FlawedAmmyy Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (28)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

sv	8
en	8
it	6
de	6

Country

DE: Germany	26
US: USA	2

Actors

FlawedAmmyy	1

Activities

Interest

Timeline

Type

Not Defined	10
Joomla Component	2
Content Management System	2
File Transfer Software	2

Vendor

Not Defined	6
Matt Wright	2
LogicBoard	2
Lars Ellingsen	2
Csphere	2

Product

Matt Wright Matt Wright Guestbook	2
jdownloads	2
LogicBoard CMS	2
Lars Ellingsen Guestserver	2
ProFTPD	2

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#	Vulnerability	Base	Temp	0day	Today	Exp	Cou	KEV	EPSS	CTI	CVE
1	Basti2web Book Panel books.php sql injection	7.3	7.0	$0-$5k	$0-$5k	High	Official fix	possible	0.00305	0.03	CVE-2009-4889
2	Matt Wright Matt Wright Guestbook guestbook.pl cross site scripting	4.3	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable		0.00949	0.06	CVE-2006-1697
3	Matt Wright Matt Wright Guestbook cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable		0.00335	0.09	CVE-2006-1698
4	SmartISoft phpBazar picturelib.php code injection	7.3	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00517	0.07	CVE-2010-2315
5	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official fix		0.00970	0.27	CVE-2010-0966
6	Lars Ellingsen Guestserver guestbook.cgi cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not defined	Not defined		0.00297	0.02	CVE-2005-4222
7	SignKorn Guestbook admin.php privileges management	5.3	5.3	$0-$5k	$0-$5k	Not defined	Not defined		0.00000	0.05
8	LogicBoard CMS away.php redirect	6.3	6.1	$0-$5k	$0-$5k	Not defined	Unavailable		0.00000	0.29
9	Csphere ClanSphere Error Message information disclosure	5.3	5.3	$0-$5k	$0-$5k	Not defined	Not defined		0.00283	0.00	CVE-2011-3714
10	JContentSubscription register.php Local Privilege Escalation	5.3	5.3	$0-$5k	$0-$5k	Not defined	Not defined		0.00000	0.06
11	Flat PHP Board path traversal	3.3	3.3	$0-$5k	$0-$5k	Not defined	Not defined		0.00000	0.07
12	Linux Kernel NFS Export nfs3xdr.c no_subtree_check path traversal	6.4	6.2	$5k-$25k	$0-$5k	Not defined	Official fix		0.00690	0.02	CVE-2021-3178
13	jdownloads categories.php order sql injection	7.4	7.4	$0-$5k	$0-$5k	Not defined	Not defined		0.00264	0.00	CVE-2020-19455
14	ProFTPD link following	5.4	5.3	$0-$5k	$0-$5k	Not defined	Official fix		0.00065	0.04	CVE-2017-7418
15	Palo Alto Network Traps ESM Console Agent License input validation	6.4	6.1	$0-$5k	$0-$5k	Not defined	Official fix		0.00511	0.00	CVE-2017-7408

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	136.243.104.235	static.235.104.243.136.clients.your-server.de	FlawedAmmyy		10/31/2023	verified	Medium

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
3	TXXXX.XXX	CAPEC-XX	CWE-XX	Xxxxx Xxxxx Xxxx Xxxxxxxxx	predictive	High
4	TXXXX	CAPEC-XXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX.XXX	CAPEC-XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
6	TXXXX	CAPEC-XXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
7	TXXXX	CAPEC-XXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/forum/away.php	predictive	High
2	File	admin/admin.php	predictive	High
3	File	books.php	predictive	Medium
4	File	xxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxx	predictive	High
5	File	xx/xxxx/xxxxxxx.x	predictive	High
6	File	xxxxxxxxx.xxx	predictive	High
7	File	xxxxxxxxx.xx	predictive	Medium
8	File	xxx/xxxxxx.xxx	predictive	High
9	File	xxxx/xxxxxxxx.xxx	predictive	High
10	Library	xxxxxxxxxx.xxx	predictive	High
11	Argument	xxxxxxxx	predictive	Medium
12	Argument	xxxxxx	predictive	Low
13	Argument	xxx	predictive	Low
14	Argument	xxx_xxxx	predictive	Medium
15	Argument	xxxxxx_xxxxx	predictive	Medium
16	Argument	xxxxxxxxx_xxxxxxxx_xxxx	predictive	High
17	Argument	xxxxxxxx	predictive	Medium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

This view requires CTI permissions

Just purchase a CTI license today!