Fareit Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en190
de10
fr4
es3
pl3

Country

gb101
us54
ca17
la6
fr4

Actors

Grizzly Steppe99
RATicate51
APT3624
Fareit17
MyKings14

Activities

Interest

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1All Enthusiast Inc Reviewpost Php Pro showproduct.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2004-2175
2Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix1.43CVE-2017-0055
3Synology DiskStation Manager Change Password password recovery7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2018-8916
4PhotoPost PHP Pro showproduct.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2004-0250
5nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined4.83CVE-2020-12440
6BitTorrent uTorrent Bencoding Parser input validation6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-8437
7MDaemon Webmail cross site scripting5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2019-8983
8HP 3PAR Service Processor SP information disclosure4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.07CVE-2015-5443
9OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.87CVE-2016-6210
10Maran PHP Shop prod.php sql injection7.37.3$0-$5k$0-$5kHighNot Defined0.05CVE-2008-4879
11AjaxPro .NET Class deserialization7.87.8$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-23758
12Gallarific PHP Photo Gallery script gallery.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.08CVE-2011-0519
13Google TensorFlow count_ops.cc tf.raw_ops.DenseCountSparseOutput divide by zero4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-29554
14ArticleCMS unrestricted upload5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-28063
15P4 Plugin cross-site request forgery3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2021-21655
16Microsoft Office Equation Editor memory corruption7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-0798
17Cisco Catalyst 6500 SIP memory corruption7.56.5$5k-$25k$0-$5kUnprovenOfficial Fix0.09CVE-2012-4660
18Citrix ADC/Gateway/NetScaler Gateway/SD-WAN WANOP SSL VPN Web Portal cross site scripting3.53.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-8245
19Python urllib.request.AbstractBasicAuthHandler incorrect regex6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-8492
20Microsoft IIS code injection9.99.9$25k-$100k$5k-$25kNot DefinedNot Defined0.04CVE-2010-1256

IOC - Indicator of Compromise (49)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameCampaignsConfidence
123.21.126.66ec2-23-21-126-66.compute-1.amazonaws.comMedium
223.21.252.4ec2-23-21-252-4.compute-1.amazonaws.comMedium
334.117.168.233233.168.117.34.bc.googleusercontent.comMedium
450.87.236.23850-87-236-238.unifiedlayer.comHigh
563.141.242.46High
664.219.114.114adsl-64-219-114-114.dsl.bumttx.swbell.netHigh
766.228.61.192li318-192.members.linode.comHigh
868.171.208.119penandpixel.comHigh
971.42.56.253rrcs-71-42-56-253.se.biz.rr.comHigh
10XX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxHigh
11XX.XX.XXX.XXXxxxxxx.xxxxxxxxx.xxxHigh
12XX.XXX.XXX.XXHigh
13XX.XX.XX.XXXHigh
14XX.XX.XX.XXXHigh
15XX.XXX.XXX.XXxxx.xxxxx.xxHigh
16XX.XXX.XXX.XXXxxx.xxxxx.xxHigh
17XX.XXX.XX.XXxxxxxxxxx.xxxHigh
18XX.XXX.XX.XXHigh
19XX.XX.XXX.XXXxxxxxxx.xxxxxxxxx.xxxHigh
20XX.XX.XXX.XXxxxxxxx.xxxxxxxxx.xxxHigh
21XX.XXX.XXX.XXXxxxxxx-xxxxxx.xxx.xxxxx.xxHigh
22XX.XXX.XX.XXXxxx.xxxxxxxxx.xxHigh
23XX.XXX.XXX.XXXHigh
24XX.XXX.XX.XXxxxxxxx.xxxxxxxxxx.xxHigh
25XXX.XX.XX.XXXxxxxxxx.xxxxx.xxHigh
26XXX.XXX.XXX.XXXxx-xxxxxxxx.xxxxx.xxxHigh
27XXX.XXX.XXX.XXxxx-xxx-xxx-xx-xxxx.xxxxxxxxxxxx.xxxHigh
28XXX.XXX.XXX.XXXxx.xxxxxxxxxxx.xx.xxHigh
29XXX.XXX.XXX.XXXxxxxxx.xxxxxxxx.xxxHigh
30XXX.XX.XXX.XXxx-xxx-xx-xxx-xx.xx.xxxxxxxxxxxx.xxxHigh
31XXX.XXX.XX.XXxxxxxxxx-xx-xxx.xxxxx.xxxHigh
32XXX.XXX.XX.Xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxHigh
33XXX.XXX.XX.XXxx-xx-xxx.xxxxx.xxxHigh
34XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxHigh
35XXX.XXX.XXX.XXxx-xx-xxx.xxxxx.xxxHigh
36XXX.XXX.XXX.XXxx-xx-xxx.xxxxx.xxxHigh
37XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxHigh
38XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxHigh
39XXX.XXX.XXX.XXHigh
40XXX.XXX.XX.XXXxxxxxxxxxx.xx.xxxxxxx.xxxHigh
41XXX.XXX.XXX.XXXxxx.xxxxx.xxxxHigh
42XXX.XX.XX.Xxxxxxx.xxxxxxxxxx.xxxHigh
43XXX.XX.XXX.XXxxxxxxxxxx-x.xxx-xxxxxxx.xxxHigh
44XXX.XX.XXX.XXxx-xx-xxx.xxxxx.xxxHigh
45XXX.XX.XXX.XXxx-xx-xxx.xxxxx.xxxHigh
46XXX.XX.XXX.XXxx-xx-xxx.xxxxx.xxxHigh
47XXX.X.XX.XXXxxxxxxxxxxx-xxxxx.xxxxxxxxx-xxxxx.xxHigh
48XXX.XXX.X.XXxxx-xxx-x-xx.xxxxxxx-xxx.xx-x.xxxHigh
49XXX.XXX.X.XXXxxx-xxx-x-xxx.xxxxxxx-xxx.xx-x.xxxHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (79)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/admin/download_frame.phpHigh
2File/backups/Medium
3File/cms/ajax.phpHigh
4File/etc/sudoersMedium
5File/index.php?controller=system&action=admin_edit_actHigh
6File/uncpath/Medium
7Filebits.cLow
8Filecat.phpLow
9FileCgi/admindb.pyHigh
10Filexxxxxxxxx.xxxHigh
11Filexxxxxx.xxx.xxxHigh
12Filexxxx/xxxxxxx/xxxxx_xxx.xxHigh
13Filexxxx/xxxxxxxxxxxxxxx.xxxHigh
14Filexxxxxx.xxxMedium
15Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxHigh
16Filexxxx-xxxxxx.xxxHigh
17Filexxxxxxxxxxx/xxxxx.xxxHigh
18Filexxxxxxxxxxxxx.xHigh
19Filexxxxxxx.xxxMedium
20Filexxxxxx/xxxxxxxxxxxxxHigh
21Filexxx/xxxxxx.xxxHigh
22Filexxxxx.xxxMedium
23Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxHigh
24Filexxxx.xxxMedium
25Filexxxxxx/xxxx/xxxxxxxxxxx.xHigh
26Filexxxxx/xxxxxxxx.xHigh
27Filexxxxx_xxx_xxx.xxxHigh
28Filexxxxxx_xxxxxx/xxxxxxx/xxx.xxx.xxxx.xxxxxx.xxxxxxx.xxxxxxxxxxx.xxxHigh
29Filexxx.xxLow
30Filexxxxxxxxxx.xxxHigh
31Filexxx/xxxxxxxx.xxxxx.xxxHigh
32Filexxxx.xxxMedium
33Filexxxxxxxx.xxxMedium
34Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxHigh
35Filexxxx_xxxxxxxxx.xxxHigh
36Filexxxxx.xxxMedium
37Filexxxxx.xxxxxxxHigh
38Filexxxx_xxxxxxx_xxxxxxxx.xxxHigh
39Filexxxxxxxxxxx.xxxHigh
40Filexxxxxxxx.xMedium
41Filexxx/xxx_xxxxx.xHigh
42Filexxx/xxxxxxx.xHigh
43Filexxx/xxxxxxx.xHigh
44Filexxx/xxxxxx.xMedium
45Filexxx/xxxx.xxxMedium
46Filexxxxxxxxx.xxxxHigh
47Filexxxxxxxxxxxxxx.xxxHigh
48Filexxxxxx.xxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxHigh
49Filexxxxxxxxx.xxxHigh
50Filexx-xxxxxxx/xxxxxxxHigh
51File~/xxx/xxxx-xxxxxxxxx.xxxHigh
52ArgumentxxxxxxLow
53ArgumentxxxxxxxxMedium
54ArgumentxxxLow
55ArgumentxxxxxLow
56Argumentxxx_xxLow
57ArgumentxxxLow
58Argumentxx_xx_xxxx_xxxxHigh
59ArgumentxxxxxLow
60ArgumentxxxxxxxxMedium
61ArgumentxxLow
62Argumentxxx_xxxLow
63Argumentxx_xxx_xxxxxMedium
64Argumentxxxx_xxLow
65ArgumentxxxxxxxxxMedium
66Argumentxxx_xxxxxxx_xxxHigh
67ArgumentxxxxxLow
68ArgumentxxxxxxxLow
69ArgumentxxxxxxxLow
70ArgumentxxxxLow
71ArgumentxxxxxxxxMedium
72ArgumentxxxxxxxxMedium
73ArgumentxxxxLow
74ArgumentxxxxxxxLow
75ArgumentxxxLow
76ArgumentxxxxxxxxMedium
77ArgumentxxxxxxxxMedium
78Network Portxxxx/xxxxMedium
79Network Portxxx/xxxxMedium

References (4)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!