Expiro Analysis

IOB - Indicator of Behavior (249)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en198
de20
ru8
es8
fr6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows18
Microsoft IIS6
QSAN Storage Manager4
Symonics libmysofa4
Microsoft Office4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010751.52CVE-2006-6168
2Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.13CVE-2011-0643
3Python Software Foundation BaseHTTPServer HTTP Request denial of service7.56.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.04
4Maran PHP Shop prod.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.001370.07CVE-2008-4879
5OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.17CVE-2016-6210
6WordPress sql injection7.36.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001750.00CVE-2011-3130
7Apache Tomcat CORS Filter 7pk security8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.052070.04CVE-2018-8014
8DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.93CVE-2010-0966
9Apache HTTP Server suEXEC Feature .htaccess information disclosure5.35.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.05
10WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.00CVE-2017-5611
11Microsoft Office Object data processing7.06.9$5k-$25k$0-$5kHighOfficial Fix0.973390.05CVE-2017-8570
12TP-LINK TL-WR740N/TL-WR741N Firmware Local Privilege Escalation5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.05
13Drupal User Module access control8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002080.00CVE-2016-6211
14Red Hat Enterprise Linux SIGALRM syslog race condition6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000460.30CVE-2024-6409
15Rockwell Automation FactoryTalk Service Platform permission assignment8.58.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.05CVE-2024-21915
16PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003990.21CVE-2007-0529
17TikiWiki tiki-index.php path traversal7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.014141.39CVE-2007-5684
18AWStats Config awstats.pl cross site scripting4.34.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005870.08CVE-2006-3681
19vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002710.09CVE-2007-6138
20LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.79

IOC - Indicator of Compromise (34)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.79.71.205Expiro08/01/2022verifiedHigh
25.79.71.225Expiro08/01/2022verifiedHigh
318.213.250.117ec2-18-213-250-117.compute-1.amazonaws.comExpiro04/28/2022verifiedLow
418.215.128.143ec2-18-215-128-143.compute-1.amazonaws.comExpiro04/28/2022verifiedLow
535.205.61.6767.61.205.35.bc.googleusercontent.comExpiro06/03/2023verifiedMedium
635.234.136.1313.136.234.35.bc.googleusercontent.comExpiro08/01/2022verifiedMedium
746.165.220.145Expiro04/28/2022verifiedMedium
8XX.XXX.XXX.XXXXxxxxx04/28/2022verifiedMedium
9XX.XXX.XXX.XXXxxxxx08/01/2022verifiedHigh
10XX.XXX.XXX.XXXxxxxx08/01/2022verifiedHigh
11XX.XXX.XX.XXXXxxxxx06/03/2023verifiedHigh
12XX.X.XXX.XXXxxxxx06/03/2023verifiedHigh
13XX.XXX.XXX.XXXxx-xxx-xxx-xxx-xx.xxx.xxXxxxxx08/01/2022verifiedHigh
14XX.XX.XX.XXXxxxxx08/01/2022verifiedHigh
15XX.XX.XX.XXXXxxxxx08/01/2022verifiedHigh
16XX.XXX.XXX.XXXXxxxxx04/28/2022verifiedMedium
17XX.XXX.XXX.XXXxxxxx06/03/2023verifiedHigh
18XX.XXX.XXX.XXXXxxxxx04/28/2022verifiedMedium
19XXX.XXX.XXX.XXXxx-xxx-xxx.xxxxx.xxxXxxxxx06/03/2023verifiedHigh
20XXX.XXX.XXX.XXXxx-xxx-xxx.xxxxx.xxxXxxxxx06/03/2023verifiedHigh
21XXX.XX.XX.XXXxxxxx08/01/2022verifiedHigh
22XXX.XXX.XX.XXxxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxxx08/01/2022verifiedHigh
23XXX.XXX.XX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxx04/28/2022verifiedMedium
24XXX.XXX.XXX.XXXxxxxxxx.xxx.xxxx.xxxXxxxxx06/03/2023verifiedHigh
25XXX.XXX.XXX.XXXxxxxxxx.xxx.xxxx.xxxXxxxxx08/01/2022verifiedHigh
26XXX.XXX.XXX.XXXXxxxxx08/01/2022verifiedHigh
27XXX.XXX.XXX.XXXXxxxxx08/01/2022verifiedHigh
28XXX.XXX.XXX.XXXXxxxxx08/01/2022verifiedHigh
29XXX.XXX.XXX.XXXXxxxxx08/01/2022verifiedHigh
30XXX.XXX.XX.XXXxxxxx08/01/2022verifiedHigh
31XXX.XX.XXX.XXXXxxxxx06/03/2023verifiedHigh
32XXX.XXX.XXX.XXXxxxxx08/01/2022verifiedHigh
33XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxxx04/28/2022verifiedMedium
34XXX.XXX.XXX.XXXXxxxxx05/11/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (136)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/ajax-files/followBoard.phppredictiveHigh
3File/DATAREPORTSpredictiveMedium
4File/etc/gsissh/sshd_configpredictiveHigh
5File/Forms/predictiveLow
6File/forum/away.phppredictiveHigh
7File/getcfg.phppredictiveMedium
8File/maint/modules/home/index.phppredictiveHigh
9File/uncpath/predictiveMedium
10Fileaccount.asppredictiveMedium
11Fileaddentry.phppredictiveMedium
12Fileadmin/conf_users_edit.phppredictiveHigh
13Fileapi.phppredictiveLow
14Fileawstats.plpredictiveMedium
15Filecarbon/resources/add_collection_ajaxprocessor.jsppredictiveHigh
16Filexxx-xxx/xxx/xxxxxx.xxpredictiveHigh
17Filexxx.xxpredictiveLow
18Filexxxxxx.xxxpredictiveMedium
19Filexxxxx_xxxx.xxxpredictiveHigh
20Filexxxxxxxx/xxxxxxxxxx.xxxxpredictiveHigh
21Filexxxxxx/xxx.xpredictiveMedium
22Filexxx.xxx.xxxxpredictiveMedium
23Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
24Filexxxxxxx/xxx_xxxxxxx.xxxpredictiveHigh
25Filexxxxxx-xxxx.xpredictiveHigh
26Filexxxxx_xxxx.xpredictiveMedium
27Filexxxxxxxx.xxxpredictiveMedium
28Filexxx/xxxx/predictiveMedium
29Filexxxxxxxxxxxxxx.xxxpredictiveHigh
30Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
31Filexxx/xxxxxxxxxx.xpredictiveHigh
32Filexxxxx.xxxpredictiveMedium
33Filexxxx.xxxpredictiveMedium
34Filexxxx/xxxxxx.xpredictiveHigh
35Filexxxxxxxx.xxxpredictiveMedium
36Filexxx/xxxxxx.xxxpredictiveHigh
37Filexxxxx.xxxxpredictiveMedium
38Filexxxxx.xxxpredictiveMedium
39Filexxxxxx/xxxxx/xxxxx.xpredictiveHigh
40Filexxxxxxx/xxxx-xxxx.xpredictiveHigh
41Filexxxxx.xxxpredictiveMedium
42Filexxxx.xpredictiveLow
43Filexxxxxx/xxxxxx.xpredictiveHigh
44Filexxxxxxxxxx/xxxxx.xpredictiveHigh
45Filexx/predictiveLow
46Filexxx_xxxxx_xxxxxx_xxxxx.xxxpredictiveHigh
47Filexxxx.xxxxxxxxxx.xxxpredictiveHigh
48Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
49Filexxxxx-xxxx.xxxpredictiveHigh
50Filexxxx.xxxpredictiveMedium
51FilexxxxxxxpredictiveLow
52Filexxxxxx.xxxpredictiveMedium
53Filexxxxxxxxxxx_xxxxxx/xxxxxxxxxxxx/xxx_xxxxxxxxxxx.xxxpredictiveHigh
54Filexxxxx.xxxpredictiveMedium
55Filexxxxxxx.xxpredictiveMedium
56Filexxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxxpredictiveHigh
57Filexxxxxxxxx.xxxpredictiveHigh
58Filexxxxxxxxxx.xxxpredictiveHigh
59Filexxxxxxxxxxx.xxxpredictiveHigh
60Filexxxxxxxxx_xxxxxxxxx.xxxpredictiveHigh
61Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxpredictiveHigh
62Filexxxxxxx.xxxpredictiveMedium
63Filexxxx-xxxxx.xxxpredictiveHigh
64Filexxxx-xxxxxxxx.xxxpredictiveHigh
65Filexxxxxx.xxxpredictiveMedium
66Filexxxxxx-xxxxxxx-xxxx.xxxpredictiveHigh
67Filexxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxx_xxx.xxxxpredictiveHigh
68Filexxxxxxx.xxxpredictiveMedium
69Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
70Filexxxxx_xx.xxxpredictiveMedium
71Filexxxx/xx_xxxxxxx.xxxpredictiveHigh
72Filexxxxx/xxxxx.xxpredictiveHigh
73Filexxxxxx.xxxpredictiveMedium
74Filexxxxxxx/xxxxxx.xpredictiveHigh
75Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx-xxxxx.xxxpredictiveHigh
76Filexx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveHigh
77Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
78Filexxxxxx.xxxpredictiveMedium
79Library/xxx/xxx/xxxx.xxxpredictiveHigh
80Libraryxxx/xxxx/xxxxxx.xxpredictiveHigh
81Libraryxxx/xx/xxxxx/xxxxxxxxxx/xxxx.xxpredictiveHigh
82Libraryxxxxxxx/xxx/xxxxxxxxxxxx.xxxpredictiveHigh
83Libraryxxxxxxx.xxxpredictiveMedium
84Libraryxxxxxx/x/xxxxxxxxpredictiveHigh
85ArgumentxxxxxxxxpredictiveMedium
86ArgumentxxxxxpredictiveLow
87ArgumentxxxxpredictiveLow
88ArgumentxxxpredictiveLow
89ArgumentxxxxxxxpredictiveLow
90Argumentxxxxxxxxxxxxxx/xxxxxxxxxxpredictiveHigh
91ArgumentxxxxxxpredictiveLow
92Argumentxxxxxx[xxxxxxx_xxx]predictiveHigh
93ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
94ArgumentxxxxxxxxpredictiveMedium
95Argumentxxxxxxxx_xxxxx[]predictiveHigh
96ArgumentxxxxxxxxxpredictiveMedium
97Argumentxxx_xxxxxxxxpredictiveMedium
98Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxpredictiveHigh
99ArgumentxxxxxxxxxpredictiveMedium
100ArgumentxxxpredictiveLow
101ArgumentxxxxpredictiveLow
102Argumentxxx_xxxpredictiveLow
103ArgumentxxxxpredictiveLow
104Argumentxx_xxxxxxxxpredictiveMedium
105ArgumentxxxxpredictiveLow
106ArgumentxxxpredictiveLow
107ArgumentxxxxxxxxpredictiveMedium
108ArgumentxxxxxxxxpredictiveMedium
109Argumentxxxx[xxxxxxxxxxxxxxxxx]predictiveHigh
110Argumentxxxx_xxxxpredictiveMedium
111Argumentxxxxx_xxxx_xxxxpredictiveHigh
112ArgumentxxxpredictiveLow
113ArgumentxxxxxxxxpredictiveMedium
114ArgumentxxxxxpredictiveLow
115ArgumentxxxxpredictiveLow
116ArgumentxxxxxxpredictiveLow
117ArgumentxxxxxxxxxxxxxpredictiveHigh
118ArgumentxxxxpredictiveLow
119ArgumentxxxxpredictiveLow
120ArgumentxxxxxxxxpredictiveMedium
121ArgumentxxxxxxxxpredictiveMedium
122ArgumentxxxpredictiveLow
123ArgumentxxxxpredictiveLow
124Argumentxxxx->xxxxxxxpredictiveHigh
125Argumentxxxxx_xxxxxxpredictiveMedium
126ArgumentxxxxxpredictiveLow
127Input Value#/+predictiveLow
128Input Value' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxxpredictiveHigh
129Input Value../predictiveLow
130Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
131Input Value\xpredictiveLow
132Network PortxxxxpredictiveLow
133Network Portxxx/xxxxpredictiveMedium
134Network Portxxx/xxxxpredictiveMedium
135Network Portxxx/xxx (xxxx)predictiveHigh
136Network Portxxx xxxxxx xxxxpredictiveHigh

References (5)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!