GIMF Analysis

IOB - Indicator of Behavior (255)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en194
zh46
de8
es4
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

la238
cn8
gb6
us4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress8
Revive Adserver6
Microsoft Windows6
Adobe ColdFusion4
nginx4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.0107510.00CVE-2006-6168
2Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009364.64CVE-2020-15906
3LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.42
4SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.44CVE-2022-28959
5Drupal Sanitization API cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.04CVE-2020-13672
6LiteSpeed Cache Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000510.00CVE-2023-4372
7WebTitan Appliance Extensions Persistent cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
8ipTIME NAS-I Bulletin Manage unrestricted upload7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.009880.06CVE-2020-7847
9request-baskets API Request {name} server-side request forgery6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.081090.05CVE-2023-27163
10DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.84CVE-2010-0966
11PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.017440.05CVE-2007-1287
12nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.97CVE-2020-12440
13Microsoft Windows Scripting Engine Remote Code Execution5.95.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.350640.00CVE-2021-34480
14NotificationX Plugin SQL Statement sql injection5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.024140.05CVE-2022-0349
15DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd resource injection4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.002050.10CVE-2022-41479
16Basilix Webmail login.php3 command injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.07
17JoomlaTune Com Jcomments admin.jcomments.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004890.05CVE-2010-5048
18Microsoft Office Remote Code Execution7.06.1$5k-$25k$0-$5kUnprovenOfficial Fix0.002500.03CVE-2023-21735
19Alt-N MDaemon Worldclient injection4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.05CVE-2021-27182
20CouchCMS mysql2i.func.php Path information disclosure3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.002410.04CVE-2019-1010042

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Cyber Jihad

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (136)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/dl_sendmail.phppredictiveHigh
2File/adminPage/conf/reloadpredictiveHigh
3File/api/baskets/{name}predictiveHigh
4File/api/v2/cli/commandspredictiveHigh
5File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictiveHigh
6File/DXR.axdpredictiveMedium
7File/forum/away.phppredictiveHigh
8File/mfsNotice/pagepredictiveHigh
9File/novel/bookSetting/listpredictiveHigh
10File/novel/userFeedback/listpredictiveHigh
11File/owa/auth/logon.aspxpredictiveHigh
12File/spip.phppredictiveMedium
13File/x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3predictiveHigh
14File/zm/index.phppredictiveHigh
15Fileadclick.phppredictiveMedium
16Fileadmin.jcomments.phppredictiveHigh
17Filexxxxxxxxxxx/xxxxxxx/xxxxx/xxxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
18Filexxxxxxx.xxpredictiveMedium
19Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxx.xxxpredictiveMedium
21Filexx_xxxx_xx_xxxx_xxxx.xxxpredictiveHigh
22Filexxxx_xxxxxxx.xxxpredictiveHigh
23Filexxx-xxx/xxxxxxx.xxpredictiveHigh
24Filexxx-xxx/xxxxxx.xxxpredictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictiveHigh
27Filexxxxx-xxxxxxx.xxxpredictiveHigh
28Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
29Filexxxxxxxxxx\xxxx.xxxpredictiveHigh
30Filexxxxxxxxxxx.xxxpredictiveHigh
31Filexxxx-xxxxxx.xxxpredictiveHigh
32Filexxxxxxxxxxx.xxxxx.xxxpredictiveHigh
33Filexxxx.xxxpredictiveMedium
34Filexxxxx_xxxx.xxxpredictiveHigh
35Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
36Filexxx/xxxxxx.xxxpredictiveHigh
37Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveHigh
38Filexxxxx.xxxxpredictiveMedium
39Filexxxxx.xxxpredictiveMedium
40Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
41Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictiveHigh
42Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHigh
43Filexxxx_xxxxxxx.xxxpredictiveHigh
44Filexxxxx.xxxxpredictiveMedium
45Filexxxxx.xxxpredictiveMedium
46Filexxxx.xxxxpredictiveMedium
47Filexx_xxxx.xpredictiveMedium
48Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveHigh
49Filexxxxxxx_xxxx.xxxpredictiveHigh
50Filexxxxxx.xxxpredictiveMedium
51Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
52Filexxxxxxx.xxxpredictiveMedium
53Filexxxxxxxxxxxxx.xxxpredictiveHigh
54Filexxxxxxxxxxxx.xxxpredictiveHigh
55Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHigh
56Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
57Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
58Filexxxx_xxxxx.xxxxpredictiveHigh
59Filexxx/xxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
60Filexxxxxxxxxx_xxxx.xxxpredictiveHigh
61Filexxx/xxxx/xxxxpredictiveHigh
62Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
63Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
64Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
65Filexxxx_xxxxxx.xxpredictiveHigh
66Filexxxx-xxxxx.xxxpredictiveHigh
67Filexxxx-xxxxxxxx.xxxpredictiveHigh
68Filexxxxxx_xxxxx.xxxpredictiveHigh
69Filexxxxxx.xxxpredictiveMedium
70Filexxxxxxx-xxxxx.xxxpredictiveHigh
71Filexxxx_xxxxx.xxxpredictiveHigh
72Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
73Filexxxx.xxxpredictiveMedium
74Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
75Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
76Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
77Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
78Filexxxx.xxxpredictiveMedium
79File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveHigh
80File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
81Libraryxxxxxx.xxxpredictiveMedium
82Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictiveHigh
83Argumentxxx_xxxpredictiveLow
84ArgumentxxxxpredictiveLow
85ArgumentxxxxxxxxxpredictiveMedium
86ArgumentxxxxxxxxpredictiveMedium
87Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictiveHigh
88Argumentxxxxx_xxxxpredictiveMedium
89Argumentxxxx_xxx_xxxxpredictiveHigh
90ArgumentxxxxxxxxxxpredictiveMedium
91Argumentxxx_xxpredictiveLow
92ArgumentxxxpredictiveLow
93ArgumentxxxxxxxxxxxxxxxpredictiveHigh
94ArgumentxxxxxxpredictiveLow
95ArgumentxxxxpredictiveLow
96Argumentxxxxxxxxx_xxxxxxpredictiveHigh
97ArgumentxxxxxxxxxpredictiveMedium
98Argumentxx_xxxxxxxpredictiveMedium
99ArgumentxxxxpredictiveLow
100ArgumentxxxxxxxxpredictiveMedium
101ArgumentxxxxxpredictiveLow
102Argumentxxxxxx_xxxxxpredictiveMedium
103Argumentxxxxxxxxx/xxxxxxpredictiveHigh
104Argumentxx_xxpredictiveLow
105Argumentxxxxxxx[xxxxxxx]predictiveHigh
106ArgumentxxxxxxxpredictiveLow
107ArgumentxxxxxxpredictiveLow
108ArgumentxxxxxpredictiveLow
109ArgumentxxpredictiveLow
110ArgumentxxxpredictiveLow
111ArgumentxxxxpredictiveLow
112ArgumentxxxxpredictiveLow
113Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictiveHigh
114ArgumentxxxxxxxxpredictiveMedium
115Argumentxx_xxpredictiveLow
116Argumentxxxxxx/xxxxx/xxxxpredictiveHigh
117ArgumentxxxxxxxpredictiveLow
118ArgumentxxxxpredictiveLow
119Argumentxxxxxx_xxxxxxpredictiveHigh
120Argumentxxxxxxxx_xxpredictiveMedium
121Argumentxxxxxx_xxxxxpredictiveMedium
122Argumentxxxx_xxxxpredictiveMedium
123ArgumentxxxxpredictiveLow
124ArgumentxxxxxxpredictiveLow
125ArgumentxxxxxxxpredictiveLow
126ArgumentxxxpredictiveLow
127ArgumentxxxxxpredictiveLow
128ArgumentxxxpredictiveLow
129ArgumentxxxxxxxxpredictiveMedium
130Argument\xxxx\xxxxpredictiveMedium
131Argument_xxx_xxxxxxxxxxx_predictiveHigh
132Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
133Input ValuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
134Pattern|xx xx xx xx|predictiveHigh
135Network PortxxxxxpredictiveLow
136Network Portxxx/xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!