FontOnLake Analysis

IOB - Indicator of Behavior (29)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en20
zh10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn28
us2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

FontOnLake2
APT291

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined16
Programming Tool Software4
Cloud Software2
WordPress Plugin2
Operating System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined12
Microsoft6
GNU4
ZhongBangKeJi2
Atlassian2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

GNU binutils4
ZhongBangKeJi CRMEB2
Microsoft OneDrive2
Atlassian Confluence Server2
WP Fastest Cache2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1GNU binutils BFD Library opncls.c bfd_zalloc memory corruption4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.020.01018CVE-2018-17359
2UUSee UUPlayer ActiveX control ActiveX Control input validation9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.000.01213CVE-2011-2590
3Microsoft Windows Win32k Local Privilege Escalation7.87.2$25k-$100k$0-$5kFunctionalOfficial Fix0.000.01413CVE-2021-1732
4Microsoft Windows L2TP Privilege Escalation7.87.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.040.01967CVE-2022-30211
5ZStack REST API code injection5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01885CVE-2021-32836
6ZhongBangKeJi CRMEB UploadService.php Getshell unrestricted upload5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2020-21787
7WP Fastest Cache pathname traversal3.83.7$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01061CVE-2021-20714
8Atlassian Bamboo Double OGNL Evaluation Java input validation8.38.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00954CVE-2017-14589
9Atlassian Confluence Server information disclosure4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.040.22875CVE-2021-26085
10Google Chrome V8 Remote Code Execution6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.77051CVE-2020-16040
11ExifTool djvu File neutralization6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.30941CVE-2021-22204
12Microsoft Windows DNS Server SigRed memory corruption10.09.0$100k and more$0-$5kProof-of-ConceptOfficial Fix0.000.49632CVE-2020-1350
13Huawei NIP6800/Secospace USG6600/Secospace USG9500 out-of-bounds write7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.010.00885CVE-2020-1876
14Microsoft Windows NTLM information disclosure5.44.7$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.02632CVE-2021-1678
15Gigabyte APP Center gdrv.sys initialization5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.060.01440CVE-2019-7630
16D-Link DIR-816L UPnP os command injection8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.02055CVE-2020-15893
17OpenSLP out-of-bounds write8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.20148CVE-2019-5544
18Microsoft OneDrive privileges management5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.01150CVE-2020-0935
19AnyMacro AnyMacro Mail System path traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.01213CVE-2011-2468
20Server NFS Export privileges management9.89.6$0-$5k$0-$5kHighWorkaround0.000.00885CVE-1999-0554

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
127.102.130.63FontOnLakeverifiedHigh
2XX.XXX.XX.XXXXxxxxxxxxxverifiedHigh
3XX.XXX.XXX.XXXXxxxxxxxxxverifiedHigh
4XXX.XXX.XXX.XXXXxxxxxxxxxverifiedHigh
5XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxxxx.xxxXxxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/crmeb/crmeb/services/UploadService.phppredictiveHigh
2File/s/predictiveLow
3FileAdminbaseController.class.phppredictiveHigh
4Filexxxxxxxxxxx\xxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
5Filexxxx.xpredictiveLow
6Filexxxxxxx.xxxpredictiveMedium
7Filexxxxxx.xpredictiveMedium
8Filexxxxxx.xpredictiveMedium
9Libraryxxxx.xxxpredictiveMedium
10Argument-x/-xpredictiveLow
11ArgumentxxxxxxpredictiveLow
12Argumentxxxxxxxxxx[xxx][x]predictiveHigh
13ArgumentxxxxxxxxxxxpredictiveMedium
14ArgumentxxpredictiveLow
15Input Value..\predictiveLow
16Network PortxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!