Fileless Analysis

IOB - Indicator of Behavior (346)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en338
fr4
zh2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

is304
us8
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Fileless3
BianLian1
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined102
Operating System58
Banking Software20
Web Browser14
Chip Software14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Microsoft78
Not Defined56
Oracle24
D-Link18
Qualcomm14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows58
D-Link DCS-113018
Qualcomm Snapdragon Auto14
Qualcomm Snapdragon Consumer IOT14
Qualcomm Snapdragon Industrial IOT14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1UNCTAD ASYCUDA World Java RMI Server inadequate encryption8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00357CVE-2020-9761
2Microsoft Windows Hyper-V Network Switch input validation5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00043CVE-2019-0714
3Microsoft Windows Hyper-V Network Switch input validation5.95.7$5k-$25k$5k-$25kNot DefinedOfficial Fix0.030.00043CVE-2019-0715
4Microsoft Windows DHCP Server memory corruption9.89.4$100k and more$5k-$25kNot DefinedOfficial Fix0.050.05477CVE-2019-1213
5Microsoft Windows Bluetooth cryptographic issues8.27.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.00095CVE-2019-9506
6Microsoft Windows memory corruption5.85.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00203CVE-2019-0716
7Microsoft Windows Hyper-V Network Switch input validation5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00043CVE-2019-0717
8Microsoft Edge information disclosure5.04.8$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.03227CVE-2019-1030
9Microsoft Windows Hyper-V Network Switch input validation5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00043CVE-2019-0723
10Microsoft Windows Hyper-V Network Switch input validation5.95.7$5k-$25k$5k-$25kNot DefinedOfficial Fix0.010.00043CVE-2019-0718
11JetBrains YouTrack Plugin Template injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01090CVE-2019-10100
12Joomla CMS LDAP Authentication Password ldap injection7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.02088CVE-2017-14596
13Microsoft Windows JET Database Engine memory corruption7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.010.00897CVE-2019-1146
14Microsoft Windows JET Database Engine memory corruption7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.030.00897CVE-2019-1147
15Microsoft Windows Graphics Component information disclosure4.84.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2019-1148
16Microsoft Windows Graphics Component information disclosure4.84.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2019-1153
17Microsoft Windows Graphics Component information disclosure4.84.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00049CVE-2019-1154
18Microsoft Windows JET Database Engine memory corruption7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00897CVE-2019-1156
19Microsoft Windows JET Database Engine memory corruption7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.060.00897CVE-2019-1155
20Microsoft Windows JET Database Engine memory corruption7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00897CVE-2019-1157

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
193.95.228.97timestechnologies.orgFileless07/30/2022verifiedHigh
2162.0.224.144people-role.quarantine-pnap-vlan51.web-hosting.comFileless07/30/2022verifiedHigh
3XXX.XX.XXX.Xxx-xxxxx.xxxxxx.xxxXxxxxxxx07/30/2022verifiedHigh
4XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxx07/30/2022verifiedHigh
5XXX.XXX.XXX.XXxxxxxx.xxxxxxxx.xxxXxxxxxxx07/30/2022verifiedHigh
6XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxx07/30/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4T1059.007CWE-79Cross Site ScriptingpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx XxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
14TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
18TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
19TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
20TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/acms/classes/Master.php?f=delete_cargopredictiveHigh
2File/domains/listpredictiveHigh
3File/sbinpredictiveLow
4File/sbin/orthruspredictiveHigh
5File/sbin/rtspdpredictiveMedium
6File/var/www/video/mp4tspredictiveHigh
7Fileadmin/listMailConfigurationpredictiveHigh
8Fileapply.cgipredictiveMedium
9Filexxxxxx/xxx.xpredictiveMedium
10Filexxxxxx/xx.xpredictiveMedium
11Filexxxxxx/xxxx.xpredictiveHigh
12Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
13Filexxxxxx/xxxx_xxxxxxxx.xxxpredictiveHigh
14Filexxxxx_xxxxx.xxx_xxxpredictiveHigh
15Filexxxx_xxxxxxx.xxxpredictiveHigh
16Filexxxxx.xpredictiveLow
17Filexxxxxxx.xxxxpredictiveMedium
18Filexxxx_xxx.xpredictiveMedium
19Filexxxx/xxxxxxxxxx.xxpredictiveHigh
20Filexxxxxxx/xxx.xxxpredictiveHigh
21Filexxxx.xxxpredictiveMedium
22Filexxxxx.xxxpredictiveMedium
23Filexx/xxxxxx.xxxxxxxxxxx.xxpredictiveHigh
24Filexxxxxxxxxxxx.xxpredictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexx-xxxxx/xxxx-xxxx.xxxpredictiveHigh
27Filexxxxxxxxx.xxxpredictiveHigh
28Filexxxxxxxxxx.xxpredictiveHigh
29Filexxx_xxx.xxx?xxx=xxx.xxx.x.x&xxxx=xx&xxxx=xxxpredictiveHigh
30Filexxx/xxx/xxx/xxxxxxx/xxxxxxxx/xxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
31Filexxxxxxxx.xxxpredictiveMedium
32Filexxxxx_xxxxx.xxxpredictiveHigh
33Filexxxxxx.xxxpredictiveMedium
34Filexxxxxxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxxx/xxxxxxx/xxxxxxxxxxxpredictiveHigh
36Filexxxxx-xx.xxxpredictiveMedium
37Libraryxxxxxx.xxxpredictiveMedium
38Libraryxxxxxxxxxxx.xxxpredictiveHigh
39Libraryxxxx.xxxpredictiveMedium
40Libraryxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
41Libraryxxxxxx.xxxpredictiveMedium
42Libraryxxxxx.xxxpredictiveMedium
43Libraryxxxxxxx.xxxpredictiveMedium
44Libraryxxxx.xxxpredictiveMedium
45Libraryxxxxxxxxxxxxxx.xxxpredictiveHigh
46Libraryxxxxxxxx.xxxpredictiveMedium
47Libraryxxxxxx.xxxpredictiveMedium
48Libraryxxxxxxx.xxxpredictiveMedium
49Argument-xpredictiveLow
50ArgumentxxxxpredictiveLow
51ArgumentxxxxxxxxpredictiveMedium
52Argumentxxxx-xxxx-xxxxxxxxpredictiveHigh
53Argumentxx_xxxxxxpredictiveMedium
54ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
55ArgumentxxxxxxxpredictiveLow
56ArgumentxxxpredictiveLow
57ArgumentxxxxxxxxxxxxxxpredictiveHigh
58Argumentxxx_xxxxpredictiveMedium
59ArgumentxxxxxxxxxxpredictiveMedium
60ArgumentxxxpredictiveLow
61ArgumentxxxxxxxxxxxxxxxpredictiveHigh
62Network Portxxx/xx (xxx)predictiveMedium
63Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!