EwDoor Analysis

IOB - Indicator of Behavior (196)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en190
ru4
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

sc146
li12
us4
au2
ml2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows8
GitLab Community Edition6
GitLab Enterprise Edition6
GitLab4
WordPress4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Jetty URI access control5.35.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.52164CVE-2021-34429
2CKFinder File Name unrestricted upload7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.000.01055CVE-2019-15862
3Asus RT-AC2900 input validation8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.10938CVE-2018-8826
4GitLab Community Edition/Enterprise Edition Permission permission assignment5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2019-18446
5phpMyAdmin PMA_safeUnserialize deserialization9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01018CVE-2016-9865
6phpMyAdmin Username sql injection7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00950CVE-2016-9864
7Sonatype Nexus Repository Manager OSS Admin Panel access control6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.110.00000CVE-2022-31289
8Microsoft Exchange Server Remote Code Execution9.88.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.040.37706CVE-2021-28481
9Apple Safari WebKit state issue5.95.8$5k-$25k$5k-$25kNot DefinedOfficial Fix0.060.01537CVE-2022-46692
10Portainer API Credentials credentials management7.56.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.12492CVE-2018-19466
11Google Chrome Screen Capture heap-based overflow7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.050.01213CVE-2022-3043
12CGI Script printenv information disclosure5.35.2$0-$5k$0-$5kNot DefinedWorkaround0.050.00000
13Mumble cryptographic issues5.35.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01282CVE-2012-0863
14Git Plugin Build authorization6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-36883
15MediaTek MT8797 WLAN Driver out-of-bounds2.52.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01036CVE-2022-21756
16Dovecot Quoted String out-of-bounds write8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.09801CVE-2019-11500
17October CMS password recovery5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.12492CVE-2021-32648
18Siemens SIMATIC HMI panel miniweb.exe path traversal7.57.2$5k-$25k$0-$5kHighOfficial Fix0.030.01408CVE-2011-4878
19Oracle MySQL Server Compiling buffer overflow9.89.4$100k and more$25k-$100kNot DefinedOfficial Fix0.030.02686CVE-2019-5482
20Apache HTTP Server mod_mime memory corruption8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.05242CVE-2017-7679

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
145.141.157.217ip-157-217.CN-GlobalEwDoorverifiedHigh
2XXX.XX.XX.XXxx.xx.xx.xxx.xx.xxx.xxXxxxxxverifiedHigh
3XXX.XXX.XX.XXXXxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (58)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/sysmon.phppredictiveHigh
2File/api/content/posts/commentspredictiveHigh
3File/Home/GetAttachmentpredictiveHigh
4File/modules/projects/vw_files.phppredictiveHigh
5Fileadmin/limits.phppredictiveHigh
6Filecgi-bin/ddns_enc.cgipredictiveHigh
7Filecmd.exepredictiveLow
8Filexxxxxx.xpredictiveMedium
9Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
10Filexxxx/xxxxpredictiveMedium
11Filexxxxxx/xxxxxxxxxx/xxxxxxxxxx.xxpredictiveHigh
12Filexxxxxx_xxx.xpredictiveMedium
13Filexxxxxxxxxxxxxx.xxpredictiveHigh
14Filexx/xxxxxxx/xxx.xpredictiveHigh
15Filexxx/xx/xxxx/xxxx.xxxxx.xxxpredictiveHigh
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxx.xpredictiveMedium
18Filexxxxxxxx.xxxpredictiveMedium
19Filexxxxxxxxxxxx/xxx.xpredictiveHigh
20Filexxx_xxxxxxxxx.xpredictiveHigh
21Filexxxxxxx.xxxpredictiveMedium
22Filexxx_xxxxx_xxxx.xpredictiveHigh
23Filexxxxxxx/xxxxpredictiveMedium
24Filexxxxxxx.xxxpredictiveMedium
25Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
26Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
27Filexxxxxxxxxxxxx.xxxpredictiveHigh
28Filexxxxxxxx_xxxxxxxxxxxx_xxxxxx.xxpredictiveHigh
29Filexxx_xxxxx_xxxxxxxxx.xpredictiveHigh
30Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictiveHigh
31Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxxxx/xxxxxxxxxxxx-xxxxxxxxxxpredictiveHigh
33Filexxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxxpredictiveHigh
34Filexxxx.xxxpredictiveMedium
35Filexxx xxxx xxxxxxxpredictiveHigh
36Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
37Libraryxxx-xx-xxx-xxxx-xxxx-xx-x-x.xxxpredictiveHigh
38Argument-xpredictiveLow
39ArgumentxxxxxxxxxxxxxxpredictiveHigh
40Argumentxxxxxx/xxxxxxxpredictiveHigh
41Argumentxxxxxxxx[xxxx_xxx]predictiveHigh
42Argumentxxxxxxxx xxxx/xxxxxxxx xxxxxxxx/xxxxxxxx xxxxxxx xx/xxxxxxx/xxxxpredictiveHigh
43Argumentxxxxxx xxxxxxpredictiveHigh
44Argumentxxxx_xxxxxxxpredictiveMedium
45ArgumentxxpredictiveLow
46ArgumentxxxxxxxxpredictiveMedium
47ArgumentxxxxxxxxxxpredictiveMedium
48Argumentxxxx_xxx_xxxxxxxx_xxxpredictiveHigh
49ArgumentxxxxxxxpredictiveLow
50Argumentxxxxx/xxxxxxxxpredictiveHigh
51ArgumentxxxxxpredictiveLow
52ArgumentxxxxpredictiveLow
53Argumentxx_xxx_xxxxxpredictiveMedium
54Input Value../predictiveLow
55Input Value\xpredictiveLow
56Network Portxxx/xxpredictiveLow
57Network Portxxx/xxxpredictiveLow
58Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!