Fileless Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (352)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en344
fr4
zh2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

IS: Iceland310
US: USA16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Fileless3
BianLian1
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined110
Operating System58
Banking Software28
WordPress Plugin16
Chip Software12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Microsoft72
Not Defined62
Oracle34
D-Link16
Qualcomm12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows52
Oracle FLEXCUBE Universal Banking14
D-Link DCS-113014
Qualcomm Snapdragon Auto12
Qualcomm Snapdragon Consumer IOT12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1UNCTAD ASYCUDA World Java RMI Server inadequate encryption8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.004220.05CVE-2020-9761
2Microsoft Windows Hyper-V Network Switch input validation5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.001130.07CVE-2019-0714
3Microsoft Windows Hyper-V Network Switch input validation5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.001130.00CVE-2019-0715
4Microsoft Windows DHCP Server memory corruption9.89.4$100k and more$5k-$25kNot DefinedOfficial Fix0.060820.00CVE-2019-1213
5Microsoft Windows Bluetooth cryptographic issues8.07.9$25k-$100k$0-$5kNot DefinedOfficial Fix0.001050.00CVE-2019-9506
6Microsoft Windows memory corruption5.85.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.001380.00CVE-2019-0716
7Microsoft Windows Hyper-V Network Switch input validation5.95.7$5k-$25k$5k-$25kNot DefinedOfficial Fix0.001130.00CVE-2019-0717
8Microsoft Edge information disclosure5.04.8$25k-$100k$5k-$25kNot DefinedOfficial Fix0.005860.00CVE-2019-1030
9Microsoft Windows Hyper-V Network Switch input validation5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.001130.00CVE-2019-0723
10Microsoft Windows Hyper-V Network Switch input validation5.95.7$5k-$25k$5k-$25kNot DefinedOfficial Fix0.001130.00CVE-2019-0718
11JetBrains YouTrack Plugin Template injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.007700.00CVE-2019-10100
12Joomla CMS LDAP Authentication Password ldap injection7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.010390.04CVE-2017-14596
13Microsoft Windows JET Database Engine memory corruption7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.013560.00CVE-2019-1146
14Microsoft Windows JET Database Engine memory corruption7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.013560.00CVE-2019-1147
15Microsoft Windows Graphics Component information disclosure4.84.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000430.00CVE-2019-1148
16Microsoft Windows Graphics Component information disclosure4.84.8$25k-$100k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2019-1153
17Microsoft Windows Graphics Component information disclosure4.84.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000690.00CVE-2019-1154
18Microsoft Windows JET Database Engine memory corruption7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.013560.00CVE-2019-1156
19Microsoft Windows JET Database Engine memory corruption7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.013560.00CVE-2019-1155
20Microsoft Windows JET Database Engine memory corruption7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.011360.00CVE-2019-1157

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
193.95.228.97timestechnologies.orgFileless07/30/2022verifiedHigh
2162.0.224.144people-role.quarantine-pnap-vlan51.web-hosting.comFileless07/30/2022verifiedMedium
3XXX.XX.XXX.Xxx-xxxxx.xxxxxx.xxxXxxxxxxx07/30/2022verifiedHigh
4XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxx07/30/2022verifiedMedium
5XXX.XXX.XXX.XXxxxxxx.xxxxxxxx.xxxXxxxxxxx07/30/2022verifiedMedium
6XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxx07/30/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (70)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/acms/classes/Master.php?f=delete_cargopredictiveHigh
2File/admin/config_MT.php?action=deletepredictiveHigh
3File/domains/listpredictiveHigh
4File/sbinpredictiveLow
5File/sbin/orthruspredictiveHigh
6File/sbin/rtspdpredictiveMedium
7File/sysmanage/changelogo.phppredictiveHigh
8File/var/www/video/mp4tspredictiveHigh
9Fileadmin/listMailConfigurationpredictiveHigh
10Filexxxxx.xxxpredictiveMedium
11Filexxxxxx/xxx.xpredictiveMedium
12Filexxxxxx/xx.xpredictiveMedium
13Filexxxxxx/xxxx.xpredictiveHigh
14Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
15Filexxxxxx/xxxx_xxxxxxxx.xxxpredictiveHigh
16Filexxxxx_xxxxx.xxx_xxxpredictiveHigh
17Filexxxx_xxxxxxx.xxxpredictiveHigh
18Filexxxxx.xpredictiveLow
19Filexxxxxxx.xxxxpredictiveMedium
20Filexxxx_xxx.xpredictiveMedium
21Filexxxx/xxxxxxxxxx.xxpredictiveHigh
22Filexxxxxxx/xxx.xxxpredictiveHigh
23Filexxxx.xxxpredictiveMedium
24Filexxxxx.xxxpredictiveMedium
25Filexx/xxxxxx.xxxxxxxxxxx.xxpredictiveHigh
26Filexxxxxxxxxxxx.xxpredictiveHigh
27Filexxxxx.xxxpredictiveMedium
28Filexx-xxxxx/xxxx-xxxx.xxxpredictiveHigh
29Filexxxxxxxxx.xxxpredictiveHigh
30Filexxxxxxxxxx.xxpredictiveHigh
31Filexxxxxx/xxxxx.xxxpredictiveHigh
32Filexxx_xxx.xxx?xxx=xxx.xxx.x.x&xxxx=xx&xxxx=xxxpredictiveHigh
33Filexxx/xxx/xxx/xxxxxxx/xxxxxxxx/xxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
34Filexxxxxxxx.xxxpredictiveMedium
35Filexxxxx_xxxxx.xxxpredictiveHigh
36Filexxxxxx.xxxpredictiveMedium
37Filexxxxxxxxxxxxx.xxxpredictiveHigh
38Filexxxxxxxx/xxxxxxx/xxxxxxxxxxxpredictiveHigh
39Filexxxxx-xx.xxxpredictiveMedium
40Libraryxxxxxx.xxxpredictiveMedium
41Libraryxxxxxxxxxxx.xxxpredictiveHigh
42Libraryxxxx.xxxpredictiveMedium
43Libraryxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
44Libraryxxxxxx.xxxpredictiveMedium
45Libraryxxxxx.xxxpredictiveMedium
46Libraryxxxxxxx.xxxpredictiveMedium
47Libraryxxxx.xxxpredictiveMedium
48Libraryxxxxxxxxxxxxxx.xxxpredictiveHigh
49Libraryxxxxxxxx.xxxpredictiveMedium
50Libraryxxxxxx.xxxpredictiveMedium
51Libraryxxxxxxx.xxxpredictiveMedium
52Argument-xpredictiveLow
53ArgumentxxxxpredictiveLow
54ArgumentxxxxxxxxpredictiveMedium
55Argumentxxxx_xxxxxxpredictiveMedium
56Argumentxxxx-xxxx-xxxxxxxxpredictiveHigh
57Argumentxx_xxxxxxpredictiveMedium
58ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
59ArgumentxxxxxxxpredictiveLow
60ArgumentxxxpredictiveLow
61ArgumentxxxxxxxxpredictiveMedium
62ArgumentxxxpredictiveLow
63ArgumentxxxxxxxxxxxxxxpredictiveHigh
64Argumentxxx_xxxxpredictiveMedium
65ArgumentxxxxxxxxxxpredictiveMedium
66ArgumentxxxpredictiveLow
67ArgumentxxxxxxxxxxxxxxxpredictiveHigh
68Network Portxxx/xx (xxx)predictiveMedium
69Network Portxxx/xxxxxpredictiveMedium
70Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!