FunnySwitch Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (299)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en248
zh40
es6
fr2
jp2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us182
cn114
au2
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

FunnySwitch12
Cobalt Strike8
pupy2
BumbleBee1
TAG-531

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined78
Operating System8
Smartphone Operating System8
Router Operating System6
Mail Client Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined76
Microsoft10
Google8
Apple6
Apache4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Parallels Desktop6
Google Android6
Play Framework4
Apple macOS4
Microsoft Windows4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix2.040.00954CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.000.01806CVE-2007-1192
3PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.240.00348CVE-2015-4134
4HRworks Login Reflected cross site scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.000.00107CVE-2019-11559
5WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.030.00843CVE-2006-5509
6Elasticsearch Async Search API information disclosure4.14.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00082CVE-2021-22132
7jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00289CVE-2019-7550
8PHPList Sending Campain sql injection5.35.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.00072CVE-2017-20030
9PHP phpinfo cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.280.08985CVE-2006-0996
10OpenWrt Access Control rpcd access control7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00230CVE-2018-11116
11Microsoft Windows SMB access control7.06.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.00086CVE-2017-11782
12Honeywell Controller Message stack-based overflow9.09.0$0-$5k$0-$5kNot DefinedNot Defined0.030.00046CVE-2023-24480
13Linux Kernel ioctl.c dm_get_inactive_table deadlock5.15.0$5k-$25k$0-$5kNot DefinedNot Defined0.080.00042CVE-2023-2269
14Kubernetes kubelet pprof information disclosure7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.080.72895CVE-2019-11248
15Discuz!ML Cookie code injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.04015CVE-2019-13956
16Google Android Qualcomm Privilege Escalation5.55.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00044CVE-2021-1921
17Microsoft SQL Server input validation7.57.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.030.02204CVE-2019-1068
18Elasticsearch Elastic Cloud Enterprise API permission4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.030.01523CVE-2021-22146
19Cyrus IMAP index.c index_urlfetch memory corruption7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01765CVE-2015-8076
20Sharp Zaurus Samba Access improper authentication6.56.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.96196CVE-2003-0085

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.76.6.14945.76.6.149.vultrusercontent.comFunnySwitch08/10/2022verifiedHigh
245.76.75.21945.76.75.219.vultrusercontent.comFunnySwitch08/10/2022verifiedHigh
366.42.48.186www.cookieli1983.mlFunnySwitch08/10/2022verifiedHigh
466.42.103.22266.42.103.222.vultrusercontent.comFunnySwitch08/10/2022verifiedHigh
5XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxx08/10/2022verifiedHigh
6XX.XX.XXX.XXXxxxx.xxXxxxxxxxxxx08/10/2022verifiedHigh
7XXX.XX.XX.XXXXxxxxxxxxxx08/10/2022verifiedHigh
8XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxx.xxxXxxxxxxxxxx08/10/2022verifiedHigh
9XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxx08/10/2022verifiedHigh
10XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxx.xxxXxxxxxxxxxx08/10/2022verifiedHigh
11XXX.XX.XX.XXxxxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx08/10/2022verifiedHigh
12XXX.XX.XX.XXxxx.xx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxx08/10/2022verifiedHigh
13XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxx08/10/2022verifiedHigh
14XXX.XXX.X.XXXXxxxxxxxxxx08/10/2022verifiedHigh
15XXX.XXX.X.XXxxxxxxxxxx08/10/2022verifiedHigh
16XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxx.xxxXxxxxxxxxxx08/10/2022verifiedHigh
17XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxx08/10/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22, CWE-23Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-88, CWE-94Cross Site ScriptingpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx XxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxx-xxx Xxxx Xxxxxxx XxxxpredictiveHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (98)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/debug/pprofpredictiveMedium
2File/etc/config/rpcdpredictiveHigh
3File/forum/away.phppredictiveHigh
4File/lists/admin/predictiveHigh
5File/public/login.htmpredictiveHigh
6File/wp-admin/admin-ajax.phppredictiveHigh
7File/_nextpredictiveLow
8Fileaddentry.phppredictiveMedium
9Fileadmin/conf_users_edit.phppredictiveHigh
10Fileadmin/write-post.phppredictiveHigh
11Filearchiver\index.phppredictiveHigh
12Filebooks.phppredictiveMedium
13Filexxx/xxxxxxx.xxpredictiveHigh
14Filexxx/xxxxxxpredictiveMedium
15Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxxx/xxx/xxx.xpredictiveHigh
17Filexxxxx.xxxpredictiveMedium
18Filexx-xxxxxxx/xxxxxxxpredictiveHigh
19Filexxxxxx/xxxxxxxxxxxxpredictiveHigh
20Filexxxx.xxxpredictiveMedium
21Filexxxxxxxxx.xxxpredictiveHigh
22Filexxxxx/xxxxxxxxxxxxxxpredictiveHigh
23Filexxx/xxxxxx.xxxpredictiveHigh
24Filexxxxxxxx/xxxxxxxx.xxxpredictiveHigh
25Filexxxxx.xpredictiveLow
26Filexxxxx.xxxpredictiveMedium
27Filexxxxx.xpredictiveLow
28FilexxxxxxxpredictiveLow
29Filexxxxx.xxxxpredictiveMedium
30Filexxxxxxxx.xpredictiveMedium
31Filexxxxxxxx.xxxpredictiveMedium
32Filexxxxxxxx.xxpredictiveMedium
33Filexxxxxxxxx/xxxx-xxxxpredictiveHigh
34Filexxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxxx.xpredictiveMedium
36Filexxx_xxxx.xxxpredictiveMedium
37Filexxxxxxx.xxxpredictiveMedium
38Filexxxxx/xxxxxxx.xpredictiveHigh
39Filexxxxxx.xxxpredictiveMedium
40Filexxxxx.xxxpredictiveMedium
41Filexxxxxxxxxxxxxx.xxxpredictiveHigh
42Filexxxxx_xxxxx.xxxpredictiveHigh
43Filexxxxx_xxxxxx_xxx.xxxpredictiveHigh
44Filexxxxx.xxxpredictiveMedium
45Filexxxxx.xxxpredictiveMedium
46Filexxxxxxxxxx.xxxpredictiveHigh
47Filexxxxx-xxxx/xxxxx-xxxxx-xxxx.xxxpredictiveHigh
48Filexxxxxxxx.xxxpredictiveMedium
49Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
50Filexxxx.xpredictiveLow
51Filexxxxxx_xxxxxx.xxxpredictiveHigh
52Filexxxx.xxxpredictiveMedium
53Filexxxxxxx/xxxxxxxx.xpredictiveHigh
54Filexxx_xxxxxx.xxxpredictiveHigh
55Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
56Filexxxxxxxx.xxxxx.xxxpredictiveHigh
57Filexxxx-xxxxxxxx.xxxpredictiveHigh
58Filexxxxxxxxx.xxxpredictiveHigh
59Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
60Filexxxxxx.xxxpredictiveMedium
61Filexxxxx.xxxpredictiveMedium
62Filexxxx.xxpredictiveLow
63Libraryxxx/xxxxx/xxxxxxxx.xxpredictiveHigh
64Libraryxxxxxxxx/xxxxxxx/xxxxx/xxx.xxxpredictiveHigh
65Argument$_xxxx['xxx_xxxx_xxxxxx']predictiveHigh
66Argument.xxx.x.x.x.x.x.xx.x.x.x.x.x.x.x.x.x.x.xpredictiveHigh
67Argumentxx_xxxxx_xxx_xxxxpredictiveHigh
68ArgumentxxxxxxpredictiveLow
69ArgumentxxxxxxxxpredictiveMedium
70ArgumentxxxxxxpredictiveLow
71ArgumentxxxpredictiveLow
72Argumentxxxxxxx-xxxxxxpredictiveHigh
73ArgumentxxxxxxxxxxpredictiveMedium
74ArgumentxxxxxxxpredictiveLow
75ArgumentxxxxxxpredictiveLow
76ArgumentxxxxpredictiveLow
77ArgumentxxpredictiveLow
78Argumentxxxxxx_xxpredictiveMedium
79ArgumentxxxxxxxxpredictiveMedium
80Argumentxxx_xxxxxxpredictiveMedium
81ArgumentxxxxxxxxpredictiveMedium
82ArgumentxxxxxxxxxxpredictiveMedium
83ArgumentxxxxxxxxpredictiveMedium
84ArgumentxxxxxxpredictiveLow
85ArgumentxxxxpredictiveLow
86Argumentxxx_xxxxxpredictiveMedium
87ArgumentxxxxxxxpredictiveLow
88Argumentxxxx_xxpredictiveLow
89ArgumentxxxpredictiveLow
90ArgumentxxxxxpredictiveLow
91ArgumentxxxpredictiveLow
92ArgumentxxxpredictiveLow
93ArgumentxxxxxxxxpredictiveMedium
94Argument_xxx_xxxxxxxxxxx_predictiveHigh
95Input Value(|)(\\x\\x)*predictiveMedium
96Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
97Pattern|xx|predictiveLow
98Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!