GandCrab Analysis

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en936
fr18
de10
zh8
es8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us570
cn10
fr2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Emotet1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined256
Operating System38
Web Browser38
Content Management System30
Programming Language Software18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined128
Oracle42
Zoho ManageEngine32
Microsoft30
IBM28

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome14
Microsoft Internet Explorer14
Microsoft Windows12
Linux Kernel8
Apple iOS8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.410.00000
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.430.04187CVE-2010-0966
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
4SAS Web Report Studio javascript: URL logonAndRender.do cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.040.00954CVE-2022-25256
5vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.090.00885CVE-2018-6200
6Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00000
7Microsoft Windows Roaming Security Rights Management Services Remote Code Execution8.17.4$100k and more$5k-$25kUnprovenOfficial Fix0.010.12761CVE-2022-21974
8Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable0.070.01055CVE-2008-2052
9Atlassian Jira Service Management Server/Data Center InsightDefaultCustomFieldConfig.jspa cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2021-43943
10FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.110.01213CVE-2008-5928
11My Link Trader out.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.00000
12vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.01139CVE-2007-6138
13Atlassian JIRA Server/Data Center Thread Contention/CPU Monitoring Service ViewInstrumentation.jspa cross-site request forgery4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.080.01055CVE-2021-43953
14Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation8.17.4$100k and more$5k-$25kUnprovenOfficial Fix0.000.01150CVE-2022-24507
15JForum Login input validation6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.030.01055CVE-2012-5338
16Linux Kernel cgroups Subsystem cgroup-v1.c cgroup_release_agent_write improper authentication5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.04804CVE-2022-0492
17Vunet VU Web Visitor Analyst redir.asp sql injection7.37.1$0-$5k$0-$5kHighWorkaround0.090.01139CVE-2010-2338
18OpenX adclick.php redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.110.01213CVE-2014-2230
19PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.020.01213CVE-2015-4134
20Openads adclick.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.01213CVE-2007-2046

IOC - Indicator of Compromise (169)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
13.64.163.50ec2-3-64-163-50.eu-central-1.compute.amazonaws.comGandCrabverifiedMedium
23.215.23.197ec2-3-215-23-197.compute-1.amazonaws.comGandCrabverifiedMedium
35.39.221.60GandCrabverifiedHigh
45.135.183.146freya.stelas.deGandCrabverifiedHigh
55.144.168.210mail.xdeers.comGandCrabverifiedHigh
613.76.158.123GandCrabverifiedHigh
713.107.21.200GandCrabverifiedHigh
820.42.65.92GandCrabverifiedHigh
920.42.73.29GandCrabverifiedHigh
1020.50.64.11GandCrabverifiedHigh
1120.189.173.20GandCrabverifiedHigh
1223.100.15.180GandCrabverifiedHigh
1323.205.105.157a23-205-105-157.deploy.static.akamaitechnologies.comGandCrabverifiedHigh
1423.236.62.147147.62.236.23.bc.googleusercontent.comGandCrabverifiedMedium
1534.102.136.180180.136.102.34.bc.googleusercontent.comGandCrabverifiedMedium
1635.205.61.6767.61.205.35.bc.googleusercontent.comGandCrabverifiedMedium
1739.107.34.197GandCrabverifiedHigh
1845.33.91.79li1037-79.members.linode.comGandCrabverifiedHigh
1945.118.145.96GandCrabverifiedHigh
2046.32.228.22720808.vps-10.comGandCrabverifiedHigh
2147.75.206.148GandCrabverifiedHigh
2250.63.202.89ip-50-63-202-89.ip.secureserver.netGandCrabverifiedHigh
2350.87.58.16550-87-58-165.unifiedlayer.comGandCrabverifiedHigh
2451.68.50.168ip168.ip-51-68-50.euGandCrabverifiedHigh
2551.254.25.115ip115.ip-51-254-25.euGandCrabverifiedHigh
2651.255.48.78vps-ede152ed.vps.ovh.netGandCrabverifiedHigh
2752.17.9.185ec2-52-17-9-185.eu-west-1.compute.amazonaws.comGandCrabverifiedMedium
2852.29.192.136ec2-52-29-192-136.eu-central-1.compute.amazonaws.comGandCrabverifiedMedium
2952.58.78.16ec2-52-58-78-16.eu-central-1.compute.amazonaws.comGandCrabverifiedMedium
3052.116.175.70hs20.name.toolsGandCrabverifiedHigh
3152.168.117.173GandCrabverifiedHigh
3252.182.143.212GandCrabverifiedHigh
3354.36.194.90ip90.ip-54-36-194.euGandCrabverifiedHigh
3462.210.24.11662-210-24-116.rev.poneytelecom.euGandCrabverifiedHigh
35XX.XX.XXX.XXxx.xxx.xx.xx.xxxxxx.xxxxxx.xxxXxxxxxxxverifiedHigh
36XX.XX.XXX.XXXxxx.xxx.xx.xx.xxxxxx.xxxxxx.xxxXxxxxxxxverifiedHigh
37XX.XXX.XXX.XXXxxxx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
38XX.XXX.XXX.XXXXxxxxxxxverifiedHigh
39XX.XXX.XXX.XXxxxxxxxxxxxx.xx.xxxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
40XX.XX.XXX.XXXxxxxx.xxxxxxxxx.xxxXxxxxxxxverifiedHigh
41XX.XXX.XXX.XXXxxxxxxxx.xxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
42XX.XX.XXX.XXxx-xx-xxx-xx.xxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
43XX.XX.XX.XXXXxxxxxxxverifiedHigh
44XX.XX.XXX.XXxxxxxx-xxxxx.xx-xxxxxxx.xxXxxxxxxxverifiedHigh
45XX.XXX.XXX.XXxx-xx-xxx-xxx-xx.xxxxxxxxxx.xxxXxxxxxxxverifiedHigh
46XX.XXX.XXX.XXXxx-xx-xxx-xxx-xxx.xxxxxxxxxx.xxxXxxxxxxxverifiedHigh
47XX.XX.XXX.XXxxxxx.xxxxxxx.xxXxxxxxxxverifiedHigh
48XX.X.XXX.XXXxxxx-xxx.xxxxxx.xxxxxxx.xxx.xxXxxxxxxxverifiedHigh
49XX.XXX.XX.XXXxxxxxx.xxx-xxxx.xxxXxxxxxxxverifiedHigh
50XX.XXX.XXX.Xxxxxxxx.xxxxxxxxxx.xxXxxxxxxxverifiedHigh
51XX.XXX.XXX.XXxx-xxxxxx.xxxxxxxxxx.xxXxxxxxxxverifiedHigh
52XX.XXX.XX.XXxxx.xxxx.xxxxx.xxxXxxxxxxxverifiedHigh
53XX.XXX.XX.XXxxx.xxxx.xxxxx.xxxXxxxxxxxverifiedHigh
54XX.XXX.XX.XXxxx.xxxxx.xxxxx.xxxXxxxxxxxverifiedHigh
55XX.XXX.XX.XXXxxx.xxxxxxx.xxxxx.xxxXxxxxxxxverifiedHigh
56XX.XXX.XX.XXXxxx.xxxx.xxxxx.xxxXxxxxxxxverifiedHigh
57XX.XXX.XX.XXXxx.xxxxx.xxxxx.xxxXxxxxxxxverifiedHigh
58XX.XXX.XX.XXXxxxxxxxverifiedHigh
59XX.XXX.XXX.Xxxxxxxx.xxxxx.xxx.xxXxxxxxxxverifiedHigh
60XX.XXX.XXX.XXxxxxxxxx.xxxxx.xxx.xxXxxxxxxxverifiedHigh
61XX.XX.XX.XXXxxxxx.xxxxxxx.xxXxxxxxxxverifiedHigh
62XX.XXX.XX.XXxxxx.xxxxxxxx.xxxXxxxxxxxverifiedHigh
63XX.XXX.XX.XXXxxxxx.xxxxxxxx.xxxXxxxxxxxverifiedHigh
64XX.XX.XXX.XXxxxxxx.xxxxxxxx.xxxXxxxxxxxverifiedHigh
65XX.XXX.XX.XXxxxx-xx-xxx-xx-xx.xxxxxx-xx-xxxxxx.xxXxxxxxxxverifiedHigh
66XX.XXX.XXX.XXXxxxxxxx.xxxxxxxxx.xxXxxxxxxxverifiedHigh
67XX.XX.XX.XXXxx-xx-xx-xxx.xx.xxx-xxx.xxXxxxxxxxverifiedHigh
68XX.XXX.XX.XXXxxxxxxxx.xxxxxxx.xxXxxxxxxxverifiedHigh
69XX.XXX.XX.XXxxxx-xx-xxx-xx-xx.xxxxxx-xx-xxxxxx.xxXxxxxxxxverifiedHigh
70XX.XXX.XXX.XXXxxxxxxxverifiedHigh
71XX.XXX.XXX.XXXXxxxxxxxverifiedHigh
72XX.XX.XXX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
73XXX.XX.XXX.XXXxxxxxxxverifiedHigh
74XXX.XXX.XX.XXXXxxxxxxxverifiedHigh
75XXX.XX.XX.XXXXxxxxxxxverifiedHigh
76XXX.XX.XXX.XXXXxxxxxxxverifiedHigh
77XXX.XX.XXX.XXXXxxxxxxxverifiedHigh
78XXX.XX.XXX.XXXxxxxxxxverifiedHigh
79XXX.XX.XXX.XXXXxxxxxxxverifiedHigh
80XXX.XX.XXX.XXXXxxxxxxxverifiedHigh
81XXX.XX.XXX.XXXXxxxxxxxverifiedHigh
82XXX.XX.XX.XXXXxxxxxxxverifiedHigh
83XXX.XX.XX.XXXXxxxxxxxverifiedHigh
84XXX.XX.XX.XXXXxxxxxxxverifiedHigh
85XXX.XX.XX.XXXXxxxxxxxverifiedHigh
86XXX.XX.XX.XXXXxxxxxxxverifiedHigh
87XXX.XX.XX.XXXxxxxxxxverifiedHigh
88XXX.XXX.XX.XXXxxxxxxxverifiedHigh
89XXX.XXX.XXX.XXXxx.xxxx.xxxxxxx.xx.xxxxxxx.xxxXxxxxxxxverifiedHigh
90XXX.XX.XXX.XXXxx-xxx.xxxxxxxxx.xxXxxxxxxxverifiedHigh
91XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxx.xxxXxxxxxxxverifiedHigh
92XXX.XX.XXX.XXXxxxxxxxverifiedHigh
93XXX.XXX.XX.XXxxxxxxx.xxxXxxxxxxxverifiedHigh
94XXX.XXX.XX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxverifiedHigh
95XXX.XXX.XXX.XXXxxxxxx.xxxx-xxxxxx.xxXxxxxxxxverifiedHigh
96XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxXxxxxxxxverifiedHigh
97XXX.XXX.XX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxverifiedHigh
98XXX.XX.XXX.XXXXxxxxxxxverifiedHigh
99XXX.XX.X.XXXXxxxxxxxverifiedHigh
100XXX.XX.XXX.XXxxxxxx.xx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxverifiedHigh
101XXX.XX.XX.XXxx-xxx-xx-xx-xx.xxxxxxxxxx.xxxXxxxxxxxverifiedHigh
102XXX.XXX.XXX.XXXxxxxxxxverifiedHigh
103XXX.XX.XXX.XXXxxxx.xxxxxx.xxxXxxxxxxxverifiedHigh
104XXX.XXX.X.XXxxxx.xxxx.xxxXxxxxxxxverifiedHigh
105XXX.XXX.X.XXxxxx.xxxx.xxxXxxxxxxxverifiedHigh
106XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxx.xxx.xxxxxxxxxxxx.xxXxxxxxxxverifiedHigh
107XXX.XX.XXX.XXXxxxxxxxverifiedHigh
108XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
109XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxx.xxxXxxxxxxxverifiedHigh
110XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxx.xxxXxxxxxxxverifiedHigh
111XXX.XXX.XXX.XXXxxxxxx.xxxxx.xxXxxxxxxxverifiedHigh
112XXX.XXX.XX.XXXXxxxxxxxverifiedHigh
113XXX.XX.XX.XXXXxxxxxxxverifiedHigh
114XXX.XXX.XXX.XXXxxxxxx.xxxxx.xxxxxxXxxxxxxxverifiedHigh
115XXX.XX.XXX.XXXxxxxxxxx.xx-xxx-xx-xxx.xxXxxxxxxxverifiedHigh
116XXX.XXX.XX.XXXxxxxxx.xxxxxxx.xxXxxxxxxxverifiedHigh
117XXX.XXX.XX.XXXxxxxx.xxxxxx.xxXxxxxxxxverifiedHigh
118XXX.XXX.XX.XXXxxxxx.xxxxxx.xxXxxxxxxxverifiedHigh
119XXX.XXX.XX.XXxxxxxx.xxxxxxx.xxx.xxXxxxxxxxverifiedHigh
120XXX.XX.XXX.XXxxxxxxxxxxxx.xxxxxxx.xxXxxxxxxxverifiedHigh
121XXX.XX.XXX.XXXXxxxxxxxverifiedHigh
122XXX.XX.XXX.Xxxxx.xxx.xxxxxx.xxXxxxxxxxverifiedHigh
123XXX.XXX.XXX.XXXxxxxxxxverifiedHigh
124XXX.XXX.XXX.XXXxxxxxx.xxxxx.xxXxxxxxxxverifiedHigh
125XXX.XXX.XX.XXXxxxxxx.xx.xxXxxxxxxxverifiedHigh
126XXX.XXX.XX.XXXxxxxxxxxxx.xx.xxxxxxx.xxxXxxxxxxxverifiedHigh
127XXX.XXX.XX.XXXxxxxxxxxxx.xx.xxxxxxx.xxxXxxxxxxxverifiedHigh
128XXX.XXX.XXX.XXXxxxxxxxverifiedHigh
129XXX.XXX.XXX.XXxxxxxx.xxxxxxx.xxx.xxXxxxxxxxverifiedHigh
130XXX.XXX.XXX.XXXxxxxxx.xxxxxxx.xxx.xxXxxxxxxxverifiedHigh
131XXX.XXX.XXX.XXXxxxxxxxverifiedHigh
132XXX.XX.XXX.XXxxxxx.xxxxxxxx.xxxXxxxxxxxverifiedHigh
133XXX.XXX.XX.XXXxxx.xxxxxxxx.xxXxxxxxxxverifiedHigh
134XXX.XXX.XX.XXXxxxxxxxxxx.xxxxxxx.xxx.xxxXxxxxxxxverifiedHigh
135XXX.XX.XXX.XXXxxxxxxxverifiedHigh
136XXX.XX.XXX.XXXXxxxxxxxverifiedHigh
137XXX.XXX.XX.XXxxxxxx.xxxxxxx.xxx.xxXxxxxxxxverifiedHigh
138XXX.XX.XXX.XXxxxx.xxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
139XXX.XX.XXX.XXxxxx-xxxxxx-xx-xxxxxxxxx-xx.xxxxx.xxXxxxxxxxverifiedHigh
140XXX.XX.XXX.XXxxxx-xxxxxx-xx-xxxxxxxxx-xx.xxxxx.xxXxxxxxxxverifiedHigh
141XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
142XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
143XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
144XXX.X.XXX.XXXxxxxxxxxx.xxx-xxxx.xxXxxxxxxxverifiedHigh
145XXX.XXX.XX.XXXxxxxxxxverifiedHigh
146XXX.XXX.XXX.XXxxxxxxxverifiedHigh
147XXX.XXX.XX.XXXxxxxx.xxxxxxx.xxXxxxxxxxverifiedHigh
148XXX.XX.XXX.XXXxxxxxxxverifiedHigh
149XXX.XX.XXX.XXXxxxxxxxverifiedHigh
150XXX.XX.XX.XXXxxxxxxxverifiedHigh
151XXX.XXX.XXX.XXxxxxxxx-xxxxx.xx.xxXxxxxxxxverifiedHigh
152XXX.XXX.XXX.XXXxxx.xxxxxxxxx.xxXxxxxxxxverifiedHigh
153XXX.XXX.XXX.XXXxxxxxxxxx.xxx-xxxxxxx.xxxXxxxxxxxverifiedHigh
154XXX.XX.XX.XXXxxxxx-xxxxx-xx.xxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
155XXX.XX.XX.XXXxxxxxxxverifiedHigh
156XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxxxxxverifiedHigh
157XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
158XXX.XXX.XXX.XXXXxxxxxxxverifiedHigh
159XXX.XXX.XX.Xxxxxxxxxxx.xxx.xxxXxxxxxxxverifiedHigh
160XXX.XXX.XX.Xxxxxxxxx.xxx.xxxXxxxxxxxverifiedHigh
161XXX.XXX.XX.XXXxxxx-xxx-xx.xxxxxxxxxx.xxxxxxx.xxx.xxxXxxxxxxxverifiedHigh
162XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxx.xxxxxx.xxxXxxxxxxxverifiedHigh
163XXX.XX.XX.XXxxxx.xxx.xxxxxxxxx.xxXxxxxxxxverifiedHigh
164XXX.XX.XX.XXXxxxxx.xxx.xxxxxxxxx.xxXxxxxxxxverifiedHigh
165XXX.XX.XXX.XXxxxxxxxx.xxx.xxxxx.xxxXxxxxxxxverifiedHigh
166XXX.XXX.X.XXxxx-xxx-x-xx.xxxxxxx-xxx.xx-x.xxxXxxxxxxxverifiedHigh
167XXX.XXX.X.XXXxxx-xxx-x-xxx.xxxxxxx-xxx.xx-x.xxxXxxxxxxxverifiedHigh
168XXX.XXX.XXX.XXXxxxxxx.xxx.xxXxxxxxxxverifiedHigh
169XXX.XX.XX.XXXxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22, CWE-23Pathname TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74InjectionpredictiveHigh
4T1059CWE-88, CWE-94Cross Site ScriptingpredictiveHigh
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
13TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXXCWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
18TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
19TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (228)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/../conf/config.propertiespredictiveHigh
2File/drivers/infiniband/core/cm.cpredictiveHigh
3File/files.md5predictiveMedium
4File/forum/away.phppredictiveHigh
5File/horde/util/go.phppredictiveHigh
6File/hrm/employeeview.phppredictiveHigh
7File/images/predictiveMedium
8File/inc/parser/xhtml.phppredictiveHigh
9File/loginpredictiveLow
10File/modules/profile/index.phppredictiveHigh
11File/one_church/userregister.phppredictiveHigh
12File/out.phppredictiveMedium
13File/public/plugins/predictiveHigh
14File/SAP_Information_System/controllers/add_admin.phppredictiveHigh
15File/SASWebReportStudio/logonAndRender.dopredictiveHigh
16File/secure/admin/InsightDefaultCustomFieldConfig.jspapredictiveHigh
17File/secure/admin/ViewInstrumentation.jspapredictiveHigh
18File/tmp/phpglibccheckpredictiveHigh
19File/v2/quantum/save-data-upload-big-filepredictiveHigh
20File4.edu.phppredictiveMedium
21Fileadclick.phppredictiveMedium
22Fileaddentry.phppredictiveMedium
23Fileaddressbookprovider.phppredictiveHigh
24Fileadmin.jcomments.phppredictiveHigh
25Fileadmin/pageUploadCSV.phppredictiveHigh
26Fileajax_udf.phppredictiveMedium
27FileAppCompatCache.exepredictiveHigh
28Fileapplication.js.phppredictiveHigh
29Filexxx/xxxxxxx-xxxxxxx-xxx.xxpredictiveHigh
30Filexxxxxxxxxxxx.xpredictiveHigh
31Filexxxx_xxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
33Filexxxxxxx/xxxxxxxxxx/xxxxxx_xxxxxx_xxxxxxxx_xxxxx.xxpredictiveHigh
34Filexxxxxxxxxxx.xxpredictiveHigh
35Filexxxx_xxxxxxx.xxxpredictiveHigh
36Filexxxxxxxx.xxxpredictiveMedium
37Filexxxxxxxx.xxxpredictiveMedium
38Filexxxx.xxxpredictiveMedium
39Filexxx-xxx/xxx/xxxxxxxx_xxx.xxxpredictiveHigh
40Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
41Filexxxxxxxxx-xxxxxx.xxxpredictiveHigh
42Filexxxxxxx.xxxpredictiveMedium
43Filexxxx.xpredictiveLow
44Filexxxxxxx/xxxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxx_xxxxxxx.xxpredictiveHigh
45Filexxxx/xxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
46Filexxxxxxxx.xxxxxxxxxxpredictiveHigh
47Filexxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
48Filexxxxxxx-xxxxxxxx.xxxpredictiveHigh
49Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
50Filexx.xxxpredictiveLow
51Filexxxxxxxxxx-xxxxxxxxxxxxx.xxxpredictiveHigh
52Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
53Filexxxxxxx/xxx/xxxxxxxx/xxx/xxxxx/xxxx.xpredictiveHigh
54Filexxxxxx.xxxpredictiveMedium
55Filexxxxx.xxxpredictiveMedium
56Filexxxx.xxxpredictiveMedium
57Filexxx/xxx/xxx.xpredictiveHigh
58Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
59Filexxxx.xxxpredictiveMedium
60Filexxxxx_xxxxxxxx.xxxpredictiveHigh
61Filexxxxxxxxx.xxxpredictiveHigh
62Filexxx/xxxxxx.xxxpredictiveHigh
63Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
64Filexxxxx.xxxpredictiveMedium
65Filexxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
66Filexxxxxx/xxxx/xxxxxx_xxx.xxxpredictiveHigh
67Filexxxx_xxxx.xxxpredictiveHigh
68Filexxx.xxpredictiveLow
69Filexxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
70Filexxxxxx/xxxxxx/xxxxxx-xx.xpredictiveHigh
71Filexxxxxx-xxxxx.xxxpredictiveHigh
72Filexxxxxxxxxx/xxx.xpredictiveHigh
73Filexxxxxxxxxx/xxxx_xx.xpredictiveHigh
74Filexxxxxxxxxx/xxxx.xpredictiveHigh
75Filexxxxxxxxxx/xxxxxxx_xxxxxxxx.xpredictiveHigh
76Filexxxxxxxxxx/xxxxxxxxx.xpredictiveHigh
77Filexxxxxxxxxx/xxxxxxxxxxxxxx.xpredictiveHigh
78Filexxxxxxxxxxx/xxxxxx.xpredictiveHigh
79Filexxxx/xx.xxxpredictiveMedium
80Filexxxxx.xxxpredictiveMedium
81Filexxxx.xxxpredictiveMedium
82Filexxxxxxxxxxxxxx_xxxxxxxxx.xxxpredictiveHigh
83Filexxxxxxxxx.xxxpredictiveHigh
84Filexxxxxxxx.xxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxpredictiveHigh
85Filexxx/xxxx/xxxx.xpredictiveHigh
86Filexxx/xxxxxxxxx/xx_xxx_xxxxxx.xpredictiveHigh
87Filexxxx/xxxxxxxxx.xxxpredictiveHigh
88Filexxxxx_xxxxx.xxxpredictiveHigh
89Filexxxx.xxxpredictiveMedium
90Filexxxxx/xxxxxxx.xxxpredictiveHigh
91Filexxxx.xxxpredictiveMedium
92Filexxxxxxxx.xxxpredictiveMedium
93Filexxxxxxxxxx.xxxpredictiveHigh
94Filexxx_xxxxxxxxxxxx.xxxpredictiveHigh
95Filexxxxxxxxxx.xxpredictiveHigh
96Filexxxxx.xxxpredictiveMedium
97Filexxxxx.xxxpredictiveMedium
98Filexxxxxxxx.xxxpredictiveMedium
99Filexxxxxxxxxx.xxxpredictiveHigh
100Filexxxxxxxx.xxxpredictiveMedium
101Filexxxxxxxx_xxxxxxxxxxxx_xxxxxx.xxpredictiveHigh
102Filexxxxxxxx_xxxx.xxxpredictiveHigh
103Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
104Filexxxxxxxx.xpredictiveMedium
105Filexx_xxxx.xpredictiveMedium
106Filexx_xxx.xpredictiveMedium
107Filexxxxxxx.xxpredictiveMedium
108Filexxxxxx.xxxxpredictiveMedium
109Filexxxxxxxx-xxxxxx_xxxxx.xxxpredictiveHigh
110Filexxx_xxxxx.xxxpredictiveHigh
111Filexxxxx.xxxpredictiveMedium
112Filexxxxxxxxxxxxxxxx.xxpredictiveHigh
113Filexxxxxxx.xxxpredictiveMedium
114Filexxxxxxxxxxxxxxxx.xxxxpredictiveHigh
115Filexxxxx.xxpredictiveMedium
116Filexxxxxxxxx.xpredictiveMedium
117Filexxxxx_xxxxxx.xxxxpredictiveHigh
118Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
119Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
120Filexxxxxxxxx.xxpredictiveMedium
121Filexx-xxxxx/xxxxx.xxxpredictiveHigh
122Filexxxxxx.xxxpredictiveMedium
123Filexxxx_xxxx_xxxxxxx.xxxpredictiveHigh
124File~/xxxxxxxx-xxxxxxxx.xxxpredictiveHigh
125Libraryxxxxxxxx/xxxxxxx/xxxxxxxx/xxx/xxxx/xxxx/xxxxxx/xxx/xxxxxx/xxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxx/xxxxxxxx_xxxxxxxxxxxxxxxx.xxxxpredictiveHigh
126Libraryxxxxxx.xxxpredictiveMedium
127Libraryxxxxxx.xxxxxxxxx.xxxxxxx.xxxxx_xxxxx.xxxpredictiveHigh
128Libraryxxxxxxxx_x.xxxpredictiveHigh
129Libraryxxxxxxx\xxx\xxxxxxxx-xxx-x.xxxpredictiveHigh
130Libraryxxxxxxx_xxxxxx_xxx_x.x.xxxpredictiveHigh
131Libraryxxx/xxxxxxx.xpredictiveHigh
132Libraryxxx/xxxxxxxxx/x-xxxx.xxxpredictiveHigh
133Libraryxxx/xxx.xxxpredictiveMedium
134Libraryxxx/xxxxx/xxxxxxxxxxx.xxxpredictiveHigh
135Libraryxxxxxxxxx.x.x.xxx.xxxpredictiveHigh
136Libraryxxxxxxxx.xxxpredictiveMedium
137Libraryxxxxxxxxxxx.xxxpredictiveHigh
138Libraryxxxxx.xxxpredictiveMedium
139Argument$_xxxx['xxxxxxx']predictiveHigh
140Argument$_xxxxxxpredictiveMedium
141ArgumentxxxxxpredictiveLow
142ArgumentxxxxxxxpredictiveLow
143ArgumentxxpredictiveLow
144Argumentxxx_xxx_xxxxxpredictiveHigh
145ArgumentxxxxxxxxpredictiveMedium
146ArgumentxxxxxxxxpredictiveMedium
147Argumentxx_xxxx_xxpredictiveMedium
148Argumentxxxx_xxx_xxxxpredictiveHigh
149ArgumentxxxpredictiveLow
150ArgumentxxxpredictiveLow
151Argumentxxxx_xxpredictiveLow
152ArgumentxxxxxxxpredictiveLow
153ArgumentxxxxxxxpredictiveLow
154ArgumentxxxxxxxpredictiveLow
155ArgumentxxxxxxpredictiveLow
156ArgumentxxxpredictiveLow
157ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
158ArgumentxxxxxpredictiveLow
159ArgumentxxxxpredictiveLow
160ArgumentxxxxpredictiveLow
161ArgumentxxxxxxxxxxxxxxxpredictiveHigh
162ArgumentxxxxxxxpredictiveLow
163ArgumentxxxxpredictiveLow
164ArgumentxxxxxxxxpredictiveMedium
165ArgumentxxxxxxxxpredictiveMedium
166ArgumentxxxxpredictiveLow
167ArgumentxxxxpredictiveLow
168Argumentxxxxx_xxxxxxxx_xxpredictiveHigh
169ArgumentxxxxxxxpredictiveLow
170Argumentxxxxx_xxxxpredictiveMedium
171ArgumentxxxxpredictiveLow
172ArgumentxxpredictiveLow
173ArgumentxxxxxxxxxpredictiveMedium
174Argumentxx_xxxxpredictiveLow
175Argumentxx_xxxxpredictiveLow
176Argumentxxxxx_xxxxpredictiveMedium
177Argumentxxxxxxx xxxxxxxpredictiveHigh
178ArgumentxxxxpredictiveLow
179ArgumentxxxxxxxpredictiveLow
180ArgumentxxxxxxxxxxpredictiveMedium
181Argumentxxx_xxxxxpredictiveMedium
182ArgumentxxxxpredictiveLow
183Argumentxxx_xxxxxxxpredictiveMedium
184ArgumentxxxxxpredictiveLow
185Argumentxxxxxx xxxxxxpredictiveHigh
186ArgumentxxxxxxxxpredictiveMedium
187ArgumentxxxxpredictiveLow
188ArgumentxxxxxxxxpredictiveMedium
189ArgumentxxxxxxxxpredictiveMedium
190Argumentxxxx_xxxxxpredictiveMedium
191ArgumentxxxxpredictiveLow
192ArgumentxxxxxxxxxxxpredictiveMedium
193Argumentxxxxxxx_xxpredictiveMedium
194ArgumentxxxxxpredictiveLow
195ArgumentxxxxxxxpredictiveLow
196ArgumentxxxxxxxxxxpredictiveMedium
197ArgumentxxxxpredictiveLow
198ArgumentxxxxxxxxxxpredictiveMedium
199ArgumentxxxxxxxxxxpredictiveMedium
200ArgumentxxxxxxxpredictiveLow
201Argumentxxxxxx_xxxxxxx_xxxxxxxxx_xxxx/xxxxxx_xxxxxxx_xxxxxxx_xxxxpredictiveHigh
202Argumentxxxxxx_xxpredictiveMedium
203ArgumentxxxxxxpredictiveLow
204Argumentxxxxxx-xxxxxpredictiveMedium
205ArgumentxxxxxxxpredictiveLow
206ArgumentxxxxxxxxxxxxpredictiveMedium
207ArgumentxxxxpredictiveLow
208ArgumentxxxxxpredictiveLow
209Argumentxxxx_xxxxx_xxxxpredictiveHigh
210ArgumentxxxxxxxxxxpredictiveMedium
211ArgumentxxxxxpredictiveLow
212Argumentxxxxxx-xxxpredictiveMedium
213Argumentxxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
214Argumentx_xxpredictiveLow
215ArgumentxxxxxpredictiveLow
216ArgumentxxxxxpredictiveLow
217ArgumentxxxxxpredictiveLow
218ArgumentxxxxpredictiveLow
219ArgumentxxxpredictiveLow
220ArgumentxxxxxxxxpredictiveMedium
221ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
222Argumentxxxxxxx?xxxxxxxxpredictiveHigh
223ArgumentxxxxxpredictiveLow
224Argumentxxxx-xxxpredictiveMedium
225Argumentxxx_xxxxpredictiveMedium
226Input Valuexxxxxxxx+'@xxxpredictiveHigh
227Network Portxxx/xxx (xxxxx), xxx/xxx (xxxxxxxxx-xx)predictiveHigh
228Network Portxxx/xxxxxpredictiveMedium

References (18)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!