Formbook Analysis

IOB - Indicator of Behavior (240)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en176
zh46
jp8
es4
fr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us124
cn86
fr6
es6
au2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
Linux Kernel6
Synology DiskStation Manager6
Apache Tomcat6
Atlassian Confluence Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Basilix Webmail login.php3 command injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00000
2Basti2web Book Panel books.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.020.00986CVE-2009-4889
3Dropbear SSH input validation8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.05785CVE-2016-7406
4Dropbear SSH dropbearconvert input validation8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.020.02578CVE-2016-7407
5OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.110.49183CVE-2016-6210
6Microsoft Windows Kernel Mode Driver win32k.sys resource management5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01268CVE-2015-2360
7Linux Kernel notify_change access control4.44.2$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.00950CVE-2015-1350
8Eclipse Jetty Content-Length Header data processing8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.010.02686CVE-2017-7658
9F5 BIG-IP iControl REST Authentication bash missing authentication9.89.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.060.91244CVE-2022-1388
10lighttpd mod_alias_physical_handler mod_alias.c path traversal7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.12492CVE-2018-19052
11Microsoft Windows Network File System Remote Code Execution9.89.6$100k and more$5k-$25kNot DefinedOfficial Fix0.020.22240CVE-2022-24497
12Apache Tomcat JNDI Realm improper authentication5.55.5$5k-$25k$5k-$25kNot DefinedNot Defined0.010.03032CVE-2021-30640
13Kingsoft WPS Office Registry wpsupdater.exe access control5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.030.23850CVE-2022-24934
14VMware vCenter Server Rhttproxy access control5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2021-22017
15Nfec.de RechnungsZentrale authent.php4 sql injection5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010.02800CVE-2006-1954
16D-Link DIR-645 Authentication getcfg.php information disclosure8.68.2$5k-$25k$0-$5kHighOfficial Fix0.100.00000
17Apache Tomcat WebSocket Client certificate validation7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.05242CVE-2018-8034
18HP HP-UX Character-Terminal User Environment IOERROR.mytty privileges management8.48.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00950CVE-1999-1139
19Barracuda Web Application Firewall Token improper authentication8.17.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.010.10212CVE-2014-2595
20Disk Savvy Enterprise TCP Service 9124 memory corruption8.58.0$0-$5k$0-$5kHighWorkaround0.010.12131CVE-2018-6481

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Ukraine

IOC - Indicator of Compromise (271)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
13.33.152.147a4ec4c6ea1c92e2e6.awsglobalaccelerator.comFormbookverifiedHigh
23.64.163.50ec2-3-64-163-50.eu-central-1.compute.amazonaws.comFormbookverifiedMedium
33.143.65.214ec2-3-143-65-214.us-east-2.compute.amazonaws.comFormbookverifiedMedium
43.223.115.185ec2-3-223-115-185.compute-1.amazonaws.comFormbookverifiedMedium
53.232.242.170ec2-3-232-242-170.compute-1.amazonaws.comFormbookverifiedMedium
63.234.181.234ec2-3-234-181-234.compute-1.amazonaws.comFormbookverifiedMedium
75.2.84.51febris.alastyr.comFormbookverifiedHigh
85.77.63.144euk23.eukhosting.netFormbookverifiedHigh
95.134.13.72i51.gds.guru.net.ukFormbookverifiedHigh
105.230.74.233FormbookverifiedHigh
118.130.101.174FormbookverifiedHigh
128.212.24.67FormbookverifiedHigh
1313.52.160.194ec2-13-52-160-194.us-west-1.compute.amazonaws.comFormbookverifiedMedium
1413.59.53.244ec2-13-59-53-244.us-east-2.compute.amazonaws.comFormbookverifiedMedium
1513.104.158.177i-am3p-cor004.api.p001.1drv.comFormbookverifiedHigh
1613.104.158.180FormbookverifiedHigh
1713.107.42.121drv.msFormbookverifiedHigh
1813.107.42.13FormbookverifiedHigh
1913.107.43.13FormbookverifiedHigh
2013.248.216.40afdda383cf24ec8c3.awsglobalaccelerator.comFormbookverifiedHigh
2115.197.136.110a07b6e8d2ce5e6933.awsglobalaccelerator.comFormbookverifiedHigh
2215.197.142.173a4ec4c6ea1c92e2e6.awsglobalaccelerator.comFormbookverifiedHigh
2320.36.253.92FormbookverifiedHigh
2420.190.154.18FormbookverifiedHigh
2523.6.69.99a23-6-69-99.deploy.static.akamaitechnologies.comFormbookverifiedHigh
2623.20.239.12ec2-23-20-239-12.compute-1.amazonaws.comFormbookverifiedMedium
2723.221.227.169a23-221-227-169.deploy.static.akamaitechnologies.comFormbookverifiedHigh
2823.227.38.32myshopify.comFormbookverifiedHigh
2923.227.38.74FormbookverifiedHigh
3023.231.239.10FormbookverifiedHigh
3123.234.27.100FormbookverifiedHigh
3223.235.199.50FormbookverifiedHigh
3331.31.196.51server222.hosting.reg.ruFormbookverifiedHigh
3434.98.99.3030.99.98.34.bc.googleusercontent.comFormbookverifiedMedium
3534.102.136.180180.136.102.34.bc.googleusercontent.comFormbookverifiedMedium
3634.117.168.233233.168.117.34.bc.googleusercontent.comFormbookverifiedMedium
3734.194.149.67ec2-34-194-149-67.compute-1.amazonaws.comFormbookverifiedMedium
3834.214.40.214ec2-34-214-40-214.us-west-2.compute.amazonaws.comFormbookverifiedMedium
3934.216.47.14ec2-34-216-47-14.us-west-2.compute.amazonaws.comFormbookverifiedMedium
4034.242.63.192ec2-34-242-63-192.eu-west-1.compute.amazonaws.comFormbookverifiedMedium
4134.243.160.251ec2-34-243-160-251.eu-west-1.compute.amazonaws.comFormbookverifiedMedium
4234.255.61.59ec2-34-255-61-59.eu-west-1.compute.amazonaws.comFormbookverifiedMedium
4335.164.33.0ec2-35-164-33-0.us-west-2.compute.amazonaws.comFormbookverifiedMedium
4435.178.125.63ec2-35-178-125-63.eu-west-2.compute.amazonaws.comFormbookverifiedMedium
4535.227.197.3636.197.227.35.bc.googleusercontent.comFormbookverifiedMedium
4635.241.11.162162.11.241.35.bc.googleusercontent.comFormbookverifiedMedium
4737.123.118.150FormbookverifiedHigh
4838.63.50.68FormbookverifiedHigh
4940.77.18.167FormbookverifiedHigh
5040.126.26.134FormbookverifiedHigh
5144.194.24.167ec2-44-194-24-167.compute-1.amazonaws.comFormbookverifiedMedium
5244.227.65.245ec2-44-227-65-245.us-west-2.compute.amazonaws.comFormbookverifiedMedium
5344.230.27.49ec2-44-230-27-49.us-west-2.compute.amazonaws.comFormbookverifiedMedium
5444.230.85.241ec2-44-230-85-241.us-west-2.compute.amazonaws.comFormbookverifiedMedium
5545.33.6.223sqlite.orgFormbookverifiedHigh
56XX.XX.XX.XXXxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
57XX.XXX.XXX.XXXxxx.xxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
58XX.XX.XX.XXXXxxxxxxxverifiedHigh
59XX.XX.XXX.XXXXxxxxxxxverifiedHigh
60XX.XXX.XXX.XXXXxxxxxxxverifiedHigh
61XX.XXX.XX.XXxxxxxxxxxxxxxx.xxx.xxXxxxxxxxverifiedHigh
62XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxXxxxxxxxverifiedHigh
63XX.XXX.XX.XXxxxx.xx-xx-xxx-xx.xxxXxxxxxxxverifiedHigh
64XX.XX.XX.XXxxx-xx-xx-xx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxverifiedMedium
65XX.XX.XX.XXXxxx-xx-xx-xx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxverifiedMedium
66XX.XX.XX.XXxxx-xx-xx-xx-xx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxverifiedMedium
67XX.XX.XXX.XXxxx-xx-xx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxverifiedMedium
68XX.XX.XXX.Xxxx-xx-xx-xxx-x.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxverifiedMedium
69XX.XX.XX.XXxxx-xx-xx-xx-xx.xx-xxxxxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxverifiedMedium
70XX.XX.X.XXXxxx-xx-xx-x-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxverifiedMedium
71XX.XX.XXX.XXXxxx-xx-xx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxverifiedMedium
72XX.XX.XXX.XXXxx-xx-xxxx-x-x-x.xxxxxxxxx.xxxXxxxxxxxverifiedMedium
73XX.XXX.XX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxxxverifiedHigh
74XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxverifiedMedium
75XX.XXX.XX.XXXXxxxxxxxverifiedHigh
76XX.XX.XX.XXxxxxxxxxxx.xxxxxxx.xxx.xxxXxxxxxxxverifiedHigh
77XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxverifiedMedium
78XX.XXX.XX.XXxxx-xx-xxx-xx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxverifiedMedium
79XX.XXX.XXX.XXxxxxxxxx.xxxxx.xxXxxxxxxxverifiedHigh
80XX.XXX.XX.XXXXxxxxxxxverifiedHigh
81XX.XXX.XX.XXXxxxxxxxverifiedHigh
82XX.XX.X.XXxxxxxxxx.xxxxxxxxx.xxxXxxxxxxxverifiedHigh
83XX.XX.XXX.XXxxx.xxxxx.xxxXxxxxxxxverifiedHigh
84XX.XXX.XX.XXXXxxxxxxxverifiedHigh
85XX.XX.XX.XXXXxxxxxxxverifiedHigh
86XX.XXX.XXX.XXxx-xxx-xxx-xx.xxxxxxxxx.xxXxxxxxxxverifiedHigh
87XX.XX.XXX.XXXxxx.xxx.xx.xx.xxxxxx.xxxxxx.xxxXxxxxxxxverifiedHigh
88XX.XX.XXX.XXXxxx.xxx.xx.xx.xxxxxx.xxxxxx.xxxXxxxxxxxverifiedHigh
89XX.XXX.XXX.XXxxxxxxxverifiedHigh
90XX.XX.XXX.XXxx-xx-xxx-xx.xxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
91XX.XXX.XXX.XXXxxxxxxx-xxxxx.xxxxxx.xxxxxxxxx.xxxXxxxxxxxverifiedHigh
92XX.XXX.X.XXXxxxxx-xx-xxx-x-xxx.xxx.xxxx.xxxXxxxxxxxverifiedHigh
93XX.XX.XX.XXXXxxxxxxxverifiedHigh
94XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
95XX.XXX.XXX.XXxx-xxx-xxx-xx.xxxxxxx-xxx.xx-x.xxxXxxxxxxxverifiedHigh
96XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxx-xxx.xx-x.xxxXxxxxxxxverifiedHigh
97XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxx-xxx.xx-x.xxxXxxxxxxxverifiedHigh
98XX.X.XX.XXxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
99XX.X.XXX.XXXxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
100XX.XX.XX.XXXXxxxxxxxverifiedHigh
101XX.XX.XX.XXXXxxxxxxxverifiedHigh
102XX.XX.XX.XXXXxxxxxxxverifiedHigh
103XX.XX.XXX.XXXxxxxxx.xxxxxxxxxx.xxxXxxxxxxxverifiedHigh
104XX.XX.XXX.XXxxxxxxx.xxxxxxxxx.xxxXxxxxxxxverifiedHigh
105XX.XXX.XX.XXxx-xxx-xx-xx.xxxxx.xxx.xxXxxxxxxxverifiedHigh
106XX.XXX.XX.XXxx-xxx-xx-xx.xxxxx.xxx.xxXxxxxxxxverifiedHigh
107XX.XXX.XXX.XXXxxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
108XX.XXX.XXX.XXxxxx.xxxxx.xx.xxXxxxxxxxverifiedHigh
109XX.XXX.XX.XXxxxx.xxxxxxxx.xxxxXxxxxxxxverifiedHigh
110XX.XXX.XX.XXxxxxxx.xx-xxx-xx-xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxverifiedHigh
111XX.XXX.XXX.XXxxxxxxx.xxxx.xxxXxxxxxxxverifiedHigh
112XX.XX.XXX.Xxxx.xxxx.xxXxxxxxxxverifiedHigh
113XX.XX.XXX.XXxxx-xxxxxxxx.xxxxxxx.xxXxxxxxxxverifiedHigh
114XX.XX.XXX.XXxxxxxxxx.xxxxx.xxXxxxxxxxverifiedHigh
115XX.XXX.XXX.XXXxxxxxxxverifiedHigh
116XX.XX.XXX.XXXxxxxxxxverifiedHigh
117XX.XXX.XX.XXxxxxxxxxx.xxx-xxx.xx.xxXxxxxxxxverifiedHigh
118XX.XXX.XX.XXXxxxxxxx.xxxxx.xxxxXxxxxxxxverifiedHigh
119XX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
120XX.XX.XX.XXxxxxxxxxx-xxx.xxxx.xxxx.xxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
121XX.XXX.XXX.XXxxxxxxxverifiedHigh
122XX.XX.XXX.XXXxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
123XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxxverifiedHigh
124XXX.XX.XXX.XXXxxxxxxxverifiedHigh
125XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
126XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
127XXX.XXX.XX.XXXxxxxxxxXxxxxxxverifiedHigh
128XXX.XXX.XXX.XXXxx-xxx-xxx.xxxxx.xxxXxxxxxxxverifiedHigh
129XXX.XXX.XXX.XXXxx-xxx-xxx.xxxxx.xxxXxxxxxxxverifiedHigh
130XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
131XXX.XX.XX.XXXXxxxxxxxverifiedHigh
132XXX.XX.XXX.XXXxxxxxxxverifiedHigh
133XXX.XX.XX.XXXXxxxxxxxverifiedHigh
134XXX.XX.XX.XXXXxxxxxxxverifiedHigh
135XXX.XX.XXX.XXXXxxxxxxxverifiedHigh
136XXX.XX.XX.XXXxxxx-xx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
137XXX.XX.XXX.XXxxxx-xx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
138XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
139XXX.XXX.XXX.XXXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
140XXX.XXX.XXX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxxxxxverifiedHigh
141XXX.XXX.XX.XXXxxxxxxxverifiedHigh
142XXX.XXX.XXX.XXxxxxxx.xxxxxxxx.xxxXxxxxxxxverifiedHigh
143XXX.XX.XX.XXXxxxxxxxverifiedHigh
144XXX.XX.XXX.XXxxxxxx.xxxxxx.xxXxxxxxxxverifiedHigh
145XXX.XXX.XXX.XXXxxxx-xxx-xxx-xxx-xxx.xxxxxxx.xxxxXxxxxxxxverifiedHigh
146XXX.XXX.XXX.XXXxxxxxxxverifiedHigh
147XXX.XXX.XX.XXXxxxxx-xxx.xxxxxx.xxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
148XXX.XXX.XXX.XXXxxxxxxxverifiedHigh
149XXX.XXX.XX.XXxxxx.xx-xxx-xxx-xx.xxXxxxxxxxverifiedHigh
150XXX.XX.XXX.Xxx-xxx-xx-xxx-x-xxx.xxxxxx.xxxXxxxxxxxverifiedHigh
151XXX.XX.XXX.Xxx-xxx-xx-xxx-x-xxx.xxxxxx.xxxXxxxxxxxverifiedHigh
152XXX.X.XXX.XXXxxxxxxxverifiedHigh
153XXX.XXX.XX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxxxverifiedHigh
154XXX.XXX.XX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxxxverifiedHigh
155XXX.XXX.XX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxxxverifiedHigh
156XXX.XXX.XX.XXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxxxverifiedHigh
157XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
158XXX.XXX.XXX.XXXxxxxxxxverifiedHigh
159XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
160XXX.XXX.XXX.XXXxxxxxxxverifiedHigh
161XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
162XXX.XX.XX.XXXxxxxxxxverifiedHigh
163XXX.XX.XX.XXXxxxxxxxverifiedHigh
164XXX.XXX.XXX.XXxxxxxxxverifiedHigh
165XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
166XXX.X.XXX.XXxxx-x-xxx-xx.xxxx.xxxxxxx.xxXxxxxxxxverifiedHigh
167XXX.X.XXX.XXXxxxxxxxverifiedHigh
168XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
169XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
170XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
171XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
172XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
173XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
174XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
175XXX.XXX.XX.XXXxxxx.xxxxxxxx.xxxXxxxxxxxverifiedHigh
176XXX.XXX.XXX.XXXxx-xx.xxxxxxxxxx.xxxXxxxxxxxverifiedHigh
177XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
178XXX.XXX.XXX.XXxxxxxxx.xxxxxxxx.xxxXxxxxxxxverifiedHigh
179XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
180XXX.XX.XXX.XXXxxxxxxxverifiedHigh
181XXX.XX.XXX.XXXXxxxxxxxverifiedHigh
182XXX.XX.XXX.XXXXxxxxxxxverifiedHigh
183XXX.XX.XXX.XXXxxxxxxxverifiedHigh
184XXX.XX.XXX.XXXXxxxxxxxverifiedHigh
185XXX.XXX.X.XXXxxxxxxxx-xx-xxxx.xxxxx.xxxXxxxxxxxverifiedHigh
186XXX.XXX.XXX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxxxverifiedHigh
187XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxxxxverifiedHigh
188XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxxxxverifiedHigh
189XXX.XXX.XX.XXXxxxxxxxverifiedHigh
190XXX.X.XX.XXXxxx.x.xx.xxx-xxxxxxx.xxxxxxx.xxxXxxxxxxxverifiedHigh
191XXX.XXX.XX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxxxxverifiedHigh
192XXX.XXX.XXX.XXxxxxxxxverifiedHigh
193XXX.XX.XXX.XXXXxxxxxxxverifiedHigh
194XXX.XXX.XXX.XXXxx-xxx-xxx-xxx-xxx.xx.xxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
195XXX.XXX.XXX.XXxx-xxx-xxx-xxx-xx.xx.xxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
196XXX.XXX.XXX.XXxx-xxx-xxx-xxx-xx.xx.xxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
197XXX.XX.XX.XXXxxxxxxxx.xxxxxxxx.xxxXxxxxxxxverifiedHigh
198XXX.XX.XX.XXxx-xx-xx.xxxxxxxx.xxXxxxxxxxverifiedHigh
199XXX.XX.XXX.XXXxxxxx.xxxxxxxxxxxxx.xxXxxxxxxxverifiedHigh
200XXX.XXX.XX.XXxxxxxx.xxxxxxx-xxxx.xxxXxxxxxxxverifiedHigh
201XXX.XXX.XX.XXXxxxxxxxverifiedHigh
202XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx.xxxxxx.xxxXxxxxxxxverifiedHigh
203XXX.XXX.XX.XXxxxxxxxxxx.xx.xxxxxxx.xxxXxxxxxxxverifiedHigh
204XXX.XXX.XX.XXXxxxxxxxxxx.xx.xxxxxxx.xxxXxxxxxxxverifiedHigh
205XXX.XXX.XX.XXXxxxxxxxxxx.xx.xxxxxxx.xxxXxxxxxxxverifiedHigh
206XXX.XXX.XX.XXXxxxxxxxxxx.xx.xxxxxxx.xxxXxxxxxxxverifiedHigh
207XXX.XXX.XX.XXXxxxxxxxxxx.xx.xxxxxxx.xxxXxxxxxxxverifiedHigh
208XXX.XXX.XX.XXXxxxxxxxxxx.xx.xxxxxxx.xxxXxxxxxxxverifiedHigh
209XXX.XXX.XX.XXXxxxxxxxverifiedHigh
210XXX.XXX.XX.XXXxxxxxxxverifiedHigh
211XXX.XXX.XX.XXXxxxxxxxverifiedHigh
212XXX.X.XX.XXXxxxxxxxverifiedHigh
213XXX.XX.XXX.XXxxxx.xxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
214XXX.XX.XXX.XXXxxxxxxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
215XXX.XX.XXX.XXXXxxxxxxxverifiedHigh
216XXX.XXX.XXX.XXXxxxxxxxverifiedHigh
217XXX.XXX.XX.XXxxxxxxxx.xxxx.xxxXxxxxxxxverifiedHigh
218XXX.XXX.X.XXXxxxxxx.xxxxxxxxx.xxxXxxxxxxxverifiedHigh
219XXX.XXX.XXX.XXxxxxx-xxxx.xxxxxxxxx.xxx.xxXxxxxxxxverifiedHigh
220XXX.XXX.XXX.XXXxxx.xxxxx.xxxxXxxxxxxxverifiedHigh
221XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
222XXX.XX.XXX.XXXXxxxxxxxverifiedHigh
223XXX.XXX.X.XXXXxxxxxxxverifiedHigh
224XXX.XXX.XXX.XXxxxxxxxverifiedHigh
225XXX.X.XX.XXxxxxxxxverifiedHigh
226XXX.X.XX.XXXXxxxxxxxverifiedHigh
227XXX.X.XX.XXXXxxxxxxxverifiedHigh
228XXX.XX.XXX.XXXxxxxxxxverifiedHigh
229XXX.XXX.XXX.XXXxxxx.xxxxxxxx.xxXxxxxxxxverifiedHigh
230XXX.XX.XXX.XXXxxxx.xxxxxxxxxx.xxxXxxxxxxxverifiedHigh
231XXX.XX.XX.XXXXxxxxxxxverifiedHigh
232XXX.XX.XXX.XXXxxxxxxxxxxx.xxxxxxxxx.xxxXxxxxxxxverifiedHigh
233XXX.XX.XXX.XXXxxxxxxxxxxx.xxxxxxxxx.xxxXxxxxxxxverifiedHigh
234XXX.XX.XXX.XXXxxxxxxxxxxx.xxxxxxxxx.xxxXxxxxxxxverifiedHigh
235XXX.XX.XXX.XXXXxxxxxxxverifiedHigh
236XXX.XX.XXX.XXXXxxxxxxxverifiedHigh
237XXX.XX.XXX.XXXXxxxxxxxverifiedHigh
238XXX.XX.XXX.XXXXxxxxxxxverifiedHigh
239XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
240XXX.XX.XXX.Xxx-xxx-xx-xxx-x.xx.xxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
241XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
242XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
243XXX.XX.XXX.XXXXxxxxxxxverifiedHigh
244XXX.XX.XXX.XXXXxxxxxxxverifiedHigh
245XXX.XX.XXX.XXXXxxxxxxxverifiedHigh
246XXX.XX.XXX.XXXXxxxxxxxverifiedHigh
247XXX.XXX.XX.XXXXxxxxxxxverifiedHigh
248XXX.XX.XXX.XXXxxxxxxxverifiedHigh
249XXX.XX.XX.XXXxxxxxxxverifiedHigh
250XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxxxxxverifiedHigh
251XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
252XXX.XX.XXX.XXXxxxxxxxverifiedHigh
253XXX.XX.XXX.XXXxxxxxxxverifiedHigh
254XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
255XXX.XX.XXX.XXXXxxxxxxxverifiedHigh
256XXX.XX.XXX.XXXXxxxxxxxverifiedHigh
257XXX.XXX.XXX.XXXxxxxxxx.xxxxxx.xx.xxXxxxxxxxverifiedHigh
258XXX.XXX.XXX.XXXxxxx.xxxxxx-xxxxxxx.xx.xxXxxxxxxxverifiedHigh
259XXX.XX.XX.XXxxx.xxxxx.xxxXxxxxxxxverifiedHigh
260XXX.XX.X.XXXxxxxx.xxxxxxx.xxxXxxxxxxxverifiedHigh
261XXX.XXX.XXX.XXxxxxx.xxx.xxx.xxXxxxxxxxverifiedHigh
262XXX.XXX.XX.XXxxx-xx-xxxx.xxxxx.xxxXxxxxxxxverifiedHigh
263XXX.XXX.XX.XXxxx-xx-xxxx.xxxxx.xxxXxxxxxxxverifiedHigh
264XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
265XXX.XX.XXX.XXXxxxxxxxx.xxxxxx.xxxXxxxxxxxverifiedHigh
266XXX.XX.XXX.XXXxxx.xxxxxxx.xxXxxxxxxxverifiedHigh
267XXX.XX.XX.XXXxxxxxxxxxx.xxxxxxxxx.xxXxxxxxxxverifiedHigh
268XXX.XX.XXX.XXxxxxxxxx.xxx.xxxxx.xxxXxxxxxxxverifiedHigh
269XXX.XXX.X.XXxxx-xxx-x-xx.xxxxxxx-xxx.xx-x.xxxXxxxxxxxverifiedHigh
270XXX.XXX.X.XXXxxx-xxx-x-xxx.xxxxxxx-xxx.xx-x.xxxXxxxxxxxverifiedHigh
271XXX.XXX.X.XXXxxx-xxx-x-xxx.xxxxxxx-xxx.xx-x.xxxXxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (134)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/bin/boapredictiveMedium
2File/dev/urandompredictiveMedium
3File/etc/quantum/quantum.confpredictiveHigh
4File/exec/predictiveLow
5File/getcfg.phppredictiveMedium
6File/HNAP1predictiveLow
7File/mgmt/tm/util/bashpredictiveHigh
8File/modules/projects/vw_files.phppredictiveHigh
9File/plainpredictiveLow
10File/staff/tools/custom-fieldspredictiveHigh
11File/uncpath/predictiveMedium
12File/xyhai.php?s=/Auth/editUserpredictiveHigh
13File/_nextpredictiveLow
14FileactionHandler/ajax_managed_services.phppredictiveHigh
15Fileadmin/admin.shtmlpredictiveHigh
16Filexxxx-xxxxxxx.xxxpredictiveHigh
17Filexxxxxx/xxxxxxxxx.xxxpredictiveHigh
18Filexxxxxx.xxxpredictiveMedium
19Filexxxxxxx.xxxxpredictiveMedium
20Filexxxxxx.xxxxxxx.xxxpredictiveHigh
21Filexxxxxxx.xxpredictiveMedium
22Filexxx/xxxxxx_xxxxxxx.xxxpredictiveHigh
23Filexxxxx.xxxpredictiveMedium
24Filexxx.xxxpredictiveLow
25Filexxxxxx.xxx.xxxpredictiveHigh
26Filexxxxxx_xxxxxxx.xxxpredictiveHigh
27Filexxxxxxxxxxxxxxx/predictiveHigh
28Filexxxxxxx.xxxpredictiveMedium
29Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
30FilexxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
31Filexxxxxxx/xxx/xxxxxxxx.xpredictiveHigh
32Filexxxxxxx/xxx/xxx/xxxxx.xpredictiveHigh
33Filexxxxxxx/xxx/xxxxxxxx/xxxxxxx/xxxxxxxx/xxxxxxxx_xxxxx.xpredictiveHigh
34Filexxxxxxx/xxx/xxxxxx/xxxx_xxxxxxxxxx.xpredictiveHigh
35Filexxx/xxxx/xxxxxx/xxxxxx_xxxxxxx.xpredictiveHigh
36Filexxx_xxxx.xpredictiveMedium
37Filexxxxxx.xxxpredictiveMedium
38Filexxx_xxxxxx.xpredictiveMedium
39Filexxxxxxxxx.xxxpredictiveHigh
40Filexxxxxx.xxxpredictiveMedium
41Filexxxx.xxxpredictiveMedium
42Filexxxx_xxxx.xpredictiveMedium
43Filex-xxxx.xxxpredictiveMedium
44Filexxx/xxxxxx.xxxpredictiveHigh
45Filexxxxx.xxxpredictiveMedium
46Filexxxx.xxx.xxxpredictiveMedium
47Filexxxxxxx.xxxxxpredictiveHigh
48Filexxxx_xxxx.xxxpredictiveHigh
49Filexxxxxx.xpredictiveMedium
50Filexxxxxx/xxxxx/xxxx.xpredictiveHigh
51Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveHigh
52Filexxxxx.xxxpredictiveMedium
53Filexxxxx.xxxxpredictiveMedium
54Filexxxx.xxxpredictiveMedium
55Filexxxxxxx/xxx_xxxxxxxx.xxxpredictiveHigh
56Filexxx_xxxxx.xpredictiveMedium
57Filexxx_xxxxx_xxxxxx_xxxxx.xxxpredictiveHigh
58Filexxx_xxxxxxxx.xxxpredictiveHigh
59Filexxx_xxxxx_xxxxx.xpredictiveHigh
60Filexxx_xxxxx_xxxx.xpredictiveHigh
61Filexxxxxxx/xxxxx.xpredictiveHigh
62Filexxxxxxx.xxxpredictiveMedium
63Filexxxxxxxx.xxpredictiveMedium
64Filexxxx.xxxpredictiveMedium
65Filexxxxxxxx.xxxpredictiveMedium
66Filexxxxxxx.xxpredictiveMedium
67Filexxxxx_xxxxx.xxxpredictiveHigh
68Filexxxx.xxxpredictiveMedium
69Filexxxxxxxx.xxxpredictiveMedium
70Filexxxx.xxxpredictiveMedium
71Filexxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
72Filexxxxx/xxxx-xxxxxx.xpredictiveHigh
73Filexx/xxx/xxxxxxxxpredictiveHigh
74Filexxxxxxx.xxx/xxxxxxx.xxxxxxxxxxxx/xxxxxxx/xxxxxxxxx/xxxxxxxxx.xxxx.xxpredictiveHigh
75Filexxxxxxx.xxxpredictiveMedium
76Filexxxxxx.xxxpredictiveMedium
77Filexxx\_xxxxxxx\_xxxxxxx.xxxpredictiveHigh
78Filexx-xxxxx/xxxxx.xxx?xxxx=xx_xxxxxxx_xxxx_xxxxxx.xxx&xxxxxxx=xpredictiveHigh
79Filexxxxxxxxxx.xxxpredictiveHigh
80Filexxxxx.xpredictiveLow
81Filexxxxx.xxxpredictiveMedium
82Libraryxxxxxx/xxx/xxxxxxxxx/xxx/xxx_xxx.xpredictiveHigh
83Libraryxxxxxx.xxxpredictiveMedium
84Libraryxxxxxxx.xxx/xxxxxx.xxxpredictiveHigh
85Argument-xpredictiveLow
86Argument-x/-xpredictiveLow
87ArgumentxxxxxxxxxxxxxxpredictiveHigh
88ArgumentxxxxxxxxpredictiveMedium
89ArgumentxxxxxxxxpredictiveMedium
90ArgumentxxxxxxpredictiveLow
91Argumentxxx_xxxpredictiveLow
92ArgumentxxxpredictiveLow
93Argumentxxxx_xxpredictiveLow
94Argumentxxx_x_xxxpredictiveMedium
95Argumentxx_xxxxxxxxxxxxx_xxpredictiveHigh
96ArgumentxxxpredictiveLow
97ArgumentxxxpredictiveLow
98Argumentxxxxxxxx[xxxx_xxx]predictiveHigh
99Argumentxxxxx xxxxpredictiveMedium
100Argumentxxxxx_xxpredictiveMedium
101ArgumentxxxxpredictiveLow
102Argumentxx_xxxx_xx/xx_xxxx_xxpredictiveHigh
103ArgumentxxpredictiveLow
104ArgumentxxxxxxxxxxpredictiveMedium
105ArgumentxxxpredictiveLow
106Argumentxxx_xxxxxxx_xxxpredictiveHigh
107Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
108Argumentxxxx_xxxxpredictiveMedium
109Argumentx_xxpredictiveLow
110ArgumentxxxxxxxxpredictiveMedium
111Argumentxxxx[xxxxxxxxxxxxxxxxx]predictiveHigh
112Argumentxxxxx_xxxx_xxxxpredictiveHigh
113Argumentxxxxxxxxxx[x]predictiveHigh
114ArgumentxxxxxxpredictiveLow
115ArgumentxxxxxxxxpredictiveMedium
116ArgumentxxxxxxxxpredictiveMedium
117ArgumentxxxxxxxpredictiveLow
118ArgumentxxxxxxxxpredictiveMedium
119Argumentxxxxxxxxxxx_xxxxpredictiveHigh
120ArgumentxxxxxxpredictiveLow
121ArgumentxxxxxxxxxxpredictiveMedium
122ArgumentxxxxxxxxpredictiveMedium
123ArgumentxxxpredictiveLow
124ArgumentxxxxpredictiveLow
125ArgumentxxxpredictiveLow
126ArgumentxxxxpredictiveLow
127ArgumentxxxxxxxxpredictiveMedium
128Argumentxxxxxxxx/xxxxpredictiveHigh
129Argumentxxxx_xxxxxxxpredictiveMedium
130Input Value../predictiveLow
131Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
132Patternx|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|.|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|predictiveHigh
133Network Portxxx/xxxxpredictiveMedium
134Network Portxxx xxxxxx xxxxpredictiveHigh

References (23)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!