Extenbro Analysisinfo

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en266
zh214
ru82
pl62
es58

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

SourceCodester Record Management System10
MailCleaner10
Dell Repository Manager4
Google Android4
WordPress4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Apryse WebViewer PDF Document cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.04CVE-2024-4327
2MailCleaner Email os command injection9.89.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.04CVE-2024-3191
3osCommerce all-products cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000650.08CVE-2024-4348
4MailCleaner Admin Interface cross site scripting5.85.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.07CVE-2024-3192
5SourceCodester Pisay Online E-Learning System controller.php unrestricted upload7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-4349
6MailCleaner Admin Endpoints os command injection8.88.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.04CVE-2024-3193
7BloomPixel Max Addons Pro for Bricks Plugin authorization6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.02CVE-2024-32951
8Elementor ImageBox Plugin cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-3074
9Dell Wyse Proprietary OS Telemetry Dashboard information disclosure4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.03CVE-2024-28963
10Dell Repository Manager API Module improper authorization8.18.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2024-28976
11Apache Parquet Parquet-MR denial of service3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001160.00CVE-2021-41561
12AnnounceKit Plugin cross site scripting2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-3023
13Repute Infosystems ARMember Plugin authorization7.87.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-32948
14Dell Repository Manager Logger Module improper authorization4.04.0$5k-$25k$0-$5kNot DefinedNot Defined0.000440.08CVE-2024-28977
15ThemeNcode Fan Page Widget by Plugin cross site scripting4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33695
16GOG Galaxy RPC Object Manager Symbolic Link GalaxyClientService.exe denial of service4.64.6$0-$5k$0-$5kNot DefinedNot Defined0.000450.05CVE-2023-50915
17Opmantek Open-AudIT Community URL cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.014130.00CVE-2021-44916
18StreamWeasels Twitch Integration Plugin information disclosure5.35.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-32716
19Jegstudio Financio Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33690
20Culqi Plugin server-side request forgery5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.05CVE-2024-32819

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.86.180.227vm-329a5356.na4u.ruExtenbro07/16/2019verifiedLow
2XXX.XXX.X.XXXxxxx.xxxxxxxx.xxxxxxxxx.xxXxxxxxxx07/16/2019verifiedLow
3XXX.XXX.XXX.XXX.Xxxxxxxx07/16/2019verifiedLow
4XXX.XXX.XX.XXXxxxx.xxxxxxx.xxxXxxxxxxx07/16/2019verifiedLow

TTP - Tactics, Techniques, Procedures (23)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5T1068CAPEC-104CWE-250, CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx XxxxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
20TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
21TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
22TXXXX.XXXCAPEC-XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
23TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (211)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/admin.php?p=/Area/index#tab=t2predictiveHigh
3File/admin/add_ikev2.phppredictiveHigh
4File/admin/category_save.phppredictiveHigh
5File/admin/index2.htmlpredictiveHigh
6File/admin/list_ipAddressPolicy.phppredictiveHigh
7File/admin/manage_model.phppredictiveHigh
8File/admin/manage_user.phppredictiveHigh
9File/admin/search-vehicle.phppredictiveHigh
10File/admin/subject.phppredictiveHigh
11File/admin/system/dict/add.json?sqlid=system.dict.savepredictiveHigh
12File/admin/twitter.phppredictiveHigh
13File/api/v1/toolbox/device/update/swappredictiveHigh
14File/building/backmgr/urlpage/mobileurl/configfile/jx2_config.inipredictiveHigh
15File/catalog/all-productspredictiveHigh
16File/cgi-bin/cstecgi.cgipredictiveHigh
17File/cgi-bin/ExportSettings.shpredictiveHigh
18File/changePasswordpredictiveHigh
19File/cloudstore/ecode/setup/ecology_dev.zippredictiveHigh
20File/com/esafenet/servlet/policy/HookService.javapredictiveHigh
21File/edit-subject.phppredictiveHigh
22File/endpoint/add-user.phppredictiveHigh
23File/etc/postfix/sender_loginpredictiveHigh
24File/etc/shadow.samplepredictiveHigh
25File/foms/routers/place-order.phppredictiveHigh
26File/forum/away.phppredictiveHigh
27File/xxxxxx/xxxxxxxxxxxxxpredictiveHigh
28File/xxxxxx/xxxxxxxxxpredictiveHigh
29File/xxxxxx/xxxxxxxxxxxxxxxpredictiveHigh
30File/xxxxxx/xxxxxxxxxxxxxpredictiveHigh
31File/xxxx/xxxxxxxpredictiveHigh
32File/xxxxxx.xxxpredictiveMedium
33File/xxxxx.xxxpredictiveMedium
34File/xxxxx.xxx/xxxxxpredictiveHigh
35File/xxxxxx_xxx/xxxxxxx/xxxxxx/xxxxx/xxxxx.xxxxpredictiveHigh
36File/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
37File/xxxxx.xxx?x=xxxxx&x=xxxxx&x=xxxxxxx_xxxxpredictiveHigh
38File/xxxxxxxxxxx.xxx/xxxxxxxxpredictiveHigh
39File/xxxxxx_xxxxxx.xxxpredictiveHigh
40File/xxxxxx_xxxxxxxx.xxxpredictiveHigh
41File/xxxxxx_xx.xxxpredictiveHigh
42File/xxxxxx_xxxx.xxxpredictiveHigh
43File/xxxxxxxxx.xxxpredictiveHigh
44File/xxx.xxxpredictiveMedium
45File/xxxxx.xxxx.xxxpredictiveHigh
46File/xxx/xxxxx/xxxxxx/xxxx_xxxxx.xxxpredictiveHigh
47File/xxxxx_xxxx_xxxxxxx.xxxpredictiveHigh
48File/xxxxxxxx.xxxpredictiveHigh
49File/xxx/xxxxxxx/xxxpredictiveHigh
50File/xxxxxx.xxxpredictiveMedium
51File/xxxx.xxxpredictiveMedium
52File/xxxxxx.xx/_xxxx/xxxxxpredictiveHigh
53File/xxx/xxxx/xxxxxxxxxxxx?xxxxxxxx=xxxxxpredictiveHigh
54File/xxxxxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
55File/xxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
56File/xxxxxxx.xxpredictiveMedium
57File/xxxx/xxxxxx_xxx.xxxpredictiveHigh
58File/xxxx_xxxx.xxxpredictiveHigh
59Filexxxxxxxxxxxxxx.xxxpredictiveHigh
60Filexxx_xxxxx_xxx_xxxx.xxxpredictiveHigh
61Filexxxx/xxxxx.xxxpredictiveHigh
62Filexxxxxx/xx/xxxxxxxxxxxx.xxpredictiveHigh
63Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
64Filexxx_xxxxxxxx.xxpredictiveHigh
65Filexxxx_xxxx_xx.xxpredictiveHigh
66Filexxxxxxx.xxpredictiveMedium
67Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
68Filexxxxxxxxxx.xxxpredictiveHigh
69Filexxxxx.xpredictiveLow
70Filexxxxxxxx.xxxpredictiveMedium
71Filexxxxxxxx_xxxxxxxxxxxx.xxxpredictiveHigh
72Filexxxxxxx/xxx/xxx/xxx_xxxxx.xpredictiveHigh
73Filexxxxx.xxxpredictiveMedium
74Filexxxxx.xxxpredictiveMedium
75Filexxx.xxxpredictiveLow
76Filexxxx_xxxxxxxx.xxxpredictiveHigh
77Filexx/xxxxxxx.xpredictiveMedium
78Filexxxxxxxxx.xxxpredictiveHigh
79Filexxxxxxxxxxxx.xxxpredictiveHigh
80Filexxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
81Filexxxx/xxxxx/xxxxxxx.xxx.xxxpredictiveHigh
82FilexxxxxpredictiveLow
83Filexxxxxxx/xxxxxxx.xxx.xxxpredictiveHigh
84Filexxxxx.xxxpredictiveMedium
85Filexxxxxxx.xxxpredictiveMedium
86Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
87Filexx.xxxpredictiveLow
88Filexx/xxxxxx/xxxxxxxxxxxpredictiveHigh
89Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
90Filexxx_xxx.xxpredictiveMedium
91Filexxxxx.xxxpredictiveMedium
92Filexxxxxxxxxxxx.xxxpredictiveHigh
93Filexxxxxx.xxxpredictiveMedium
94Filexxxxxx_xxxxxxxx.xxxpredictiveHigh
95Filexxx_xxxxxx.xpredictiveMedium
96Filexxx_xxxx.xxxpredictiveMedium
97Filexxxxxxxx.xxxpredictiveMedium
98Filexxxxx.xxxx.xxxpredictiveHigh
99Filexxxxxxxxxxxx.xxxpredictiveHigh
100Filexxx.xxpredictiveLow
101Filexxx/xxxxxx_xxxx.xxxpredictiveHigh
102Filexxxxxxx/xxx/xxxxxxx/xxxxxx/xxxx-xxxxxxxxxx/<xxxxxx>/xx.xxxpredictiveHigh
103Filexxxxxxxx.xxxpredictiveMedium
104Filexxxxxxxx.xxxpredictiveMedium
105Filexxxx-xxxxxxx.xpredictiveHigh
106Filexxxxxxxx.xxxpredictiveMedium
107Filexxxxxxxx_xx.xxxpredictiveHigh
108Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
109Filexxx.xxxxpredictiveMedium
110Filexxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
111Filexxxxxxxx/xxxxx/xxxxxxx.xxpredictiveHigh
112Filexxxx.xxxpredictiveMedium
113Filexxxxx_xxxx.xxxpredictiveHigh
114Filexxxxx_xxxx.xxxpredictiveHigh
115Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
116Filexxx/xxxx/xxxx/xxx/xxxxx/xxxxx/xxxx/xxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
117Filexxxxxx_xxxxx.xxxpredictiveHigh
118Filexxxxxxx-xxxxxxxx.xxxpredictiveHigh
119Filexxxx/xxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
120Filexxxx-xxxxx.xxxpredictiveHigh
121Filexxxx-xxxxxxxx.xxxpredictiveHigh
122Filexxx.xpredictiveLow
123Filexxxxxxxxx/xx_xxxxxxxxx.xxxpredictiveHigh
124Filexxxx_xxxxxx.xxxpredictiveHigh
125Filexxxx_xxxx.xxxpredictiveHigh
126Filexxxx_xxxx_xxxx.xxxpredictiveHigh
127Filexxxxxxxxx.xxxpredictiveHigh
128Filexx-xxxx.xxxpredictiveMedium
129Filexx-xxxxx.xxxpredictiveMedium
130Filexxxxxxxx.xpredictiveMedium
131Libraryxxx/xxxx_xxxxx.xpredictiveHigh
132Argument$_xxxx['xxxxxxxxx']predictiveHigh
133ArgumentxxxpredictiveLow
134ArgumentxxxxxxxxpredictiveMedium
135ArgumentxxxxxpredictiveLow
136Argumentxxxxxxx_xxpredictiveMedium
137ArgumentxxxpredictiveLow
138ArgumentxxxxxxxxpredictiveMedium
139ArgumentxxxpredictiveLow
140ArgumentxxxxxpredictiveLow
141ArgumentxxxxxxxxxpredictiveMedium
142ArgumentxxxxxxpredictiveLow
143ArgumentxxxxxpredictiveLow
144ArgumentxxxxxxxxxxpredictiveMedium
145Argumentxxxx_xxxxxpredictiveMedium
146ArgumentxxpredictiveLow
147ArgumentxxxxxxxxpredictiveMedium
148ArgumentxxxxxpredictiveLow
149ArgumentxxxxpredictiveLow
150ArgumentxxxxpredictiveLow
151ArgumentxxxxxpredictiveLow
152ArgumentxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
153Argumentxxxxx_xxxx_xxxxpredictiveHigh
154Argumentxxxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxpredictiveHigh
155ArgumentxxxxxxxpredictiveLow
156ArgumentxxxxxxxpredictiveLow
157ArgumentxxxxxxpredictiveLow
158ArgumentxxxxpredictiveLow
159ArgumentxxxpredictiveLow
160ArgumentxxpredictiveLow
161ArgumentxxpredictiveLow
162Argumentxxxxxx/xxxx/xxxx/xxxxxxpredictiveHigh
163Argumentxxx_xxxpredictiveLow
164ArgumentxxxxpredictiveLow
165ArgumentxxxpredictiveLow
166ArgumentxxxpredictiveLow
167ArgumentxxxxxxxxxxpredictiveMedium
168Argumentxx_xxxxxx_xxxxxxxxxxxxpredictiveHigh
169Argumentxx_xxxxxpredictiveMedium
170ArgumentxxxxpredictiveLow
171Argumentxxxx/xxxxxx/xxxxxxxpredictiveHigh
172ArgumentxxxxxxxxxxxpredictiveMedium
173ArgumentxxxxxxpredictiveLow
174ArgumentxxxxpredictiveLow
175ArgumentxxxxxxxxpredictiveMedium
176ArgumentxxxxxxxxpredictiveMedium
177ArgumentxxxxpredictiveLow
178ArgumentxxxxpredictiveLow
179ArgumentxxxxpredictiveLow
180ArgumentxxxxxpredictiveLow
181ArgumentxxxxxxxxpredictiveMedium
182Argumentxxxxxxx_xxxxxxx_xxxxx_xxxxx_xxxxxpredictiveHigh
183ArgumentxxxxxxpredictiveLow
184ArgumentxxxxxxxxpredictiveMedium
185ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
186ArgumentxxxxxxxxxxxxxpredictiveHigh
187ArgumentxxxxxxxxxpredictiveMedium
188Argumentxxx['xxx_xxxxxxx']/xxx['xxx_xxxx']predictiveHigh
189ArgumentxxxxxxpredictiveLow
190ArgumentxxxxxxxxxxxxxxxpredictiveHigh
191ArgumentxxxxpredictiveLow
192ArgumentxxxpredictiveLow
193ArgumentxxxxxxxxxpredictiveMedium
194Argumentxxxx/xxxx/xxxx/xxxx/xxxxxpredictiveHigh
195Argumentxxxxxxxxxxx_xxpredictiveHigh
196ArgumentxxxxpredictiveLow
197ArgumentxxxxxpredictiveLow
198ArgumentxxxxxpredictiveLow
199ArgumentxxxxxxxxpredictiveMedium
200Argumentxxxxxx/xxxxxxx-xxxxxxxpredictiveHigh
201ArgumentxxxpredictiveLow
202ArgumentxxxxpredictiveLow
203ArgumentxxxxxxxxpredictiveMedium
204ArgumentxxxxxxxxpredictiveMedium
205Argumentxxx_xxxpredictiveLow
206Input Valuex%xxxxx%xxx=x%xxxxxxx%xxxxxxxx%xxx,x,x,x,x,x,x,xxxx(),xxxxxxxx()--+predictiveHigh
207Input Valuexxxxxxxxx\xxxxx -x xxxxxxxxxxpredictiveHigh
208Input Value<xxxxxx>xxxxx("xxx")</xxxxxx>predictiveHigh
209Input Value\xxx\xxxpredictiveMedium
210Network Portxxx/xx (xxxx)predictiveHigh
211Network PortxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!