Generic Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (79)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en	62
pl	14
zh	2
fr	2

Country

PL: Poland	46
US: USA	8
CN: China	2
RU: Russia	2
FR: France	2

Actors

Generic	8
Meterpreter	2
Cobalt Strike	1
XLoader	1
Arid Viper	1

Activities

Interest

Timeline

Type

Not Defined	28
Network Utility Software	4
Log Management Software	4
Operating System	4
Router Operating System	4

Vendor

Not Defined	18
Microsoft	6
Apache	4
Linux	4
Fortinet	4

Product

cURL	4
libcURL	4
Linux Kernel	4
Apache Log4j	2
Space Coast Credit Union	2

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#	Vulnerability	Base	Temp	0day	Today	Exp	Cou	KEV	EPSS	CTI	CVE
1	cURL/libcURL Cookie File stat toctou	4.7	4.6	$0-$5k	$0-$5k	Not defined	Official fix		0.00000	0.03	CVE-2023-32001
2	Hypersilence Silentum Guestbook silentum_guestbook.php sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	possible	0.00103	0.36	CVE-2009-4687
3	F5 BIG-IP Configuration Utility path traversal	9.3	9.1	$5k-$25k	$0-$5k	Not defined	Official fix		0.13094	0.00	CVE-2023-41373
4	Google WebP libwebp heap-based overflow	8.0	7.9	$5k-$25k	$0-$5k	High	Official fix	verified	0.79395	0.00	CVE-2023-4863
5	D-Link DIR-859 HTTP POST Request hedwig.cgi path traversal	7.6	7.5	$5k-$25k	$0-$5k	Proof-of-Concept	Not defined	possible	0.57560	0.00	CVE-2024-0769
6	ZyXEL P660HN-T1A Remote System Log Forwarder ViewLog.asp command injection	9.0	9.0	$0-$5k	$0-$5k	High	Not defined	verified	0.93750	0.03	CVE-2017-18368
7	FreeType out-of-bounds write	6.8	6.8	$0-$5k	$0-$5k	Not defined	Not defined		0.04114	0.44	CVE-2025-27363
8	nhairs python-json-logger inclusion of functionality from untrusted control sphere	7.5	7.4	$0-$5k	$0-$5k	Not defined	Official fix		0.00608	0.04	CVE-2025-27607
9	Kentico CMS GET Request Parameter AccessDenied.aspx cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not defined	Not defined		0.00068	0.00	CVE-2024-12907
10	Apache Tomcat Incomplete Fix CVE-2024-50379 toctou	7.2	7.1	$0-$5k	$0-$5k	Not defined	Official fix		0.04635	0.00	CVE-2024-56337
11	GNU wget HTTP Shorthand Format server-side request forgery	6.4	6.1	$0-$5k	$0-$5k	Proof-of-Concept	Official fix		0.00472	0.04	CVE-2024-10524
12	Linux Kernel page_pool skb_mark_for_recycle memory leak	5.6	5.5	$0-$5k	$0-$5k	Not defined	Official fix		0.00088	0.03	CVE-2024-27393
13	Linux Kernel ICMP Timestamp/Netmask information disclosure	3.9	3.9	$5k-$25k	$0-$5k	Not defined	Not defined		0.00612	0.00	CVE-1999-0524
14	SailPoint IdentityIQ Lifecycle Manager input validation	5.8	5.7	$0-$5k	$0-$5k	Not defined	Official fix		0.00272	0.04	CVE-2024-1714
15	Bricks Plugin improper authentication	8.6	8.5	$0-$5k	$0-$5k	Not defined	Not defined	expected	0.92219	0.04	CVE-2024-25600
16	agnivade easy-scrypt scrypt.go VerifyPassphrase timing discrepancy	3.5	3.5	$0-$5k	$0-$5k	Not defined	Official fix		0.00074	0.00	CVE-2014-125055
17	GNU C Library __vsyslog_internal heap-based overflow	7.8	7.8	$0-$5k	$0-$5k	Not defined	Not defined		0.04534	0.03	CVE-2023-6246
18	Apache Tomcat Commons FileUpload denial of service	5.5	5.4	$5k-$25k	$0-$5k	Not defined	Official fix		0.02242	0.00	CVE-2023-42794
19	HP Integrated Lights-Out IPMI Protocol credentials management	8.2	8.1	$5k-$25k	$0-$5k	High	Workaround	possible	0.68039	0.00	CVE-2013-4786
20	Microsoft Outlook authentication replay	9.2	8.9	$5k-$25k	$0-$5k	High	Official fix	verified	0.93627	0.00	CVE-2023-23397

IOC - Indicator of Compromise (33)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	52.15.72.79	ec2-52-15-72-79.us-east-2.compute.amazonaws.com	Generic	04/08/2022	verified	Low
2	52.15.194.28	ec2-52-15-194-28.us-east-2.compute.amazonaws.com	Generic	04/08/2022	verified	Low
3	52.72.89.116	ec2-52-72-89-116.compute-1.amazonaws.com	Generic	04/08/2022	verified	Low
4	52.204.47.183	ec2-52-204-47-183.compute-1.amazonaws.com	Generic	04/08/2022	verified	Low
5	64.98.145.30	url.hover.com	Generic	04/08/2022	verified	Medium
6	67.228.43.214	d6.2b.e443.ip4.static.sl-reverse.com	Generic	04/08/2022	verified	Medium
7	68.65.121.51	strategic.com.ua	Generic	04/08/2022	verified	Medium
8	XX.XX.XX.XX	xxxxxxxxx-x.xxxxxxxxxxxxxx.xxx	Xxxxxxx	04/08/2022	verified	Low
9	XX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxx.xxxxxxxx.xxx	Xxxxxxx	04/08/2022	verified	Medium
10	XX.XX.XXX.XXX	xxxxx.xxxxxxxxxx.xxx	Xxxxxxx	04/08/2022	verified	Medium
11	XX.XXX.XXX.XX		Xxxxxxx	04/08/2022	verified	Medium
12	XXX.XX.XX.XX		Xxxxxxx	04/08/2022	verified	Medium
13	XXX.XX.XXX.XX		Xxxxxxx	04/08/2022	verified	Medium
14	XXX.XX.XXX.XXX		Xxxxxxx	04/08/2022	verified	Medium
15	XXX.XXX.XX.XX	xx-xxx-xxx-xx-xx.xxxxxx.xxxxxxxxxxxx.xxxxxx.xxx	Xxxxxxx	04/08/2022	verified	Medium
16	XXX.XXX.XXX.XXX	xxxxxx.xxxxxx.xxx	Xxxxxxx	04/08/2022	verified	Medium
17	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxx	Xxxxxxx	04/08/2022	verified	Medium
18	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxx	04/08/2022	verified	Medium
19	XXX.XXX.XXX.XXX		Xxxxxxx	04/08/2022	verified	Medium
20	XXX.XXX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxxxxx	04/08/2022	verified	Medium
21	XXX.XX.XXX.XX		Xxxxxxx	04/08/2022	verified	Medium
22	XXX.XX.XXX.XX	xxxxxx.xxxxxxx.xx	Xxxxxxx	04/08/2022	verified	Medium
23	XXX.XXX.XXX.XXX	xx-xxx-xxx-xxx-xxx.xx.xxxxxxxxxxxx.xxx	Xxxxxxx	04/08/2022	verified	Medium
24	XXX.XXX.XXX.XX	xxxx-xxxxxxx-xxxxxxx.xxxxxxxxxxx.xxx	Xxxxxxx	04/08/2022	verified	Low
25	XXX.XX.XXX.XXX		Xxxxxxx	04/08/2022	verified	Medium
26	XXX.XX.XXX.XXX		Xxxxxxx	04/08/2022	verified	Medium
27	XXX.XXX.XXX.XXX	xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxx	04/08/2022	verified	Medium
28	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xxx.xxxxxxxxx.xxx	Xxxxxxx	04/08/2022	verified	Medium
29	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxx	Xxxxxxx	04/08/2022	verified	Medium
30	XXX.XX.XXX.XX	xxxxxxxx.xxx.xxxxx.xxx	Xxxxxxx	04/08/2022	verified	Medium
31	XXX.XX.XXX.XX	xxxxxxxxx.xxxxxxxxxxxxx.xxx	Xxxxxxx	04/08/2022	verified	Low
32	XXX.XXX.XX.XX		Xxxxxxx	04/08/2022	verified	Medium
33	XXX.XXX.XXX.XXX		Xxxxxxx	04/08/2022	verified	Medium

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1040	CAPEC-102	CWE-294	Authentication Bypass by Capture-replay	predictive	High
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
4	TXXXX.XXX	CAPEC-XXX	CWE-XX	Xxxxx Xxxxx Xxxx Xxxxxxxxx	predictive	High
5	TXXXX	CAPEC-XXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
6	TXXXX	CAPEC-XXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
7	TXXXX.XXX	CAPEC-XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
8	TXXXX	CAPEC-XXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
9	TXXXX		CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
10	TXXXX	CAPEC-XX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	High
11	TXXXX.XXX	CAPEC-XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
12	TXXXX	CAPEC-XXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
13	TXXXX	CAPEC-XXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (36)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/accountancy/admin/accountmodel.php	predictive	High
2	File	/apply_noauth.cgi	predictive	High
3	File	/dev/mapper/control	predictive	High
4	File	/hedwig.cgi	predictive	Medium
5	File	announcements.php	predictive	High
6	File	xxxxxxxx.xxx	predictive	Medium
7	File	xxxxxxxxxxxx_xxxx.xxx	predictive	High
8	File	xxx/xxxxxx.xxx	predictive	High
9	File	xxxxxxx.xxx	predictive	Medium
10	File	xxxxx.xxx	predictive	Medium
11	File	xxxxxxxx/xxxxxxxxx	predictive	High
12	File	xxxxxxxx.xxx	predictive	Medium
13	File	xxxxxxxx.xxx	predictive	Medium
14	File	xxxx_xxx.x	predictive	Medium
15	File	xxxxxx.xx	predictive	Medium
16	File	xxxxxxxx_xxxxxxxxx.xxx	predictive	High
17	File	xxxx-xxxxx.xxx	predictive	High
18	File	xx /xxxxxxxxxxx/xxxxxxxxxxxx.xxxx	predictive	High
19	File	xxxxxxx.xxx	predictive	Medium
20	File	xxx.xxx	predictive	Low
21	File	xx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxx	predictive	High
22	File	xxxx/xxxx_xxxxxx.x	predictive	High
23	Argument	xxxxxxxxxxx	predictive	Medium
24	Argument	xxxxxxxx	predictive	Medium
25	Argument	xxxxxxxx	predictive	Medium
26	Argument	xxxx	predictive	Low
27	Argument	xxxxx	predictive	Low
28	Argument	xxxx_xxxx	predictive	Medium
29	Argument	xxxxxxxxx	predictive	Medium
30	Argument	xxxxx	predictive	Low
31	Argument	xxxxxxx_xxx	predictive	Medium
32	Argument	xxxxxx_xxxx	predictive	Medium
33	Argument	xxxxxxx	predictive	Low
34	Argument	xxxxxxxxx	predictive	Medium
35	Argument	xxxxxxx	predictive	Low
36	Input Value	../../../../xxxxxx/xxxxxx/xxxxxx/xxxxxx.xxxxxx-x.xxx	predictive	High

References (9)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

This view requires CTI permissions

Just purchase a CTI license today!