FakeCrack Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (243)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en224
ru8
zh6
de2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us50
cn32
tr20
ru4
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

FTP Info Stealer5
Cobalt Strike4
Gamaredon2
RedLine Stealer2
BazarBackdoor2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined126
Operating System16
Content Management System14
WordPress Plugin14
Bug Tracking Software10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined104
Microsoft14
GitLab8
Google6
Netgear4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

GitLab Enterprise Edition8
Microsoft Windows8
GitLab Community Edition4
Google Android4
OFCMS4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Microsoft Office Word Remote Code Execution7.06.2$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.070.01350CVE-2023-28311
2Microsoft Exchange Server ProxyShell Remote Code Execution9.58.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.97443CVE-2021-34473
3ThinkPHP input validation8.58.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.97478CVE-2019-9082
4SmarterTools SmarterMail path traversal6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00062CVE-2019-7213
5cumin Server Certificate Validator certificate validation7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.010.00090CVE-2013-0264
6Best Practical Request Tracker Auth.pm timing discrepancy2.62.5$0-$5k$0-$5kNot DefinedOfficial Fix0.190.00151CVE-2021-38562
7Microsoft Windows SmartScreen Remote Code Execution8.88.4$25k-$100k$5k-$25kFunctionalOfficial Fix0.000.01304CVE-2023-32049
8Asus RT-AC86U Web URL os command injection8.88.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00076CVE-2023-28702
9Asus RT-AC86U LPD Service os command injection8.88.6$0-$5k$0-$5kNot DefinedNot Defined0.030.00047CVE-2022-25597
10Asus RT-AC56U out-of-bounds write8.88.6$0-$5k$0-$5kNot DefinedNot Defined0.080.00070CVE-2022-25596
11Asus RT-AX56U V2/RT-AC86U cm_processChangedConfigMsg format string9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.040.00330CVE-2023-35087
12lighttpd mod_alias_physical_handler mod_alias.c path traversal7.47.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00368CVE-2018-19052
13Microsoft Windows Remote Desktop unknown vulnerability5.85.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.220.00134CVE-2023-29352
14Microsoft Windows Remote Desktop Client Local Privilege Escalation7.56.6$25k-$100k$5k-$25kUnprovenOfficial Fix0.050.00518CVE-2023-24905
15Phpsugar PHP Melody Cookie watch.php sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.00156CVE-2017-15579
16tsolucio corebos cross site scripting5.15.1$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00045CVE-2023-3073
17SICK FTMg Air Flow Sensor REST Interface observable response discrepancy5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.070.00092CVE-2023-23449
18PHP unserialize use after free5.34.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.73398CVE-2015-0231
19Microsoft Windows DHCP Server Service Remote Code Execution8.68.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.060.09498CVE-2023-28231
20Cloudreve File Upload cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00051CVE-2022-32167

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
137.221.67.219FakeCrack07/30/2022verifiedHigh
245.135.134.211mail.hhllk.cnFakeCrack07/30/2022verifiedHigh
3XX.XXX.XXX.XXXXxxxxxxxx07/30/2022verifiedHigh
4XX.XXX.XXX.XXXxxxxxxxxxxxxxxxxxx.xxxXxxxxxxxx07/30/2022verifiedHigh
5XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxx07/30/2022verifiedMedium
6XXX.XXX.XXX.XXxxxxxxxxx.xx.xxXxxxxxxxx07/30/2022verifiedHigh
7XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxx.xxxXxxxxxxxx07/30/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (23)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Pathname TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74InjectionpredictiveHigh
4T1059CWE-88, CWE-94Cross Site ScriptingpredictiveHigh
5T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx XxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
13TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXXCWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
15TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXXXxxxxxxx Xxxxxxxxx Xx X Xxxxxxxxxxx'x Xxxxx Xx XxxxxpredictiveHigh
17TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
18TXXXX.XXXCWE-XXXXxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx XxxxxxxxpredictiveHigh
19TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
20TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
21TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
22TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
23TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (109)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/acms/classes/Master.php?f=delete_cargopredictiveHigh
2File/admin.php/news/admin/topic/savepredictiveHigh
3File/admin/comn/service/update.jsonpredictiveHigh
4File/api/files/predictiveMedium
5File/cgi-bin/touchlist_sync.cgipredictiveHigh
6File/dev/shmpredictiveMedium
7File/dl/dl_print.phppredictiveHigh
8File/getcfg.phppredictiveMedium
9File/ofcms/company-c-47predictiveHigh
10File/usr/sbin/httpdpredictiveHigh
11File/util/print.cpredictiveHigh
12File/web/MCmsAction.javapredictiveHigh
13Filexxx-xxxx.xpredictiveMedium
14Filexxxxxxxx/xxxxxxx_xxxxxxx.xxxpredictiveHigh
15Filexxxxx.xxx/xxxxx/xxxxxxxxx/xxxxx/xxxxx/xxxxxx.xxxxpredictiveHigh
16Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
17Filexxxxxxxx.xxxpredictiveMedium
18Filexxx-xxxx.xxxpredictiveMedium
19Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
21Filexxxx_xxxxx.xxxpredictiveHigh
22Filexxxxxxxxx.xpredictiveMedium
23Filexxxxxxx.xxxpredictiveMedium
24Filexxxxxxx/xxx/xxx-xxx.xpredictiveHigh
25Filexxxxxxx/xxx/xx/xxxxxxxxxx.xpredictiveHigh
26Filexxxxxxxx.xxxpredictiveMedium
27Filexxxxxxx_x.xpredictiveMedium
28Filexxxxx_xxxxxxxx.xxxpredictiveHigh
29Filexxxxxx_xx.xpredictiveMedium
30Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
31Filexxxxx.xxxpredictiveMedium
32Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
33Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictiveHigh
34Filexxxxxxxxx/xxxxxxxxx/xxxxxxxxx_xxxxx_xxx.xxxpredictiveHigh
35Filexxxxxxxx/xxxx_xxxx.xpredictiveHigh
36Filexxx_xxxxxx_xxxxxx.xxpredictiveHigh
37Filexxxx_xxxxxxxx_xxxxxxx.xxxpredictiveHigh
38Filexxxxxx/xxxxxxxx/xxx.xxxpredictiveHigh
39Filexxx_xxxxx.xpredictiveMedium
40Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveHigh
41Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
42Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
43Filexxx_xxxxxxx.xpredictiveHigh
44Filexxx/xxxxxx/xxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
45Filexxxxxxx/xx_xxxxx_xxxx/xxxx.xxxpredictiveHigh
46Filexxxxxxx.xxxpredictiveMedium
47Filexxxxx.xxxpredictiveMedium
48Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
49Filexxxxxxx.xxxpredictiveMedium
50Filexxxx.xxxpredictiveMedium
51Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
52Filexx_xxxx/xx_xxxxxx.xpredictiveHigh
53Filexxx_xxxxxxxx.xpredictiveHigh
54Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
55Filexxxxxx/xxx/xx/xxx.xpredictiveHigh
56Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
57Filexxxxxxxxx/xxxxxxxxx/xxxx-xxx.xxx.xxxpredictiveHigh
58Filexxxxxxx/xxxxx.xxxpredictiveHigh
59Filexxxxxxxxxxx_xxxxxx_xxxx.xxxx.xxxpredictiveHigh
60Filexxxxx/xxx/xxxxxxx/xxxxxx.xxxpredictiveHigh
61Filexxxxxx.xxxpredictiveMedium
62Filexxxxxxxx/xxxxxxxxpredictiveHigh
63Filexxxxx/xxxxx.xxpredictiveHigh
64Filexxxxx.xxxpredictiveMedium
65Filexxxxxx/xx/xxxx.xxxpredictiveHigh
66Filexxxxxxxxx.xxxpredictiveHigh
67Libraryxxxxx.xxxpredictiveMedium
68Libraryxxx/xx/xxxxx/xxxxxxxxxx/xxxx.xxpredictiveHigh
69Argument$_xxxxxxx["xxx"]predictiveHigh
70Argumentxx_xxxxx_xxx_xxxxpredictiveHigh
71Argumentxxx_xxxxxxxxxxpredictiveHigh
72Argumentxxxxxxxx_x/xxxxxxxx_xpredictiveHigh
73Argumentxxxxxx_xxxxpredictiveMedium
74ArgumentxxxxxxxxxpredictiveMedium
75ArgumentxxxpredictiveLow
76ArgumentxxxxxxxxxxxxxxxpredictiveHigh
77ArgumentxxxxxxxxxpredictiveMedium
78ArgumentxxxxxxxxxpredictiveMedium
79Argumentxxxxxx x xxx xxxxxxxxxxpredictiveHigh
80Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
81Argumentxxxxx/xxxxxxxxpredictiveHigh
82Argumentxxxxxx_xxxx_xxxxxxxxpredictiveHigh
83ArgumentxxxxxxxxxpredictiveMedium
84ArgumentxxxxpredictiveLow
85ArgumentxxpredictiveLow
86ArgumentxxxxxxxxxpredictiveMedium
87ArgumentxxxpredictiveLow
88ArgumentxxxxxxxxxpredictiveMedium
89ArgumentxxpredictiveLow
90ArgumentxxxxpredictiveLow
91ArgumentxxxxxxpredictiveLow
92ArgumentxxxxxxxpredictiveLow
93ArgumentxxxxxxxxpredictiveMedium
94ArgumentxxxxxpredictiveLow
95Argumentx_xxpredictiveLow
96Argumentxxxxxx xxxxpredictiveMedium
97ArgumentxxxxpredictiveLow
98Argumentxxxx_xxpredictiveLow
99ArgumentxxxxpredictiveLow
100ArgumentxxxxxxxxxpredictiveMedium
101ArgumentxxxxxxxxpredictiveMedium
102ArgumentxxxxxxxxpredictiveMedium
103ArgumentxxxxxxxxpredictiveMedium
104ArgumentxxxxxpredictiveLow
105ArgumentxxxxxpredictiveLow
106Input Value../predictiveLow
107Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
108Input Valuexxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxxpredictiveHigh
109Network Portxxx/xxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!