Generic Analysis

IOB - Indicator of Behavior (70)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en52
pl16
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

VWar Virtual War4
Dolibarr4
Netgear WNR2000v32
Netgear WNR2000v42
Netgear WNR2000v52

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1cURL/libcURL Cookie File stat toctou4.74.6$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00043CVE-2023-32001
2Hypersilence Silentum Guestbook silentum_guestbook.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.020.00107CVE-2009-4687
3F5 BIG-IP Configuration Utility path traversal9.39.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00321CVE-2023-41373
4Google WebP libwebp heap-based overflow7.57.4$5k-$25k$0-$5kHighOfficial Fix0.020.49095CVE-2023-4863
5ZyXEL P660HN-T1A Remote System Log Forwarder ViewLog.asp command injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.040.97521CVE-2017-18368
6SailPoint IdentityIQ Lifecycle Manager input validation5.85.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00043CVE-2024-1714
7Bricks Plugin improper authentication7.37.1$0-$5k$0-$5kNot DefinedNot Defined0.020.00000CVE-2024-25600
8agnivade easy-scrypt scrypt.go VerifyPassphrase timing discrepancy3.53.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00188CVE-2014-125055
9GNU C Library __vsyslog_internal heap-based overflow7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.020.00770CVE-2023-6246
10Apache Tomcat Commons FileUpload denial of service5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00045CVE-2023-42794
11HP Integrated Lights-Out IPMI Protocol credentials management8.28.0$5k-$25k$0-$5kHighWorkaround0.020.27196CVE-2013-4786
12Microsoft Outlook authentication replay9.08.6$5k-$25k$0-$5kFunctionalOfficial Fix0.030.92353CVE-2023-23397
13DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.720.00943CVE-2010-0966
14Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix2.840.00936CVE-2020-15906
15Proofpoint Enterprise Protection AdminUI cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00052CVE-2023-5771
16Microsoft Exchange Server Privilege Escalation8.07.3$5k-$25k$5k-$25kUnprovenOfficial Fix0.010.00065CVE-2023-36756
17Apache Log4j Chainsaw/SocketAppender resource consumption5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00260CVE-2023-26464
18Fortinet FortiSandbox HTTP Request path traversal7.47.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00094CVE-2023-41682
19Oracle MySQL Workbench denial of service7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00303CVE-2023-0215
20Cacti Regular Expression sql injection5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00112CVE-2023-39365

IOC - Indicator of Compromise (33)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
152.15.72.79ec2-52-15-72-79.us-east-2.compute.amazonaws.comGeneric04/08/2022verifiedMedium
252.15.194.28ec2-52-15-194-28.us-east-2.compute.amazonaws.comGeneric04/08/2022verifiedMedium
352.72.89.116ec2-52-72-89-116.compute-1.amazonaws.comGeneric04/08/2022verifiedMedium
452.204.47.183ec2-52-204-47-183.compute-1.amazonaws.comGeneric04/08/2022verifiedMedium
564.98.145.30url.hover.comGeneric04/08/2022verifiedHigh
667.228.43.214d6.2b.e443.ip4.static.sl-reverse.comGeneric04/08/2022verifiedHigh
768.65.121.51strategic.com.uaGeneric04/08/2022verifiedHigh
8XX.XX.XX.XXxxxxxxxxx-x.xxxxxxxxxxxxxx.xxxXxxxxxx04/08/2022verifiedHigh
9XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxx.xxxxxxxx.xxxXxxxxxx04/08/2022verifiedHigh
10XX.XX.XXX.XXXxxxxx.xxxxxxxxxx.xxxXxxxxxx04/08/2022verifiedHigh
11XX.XXX.XXX.XXXxxxxxx04/08/2022verifiedHigh
12XXX.XX.XX.XXXxxxxxx04/08/2022verifiedHigh
13XXX.XX.XXX.XXXxxxxxx04/08/2022verifiedHigh
14XXX.XX.XXX.XXXXxxxxxx04/08/2022verifiedHigh
15XXX.XXX.XX.XXxx-xxx-xxx-xx-xx.xxxxxx.xxxxxxxxxxxx.xxxxxx.xxxXxxxxxx04/08/2022verifiedHigh
16XXX.XXX.XXX.XXXxxxxxx.xxxxxx.xxxXxxxxxx04/08/2022verifiedHigh
17XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxxXxxxxxx04/08/2022verifiedHigh
18XXX.XXX.XXX.XXxxx-xxx-xxx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxx04/08/2022verifiedHigh
19XXX.XXX.XXX.XXXXxxxxxx04/08/2022verifiedHigh
20XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxxx04/08/2022verifiedHigh
21XXX.XX.XXX.XXXxxxxxx04/08/2022verifiedHigh
22XXX.XX.XXX.XXxxxxxx.xxxxxxx.xxXxxxxxx04/08/2022verifiedHigh
23XXX.XXX.XXX.XXXxx-xxx-xxx-xxx-xxx.xx.xxxxxxxxxxxx.xxxXxxxxxx04/08/2022verifiedHigh
24XXX.XXX.XXX.XXxxxx-xxxxxxx-xxxxxxx.xxxxxxxxxxx.xxxXxxxxxx04/08/2022verifiedHigh
25XXX.XX.XXX.XXXXxxxxxx04/08/2022verifiedHigh
26XXX.XX.XXX.XXXXxxxxxx04/08/2022verifiedHigh
27XXX.XXX.XXX.XXXxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx04/08/2022verifiedHigh
28XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxxx.xxxXxxxxxx04/08/2022verifiedHigh
29XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxxXxxxxxx04/08/2022verifiedHigh
30XXX.XX.XXX.XXxxxxxxxx.xxx.xxxxx.xxxXxxxxxx04/08/2022verifiedHigh
31XXX.XX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx04/08/2022verifiedHigh
32XXX.XXX.XX.XXXxxxxxx04/08/2022verifiedHigh
33XXX.XXX.XXX.XXXXxxxxxx04/08/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Path TraversalpredictiveHigh
2T1040CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1059CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/accountancy/admin/accountmodel.phppredictiveHigh
2File/apply_noauth.cgipredictiveHigh
3File/dev/mapper/controlpredictiveHigh
4Fileannouncements.phppredictiveHigh
5Filexxxxxxxx.xxxpredictiveMedium
6Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
7Filexxx/xxxxxx.xxxpredictiveHigh
8Filexxxxxxx.xxxpredictiveMedium
9Filexxxxx.xxxpredictiveMedium
10Filexxxxxxxx/xxxxxxxxxpredictiveHigh
11Filexxxxxxxx.xxxpredictiveMedium
12Filexxxxxxxx.xxxpredictiveMedium
13Filexxxx_xxx.xpredictiveMedium
14Filexxxxxx.xxpredictiveMedium
15Filexxxxxxxx_xxxxxxxxx.xxxpredictiveHigh
16Filexxxx-xxxxx.xxxpredictiveHigh
17Filexxxxxxx.xxxpredictiveMedium
18Filexxx.xxxpredictiveLow
19Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictiveHigh
20Filexxxx/xxxx_xxxxxx.xpredictiveHigh
21ArgumentxxxxxxxxxxxpredictiveMedium
22ArgumentxxxxxxxxpredictiveMedium
23ArgumentxxxxxxxxpredictiveMedium
24ArgumentxxxxpredictiveLow
25ArgumentxxxxxpredictiveLow
26Argumentxxxx_xxxxpredictiveMedium
27ArgumentxxxxxxxxxpredictiveMedium
28ArgumentxxxxxpredictiveLow
29Argumentxxxxxxx_xxxpredictiveMedium
30Argumentxxxxxx_xxxxpredictiveMedium
31ArgumentxxxxxxxxxpredictiveMedium
32ArgumentxxxxxxxpredictiveLow

References (9)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!