FAKE UPDATER Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (363)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en324
de18
es8
pl6
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA310
RU: Russia10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

FAKE UPDATER2
Quasar RAT2
TrickBot1
Mikey1
NjRAT1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined68
Forum Software12
Content Management System10
Web Browser8
Operating System8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined56
Google8
Microsoft6
Apple4
Magic2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome6
Microsoft Windows6
phpBB4
YaBB4
PHPWind4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.82CVE-2010-0966
3Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot definedOfficial fixexpected0.869683.07CVE-2020-15906
4TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.042771.91CVE-2006-6168
5MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailablepossible0.015800.09CVE-2007-0354
6DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.081890.09CVE-2007-1167
7Apple M1 Register s3_5_c15_c10_1 M1RACLES access control8.88.8$5k-$25k$5k-$25kNot definedNot defined 0.000000.07CVE-2021-30747
8eSyndicat Directory Software suggest-listing.php cross site scripting3.53.5$0-$5k$0-$5kNot definedNot defined 0.000001.37
9FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailablepossible0.005050.09CVE-2008-5928
10Citrix NetScaler ADC/NetScaler Gateway OpenID openid-configuration ns_aaa_oauthrp_send_openid_config CitrixBleed memory corruption8.38.2$100k and more$0-$5kHighOfficial fixverified0.935020.02CVE-2023-4966
11Francisco Burzi PHP-Nuke Downloads Module viewsdownload sql injection5.35.3$0-$5kCalculatingNot definedNot defined 0.000130.02CVE-2005-0996
12Wheatblog add_comment.php cross site scripting4.34.3$0-$5k$0-$5kNot definedNot defined 0.002440.00CVE-2006-7002
13Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot definedNot defined 0.000002.75
14SourceCodester Prison Management System login.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.003000.06CVE-2024-3439
15itsourcecode Online Discussion Forum register_me.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.003220.07CVE-2024-5733
16phpBB album_portal.php file inclusion7.37.3$0-$5k$0-$5kNot definedNot defined 0.016761.55CVE-2004-1943
17SNETWORKS PHP CLASSIFIEDS config.inc.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptUnavailable 0.013260.09CVE-2008-0137
18Smartisoft phpBazar classified_right.php file inclusion6.56.2$0-$5kCalculatingProof-of-ConceptUnavailable 0.036360.03CVE-2006-2528
19LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot definedUnavailable 0.000001.46
20Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.000000.05

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
123.95.97.3223-95-97-32-host.colocrossing.comFAKE UPDATER10/13/2018verifiedLow
246.249.59.67FAKE UPDATER10/13/2018verifiedLow
3XXX.XXX.X.XXXxxxx.xxxx.xxXxxx Xxxxxxx10/13/2018verifiedLow
4XXX.XXX.X.XXXxxxx.xxxx.xxXxxx Xxxxxxx10/13/2018verifiedLow
5XXX.XXX.X.XXXxxxx.xxxx.xxXxxx Xxxxxxx10/13/2018verifiedLow
6XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxxXxxx Xxxxxxx10/13/2018verifiedLow

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-XCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (112)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/account/details.phppredictiveHigh
2File/Account/login.phppredictiveHigh
3File/admin/subject.phppredictiveHigh
4File/backend/admin/his_admin_register_patient.phppredictiveHigh
5File/cgi/get_param.cgipredictiveHigh
6File/classes/Master.phppredictiveHigh
7File/forum/away.phppredictiveHigh
8File/modules/registration_admission/patient_register.phppredictiveHigh
9File/oauth/idp/.well-known/openid-configurationpredictiveHigh
10File/out.phppredictiveMedium
11File/sbin/gs_configpredictiveHigh
12File/spip.phppredictiveMedium
13Fileadclick.phppredictiveMedium
14Fileadd_comment.phppredictiveHigh
15Filealbum_portal.phppredictiveHigh
16Filexxxxxx-xxxxxxxx.xxxpredictiveHigh
17Filexxxxxxxx.xxxpredictiveMedium
18Filexxxxxxxxxx_xxxxx.xxxpredictiveHigh
19Filexxxxxxxxxxxxxx.xxxxpredictiveHigh
20Filexxxxx.xxxpredictiveMedium
21Filexxxxxxx_xxx.xxxpredictiveHigh
22Filexxxxxx.xxx.xxxpredictiveHigh
23Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
24Filexxxxxxx.xxxxpredictiveMedium
25Filexxxxxx.xxxpredictiveMedium
26Filexxxxx.xxxpredictiveMedium
27Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictiveHigh
28Filexxxx.xxxpredictiveMedium
29Filexx/xxxxx.xxxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
30Filexx_xxxxxxxxxxxxx.xpredictiveHigh
31Filexxxx.xxxpredictiveMedium
32Filexxxxxxxxx.xxxpredictiveHigh
33Filexx.xxxpredictiveLow
34Filexxxx/xxxxx/xxxx.xxpredictiveHigh
35Filexxx/xxxxxx.xxxpredictiveHigh
36Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
37Filexxxxxxx/xxxxxxx/xxxxxxxx.xxx.xxxpredictiveHigh
38Filexxxxxxxx/xxxxxx_xxxxxxxxxxx.xxxpredictiveHigh
39Filexxxxxxx_xxxx/xxxxxxxx.xxxpredictiveHigh
40Filexxxxx.xxxpredictiveMedium
41Filexxxx.xxxpredictiveMedium
42Filexxxxxx.xxxxpredictiveMedium
43Filexxxxx/xxxxx.xxxpredictiveHigh
44Filexxxxx.xxxpredictiveMedium
45Filexxxxxxxx/xxxxxxxxxxxxx.xxpredictiveHigh
46Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
47Filexxx_xxxx.xxxpredictiveMedium
48Filexxx.xxxpredictiveLow
49Filexxxxx.xxxpredictiveMedium
50Filexxxx.xxxpredictiveMedium
51Filexxxxxxxxxx.xxxpredictiveHigh
52Filexxxxx.xxxpredictiveMedium
53Filexxxxx.xxxpredictiveMedium
54Filexxxxxxxx.xxxpredictiveMedium
55Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
56Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
57Filexxxxxxxx_xx.xxxpredictiveHigh
58Filexxxx.xpredictiveLow
59Filexxxxxx.xxxpredictiveMedium
60FilexxxxxpredictiveLow
61Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
62Filexxxxxxx.xxxxxxxxxx.xxxpredictiveHigh
63Filexxxx.xxxpredictiveMedium
64Filexxxx-xxxxx.xxxpredictiveHigh
65Filexxxx-xxxxxxxx.xxxpredictiveHigh
66Filexxxx/xxxxxxxx.xxxpredictiveHigh
67Filexxxxxx_xxxxxxxx.xxxpredictiveHigh
68Filexxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
69Filexxxx.xxpredictiveLow
70File~/xxxxxxxx/xxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveHigh
71Argument-xpredictiveLow
72ArgumentxxxxxxxxpredictiveMedium
73ArgumentxxxxxxxxpredictiveMedium
74ArgumentxxxxxpredictiveLow
75ArgumentxxxpredictiveLow
76ArgumentxxxxxxxxxxpredictiveMedium
77ArgumentxxxxxpredictiveLow
78Argumentxxx_xxpredictiveLow
79ArgumentxxxpredictiveLow
80Argumentxxxxxxxxx[x]predictiveMedium
81ArgumentxxxxpredictiveLow
82ArgumentxxxxxxxpredictiveLow
83ArgumentxxxxxxxxpredictiveMedium
84ArgumentxxxxpredictiveLow
85ArgumentxxxxxxxxxxxxxxxpredictiveHigh
86ArgumentxxxxxxpredictiveLow
87Argumentxxxxxxx[xxxxxx][xxxxxxxxx_xxxx]predictiveHigh
88ArgumentxxxxxxxxpredictiveMedium
89ArgumentxxpredictiveLow
90Argumentxx_xxxxpredictiveLow
91Argumentxxxxxxx_xxxxpredictiveMedium
92Argumentxxxxxxxx_xxxpredictiveMedium
93Argumentxxxx_xxxpredictiveMedium
94ArgumentxxxpredictiveLow
95Argumentxxxx_xxxxxx/xxxx_xxx/xxxxxxx/xxxx_xxxxxx/xxxx_x/xxxx_xpredictiveHigh
96ArgumentxxpredictiveLow
97ArgumentxxxxpredictiveLow
98ArgumentxxxxxxxxpredictiveMedium
99Argumentxxxx_xxxxxxpredictiveMedium
100Argumentxxx_xxxxx/xxx_xxxxxxx/xxx_xxxxx/xxx_xxx/xxx_xxx/xxx_xxxxxx/xxx_xxxxx/xxx_xxxx/xxx_xxxxpredictiveHigh
101Argumentxxxxx_xxxx_xxxxpredictiveHigh
102Argumentxx_xxxxpredictiveLow
103Argumentxxx_xxxxpredictiveMedium
104ArgumentxxxpredictiveLow
105Argumentxxxxx_xxxx/xxx_xxxxpredictiveHigh
106Argumentxxxx_xxxxxx_xxxxpredictiveHigh
107ArgumentxxxxxpredictiveLow
108ArgumentxxxxxxxxpredictiveMedium
109ArgumentxxxxxxxxxpredictiveMedium
110ArgumentxxxpredictiveLow
111Argument_xxxxxx[xxxx_xxxx]predictiveHigh
112Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxx+xxxxxx+x,x,xxxx,xxx,x,x+xxxx+xxx_xxxxx+xxxxx+xx=x--+predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!