Generickdz Analysis

IOB - Indicator of Behavior (137)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en106
de16
es6
pl6
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us84
ca20
de8
gb6
jp4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft IIS6
Microsoft Internet Explorer2
thttpd2
ampleShop2
Exim2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1All Enthusiast Inc Reviewpost Php Pro showproduct.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00986CVE-2004-2175
2Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.04187CVE-2011-0643
3OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.410.49183CVE-2016-6210
4212cafe 212cafeboard view.php sql injection7.37.1$0-$5kCalculatingHighUnavailable0.010.00986CVE-2008-4713
5Petwant PF-103/Petalk AI libcommon.so processCommandUploadLog os command injection9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.030.01055CVE-2019-17364
6Petwant PF-103/Petalk AI libcommon.so processCommandSetMac os command injection9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.000.01055CVE-2019-16737
7Apple macOS Login Window state issue4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00954CVE-2021-30702
8Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.500.25090CVE-2017-0055
9PhotoPost PHP Pro showproduct.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.080.01213CVE-2004-0250
10Floosietek FTGate memory corruption10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.15607CVE-2005-3640
11Aboleo.net Portmon privileges management5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2003-0448
12Sun MySQL MS DOS Device Name denial of service7.57.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.080.01136CVE-2005-0799
13PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.730.01213CVE-2007-0529
14BitTorrent uTorrent Bencoding Parser input validation6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.030.01213CVE-2020-8437
15MDaemon Webmail cross site scripting5.45.1$0-$5kCalculatingNot DefinedOfficial Fix0.050.00885CVE-2019-8983
16Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
17Synology DiskStation Manager Change Password password recovery7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01055CVE-2018-8916
18Webmin Package Updates Module update.cgi command injection8.88.8$0-$5k$0-$5kNot DefinedNot Defined0.020.63825CVE-2019-12840
19Goahead Software Webserver HTTP Request aux denial of service5.34.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.060.06790CVE-2001-0385
20centreon Contact Groups Form formContactGroup.php sql injection6.35.8$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00954CVE-2022-3827

IOC - Indicator of Compromise (58)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.9.72.48cpanelbk.pcready.meGenerickdzverifiedHigh
212.167.151.118GenerickdzverifiedHigh
337.1.193.431.1.1.1GenerickdzverifiedHigh
440.112.72.205GenerickdzverifiedHigh
543.230.143.219GenerickdzverifiedHigh
643.231.4.7GenerickdzverifiedHigh
745.90.34.87GenerickdzverifiedHigh
846.105.98.53ns382068.ip-46-105-98.euGenerickdzverifiedHigh
952.5.251.20ec2-52-5-251-20.compute-1.amazonaws.comGenerickdzverifiedMedium
1069.55.5.252GenerickdzverifiedHigh
1172.52.91.14GenerickdzverifiedHigh
1277.104.144.25ip-77-104-144-25.siteground.comGenerickdzverifiedHigh
13XX.XXX.XXX.XXXXxxxxxxxxxverifiedHigh
14XX.XX.XXX.XXxxxxx.xxxxxxx.xxXxxxxxxxxxverifiedHigh
15XX.XXX.XXX.XXXxxxxxxxxxverifiedHigh
16XX.XXX.XX.XXXXxxxxxxxxxverifiedHigh
17XX.XXX.XX.XXxxx.xxxx.xxxxx.xxxXxxxxxxxxxverifiedHigh
18XX.XXX.XX.XXxxx.xxxx.xxxxx.xxxXxxxxxxxxxverifiedHigh
19XX.XXX.XX.XXXxxx.xxxx.xxxxx.xxxXxxxxxxxxxverifiedHigh
20XX.XXX.XX.XXxx.xxxxx.xxxxx.xxxXxxxxxxxxxverifiedHigh
21XX.XX.XX.XXxxxxxx.xx.xx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxxverifiedHigh
22XX.XXX.XXX.XXxxxxxxxx.xxxxx.xxx.xxXxxxxxxxxxverifiedHigh
23XX.XXX.XX.XXXxxxxx.xxxxxxxx.xxxXxxxxxxxxxverifiedHigh
24XX.XXX.XXX.XXXxxxxxxx.xxxxxxxxx.xxXxxxxxxxxxverifiedHigh
25XX.XXX.XXX.XXXXxxxxxxxxxverifiedHigh
26XXX.XX.XX.XXXxxxxxxxxxverifiedHigh
27XXX.XX.XX.XXXXxxxxxxxxxverifiedHigh
28XXX.XX.XXX.XXXxxxxxxxxxverifiedHigh
29XXX.XX.XXX.XXXxxxxxxxxxverifiedHigh
30XXX.XX.XX.XXXxxxxxxxxxverifiedHigh
31XXX.XX.XX.XXXxxxxxxxxxverifiedHigh
32XXX.XXX.XX.XXXxxxxxxxxxverifiedHigh
33XXX.XX.XXX.XXXXxxxxxxxxxverifiedHigh
34XXX.X.XXX.XXXXxxxxxxxxxverifiedHigh
35XXX.X.XXX.XXXxxxxxxxxxverifiedHigh
36XXX.XXX.XX.XXXxxxxxxxxxverifiedHigh
37XXX.XXX.XX.XXxx-xx-xxx.xxxxx.xxxXxxxxxxxxxverifiedHigh
38XXX.XX.XXX.XXxxxxxx.xx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxxverifiedHigh
39XXX.XXX.XX.XXxxxxxxxxx-xx-xxx-xx-xxxx.xxxxx.xxxXxxxxxxxxxverifiedHigh
40XXX.XXX.XX.XXXxxxxxxxxx-xxx-xxx-xx-xxxx.xxxxx.xxxXxxxxxxxxxverifiedHigh
41XXX.XXX.X.XXXxxxxxxxx-xx-xx.xxxxx.xxxXxxxxxxxxxverifiedHigh
42XXX.XXX.X.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxxxxxverifiedHigh
43XXX.XXX.XXX.XXXxxxxxxxx-xx-xx.xxxxx.xxxXxxxxxxxxxverifiedHigh
44XXX.XXX.XX.XXxx-xx-xxx.xxxxx.xxxXxxxxxxxxxverifiedHigh
45XXX.XXX.XX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxxxxxxverifiedHigh
46XXX.XXX.XX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxxxxxxverifiedHigh
47XXX.XX.XXX.XXxxx-xx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
48XXX.XX.XX.XXXxxx-xxxxxx.xxxxxx-xx-xxxxx.xxxXxxxxxxxxxverifiedHigh
49XXX.XXX.XXX.XXXxxxxxxxxxverifiedHigh
50XXX.XX.XX.XXXxxxxxxxx.xxxxxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
51XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxxxxxxxverifiedHigh
52XXX.XX.XXX.XXXXxxxxxxxxxverifiedHigh
53XXX.XX.XXX.XXXxxx.xxxxxxxx.xxxXxxxxxxxxxverifiedHigh
54XXX.XX.XXX.Xxx-xxx.xxxXxxxxxxxxxverifiedHigh
55XXX.XXX.XX.XXXxxxxxxxxxverifiedHigh
56XXX.XXX.XX.XXxxx-xx-xxxx.xxxxx.xxxXxxxxxxxxxverifiedHigh
57XXX.XXX.XXX.XXxxxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
58XXX.XXX.XXX.XXXXxxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (58)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/auxpredictiveLow
2File/etc/sudoerspredictiveMedium
3File/pages/processlogin.phppredictiveHigh
4File/uncpath/predictiveMedium
5File/way4acs/enrollpredictiveHigh
6Fileadmin/conf_users_edit.phppredictiveHigh
7Fileannouncement.phppredictiveHigh
8Filexxx.xxxpredictiveLow
9Filexxxxxxxx.xxxpredictiveMedium
10Filexxxxxxxxxxxx.xxxpredictiveHigh
11Filexxxxxxxx/xxxxxxxxxx.xxxxpredictiveHigh
12Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxx.xxxpredictiveMedium
14Filexxxx.xxxpredictiveMedium
15Filexxxxxxxxxxx/xxxxx.xxxpredictiveHigh
16Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxx.xxxpredictiveMedium
18Filexxxxx.xxxxpredictiveMedium
19Filexxxxx.xxxpredictiveMedium
20Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictiveHigh
21Filexxxxx/xxxxxxxx.xpredictiveHigh
22Filexxxxxxxxx.xxpredictiveMedium
23Filexxxxx.xxxpredictiveMedium
24Filexxxx.xxxpredictiveMedium
25Filexxxx_xxxx.xxxpredictiveHigh
26Filexxx.xxpredictiveLow
27Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
28Filexxxx_xxxxxxxxx.xxxpredictiveHigh
29Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
30Filexxxxxxxxxxx.xxxpredictiveHigh
31Filexxxxxx.xxxpredictiveMedium
32Filexxxxxx.xxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
33Filexxxx.xxxpredictiveMedium
34Filexxxxxxxx.xxxpredictiveMedium
35Filexx-xxxxx/xxxxx-xxxx.xxx?xxxx=xxxxxxxxxpredictiveHigh
36Filexxxxxx.xxxpredictiveMedium
37File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveHigh
38Argument-x/-xpredictiveLow
39ArgumentxxxpredictiveLow
40ArgumentxxxxxxxxpredictiveMedium
41ArgumentxxxxxpredictiveLow
42Argumentxxx_xxpredictiveLow
43Argumentxx_xxpredictiveLow
44ArgumentxxxxpredictiveLow
45ArgumentxxxxxpredictiveLow
46ArgumentxxxxxxxxpredictiveMedium
47Argumentxxxx_xxxxxxxx_xxxxpredictiveHigh
48ArgumentxxpredictiveLow
49Argumentxxxxxxx_xxxpredictiveMedium
50Argumentxxxx_xxpredictiveLow
51ArgumentxxxxpredictiveLow
52ArgumentxxxxxpredictiveLow
53ArgumentxxxxxxxxpredictiveMedium
54ArgumentxxxpredictiveLow
55ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
56ArgumentxxxxpredictiveLow
57Input Value.%xx.../.%xx.../predictiveHigh
58Input Valuexxxx://xxx.xxxxxxx.xxx/xxxxxxxx.xxx?xxxxxxxxxxx=xxxpredictiveHigh

References (7)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!