FontOnLake Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (39)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en24
zh14
ko2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China36
US: USA4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

FontOnLake2
Beapy1
Cobalt Strike1
APT291

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined18
Operating System6
WordPress Plugin2
Web Browser2
Database Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
Microsoft8
Atlassian4
Google2
Apache2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
WP Fastest Cache2
Google Chrome2
ThinkCMF2
Apache Commons FileUpload2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Penta WAPPLES access control7.57.5$0-$5k$0-$5kNot definedNot defined 0.000860.00CVE-2022-35582
2GNU binutils BFD Library opncls.c bfd_zalloc memory corruption4.44.4$0-$5k$0-$5kNot definedNot defined 0.001150.00CVE-2018-17359
3UUSee UUPlayer ActiveX control ActiveX Control input validation9.89.8$0-$5k$0-$5kNot definedNot defined 0.008590.00CVE-2011-2590
4ASUS Router AiCloud authentication bypass9.89.8$0-$5k$0-$5kNot definedNot defined 0.004400.05CVE-2025-2492
5Asus WL-330NUL WPA2-PSK information disclosure4.84.6$0-$5k$0-$5kNot definedOfficial fix 0.001390.00CVE-2015-7787
6Microsoft Windows Win32k input validation7.87.1$25k-$100k$5k-$25kUnprovenOfficial fix 0.010250.00CVE-2024-30087
7Oracle MySQL Server Client programs privilege escalation7.17.0$5k-$25k$0-$5kNot definedOfficial fix 0.002120.04CVE-2023-21980
8Penta WAPPLES insecure inherited permissions7.07.0$0-$5k$0-$5kNot definedNot defined 0.000640.00CVE-2022-31322
9Spring Boot Admins Notifier env code injection7.57.4$0-$5k$0-$5kNot definedOfficial fixpossible0.381350.00CVE-2022-46166
10Apache Commons FileUpload Request Part allocation of resources5.55.4$0-$5k$0-$5kNot definedOfficial fixpossible0.411190.00CVE-2023-24998
11redis-py Async Command information disclosure4.03.9$0-$5k$0-$5kNot definedOfficial fix 0.017390.00CVE-2023-28858
12Microsoft Windows Win32k out-of-bounds write7.87.6$25k-$100k$0-$5kAttackedOfficial fixverified0.906010.07CVE-2021-1732
13Microsoft Windows L2TP privilege escalation7.87.3$25k-$100k$5k-$25kUnprovenOfficial fix 0.009930.06CVE-2022-30211
14ZStack REST API code injection5.65.4$0-$5k$0-$5kNot definedOfficial fix 0.014040.00CVE-2021-32836
15ZhongBangKeJi CRMEB UploadService.php Getshell unrestricted upload5.55.5$0-$5k$0-$5kNot definedNot defined 0.003860.00CVE-2020-21787
16WP Fastest Cache pathname traversal3.83.7$0-$5k$0-$5kNot definedOfficial fix 0.022190.05CVE-2021-20714
17Atlassian Bamboo Double OGNL Evaluation Java input validation8.38.0$0-$5k$0-$5kNot definedOfficial fix 0.004610.00CVE-2017-14589
18Atlassian Confluence Server s information disclosure4.84.7$0-$5k$0-$5kAttackedOfficial fixverified0.943280.00CVE-2021-26085
19Google Chrome V8 Remote Code Execution6.35.7$25k-$100k$0-$5kProof-of-ConceptOfficial fixexpected0.818660.00CVE-2020-16040
20ExifTool djvu File neutralization7.06.9$0-$5k$0-$5kAttackedOfficial fixverified0.931820.09CVE-2021-22204

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
127.102.130.63FontOnLake10/10/2021verifiedLow
2XX.XXX.XX.XXXXxxxxxxxxx10/10/2021verifiedLow
3XX.XXX.XXX.XXXXxxxxxxxxx10/10/2021verifiedLow
4XXX.XXX.XXX.XXXXxxxxxxxxx10/10/2021verifiedLow
5XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxxxx.xxxXxxxxxxxxx10/10/2021verifiedVery Low

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/crmeb/crmeb/services/UploadService.phppredictiveHigh
2File/envpredictiveLow
3File/s/predictiveLow
4Filexxxxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
5Filexxxxxxxxxxx\xxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
6Filexxxx.xpredictiveLow
7Filexxxxxxx.xxxpredictiveMedium
8Filexxxxxx.xpredictiveMedium
9Filexxxxxx.xpredictiveMedium
10Libraryxxxx.xxxpredictiveMedium
11Argument-x/-xpredictiveLow
12ArgumentxxxxxxpredictiveLow
13Argumentxxxxxxxxxx[xxx][x]predictiveHigh
14ArgumentxxxxxxxxxxxpredictiveMedium
15ArgumentxxpredictiveLow
16Input Value..\predictiveLow
17Network PortxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!