Generic Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (74)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en50
pl18
fr2
de2
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

PL: Poland44
US: USA8
FR: France2
JP: Japan2
DE: Germany2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Generic7
LokiBot2
XLoader1
Arid Viper1
Meterpreter1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined26
Web Browser6
Operating System4
Forum Software2
Virtualization Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined22
Google4
Apache4
Microsoft2
Cisco2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome4
phpforum2
libvirt2
Microsoft Edge2
Cisco HyperFlex HX Data Platform2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1cURL/libcURL Cookie File stat toctou4.74.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.05CVE-2023-32001
2Hypersilence Silentum Guestbook silentum_guestbook.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001070.04CVE-2009-4687
3F5 BIG-IP Configuration Utility path traversal9.39.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001740.04CVE-2023-41373
4Google WebP libwebp heap-based overflow7.57.4$5k-$25k$0-$5kHighOfficial Fix0.609140.03CVE-2023-4863
5D-Link DIR-859 HTTP POST Request hedwig.cgi path traversal7.67.5$5k-$25k$0-$5kProof-of-ConceptNot Defined0.002120.04CVE-2024-0769
6ZyXEL P660HN-T1A Remote System Log Forwarder ViewLog.asp command injection8.58.5$0-$5k$0-$5kHighNot Defined0.975180.04CVE-2017-18368
7Linux Kernel page_pool skb_mark_for_recycle memory leak5.75.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2024-27393
8Linux Kernel ICMP Timestamp/Netmask information disclosure3.93.9$5k-$25k$0-$5kNot DefinedNot Defined0.880800.18CVE-1999-0524
9SailPoint IdentityIQ Lifecycle Manager input validation5.85.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.05CVE-2024-1714
10Bricks Plugin improper authentication8.68.5$0-$5k$0-$5kNot DefinedNot Defined0.001300.04CVE-2024-25600
11agnivade easy-scrypt scrypt.go VerifyPassphrase timing discrepancy3.53.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002660.05CVE-2014-125055
12GNU C Library __vsyslog_internal heap-based overflow7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.007700.03CVE-2023-6246
13Apache Tomcat Commons FileUpload denial of service5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.05CVE-2023-42794
14HP Integrated Lights-Out IPMI Protocol credentials management8.28.0$5k-$25k$0-$5kHighWorkaround0.239830.09CVE-2013-4786
15Microsoft Outlook authentication replay9.08.6$5k-$25k$0-$5kHighOfficial Fix0.901800.09CVE-2023-23397
16DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.50CVE-2010-0966
17Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009364.11CVE-2020-15906
18Proofpoint Enterprise Protection AdminUI cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.00CVE-2023-5771
19Microsoft Exchange Server Privilege Escalation8.07.3$5k-$25k$5k-$25kUnprovenOfficial Fix0.000650.03CVE-2023-36756
20Apache Log4j Chainsaw/SocketAppender resource consumption5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.002060.00CVE-2023-26464

IOC - Indicator of Compromise (33)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
152.15.72.79ec2-52-15-72-79.us-east-2.compute.amazonaws.comGeneric04/08/2022verifiedLow
252.15.194.28ec2-52-15-194-28.us-east-2.compute.amazonaws.comGeneric04/08/2022verifiedLow
352.72.89.116ec2-52-72-89-116.compute-1.amazonaws.comGeneric04/08/2022verifiedLow
452.204.47.183ec2-52-204-47-183.compute-1.amazonaws.comGeneric04/08/2022verifiedLow
564.98.145.30url.hover.comGeneric04/08/2022verifiedMedium
667.228.43.214d6.2b.e443.ip4.static.sl-reverse.comGeneric04/08/2022verifiedMedium
768.65.121.51strategic.com.uaGeneric04/08/2022verifiedMedium
8XX.XX.XX.XXxxxxxxxxx-x.xxxxxxxxxxxxxx.xxxXxxxxxx04/08/2022verifiedLow
9XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxx.xxxxxxxx.xxxXxxxxxx04/08/2022verifiedMedium
10XX.XX.XXX.XXXxxxxx.xxxxxxxxxx.xxxXxxxxxx04/08/2022verifiedMedium
11XX.XXX.XXX.XXXxxxxxx04/08/2022verifiedMedium
12XXX.XX.XX.XXXxxxxxx04/08/2022verifiedMedium
13XXX.XX.XXX.XXXxxxxxx04/08/2022verifiedMedium
14XXX.XX.XXX.XXXXxxxxxx04/08/2022verifiedMedium
15XXX.XXX.XX.XXxx-xxx-xxx-xx-xx.xxxxxx.xxxxxxxxxxxx.xxxxxx.xxxXxxxxxx04/08/2022verifiedMedium
16XXX.XXX.XXX.XXXxxxxxx.xxxxxx.xxxXxxxxxx04/08/2022verifiedMedium
17XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxxXxxxxxx04/08/2022verifiedMedium
18XXX.XXX.XXX.XXxxx-xxx-xxx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxx04/08/2022verifiedMedium
19XXX.XXX.XXX.XXXXxxxxxx04/08/2022verifiedMedium
20XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxxx04/08/2022verifiedMedium
21XXX.XX.XXX.XXXxxxxxx04/08/2022verifiedMedium
22XXX.XX.XXX.XXxxxxxx.xxxxxxx.xxXxxxxxx04/08/2022verifiedMedium
23XXX.XXX.XXX.XXXxx-xxx-xxx-xxx-xxx.xx.xxxxxxxxxxxx.xxxXxxxxxx04/08/2022verifiedMedium
24XXX.XXX.XXX.XXxxxx-xxxxxxx-xxxxxxx.xxxxxxxxxxx.xxxXxxxxxx04/08/2022verifiedLow
25XXX.XX.XXX.XXXXxxxxxx04/08/2022verifiedMedium
26XXX.XX.XXX.XXXXxxxxxx04/08/2022verifiedMedium
27XXX.XXX.XXX.XXXxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx04/08/2022verifiedMedium
28XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxxx.xxxXxxxxxx04/08/2022verifiedMedium
29XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxxXxxxxxx04/08/2022verifiedMedium
30XXX.XX.XXX.XXxxxxxxxx.xxx.xxxxx.xxxXxxxxxx04/08/2022verifiedMedium
31XXX.XX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx04/08/2022verifiedLow
32XXX.XXX.XX.XXXxxxxxx04/08/2022verifiedMedium
33XXX.XXX.XXX.XXXXxxxxxx04/08/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
11TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (35)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/accountancy/admin/accountmodel.phppredictiveHigh
2File/apply_noauth.cgipredictiveHigh
3File/dev/mapper/controlpredictiveHigh
4File/hedwig.cgipredictiveMedium
5Fileannouncements.phppredictiveHigh
6Filexxxxxxxx.xxxpredictiveMedium
7Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
8Filexxx/xxxxxx.xxxpredictiveHigh
9Filexxxxxxx.xxxpredictiveMedium
10Filexxxxx.xxxpredictiveMedium
11Filexxxxxxxx/xxxxxxxxxpredictiveHigh
12Filexxxxxxxx.xxxpredictiveMedium
13Filexxxxxxxx.xxxpredictiveMedium
14Filexxxx_xxx.xpredictiveMedium
15Filexxxxxx.xxpredictiveMedium
16Filexxxxxxxx_xxxxxxxxx.xxxpredictiveHigh
17Filexxxx-xxxxx.xxxpredictiveHigh
18Filexxxxxxx.xxxpredictiveMedium
19Filexxx.xxxpredictiveLow
20Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictiveHigh
21Filexxxx/xxxx_xxxxxx.xpredictiveHigh
22ArgumentxxxxxxxxxxxpredictiveMedium
23ArgumentxxxxxxxxpredictiveMedium
24ArgumentxxxxxxxxpredictiveMedium
25ArgumentxxxxpredictiveLow
26ArgumentxxxxxpredictiveLow
27Argumentxxxx_xxxxpredictiveMedium
28ArgumentxxxxxxxxxpredictiveMedium
29ArgumentxxxxxpredictiveLow
30Argumentxxxxxxx_xxxpredictiveMedium
31Argumentxxxxxx_xxxxpredictiveMedium
32ArgumentxxxxxxxpredictiveLow
33ArgumentxxxxxxxxxpredictiveMedium
34ArgumentxxxxxxxpredictiveLow
35Input Value../../../../xxxxxx/xxxxxx/xxxxxx/xxxxxx.xxxxxx-x.xxxpredictiveHigh

References (9)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!