Fileless Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (361)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en354
fr4
ko2
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

IS: Iceland304
US: USA16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Fileless4
BianLian1
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined140
Operating System54
WordPress Plugin10
Chip Software10
Content Management System10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined66
Microsoft64
D-Link16
Oracle12
JetBrains10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows46
D-Link DCS-113014
Qualcomm Snapdragon Auto10
Qualcomm Snapdragon Consumer Electronics Connectiv ...10
Qualcomm Snapdragon Consumer IOT10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1UNCTAD ASYCUDA World Java RMI Server inadequate encryption8.58.5$0-$5k$0-$5kNot definedNot defined
 
0.008710.01CVE-2020-9761
2Microsoft Windows Hyper-V Network Switch input validation5.95.7$5k-$25k$5k-$25kNot definedOfficial fix
 
0.015910.00CVE-2019-0714
3Microsoft Windows Hyper-V Network Switch input validation5.95.7$5k-$25k$5k-$25kNot definedOfficial fix
 
0.015910.00CVE-2019-0715
4Microsoft Windows DHCP Server memory corruption9.89.7$25k-$100k$25k-$100kNot definedOfficial fix
 
0.128900.04CVE-2019-1213
5Microsoft Windows Bluetooth cryptographic issues8.07.9$25k-$100k$0-$5kNot definedOfficial fix
 
0.029750.02CVE-2019-9506
6Microsoft Windows memory corruption5.85.6$5k-$25k$5k-$25kNot definedOfficial fix
 
0.009650.00CVE-2019-0716
7Microsoft Windows Hyper-V Network Switch input validation5.95.7$5k-$25k$5k-$25kNot definedOfficial fix
 
0.012940.00CVE-2019-0717
8Microsoft Edge information disclosure5.04.8$25k-$100k$0-$5kNot definedOfficial fix
 
0.140460.00CVE-2019-1030
9Microsoft Windows Hyper-V Network Switch input validation5.95.7$5k-$25k$5k-$25kNot definedOfficial fix
 
0.015910.00CVE-2019-0723
10Microsoft Windows Hyper-V Network Switch input validation5.95.7$5k-$25k$5k-$25kNot definedOfficial fix
 
0.015910.00CVE-2019-0718
11JetBrains YouTrack Plugin Template injection8.58.4$0-$5k$0-$5kNot definedOfficial fix
 
0.000110.00CVE-2019-10100
12Joomla CMS LDAP Authentication Password ldap injection7.57.2$5k-$25k$0-$5kNot definedOfficial fix
 
0.075840.03CVE-2017-14596
13Microsoft Windows JET Database Engine memory corruption7.37.0$25k-$100k$5k-$25kNot definedOfficial fix
 
0.096770.00CVE-2019-1146
14Microsoft Windows JET Database Engine memory corruption7.37.0$25k-$100k$5k-$25kNot definedOfficial fix
 
0.096770.00CVE-2019-1147
15Microsoft Windows Graphics Component information disclosure5.04.9$25k-$100k$0-$5kProof-of-ConceptOfficial fix
 
0.055140.00CVE-2019-1148
16Microsoft Windows Graphics Component information disclosure4.84.8$25k-$100k$0-$5kNot definedOfficial fix
 
0.055140.00CVE-2019-1153
17Microsoft Windows Graphics Component information disclosure4.84.7$5k-$25k$0-$5kNot definedOfficial fix
 
0.006020.00CVE-2019-1154
18Microsoft Windows JET Database Engine memory corruption7.37.0$25k-$100k$5k-$25kNot definedOfficial fix
 
0.096770.00CVE-2019-1156
19Microsoft Windows JET Database Engine memory corruption7.37.0$25k-$100k$5k-$25kNot definedOfficial fix
 
0.124900.00CVE-2019-1155
20Microsoft Windows JET Database Engine memory corruption7.37.0$25k-$100k$5k-$25kNot definedOfficial fix
 
0.049740.00CVE-2019-1157

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
193.95.228.97timestechnologies.orgFileless07/30/2022verifiedMedium
2162.0.224.144people-role.quarantine-pnap-vlan51.web-hosting.comFileless07/30/2022verifiedLow
3XXX.XX.XXX.Xxx-xxxxx.xxxxxx.xxxXxxxxxxx07/30/2022verifiedMedium
4XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxx07/30/2022verifiedLow
5XXX.XXX.XXX.XXxxxxxx.xxxxxxxx.xxxXxxxxxxx07/30/2022verifiedLow
6XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxx07/30/2022verifiedLow

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79Basic Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
20TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (84)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/acms/classes/Master.php?f=delete_cargopredictiveHigh
2File/admin/config_MT.php?action=deletepredictiveHigh
3File/admin/inquiries/view_inquiry.phppredictiveHigh
4File/domains/listpredictiveHigh
5File/save_invoice.phppredictiveHigh
6File/sbinpredictiveLow
7File/sbin/orthruspredictiveHigh
8File/sbin/rtspdpredictiveMedium
9File/summary.phppredictiveMedium
10File/sysmanage/changelogo.phppredictiveHigh
11File/xx/xxxxxxxx/predictiveHigh
12File/xxx/xxx/xxxxx/xxxxxpredictiveHigh
13Filexxxxx/xxxxxxxxxxxxxxxxxxxxxpredictiveHigh
14Filexxxxx.xxxpredictiveMedium
15Filexxxxxx/xxx.xpredictiveMedium
16Filexxxxxx/xx.xpredictiveMedium
17Filexxxxxx/xxxx.xpredictiveHigh
18Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
19Filexxxxxx/xxxx_xxxxxxxx.xxxpredictiveHigh
20Filexxxxx_xxxxx.xxx_xxxpredictiveHigh
21Filexxxx_xxxxxxx.xxxpredictiveHigh
22Filexxxxx.xpredictiveLow
23Filexxxxxxx.xxxxpredictiveMedium
24Filexxxx_xxx.xpredictiveMedium
25Filexxxx/xxxxxxxxxx.xxpredictiveHigh
26Filexxxxxxx/xxx.xxxpredictiveHigh
27Filexxxx.xxxpredictiveMedium
28Filexxxxx.xxxpredictiveMedium
29Filexx/xxxxxx.xxxxxxxxxxx.xxpredictiveHigh
30Filexxxxxxxxxxxx.xxpredictiveHigh
31Filexxxxx.xxxpredictiveMedium
32Filexxxxx.xxxpredictiveMedium
33Filexxxxxx.xxxpredictiveMedium
34Filexx-xxxxx/xxxx-xxxx.xxxpredictiveHigh
35Filexxxxxxxxx.xxxpredictiveHigh
36Filexxxxxxxxxx.xxpredictiveHigh
37Filexxxxxx/xxxxx.xxxpredictiveHigh
38Filexxxxx.xxxpredictiveMedium
39Filexxx_xxx.xxx?xxx=xxx.xxx.x.x&xxxx=xx&xxxx=xxxpredictiveHigh
40Filexxx/xxx/xxx/xxxxxxx/xxxxxxxx/xxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
41Filexxxxxxxx.xxxpredictiveMedium
42Filexxxxx_xxxxx.xxxpredictiveHigh
43Filexxxxxx.xxxpredictiveMedium
44Filexxxxxxxxxxxxx.xxxpredictiveHigh
45Filexxxxxxxx/xxxxxxx/xxxxxxxxxxxpredictiveHigh
46Filexxxxx-xx.xxxpredictiveMedium
47Libraryxxxxxx.xxxpredictiveMedium
48Libraryxxxxxxxxxxx.xxxpredictiveHigh
49Libraryxxxx.xxxpredictiveMedium
50Libraryxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
51Libraryxxxxxx.xxxpredictiveMedium
52Libraryxxxxx.xxxpredictiveMedium
53Libraryxxxxxxx.xxxpredictiveMedium
54Libraryxxxx.xxxpredictiveMedium
55Libraryxxxxxxxxxxxxxx.xxxpredictiveHigh
56Libraryxxxxxxxx.xxxpredictiveMedium
57Libraryxxxxxx.xxxpredictiveMedium
58Libraryxxxxxxx.xxxpredictiveMedium
59Argument-xpredictiveLow
60ArgumentxxxxpredictiveLow
61ArgumentxxxxxpredictiveLow
62ArgumentxxxxxxpredictiveLow
63ArgumentxxxxxxxxpredictiveMedium
64Argumentxxxx_xxxxxxpredictiveMedium
65ArgumentxxxxpredictiveLow
66ArgumentxxpredictiveLow
67Argumentxxxxxxx_xxxx/xxxxxxxx/xxxxxxx/xxxxx_xxxxxx/xxxxxxxx_xxxxxxxxxx/xxxxxxxx_xxxxxx/xxxxxxxx_xxxxxxpredictiveHigh
68Argumentxxxx-xxxx-xxxxxxxxpredictiveHigh
69Argumentxx_xxxxxxpredictiveMedium
70ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
71ArgumentxxxxxxxpredictiveLow
72ArgumentxxxpredictiveLow
73ArgumentxxxxxxxxpredictiveMedium
74ArgumentxxxpredictiveLow
75ArgumentxxxxxxxxxxxxxxpredictiveHigh
76Argumentxxx_xxxxpredictiveMedium
77ArgumentxxxpredictiveLow
78ArgumentxxxxxxxxxxpredictiveMedium
79ArgumentxxxpredictiveLow
80ArgumentxxxxxxxxxxxxxxxpredictiveHigh
81ArgumentxxxxxxxxxpredictiveMedium
82Network Portxxx/xx (xxx)predictiveMedium
83Network Portxxx/xxxxxpredictiveMedium
84Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!