveLow
28Filexxxxx.xxxpredictiveMedium
29Filexxxx_xxxxxxx.xxxpredictiveHigh
30Filexxxxxxxx.xxxpredictiveMedium
31FilexxxpredictiveLow
32Filexxx/xxxxxxxx/xxxx/xxxxxxxx.xxpredictiveHigh
33Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
34Filexxxxxxxxx/xx_xxxxx.xxxxx.xxxpredictiveHigh
35Filexxxxxx.xxxpredictiveMedium
36Filexxxxxxx/xxx/xxx-xx.xpredictiveHigh
37Filexxx_xxxx.xpredictiveMedium
38Filexxx/xxxxx.xxxxxpredictiveHigh
39Filexxxx/xxxxxxxx/xxx&xx=xxxxxxxpredictiveHigh
40Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
41Filexxxx.xxxpredictiveMedium
42Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
43Filexxxxxx.xxxpredictiveMedium
44Filexxxxxxxxx.xxxpredictiveHigh
45Filexxx/xxxxxx.xxxpredictiveHigh
46Filexxxxxxx/xxxxx.xxx.xxxpredictiveHigh
47Filexxxxxxx/xxxxxx.xxxpredictiveHigh
48Filexxxxxxxx/xxxx.xxxpredictiveHigh
49Filexxxxxxxx/xxx/xxx_xx_xxxxxxx.xxxpredictiveHigh
50Filexxxxx.xxxxpredictiveMedium
51Filexxxxx.xxxpredictiveMedium
52Filexxxxxx/xxxxxx/xxxxx.xxxpredictiveHigh
53Filexx_xxxxx.xpredictiveMedium
54Filexxxxx_xxxxx.xpredictiveHigh
55Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
56Filexxxxxxxx.xxx.xxxpredictiveHigh
57Filexxxxxxxx/xxxx_xxxxxxx/xxxx_xxxx_xxxxx.xxxpredictiveHigh
58Filexxxx.xxxpredictiveMedium
59Filexxxxx.xxxpredictiveMedium
60Filexxxxx.xxxpredictiveMedium
61Filexxxxxx_xxxx.xxxpredictiveHigh
62Filexxxxxx.xxxpredictiveMedium
63Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictiveHigh
64Filexxx/xxxxxxxxx/xx_xxx_xxxxxx.xpredictiveHigh
65Filexxxx_xxxxxx.xxxpredictiveHigh
66Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
67Filexxxxxxxxxxx-xxxx.xxpredictiveHigh
68Filexxxxxxxxx.xxx.xxxpredictiveHigh
69Filexxxxxxxxx/xxxxx.xxxxxpredictiveHigh
70Filexxxxxxxxxxxxxx.xxxpredictiveHigh
71Filexxxxx/xxxxx.xxxxxpredictiveHigh
72Filexxxxxxx.xpredictiveMedium
73Filexxxxxxxx.xxxpredictiveMedium
74Filexxxxxxxxxxxxx.xxxpredictiveHigh
75Filexx_xxxx.xxpredictiveMedium
76Filexxxxxx-xxxxxx.xxxpredictiveHigh
77Filexxxxxx_xxx_xxxxxx.xxxpredictiveHigh
78Filexxxx_xxxxxxxxx.xxxpredictiveHigh
79Filexxxxxxxxxxxx.xxxpredictiveHigh
80Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
81Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
82Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
83Filexxx.xpredictiveLow
84FilexxxxxxxxxxxxxxxxpredictiveHigh
85Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
86Filexxxxxxxxx-xx-xxxxxxxx.xxxpredictiveHigh
87Filexxxxxxxxxx.xxxpredictiveHigh
88Filexxx-xxxxxxx-xxx.xxpredictiveHigh
89Filexxxx-xxxxx.xxxpredictiveHigh
90Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
91Filexxxxxxx.xpredictiveMedium
92Filexxxxxxxxx.xxxpredictiveHigh
93Filexxx.xxxpredictiveLow
94Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
95Filexx-xxxxxxxxx.xxxpredictiveHigh
96File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictiveHigh
97Library/xxx/xxx/xxx/x.x/xxxx/xxxxxxxxxx/xxx.xxxpredictiveHigh
98Libraryxx.xxxxxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveHigh
99Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxxx.xxxpredictiveHigh
100Libraryxxxxxxx.xxxpredictiveMedium
101Libraryxxxxx.xxxpredictiveMedium
102Libraryxxxxxxxxxxxxx.xxx)predictiveHigh
103ArgumentxxxxxxpredictiveLow
104ArgumentxxxxxxxxxxxpredictiveMedium
105ArgumentxxxpredictiveLow
106Argumentxxxxxxx_xxxxpredictiveMedium
107Argumentxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
108ArgumentxxxxxxpredictiveLow
109ArgumentxxxxxxxxpredictiveMedium
110ArgumentxxxxxxpredictiveLow
111Argumentx:\xxxxxxx\xpredictiveMedium
112Argumentxxxxx_xxxxpredictiveMedium
113Argumentxxxx_xxx_xxxxpredictiveHigh
114Argumentxxx_xxpredictiveLow
115ArgumentxxxxxxxxxxpredictiveMedium
116ArgumentxxxpredictiveLow
117Argumentxxxxx_xxpredictiveMedium
118ArgumentxxxxxxxxpredictiveMedium
119ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
120Argumentxxx_xxxpredictiveLow
121Argumentxxxxx_xxxx_xxxxpredictiveHigh
122ArgumentxxxxpredictiveLow
123Argumentxxxx_xxxxxpredictiveMedium
124ArgumentxxxxxxxxpredictiveMedium
125ArgumentxxxxpredictiveLow
126ArgumentxxpredictiveLow
127ArgumentxxxxxxxxxpredictiveMedium
128Argumentxxx_xxxpredictiveLow
129ArgumentxxxxxxxpredictiveLow
130ArgumentxxxxxxpredictiveLow
131Argumentxxxxx_xxxpredictiveMedium
132ArgumentxxxxxxxxpredictiveMedium
133ArgumentxxxxpredictiveLow
134ArgumentxxxxpredictiveLow
135Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
136Argumentxxxxxxxxx_xxxx_xxxxpredictiveHigh
137ArgumentxxxxxpredictiveLow
138ArgumentxxpredictiveLow
139Argumentxxxxxx xxxxxxpredictiveHigh
140Argumentxxxx_xxpredictiveLow
141ArgumentxxxxpredictiveLow
142ArgumentxxxxxxxxxpredictiveMedium
143Argumentxxxxx_xxxx_xxxxpredictiveHigh
144Argumentxxxxx_xxxxxxx_xxxxpredictiveHigh
145ArgumentxxxpredictiveLow
146ArgumentxxxxxxxxxpredictiveMedium
147ArgumentxxxxxxxpredictiveLow
148Argumentxxx_xxxxpredictiveMedium
149Argumentx_xxxxpredictiveLow
150ArgumentxxxxxxxpredictiveLow
151Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
152Argumentxxxxxx/xxxxxpredictiveMedium
153ArgumentxxxpredictiveLow
154ArgumentxxxxxpredictiveLow
155Argumentxxx_xxxxxxxxxxxxpredictiveHigh
156ArgumentxxxxxxxxxxpredictiveMedium
157Argumentxx_xxpredictiveLow
158ArgumentxxxxxxxxxxxpredictiveMedium
159ArgumentxxpredictiveLow
160ArgumentxxxpredictiveLow
161ArgumentxxxxxxpredictiveLow
162Argumentx_xxxxxxxxpredictiveMedium
163Argumentx-xxxxxxxxx-xxxxpredictiveHigh
164Argument\xxx\predictiveLow
165Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh
166Input Value//xxx//xxxxxxx.xxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!