Generic Analysis

IOB - Indicator of Behavior (29)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en28
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome4
Dolibarr4
VWar Virtual War2
Rockwell FactoryTalk Services Platform2
Netgear WNR2000v32

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Apple Mac OS X CoreGraphics memory corruption7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.02890CVE-2015-5926
2Google Chrome WebGPU use after free6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.27766CVE-2022-2007
3Taocms Management Column cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.090.00885CVE-2021-44969
4showdoc information exposure5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2022-0079
5Adobe Premiere Rush EPS File buffer overflow7.06.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.01223CVE-2021-43023
6Siemens SINEMA Server Configuration Backup missing authentication4.34.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2019-10941
7Google Chrome Seccomp-BPF input validation7.36.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.28446CVE-2014-1733
8Asus RT-AC2900 input validation8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.10938CVE-2018-8826
9libvirt File Descriptor control release of resource7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.010.00890CVE-2020-14339
10Microsoft Windows NFO File MSINFO32.EXE xml external entity reference7.36.6$25k-$100k$0-$5kProof-of-ConceptUnavailable0.090.00000
11Microsoft Windows Bluetooth Driver Object code injection6.86.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.060.34534CVE-2011-1265
12PCRE pcre_get.c pcre32_copy_substring memory corruption7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01213CVE-2017-7245
13Rockwell FactoryTalk Services Platform untrusted search path8.48.4$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2014-9209
14Microsoft IIS Redirect memory corruption6.36.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.070.04671CVE-2004-0205
15Microsoft Edge HTTP/2 HEIST information disclosure4.54.4$25k-$100k$5k-$25kNot DefinedWorkaround0.010.33536CVE-2016-7153
16Space Coast Credit Union X.509 Certificate Validation certificate validation5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.010.00954CVE-2017-3212
17Dreambox DM500 Web Server input validation7.56.8$25k-$100k$0-$5kProof-of-ConceptWorkaround0.010.01974CVE-2008-3936
18VWar Virtual War calendar.php sql injection7.37.3$0-$5kCalculatingNot DefinedNot Defined0.010.00986CVE-2008-0753
19VWar Virtual War war.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.02172CVE-2006-3139
20phpforum mainfile.php privileges management7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01055CVE-2003-0559

IOC - Indicator of Compromise (34)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
152.15.72.79ec2-52-15-72-79.us-east-2.compute.amazonaws.comGenericverifiedMedium
252.15.194.28ec2-52-15-194-28.us-east-2.compute.amazonaws.comGenericverifiedMedium
352.72.89.116ec2-52-72-89-116.compute-1.amazonaws.comGenericverifiedMedium
452.204.47.183ec2-52-204-47-183.compute-1.amazonaws.comGenericverifiedMedium
564.98.145.30url.hover.comGenericverifiedHigh
667.228.43.214d6.2b.e443.ip4.static.sl-reverse.comGenericverifiedHigh
768.65.121.51strategic.com.uaGenericverifiedHigh
8XX.XX.XX.XXxxxxxxxxx-x.xxxxxxxxxxxxxx.xxxXxxxxxxverifiedHigh
9XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxx.xxxxxxxx.xxxXxxxxxxverifiedHigh
10XX.XX.XXX.XXXxxxxx.xxxxxxxxxx.xxxXxxxxxxverifiedHigh
11XX.XXX.XXX.XXXxxxxxxverifiedHigh
12XXX.XX.XX.XXXxxxxxxverifiedHigh
13XXX.XX.XXX.XXXxxxxxxverifiedHigh
14XXX.XX.XXX.XXXXxxxxxxverifiedHigh
15XXX.XXX.XX.XXxx-xxx-xxx-xx-xx.xxxxxx.xxxxxxxxxxxx.xxxxxx.xxxXxxxxxxverifiedHigh
16XXX.XXX.XXX.XXXxxxxxx.xxxxxx.xxxXxxxxxxverifiedHigh
17XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxverifiedHigh
18XXX.XXX.XXX.XXxxx-xxx-xxx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxverifiedHigh
19XXX.XXX.XXX.XXXXxxxxxxverifiedHigh
20XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxxxverifiedHigh
21XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxxxverifiedHigh
22XXX.XX.XXX.XXXxxxxxxverifiedHigh
23XXX.XX.XXX.XXxxxxxx.xxxxxxx.xxXxxxxxxverifiedHigh
24XXX.XXX.XXX.XXXxx-xxx-xxx-xxx-xxx.xx.xxxxxxxxxxxx.xxxXxxxxxxverifiedHigh
25XXX.XXX.XXX.XXxxxx-xxxxxxx-xxxxxxx.xxxxxxxxxxx.xxxXxxxxxxverifiedHigh
26XXX.XX.XXX.XXXXxxxxxxverifiedHigh
27XXX.XX.XXX.XXXXxxxxxxverifiedHigh
28XXX.XXX.XXX.XXXxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxverifiedHigh
29XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxxx.xxxXxxxxxxverifiedHigh
30XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxxXxxxxxxverifiedHigh
31XXX.XX.XXX.XXxxxxxxxx.xxx.xxxxx.xxxXxxxxxxverifiedHigh
32XXX.XX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxverifiedHigh
33XXX.XXX.XX.XXXxxxxxxverifiedHigh
34XXX.XXX.XXX.XXXXxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059CWE-94Cross Site ScriptingpredictiveHigh
2T1059.007CWE-79Cross Site ScriptingpredictiveHigh
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
8TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (18)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/accountancy/admin/accountmodel.phppredictiveHigh
2File/apply_noauth.cgipredictiveHigh
3File/dev/mapper/controlpredictiveHigh
4Filexxxxxxxxxxxxx.xxxpredictiveHigh
5Filexxxxxxxx.xxxpredictiveMedium
6Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
7Filexxxxxxx.xxxpredictiveMedium
8Filexxxxxxxx.xxxpredictiveMedium
9Filexxxxxxxx.xxxpredictiveMedium
10Filexxxx_xxx.xpredictiveMedium
11Filexxx.xxxpredictiveLow
12Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictiveHigh
13ArgumentxxxxxxxxpredictiveMedium
14ArgumentxxxxpredictiveLow
15Argumentxxxx_xxxxpredictiveMedium
16ArgumentxxxxxpredictiveLow
17Argumentxxxxxxx_xxxpredictiveMedium
18ArgumentxxxxxxxxxpredictiveMedium

References (9)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!