IcedID Analysis

IOB - Indicator of Behavior (124)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en84
zh38
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn94
us30

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Synacor Zimbra Collaboration Suite6
Microsoft Windows4
TP-LINK WR890N4
WordPress2
Mozilla Firefox2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Upload Widget in OutSystems Platform unrestricted upload6.96.6$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2020-29441
2PHPGurukul Hospital Management System in PHP edit-profile.php sql injection5.35.1$0-$5k$0-$5kNot DefinedNot Defined0.020.01055CVE-2020-22173
3Discourse Group Member information disclosure4.34.2$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2022-21677
4UCMS cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2020-20781
5CyberPower PowerPanel Business Edition Agent/Center Stored cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.010.02192CVE-2019-13070
6Microsoft Windows User Profile Service Privilege Escalation7.26.7$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.050.01150CVE-2022-21919
7Microsoft Windows LSA information disclosure6.45.9$25k-$100k$5k-$25kFunctionalOfficial Fix0.020.26327CVE-2021-36942
8Coremail XT Signature upload.jsp cross site scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.020.02561CVE-2020-29133
9SimpleRisk reset.php CSRF cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.060.00885CVE-2017-10711
10jeecg-boot unrestricted upload7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00885CVE-2022-2647
11Redis dbghelp.dll uncontrolled search path [Disputed]7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00885CVE-2022-3734
12YoudianCMS MailAction.class.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2022-32300
13D-Link DIR-868L/DIR-817LW Web Interface getcfg.php Credentials improper authentication7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.050.19548CVE-2019-17506
14Private Cloud Management Platform POST Request global_config_query improper authentication7.36.8$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2022-2664
15Digital Watchdog DW Spectrum Server API information disclosure5.55.4$0-$5k$0-$5kNot DefinedNot Defined0.070.00885CVE-2022-34534
16SourceCodester Online Student Admission System Student User Page edit-profile.php cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00885CVE-2022-2681
17vsftpd deny_file unknown vulnerability3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.050.01136CVE-2015-1419
18Palo Alto PAN-OS Management Interface os command injection8.17.9$0-$5k$0-$5kNot DefinedOfficial Fix0.080.02055CVE-2021-3059
19ExacqVision Web Service/Enterprise Manager signature verification5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.020.67311CVE-2020-9047
20ownCloud Client URL injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.04836CVE-2021-44537

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (116)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.61.46.161IcedIDverifiedHigh
25.149.252.179hnh7.arenal.xyzIcedIDverifiedHigh
331.24.224.121f18e00c.setaptr.netIcedIDverifiedHigh
431.24.228.17031.24.228.170.static.midphase.comIcedIDverifiedHigh
531.184.199.11dalesmanager.comIcedIDverifiedHigh
637.120.222.100IcedIDverifiedHigh
737.252.11.221IcedIDverifiedHigh
845.8.146.139vm580483.stark-industries.solutionsTA551IcedIDverifiedHigh
945.129.99.241354851-vds-mamozw.gmhost.pp.uaIcedIDverifiedHigh
1045.138.172.179IcedIDverifiedHigh
1145.147.228.198IcedIDverifiedHigh
1245.147.230.82IcedIDverifiedHigh
1345.147.230.88mailnode7.bulletproof-mail.bizIcedIDverifiedHigh
1445.147.231.113IcedIDverifiedHigh
1545.153.240.135IcedIDverifiedHigh
1645.153.241.115IcedIDverifiedHigh
1746.17.98.191IcedIDverifiedHigh
1846.21.153.211211.153.21.46.static.swiftway.netTA551IcedIDverifiedHigh
1946.249.62.199IcedIDverifiedHigh
2051.195.169.87ip87.ip-51-195-169.euIcedIDverifiedHigh
2164.227.108.27TA551IcedIDverifiedHigh
2279.141.161.176zzs7bp73.copycomdigital.comIcedIDverifiedHigh
2379.141.164.241x6ts.mtsgamingpro.funIcedIDverifiedHigh
2479.141.166.39webimpa.comIcedIDverifiedHigh
25XX.XX.XX.XXxx.xx.xx.xx.xx.xxx.xxXxxxxxverifiedHigh
26XX.XX.XX.XXXxxx.xx.xx.xx.xx.xxx.xxXxxxxxverifiedHigh
27XX.XX.XX.XXXxxx.xx.xx.xx.xx.xxx.xxXxxxxxverifiedHigh
28XX.XX.XX.XXXxxx.xx.xx.xx.xx.xxx.xxXxxxxxverifiedHigh
29XX.XX.XX.XXXxxx.xx.xx.xx.xx.xxx.xxXxxxxxverifiedHigh
30XX.XX.XX.XXXxxx.xx.xx.xx.xx.xxx.xxXxxxxxverifiedHigh
31XX.XX.XXX.XXXXxxxxXxxxxxverifiedHigh
32XX.XXX.XXX.XXXxxxx-xxx-xxx.xxx.xxxxxxx.xxXxxxxxverifiedHigh
33XX.XXX.XX.XXXXxxxxxverifiedHigh
34XX.XXX.XX.XXXxxxxxverifiedHigh
35XX.XXX.XX.XXXXxxxxxverifiedHigh
36XX.XX.XXX.XXXXxxxxxXxxxxx XxxxxxverifiedHigh
37XX.XX.XXX.XXxxxx.x.xxxxxxxx.xxxxxXxxxxxverifiedHigh
38XX.XXX.XX.XXxxxxxxx.xxx.xxXxxxxxverifiedHigh
39XX.XXX.XX.XXxxxxxxx.xx.xxXxxxxxverifiedHigh
40XX.XXX.XX.XXxxxxxxx.xxxxxxx.xxx.xxXxxxxxverifiedHigh
41XX.XXX.XX.XXXxxxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxXxxxxxverifiedHigh
42XX.XXX.XX.XXxxxxxx-xx.xxxxxxxxx.xxxXxxxxxverifiedHigh
43XX.XXX.XXX.XXXxxxxxverifiedHigh
44XX.XXX.XXX.XXXxxxxxx.xxxx.xxXxxxxxverifiedHigh
45XX.XXX.XX.XXxxxxxx.xx.xx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxverifiedHigh
46XXX.XXX.XX.XXXxxx.xx.xxxxxxxxxx.xxxXxxxxXxxxxxverifiedHigh
47XXX.XXX.XX.XXxx-xxx-xxx-xx-xx.xx.xxxxxxxxxxxx.xxxXxxxxxverifiedHigh
48XXX.XXX.XXX.XXxxxxxx.xxxxx.xxxxxxxXxxxxxXxxxxx XxxxxxverifiedHigh
49XXX.XXX.XXX.XXXxxxxxverifiedHigh
50XXX.XX.XX.XXXXxxxxxverifiedHigh
51XXX.XXX.XXX.XXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxXxxxxxverifiedHigh
52XXX.XX.XXX.XXXXxxxxxverifiedHigh
53XXX.XX.XXX.XXXxxxxxverifiedHigh
54XXX.XX.XXX.XXXxxxxxverifiedHigh
55XXX.XX.XXX.XXXxxxxxverifiedHigh
56XXX.XX.XXX.XXXXxxxxXxxxxxverifiedHigh
57XXX.XXX.XX.XXXxxxxxverifiedHigh
58XXX.X.XX.XXXxxxxxverifiedHigh
59XXX.X.XX.XXXxxxxxverifiedHigh
60XXX.XXX.XXX.XXXxxxxxverifiedHigh
61XXX.XXX.XX.XXXXxxxxXxxxxxverifiedHigh
62XXX.XX.XXX.XXXxxxxxverifiedHigh
63XXX.XXX.XXX.XXXxxxxxverifiedHigh
64XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xx-xxxx.xxxxXxxxxxverifiedHigh
65XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxxXxxxxxverifiedHigh
66XXX.XXX.XXX.XXxxxxxxx.xxxxxxxx.xxxXxxxxxverifiedHigh
67XXX.XXX.XX.XXXxxxxxXxxxxx XxxxxxverifiedHigh
68XXX.XX.XXX.XXXXxxxxxXxxxxx XxxxxxverifiedHigh
69XXX.XX.XX.XXxxxxXxxxxxverifiedHigh
70XXX.XXX.XX.XXXxxxxxverifiedHigh
71XXX.XXX.X.XXXxxxxxverifiedHigh
72XXX.XX.XXX.XXXxxxxxXxxxxx XxxxxxverifiedHigh
73XXX.XXX.XXX.XXXxxxxxxxx.xxxxx.xxxXxxxxXxxxxxverifiedHigh
74XXX.XX.XX.XXXXxxxxxverifiedHigh
75XXX.XX.XXX.XXXXxxxxXxxxxxverifiedHigh
76XXX.XXX.XXX.XXXXxxxxxverifiedHigh
77XXX.XXX.XXX.XXxxxxxxxx.xxxXxxxxxverifiedHigh
78XXX.XX.XX.XXXxxxxxverifiedHigh
79XXX.XX.XXX.XXXxxxxxverifiedHigh
80XXX.XX.XXX.XXXXxxxxxXxxxxx XxxxxxverifiedHigh
81XXX.XX.XXX.XXXxxxxxverifiedHigh
82XXX.XX.XXX.XXXxxxxxverifiedHigh
83XXX.XX.XXX.XXxxx.xxxxxxx.xxxXxxxxxverifiedHigh
84XXX.XX.XXX.XXXxxxx-xxx.xxxxxXxxxxxverifiedHigh
85XXX.XXX.XX.XXXXxxxxxverifiedHigh
86XXX.XXX.XX.XXXxxxxxverifiedHigh
87XXX.XXX.XX.XXXXxxxxxverifiedHigh
88XXX.XXX.XXX.XXXxxxxxverifiedHigh
89XXX.XXX.XXX.XXxxxxxxxx.xxx.xxXxxxxxverifiedHigh
90XXX.XXX.XXX.XXxxxxxxxx-xx.xxxxxx.xxxx.xxx.xxxxx.xxxXxxxxxverifiedHigh
91XXX.XXX.XXX.XXXxxxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxverifiedHigh
92XXX.XXX.XXX.XXxxxxxxxxxxx.xxXxxxxxverifiedHigh
93XXX.XXX.XXX.XXXxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxverifiedHigh
94XXX.XX.XX.Xxxxxxx.xxxxxxx.xxx.xxXxxxxxverifiedHigh
95XXX.XXX.XX.XXXxxxxxverifiedHigh
96XXX.X.XXX.XXXxxxxxverifiedHigh
97XXX.X.XXX.XXXxxxxxverifiedHigh
98XXX.X.XXX.XXXxxxxxverifiedHigh
99XXX.X.XXX.XXXxxxxxverifiedHigh
100XXX.X.XXX.XXXxxxxxverifiedHigh
101XXX.X.XXX.XXXxxxxxverifiedHigh
102XXX.X.XXX.XXXxxxxxverifiedHigh
103XXX.X.XXX.XXXxxxxxverifiedHigh
104XXX.X.XXX.XXXXxxxxxverifiedHigh
105XXX.X.XXX.XXXXxxxxxverifiedHigh
106XXX.X.XXX.XXXxxxxxverifiedHigh
107XXX.X.XXX.XXXxxxxxverifiedHigh
108XXX.X.XXX.XXXXxxxxxverifiedHigh
109XXX.XXX.X.Xxxxxxxxxxxxx.xxxxxxx.xxxXxxxxxverifiedHigh
110XXX.XX.XXX.XXxxxxxxx.xxxXxxxxxverifiedHigh
111XXX.XXX.XX.XXXxxxxx.xxxxxxxx-xxxx-xxxx-xxxxxx.xxxxXxxxxxverifiedHigh
112XXX.XXX.XX.XXXXxxxxxverifiedHigh
113XXX.XXX.XX.XXXxxx-xxx.xxxxxxxxx.xxxXxxxxxverifiedHigh
114XXX.XXX.XX.XXXxxxxXxxxxxverifiedHigh
115XXX.XXX.XX.XXXXxxxxxverifiedHigh
116XXX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxxxXxxxxx XxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4T1059.007CWE-79Cross Site ScriptingpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (44)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin.php?&m=Public&a=loginpredictiveHigh
2File/api/predictiveLow
3File/config/getuserpredictiveHigh
4File/management/api/rcx_management/global_config_querypredictiveHigh
5File/setSystemAdminpredictiveHigh
6File/ucms/index.php?do=list_editpredictiveHigh
7File/xxx/xxxxx/xxx/xxxxx/xxxx/xxxxxxxpredictiveHigh
8Filexxxxxxx/xxxxx_xxxxxxxx.xxxpredictiveHigh
9Filexxxxx/xxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
10Filexxx/xxxxxxx.xxpredictiveHigh
11Filexxxxx.xxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxx/xxx/predictiveMedium
13Filexxxx/xxxx_xxxxxxxxx.xpredictiveHigh
14Filexxxx.xxxpredictiveMedium
15Filexxxx-xxxxxxx.xxxpredictiveHigh
16Filexxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxx.xxxpredictiveMedium
18Filexxxxx.xxxpredictiveMedium
19Filexxx/xxxxxx.xxxpredictiveHigh
20Filexxx_xxxxxxxxx.xpredictiveHigh
21Filexxx/xxxx/xxxx_xxxxxx.xpredictiveHigh
22Filexxxxxx.xxxpredictiveMedium
23Filexxx_xx.xpredictiveMedium
24Filexxxxx.xxxpredictiveMedium
25Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
26File\xxx\xxxx-xxxxxxx.xxxpredictiveHigh
27Library/xxx/xxx/xxxxxx/xxxxx/xxxxxxxxxx.xxxxx.xxxpredictiveHigh
28Libraryx:/xxxxxxx xxxxx/xxxxx/xxxxxxx.xxxpredictiveHigh
29Libraryxxxxxx.xxxpredictiveMedium
30ArgumentxxxxxxxpredictiveLow
31ArgumentxxxxxxxxxxpredictiveMedium
32ArgumentxxxpredictiveLow
33Argumentxxxx_xxpredictiveLow
34ArgumentxxxxpredictiveLow
35ArgumentxxxxxxxxpredictiveMedium
36ArgumentxxpredictiveLow
37ArgumentxxxxxxxxxxpredictiveMedium
38ArgumentxxxxxxxxxxxpredictiveMedium
39Argumentxxxxxxxxx/xxxxxxxxxxxpredictiveHigh
40Argumentxxxxx/xxx xxxxx/xxxxxxxxxxx/xxxxxxxpredictiveHigh
41ArgumentxxxxpredictiveLow
42Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
43Input Value%xxxxxxxx{}%predictiveMedium
44Input Value<xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveHigh

References (20)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!