Gamaredon Analysis

IOB - Indicator of Behavior (93)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en70
ru14
de8
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ru94

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
Digiwin BPM2
DEXIS Imaging Suite2
Citrix SD-WAN Center2
Citrix Netscaler SD-WAN2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Microsoft Windows Advanced Local Procedure Call Privilege Escalation9.48.7$25k-$100k$5k-$25kFunctionalOfficial Fix0.190.01150CVE-2023-21674
2Microsoft Windows Kernel Privilege Escalation7.26.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.040.01405CVE-2022-21881
3Microsoft Windows SMB Witness Service Privilege Escalation8.87.7$25k-$100k$5k-$25kUnprovenOfficial Fix1.020.01150CVE-2023-21549
4Microsoft SQL Server Privilege Escalation8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.140.01150CVE-2022-23276
5HP 3PAR Service Processor SP information disclosure4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.020.01055CVE-2015-5443
6Oracle Java SE/Java SE Embedded Deployment memory corruption10.09.5$25k-$100kCalculatingNot DefinedOfficial Fix0.010.01319CVE-2013-5788
7WooCommerce PayU India Payment Gateway Plugin Purchase Price input validation6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2019-14978
8WooCommerce Instamojo Payment Gateway Plugin Purchase amount Price input validation7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00000CVE-2019-14977
9Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.370.25090CVE-2017-0055
10Apache HTTP Server smbvalid/smbval authensmb memory corruption10.09.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.030.01055CVE-1999-1237
11Digiwin BPM sql injection8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.000.01055CVE-2022-32456
12RoundCube sql injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.090.01108CVE-2021-44026
13VMware ESXi/Workstation/Fusion/Cloud Foundation USB 2.0 controller out-of-bounds write8.58.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.230.02763CVE-2022-31705
14Django QuerySet.aggregate sql injection6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.17909CVE-2022-28346
15Microsoft Windows Kernel Privilege Escalation8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.010.01178CVE-2022-37991
16Microsoft Visual Studio Remote Code Execution7.36.7$5k-$25k$0-$5kUnprovenOfficial Fix0.050.01528CVE-2022-41119
17DEXIS Imaging Suite SQL Server hard-coded credentials9.89.6$0-$5kCalculatingNot DefinedWorkaround0.060.01055CVE-2016-6532
18Microsoft SQL Server Common Controls TabStrip ActiveX MSCOMCTL.OCX code injection9.68.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.020.48722CVE-2012-1856
19Microsoft SQL Server Privilege Escalation7.56.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.230.01967CVE-2022-29143
20eSyndicat Directory Software suggest-listing.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.330.00000

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (287)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
12.59.36.194GamaredonverifiedHigh
22.59.41.5vds-sizaus.timeweb.ruGamaredon verifiedHigh
35.63.152.2335-63-152-233.cloudvps.regruhosting.ruGamaredonverifiedHigh
45.63.154.195-63-154-19.cloudvps.regruhosting.ruGamaredonverifiedHigh
55.63.154.1285-63-154-128.cloudvps.regruhosting.ruGamaredonverifiedHigh
65.63.158.1795-63-158-179.cloudvps.regruhosting.ruGamaredonverifiedHigh
75.63.158.2335-63-158-233.cloudvps.regruhosting.ruGamaredonverifiedHigh
85.63.158.2385-63-158-238.cloudvps.regruhosting.ruGamaredonverifiedHigh
95.252.193.204GamaredonverifiedHigh
1031.31.203.1731-31-203-17.cloudvps.regruhosting.ruGamaredonverifiedHigh
1131.31.203.7131-31-203-71.cloudvps.regruhosting.ruGamaredonverifiedHigh
1231.31.203.21931-31-203-219.cloudvps.regruhosting.ruGamaredonverifiedHigh
1331.40.251.145GamaredonverifiedHigh
1431.40.251.171GamaredonverifiedHigh
1537.77.105.102701115-cm83897.tmweb.ruGamaredonUkraineverifiedHigh
1637.140.195.13737-140-195-137.cloudvps.regruhosting.ruGamaredonverifiedHigh
1737.140.197.5537-140-197-55.cloudvps.regruhosting.ruGamaredonverifiedHigh
1837.140.197.20637-140-197-206.cloudvps.regruhosting.ruGamaredonverifiedHigh
1937.140.199.2037-140-199-20.cloudvps.regruhosting.ruGamaredonverifiedHigh
2037.140.199.224nedvizhimostdoma.ruGamaredonverifiedHigh
2145.32.149.845.32.149.8.vultr.comGamaredonverifiedMedium
2245.63.42.25545.63.42.255.vultrusercontent.comGamaredonverifiedHigh
2345.77.237.25245.77.237.252.vultrusercontent.comGamaredonUkraine GovernmentverifiedHigh
2445.134.255.131GamaredonverifiedHigh
2545.135.134.139ckus.siteGamaredonverifiedHigh
2668.183.3.178GamaredonverifiedHigh
2770.34.194.3170.34.194.31.vultr.comGamaredonverifiedMedium
2870.34.194.12370.34.194.123.vultr.comGamaredonverifiedMedium
2970.34.195.7570.34.195.75.vultr.comGamaredonverifiedMedium
3070.34.197.18570.34.197.185.vultr.comGamaredonverifiedMedium
3170.34.198.22670.34.198.226.vultr.comGamaredonverifiedMedium
3270.34.199.21470.34.199.214.vultr.comGamaredonverifiedMedium
3370.34.202.5570.34.202.55.vultr.comGamaredonverifiedMedium
3470.34.204.7470.34.204.74.vultr.comGamaredonverifiedMedium
3570.34.204.14170.34.204.141.vultr.comGamaredonverifiedMedium
3670.34.208.3270.34.208.32.vultr.comGamaredonverifiedMedium
3778.40.219.12628153-cn06191.tmweb.ruGamaredonUkraineverifiedHigh
3880.78.240.21080-78-240-210.cloudvps.regruhosting.ruGamaredonverifiedHigh
3980.78.241.8880-78-241-88.cloudvps.regruhosting.ruGamaredonverifiedHigh
4080.78.241.25380-78-241-253.cloudvps.regruhosting.ruGamaredonverifiedHigh
4180.78.244.12480-78-244-124.cloudvps.regruhosting.ruGamaredonverifiedHigh
4280.78.244.19980-78-244-199.cloudvps.regruhosting.ruGamaredonverifiedHigh
4380.78.245.89mail-open-3.nascom.nasa.govGamaredonverifiedHigh
4480.78.245.22380-78-245-223.cloudvps.regruhosting.ruGamaredonverifiedHigh
4580.78.245.254scraper.betty.networkGamaredonverifiedHigh
4680.78.248.22GamaredonverifiedHigh
4780.78.248.167hadassah.moscowGamaredonverifiedHigh
4880.78.248.22280-78-248-222.cloudvps.regruhosting.ruGamaredonverifiedHigh
4980.78.251.480-78-251-4.cloudvps.regruhosting.ruGamaredonverifiedHigh
5080.78.251.19180-78-251-191.cloudvps.regruhosting.ruGamaredonverifiedHigh
5180.78.251.23180-78-251-231.cloudvps.regruhosting.ruGamaredonverifiedHigh
5280.78.253.2680-78-253-26.cloudvps.regruhosting.ruGamaredonverifiedHigh
5380.78.253.8680-78-253-86.cloudvps.regruhosting.ruGamaredonverifiedHigh
5480.78.253.19680-78-253-196.cloudvps.regruhosting.ruGamaredonverifiedHigh
5580.78.254.23880-78-254-238.cloudvps.regruhosting.ruGamaredonverifiedHigh
5683.166.242.108GamaredonverifiedHigh
5783.166.247.110GamaredonverifiedHigh
5883.166.247.185GamaredonverifiedHigh
59XX.XXX.XXX.XXXxxxxxxxxverifiedHigh
60XX.XXX.XX.XXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxXxxxxxxverifiedHigh
61XX.XXX.XX.XXXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxXxxxxxxverifiedHigh
62XX.XXX.XX.XXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxXxxxxxxverifiedHigh
63XX.XXX.XX.XXXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxverifiedHigh
64XX.XXX.XX.XXXxxxxxx-xxxxxx.xxxxx.xxXxxxxxxxxXxxxxxxverifiedHigh
65XX.XXX.XX.XXXxx-xxxxxxx.xxxxxxx.xxXxxxxxxxxXxxxxxxverifiedHigh
66XX.XXX.XX.XXXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxXxxxxxxverifiedHigh
67XX.XXX.XX.XXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxXxxxxxxverifiedHigh
68XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
69XX.XXX.XX.XXxx-xxx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
70XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
71XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
72XX.XXX.XX.XXxx-xxx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
73XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
74XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
75XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
76XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
77XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
78XX.XXX.XX.XXXxxxxxxx-xxxxx.xxXxxxxxxxxverifiedHigh
79XX.XXX.XX.XXxxxx-xxxx-x.xxxxxx.xxxx.xxxXxxxxxxxxverifiedHigh
80XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
81XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
82XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
83XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
84XX.XXX.XX.XXxx-xxx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
85XX.XXX.XX.XXxx-xxx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
86XX.XXX.XX.XXxxxxxxxxverifiedHigh
87XX.XXX.XX.Xxx-xxx-xx-x.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
88XX.XXX.XX.XXxx-xxx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
89XX.XXX.XX.XXxx-xxx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
90XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
91XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
92XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
93XX.XXX.XX.XXxx-xxx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
94XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
95XX.XXX.XX.Xxx-xxx-xx-x.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
96XX.XXX.XX.XXxx-xxx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
97XX.XXX.XX.XXxx-xxx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
98XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
99XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
100XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
101XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
102XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
103XX.XXX.XXX.XXxx-xxx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
104XX.XXX.XXX.XXxx-xxx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
105XX.XXX.XXX.XXxx-xxx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
106XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
107XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
108XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
109XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
110XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
111XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
112XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
113XX.XXX.XX.XXXxxxxxxxxxx.xxXxxxxxxxxXxxxxxxverifiedHigh
114XX.XXX.XX.XXxxx-xxxxxxx.xxxxxxx.xxXxxxxxxxxXxxxxxxverifiedHigh
115XX.XXX.XX.XXXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxXxxxxxxverifiedHigh
116XX.XXX.XXX.XXXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxXxxxxxxverifiedHigh
117XX.XXX.XXX.XXXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxverifiedHigh
118XX.XXX.XXX.XXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxverifiedHigh
119XX.XXX.XXX.XXxxx-xxxxxxx.xxxxxxx.xxXxxxxxxxxXxxxxxxverifiedHigh
120XX.XXX.XX.XXXxxxxxxx.xxXxxxxxxxxverifiedHigh
121XX.XX.XX.XXXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxXxxxxxxverifiedHigh
122XX.XX.XX.XXXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxverifiedHigh
123XX.XXX.XX.XXxxxxxxxxxxxx.xxxxXxxxxxxxxverifiedHigh
124XX.XXX.XX.XXxxxxxxxxx.xxxxXxxxxxxxxverifiedHigh
125XX.XXX.XX.XXXxxxxxxxxxxxx.xxxxXxxxxxxxxverifiedHigh
126XX.XXX.XX.XXXxxxxxxxx.xxxXxxxxxxxxXxxxxxxverifiedHigh
127XX.XXX.XX.XXXxxxxxxxxxxxxx.xxxxXxxxxxxxxverifiedHigh
128XX.XXX.XX.XXXxxxxxx-xxxxx.xxxxxxxx.xxxXxxxxxxxxverifiedHigh
129XX.XXX.XX.XXXxxxxxx-xxx-xxxx.xxxxxxxx.xxxXxxxxxxxxverifiedHigh
130XX.XXX.XX.XXXXxxxxxxxxverifiedHigh
131XX.XXX.XX.XXXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxverifiedHigh
132XX.XXX.XXX.XXxxxxxxxxverifiedHigh
133XX.XXX.XXX.XXXxxxxxx-xxxxxxxxxx.xxxxx.xxXxxxxxxxxverifiedHigh
134XX.XXX.XXX.XXxxxxxxxxverifiedHigh
135XX.XXX.XXX.XXXXxxxxxxxxXxxxxxxverifiedHigh
136XX.XXX.XXX.XXxxxxx-xxx.xxxx.xxXxxxxxxxxverifiedHigh
137XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxx.xxxXxxxxxxxxverifiedMedium
138XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxx.xxxXxxxxxxxxverifiedMedium
139XX.XXX.XXX.XXxx.xxx.xxx.xx.xxxxx.xxxXxxxxxxxxverifiedMedium
140XX.XXX.XX.XXxxxxxx-xx.xxx.xxXxxxxxxxxverifiedHigh
141XXX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
142XXX.XXX.XX.XXXXxxxxxxxxverifiedHigh
143XXX.XX.XXX.XXxxxxxx-xxxxxxxxxx.xxxxx.xxXxxxxxxxxverifiedHigh
144XXX.XX.XXX.XXXxxx-xxxxxxx.xxxxxxx.xxXxxxxxxxxverifiedHigh
145XXX.XX.XXX.XXxxxxxxxxverifiedHigh
146XXX.XXX.XXX.XXxxxx-xxx-xxx-xxx.xxxxxxx.xxXxxxxxxxxverifiedHigh
147XXX.XXX.XX.XXXxxxx-xxx-xxx-xx-xxx.xxxxxx-xx-xxxxxx.xxXxxxxxxxxverifiedHigh
148XXX.XX.XXX.XXxxxxxxxxverifiedHigh
149XXX.X.XXX.XXXxxx-x-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
150XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxverifiedHigh
151XXX.XX.XX.XXxxx.xx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxverifiedHigh
152XXX.X.XXX.XXxxxxx.xxxx.xxXxxxxxxxxverifiedHigh
153XXX.XX.XXX.XXXXxxxxxxxxverifiedHigh
154XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
155XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
156XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
157XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
158XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
159XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
160XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxXxxxxxx XxxxxxxxxxverifiedHigh
161XXX.XX.XXX.XXXxxx.xxxxxx.xxxXxxxxxxxxverifiedHigh
162XXX.XX.XX.XXXxxxxxxxxverifiedHigh
163XXX.XX.XXX.XXXXxxxxxxxxXxxxxxx XxxxxxxxxxverifiedHigh
164XXX.XX.XXX.XXXXxxxxxxxxverifiedHigh
165XXX.XX.XXX.XXXXxxxxxxxxverifiedHigh
166XXX.XXX.XX.XXXXxxxxxxxxverifiedHigh
167XXX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxXxxxxxxverifiedHigh
168XXX.XX.XXX.XXXxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
169XXX.XX.XXX.XXXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxverifiedHigh
170XXX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
171XXX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
172XXX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
173XXX.XXX.XXX.XXXxxxxxxxxverifiedHigh
174XXX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
175XXX.XX.XX.XXXxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxxxxxverifiedHigh
176XXX.XX.XX.XXxxx-xx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
177XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
178XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
179XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
180XXX.XX.XXX.Xxxx-xx-xxx-x.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
181XXX.XX.X.XXxxx-xx-x-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
182XXX.XX.X.XXxxx.xxxxxxxxx.xxxXxxxxxxxxverifiedHigh
183XXX.XX.X.XXXxxx-xx-x-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
184XXX.XX.X.XXXxxx-xx-x-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
185XXX.XX.XX.XXxxx-xx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
186XXX.XX.XX.XXxxx-xx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
187XXX.XX.XX.XXxxx-xx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
188XXX.XX.XX.XXxxxx.xxxxxxxxx.xxxXxxxxxxxxverifiedHigh
189XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
190XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
191XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
192XXX.XX.XX.XXxxx-xx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
193XXX.XX.XX.XXxxx-xx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
194XXX.XX.XX.XXxxx-xx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
195XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
196XXX.XXX.XXX.XXxxxxxxxxverifiedHigh
197XXX.XXX.XX.XXXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxverifiedHigh
198XXX.XXX.XXX.XXXxxxxxxxxverifiedHigh
199XXX.XXX.XXX.XXXxxxxxxxxverifiedHigh
200XXX.XXX.XXX.XXXxxx-xxx.xxxxxx.xxxxxxx.xxXxxxxxxxxverifiedHigh
201XXX.XXX.XX.XXXXxxxxxxxxverifiedHigh
202XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
203XXX.XXX.XX.XXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxverifiedHigh
204XXX.XXX.XX.Xxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxXxxxxxxverifiedHigh
205XXX.XXX.XX.XXxx.xxxxxx.xxXxxxxxxxxverifiedHigh
206XXX.XXX.XX.XXXxxxxxx-xxxxxxxxxx.xxxxx.xxXxxxxxxxxverifiedHigh
207XXX.XXX.XX.XXXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxverifiedHigh
208XXX.XXX.XX.XXXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxverifiedHigh
209XXX.XXX.XX.XXXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxverifiedHigh
210XXX.XXX.XX.XXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxverifiedHigh
211XXX.XXX.XX.XXXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxverifiedHigh
212XXX.XXX.XX.XXXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxverifiedHigh
213XXX.XXX.XX.XXXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxXxxxxxxverifiedHigh
214XXX.XXX.XX.XXXxxx-xxxxxxx.xxxxxxx.xxXxxxxxxxxXxxxxxxverifiedHigh
215XXX.XXX.XX.XXxxxxxx-xxxxxxxx.xxxxx.xxXxxxxxxxxXxxxxxxverifiedHigh
216XXX.XXX.XX.XXXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxverifiedHigh
217XXX.XXX.XX.XXXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxverifiedHigh
218XXX.XXX.XX.Xxxxxxxx.xxXxxxxxxxxverifiedHigh
219XXX.XXX.XX.Xxxxxxxx.xxXxxxxxxxxverifiedHigh
220XXX.XXX.XX.XXXxxxxxx-xxxxx.xxxxx.xxXxxxxxxxxXxxxxxxverifiedHigh
221XXX.XXX.XX.XXXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxverifiedHigh
222XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
223XXX.XXX.XXX.XXXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxverifiedHigh
224XXX.XXX.XXX.XXXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxverifiedHigh
225XXX.XX.XX.XXXxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
226XXX.XX.XX.XXxxxxxxxxverifiedHigh
227XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
228XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
229XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
230XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
231XXX.XX.XXX.XXxxxxxxxxverifiedHigh
232XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
233XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
234XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
235XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
236XXX.XX.XXX.XXXXxxxxxxxxverifiedHigh
237XXX.XX.XXX.XXxxxxxxxxverifiedHigh
238XXX.XX.XXX.XXXxxxxxxx.xxx.xxXxxxxxxxxverifiedHigh
239XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
240XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
241XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
242XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
243XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
244XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
245XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
246XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
247XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
248XXX.XX.XX.XXxxxxxxxxverifiedHigh
249XXX.XX.XX.XXxxxxxxxxverifiedHigh
250XXX.XX.XX.XXXxxxxxxxxverifiedHigh
251XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
252XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
253XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
254XXX.XX.XX.XXxxx-xx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
255XXX.XX.XX.XXxxx-xx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
256XXX.XX.XX.XXxxx-xx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
257XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
258XXX.XX.XX.XXxxx-xx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
259XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
260XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
261XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
262XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
263XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
264XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
265XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
266XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
267XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
268XXX.XX.XXX.XXxxxxxxxxverifiedHigh
269XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
270XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
271XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
272XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
273XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
274XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
275XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
276XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
277XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
278XXX.XXX.XXX.XXxxxxxxxxxxxxxxxx.xxxxXxxxxxxxxverifiedHigh
279XXX.XX.XX.XXxx-xx.xxxxxx.xxxxxxx.xxXxxxxxxxxverifiedHigh
280XXX.XX.XX.XXXxx-xxx.xxxxxxxxx.xxxXxxxxxxxxverifiedHigh
281XXX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
282XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxx.xxxXxxxxxxxxverifiedHigh
283XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxx.xxxXxxxxxxxxverifiedMedium
284XXX.XX.XX.XXXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxverifiedHigh
285XXX.XX.XX.XXXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxXxxxxxxverifiedHigh
286XXX.XX.X.XXxxx.xx.x.xx.xxxxx.xxxXxxxxxxxxverifiedMedium
287XXX.XX.X.XXxxx.xx.x.xx.xxxxx.xxxXxxxxxxxxverifiedMedium

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/objects/getImageMP4.phppredictiveHigh
2File/out.phppredictiveMedium
3File/payu/icpcheckout/predictiveHigh
4File/uncpath/predictiveMedium
5Fileadmin.phppredictiveMedium
6Fileasn1fix_retrieve.cpredictiveHigh
7Filebigsam_guestbook.phppredictiveHigh
8Filebooks.phppredictiveMedium
9Filexxxx/xxx/.../xxxxxxpredictiveHigh
10Filexxxxxxxx.xxxpredictiveMedium
11Filexxxxx.xxxpredictiveMedium
12Filexxxxxx.xxxpredictiveMedium
13Filexx/xx_xxxxxxx.xxxpredictiveHigh
14Filexxxxxxxx.xxxpredictiveMedium
15Filexxxxxxx/xxxx/xxxxxx/xxxxxxx.xpredictiveHigh
16Filexxxxxxx.xxxpredictiveMedium
17Filexxx/xxxxxx.xxxpredictiveHigh
18Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
19Filexxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
20Filexxxx_xxxx.xxxpredictiveHigh
21Filexxxxxxxx.xxxpredictiveMedium
22Filexxx/xxxx/xxxx_xxxx.xpredictiveHigh
23Filexxx/xxxxx.xxxxpredictiveHigh
24Filexxxxxxx.xxxpredictiveMedium
25Filexxxx.xxxpredictiveMedium
26Filexxxxxxx.xxxpredictiveMedium
27Filexxxx-xx.xxx/xxx.xxxxx/xxx-xxxxxxxx-xxxx.xxxpredictiveHigh
28Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
29Filexxx/xxxx/xxxx/xxx.xxxxxxxx.xxxxxxx/xxxxxxx/xxx/xxxxxx.xxxxpredictiveHigh
30Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
31Filexx/xx/xxxxxxxxx_xxxxxxxxxxx.xxxpredictiveHigh
32Filexxxx.xxxpredictiveMedium
33Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
34Filexxx.xxxxxxxx.xxxpredictiveHigh
35Filexxxxxxxx.xxxpredictiveMedium
36Libraryxxxxxx.xxxpredictiveMedium
37Libraryxxxxxxxx.xxx.xxxpredictiveHigh
38ArgumentxxxxxxxxxpredictiveMedium
39ArgumentxxxxxxxxpredictiveMedium
40ArgumentxxxxxxpredictiveLow
41Argumentxxx_xxxpredictiveLow
42ArgumentxxxpredictiveLow
43Argumentxxx_xxpredictiveLow
44ArgumentxxxpredictiveLow
45Argumentxxxx_xxpredictiveLow
46ArgumentxxxxxxxxpredictiveMedium
47ArgumentxxpredictiveLow
48Argumentxxxx_xxpredictiveLow
49ArgumentxxpredictiveLow
50ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
51Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
52ArgumentxxxxxxpredictiveLow
53ArgumentxxxxpredictiveLow
54ArgumentxxxxxxxpredictiveLow
55ArgumentxxxpredictiveLow
56ArgumentxxxxxpredictiveLow
57ArgumentxxxpredictiveLow
58ArgumentxxxxxxpredictiveLow
59ArgumentxxxxxxxxpredictiveMedium
60Argumentxxxxxxxx:xxxxxxxxpredictiveHigh
61Input Valuexxx[…]predictiveMedium
62Input Valuexxxxxxxxx:xxxxxxxxpredictiveHigh
63Network PortxxxpredictiveLow

References (15)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!