Inception Analysis
Activities
Timeline
The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.
Activities
Interest
Vulnerabilities
Campaigns (1)
These are the campaigns that can be associated with the actor:
- Inception
IOC - Indicator of Compromise (10)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
ID | IP address | Hostname | Actor | Campaigns | Type | Confidence |
---|---|---|---|---|---|---|
1 | 51.255.139.194 | ip194.ip-51-255-139.eu | Inception | verified | High | |
2 | 82.221.100.55 | web.a1yola.com | Inception | verified | High | |
3 | XX.XXX.XXX.XX | Xxxxxxxxx | verified | High | ||
4 | XX.XX.XXX.XXX | xxx.xxx-xx-xx-xxx.xxxxxxxxx.xxxx-xxx.xxx | Xxxxxxxxx | verified | High | |
5 | XXX.XXX.XX.XXX | xxxxx.xxxxxxxxxxxxxxxxxx.xxx | Xxxxxxxxx | verified | High | |
6 | XXX.XXX.XXX.XX | xxxx.xx-xxx-xxx-xxx.xxx | Xxxxxxxxx | verified | High | |
7 | XXX.XX.XX.XXX | Xxxxxxxxx | verified | High | ||
8 | XXX.XXX.XX.XX | xxxx.xxxxxxxxx.xxx | Xxxxxxxxx | verified | High | |
9 | XXX.XXX.XXX.XXX | Xxxxxxxxx | verified | High | ||
10 | XXX.XXX.XXX.XX | xxxxxxxxx.xxxxxxx.xx | Xxxxxxxxx | Xxxxxxxxx | verified | High |
TTP - Tactics, Techniques, Procedures (10)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Vulnerabilities | Access Vector | Type | Confidence |
---|---|---|---|---|---|
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | predictive | High |
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | predictive | High |
3 | TXXXX | CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX | Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx | predictive | High |
4 | TXXXX.XXX | CWE-XXX, CWE-XXX | Xxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx Xxxxxxxx | predictive | High |
5 | TXXXX | CWE-XXX | Xxxxxxxxxx Xxxxxx | predictive | High |
6 | TXXXX.XXX | CWE-XXX | Xxxxxxxx Xxxxxxxxxxxxx | predictive | High |
7 | TXXXX | CWE-XXX, CWE-XXX, CWE-XXX | Xxxxxxxxxxx Xxxxxxx Xx Xxxxxxxxxxx | predictive | High |
8 | TXXXX | CWE-XXX | Xxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxx | predictive | High |
9 | TXXXX.XXX | CWE-XXX | Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx | predictive | High |
10 | TXXXX | CWE-XXX, CWE-XXX, CWE-XXX | Xxxxxxxxxxxxx Xxxxxx | predictive | High |
IOA - Indicator of Attack (245)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Class | Indicator | Type | Confidence |
---|---|---|---|---|
1 | File | .jboss-cli-history | predictive | High |
2 | File | /admin.php?id=posts&action=display&value=1&postid= | predictive | High |
3 | File | /admin/inbox.php&action=read | predictive | High |
4 | File | /admin/news/news_mod.php | predictive | High |
5 | File | /admin/page_edit/3 | predictive | High |
6 | File | /administrator/alerts/alertLightbox.php | predictive | High |
7 | File | /apps/acs-commons/content/page-compare.html | predictive | High |
8 | File | /blog/blog.php | predictive | High |
9 | File | /cgi-bin/luci/api/diagnose | predictive | High |
10 | File | /cgi-bin/main.cgi | predictive | High |
11 | File | /cgi-bin/uploadWeiXinPic | predictive | High |
12 | File | /cms/classes/Master.php?f=delete_designation | predictive | High |
13 | File | /controller/Adv.php | predictive | High |
14 | File | /dvcset/sysset/set.cgi | predictive | High |
15 | File | /example/editor | predictive | High |
16 | File | /goform/setsambacfg | predictive | High |
17 | File | /goform/websURLFilter | predictive | High |
18 | File | /guest_auth/cfg/upLoadCfg.php | predictive | High |
19 | File | /include/make.php | predictive | High |
20 | File | /jquery_file_upload/server/php/index.php | predictive | High |
21 | File | /mobile/SelectUsers.jsp | predictive | High |
22 | File | /php/ajax.php | predictive | High |
23 | File | /ptms/classes/Users.php | predictive | High |
24 | File | /public/admin/index.php?add_product | predictive | High |
25 | File | /resolv/nss_dns/dns-host.c | predictive | High |
26 | File | /role/saveOrUpdateRole.do | predictive | High |
27 | File | /scbs/admin/?page=facilities/manage_facility | predictive | High |
28 | File | /xxxxxx/xxx/xxx_xxx | predictive | High |
29 | File | /xxx/xxxxx/xxx/xxx | predictive | High |
30 | File | /xxxxxxxx_xxxxx/xxxxxxx/xxxxxx.xxx?x=xxxxxx_xxx | predictive | High |
31 | File | /xx-xxxxxxx/xxxxxxx/xxxxxxxxxx/ | predictive | High |
32 | File | /xxxxxxx/xxx/xxx.xxx | predictive | High |
33 | File | xxxxxxxxxxxxxx.xxxx | predictive | High |
34 | File | xxxxx/xxxxx-xxxx-xxxxxx-xxxx-xxxxx.xxx | predictive | High |
35 | File | xxxxx/xxxxxxxx/xxxxxxxxx.xxx | predictive | High |
36 | File | xxxxx/xxxxxxxx/xxxx_xxxxxxxx/xxxx_xxxxxxxx.xxx | predictive | High |
37 | File | xxxxx/xxxxx/xxxxxxxx.xxx | predictive | High |
38 | File | xxxxxxxx/x/xxxxx/xxxxx-xxxxxxxxxxx | predictive | High |
39 | File | xxxxxx/xxxxxx/xxxxx.xxx | predictive | High |
40 | File | xxxxxxxxxxxxx.xxxx | predictive | High |
41 | File | xxx/xxxxx/xxxxxxx/xxxx_xxxx_xxxxxxx_xxxxxxx.xxx | predictive | High |
42 | File | xxxx.xxx_xxxxx_xxxx_xxxxxxxxxx.xxx | predictive | High |
43 | File | xxxxxx.xxx | predictive | Medium |
44 | File | xxxxxxxx.xxx | predictive | Medium |
45 | File | xxx_xxxx_xxxxx.x | predictive | High |
46 | File | xxxxxxxxxx-x.xxx | predictive | High |
47 | File | xxxxxxxxx.xxx | predictive | High |
48 | File | xxxxxxxx | predictive | Medium |
49 | File | xxxxxxx/xxxxxxxxx.xxx.xxx | predictive | High |
50 | File | xx/xxxxx/xxxx/xxxxxx.xxx | predictive | High |
51 | File | xxxxxx/xxx.x | predictive | Medium |
52 | File | xxx.xx.xxxxxxxxx.xxxxxxxx.xxxxxx.xxxxxxxxxxxxx.xx.xx.xxxxxxxxxxxxx | predictive | High |
53 | File | xxxxxx.x | predictive | Medium |
54 | File | xxxxxx/xxx.x | predictive | Medium |
55 | File | xxxxxx.xxx | predictive | Medium |
56 | File | xxxxxxx-xxxxx-xxxxxxxx.xxx | predictive | High |
57 | File | xxxx_xxxxx_xxxxxxx.xxxx | predictive | High |
58 | File | xxxxxx.x | predictive | Medium |
59 | File | xxxx_xxxxxxx.x | predictive | High |
60 | File | xxxx_xxxxxxxxxx.xxxx | predictive | High |
61 | File | xxxxxx/xxxxxx/xxxxxxxxxx.xxx | predictive | High |
62 | File | xx/xxxxxx.x | predictive | Medium |
63 | File | xxxxxxxxxxxxxxxxx.xxx | predictive | High |
64 | File | xxxxxxxxxxxxxxx.xxx | predictive | High |
65 | File | xxx/xxxxxxxx.xxx | predictive | High |
66 | File | xxxxx.xxx | predictive | Medium |
67 | File | xxxx.xxx | predictive | Medium |
68 | File | xxxxxxx.xxx | predictive | Medium |
69 | File | xxxxxxxxxxx.xx | predictive | High |
70 | File | xxx.x | predictive | Low |
71 | File | xxx_xxxxxx_xxxxxx.xx | predictive | High |
72 | File | xxxxxxx.x | predictive | Medium |
73 | File | xxxxxx/xxx/xxxxxxxx.x | predictive | High |
74 | File | xxxxxxxxxxxxx.xxxx | predictive | High |
75 | File | xxxxxxx-xxx-xxxxxxx.x | predictive | High |
76 | File | xxxxx.xxx | predictive | Medium |
77 | File | xxxxxxxx.xxx | predictive | Medium |
78 | File | xxxxxxx.xxx | predictive | Medium |
79 | File | xxxxxx.xxx | predictive | Medium |
80 | File | xxxxxxxxx.x | predictive | Medium |
81 | File | xxxxxxxxxxxxxxx.xxx | predictive | High |
82 | File | xxxxxxx/xxxxx/xxxxxxxx/xxxx.x | predictive | High |
83 | File | xxxxxxxxx/xxxxxx.x | predictive | High |
84 | File | xxxxxxxxx/ | predictive | Medium |
85 | File | xxx_xx/xxx_xx_xxxxxx.x | predictive | High |
86 | File | xxx/xxxx/xx_xxxx_xxxxx.x | predictive | High |
87 | File | xxxxxxx/xxxxxx/xxxxxx.xxx | predictive | High |
88 | File | xxxxxx.xxx | predictive | Medium |
89 | File | xxxxxxxx.xxx | predictive | Medium |
90 | File | xxxxxxx-xxxxxx.xxx | predictive | High |
91 | File | xxxxx.xxx | predictive | Medium |
92 | File | xxxxxx.x | predictive | Medium |
93 | File | xxxxxxxx.xxx | predictive | Medium |
94 | File | xxxxxxx.xxx | predictive | Medium |
95 | File | xxxxxxx.xxx | predictive | Medium |
96 | File | xxxxxxxxxxxxxxxxxxxx.xxx | predictive | High |
97 | File | xxxxxxx.xxx | predictive | Medium |
98 | File | xxxxxxxxxxxxxxx.xxx | predictive | High |
99 | File | xxxxxxxxxx/xxxx_xxxxx.x | predictive | High |
100 | File | xxxxxx.xxx | predictive | Medium |
101 | File | xxx_xxx.xx | predictive | Medium |
102 | File | xxx/xxxxxxxx/xxxxx/xxxxx_xxxxx.x | predictive | High |
103 | File | xxx/xxxxxxxxx.x | predictive | High |
104 | File | xxx/xxx_xxxx.x | predictive | High |
105 | File | xx_xxxx/xxxx_xxxx.x | predictive | High |
106 | File | xx_xxxx/xx_xxxxxxxxx.x | predictive | High |
107 | File | xx_xxxx/xxxx_xxxx.x | predictive | High |
108 | File | xxxxxxxx+.xxx | predictive | High |
109 | File | xxxxxxxx_xxxxx_xxxxxxxx.xxx | predictive | High |
110 | File | xxxxxxxxxxxxxxxxx.xxxx | predictive | High |
111 | File | xxxxx-xxxxx.xxx | predictive | High |
112 | File | xxxxxxxxxxxxxxxxxxx.xxxx | predictive | High |
113 | File | xxxxxx.xxx | predictive | Medium |
114 | File | xxxxxxxx_xxxxx.xxx | predictive | High |
115 | File | xxxxxxxxxxxxxxxx.xxxx | predictive | High |
116 | File | xxxxx/xxxx-xxxxxxx.x | predictive | High |
117 | File | xxxx_xxxx.xxx | predictive | High |
118 | File | xxxx.xxx | predictive | Medium |
119 | File | xxxxxxxxxxxxxxxx.xxxx | predictive | High |
120 | File | xx-xxxxx/xxxxx-xxxx.xxx | predictive | High |
121 | File | xx-xxxxx/xxxxx-xxxx.xxx | predictive | High |
122 | File | xx-xxxxx/xxxxx.xxx | predictive | High |
123 | File | xx-xxxxxxx/xxxxxxx/xxxxxxxxx-xxxxxxx/ | predictive | High |
124 | File | xxx_xxxxxxxx.xxx | predictive | High |
125 | File | \xxxxx\xxxxxxxx_xxxxxx.xxx | predictive | High |
126 | File | \xxxxxxx\xxxxxxxx_xxxxxxxxxx.xxx | predictive | High |
127 | File | ~/xxxxxxx/xxxxxx/xxxxx.xxx | predictive | High |
128 | File | ~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxx.xxx | predictive | High |
129 | File | ~/xxxx | predictive | Low |
130 | Library | xxxxxxxx.xxx | predictive | Medium |
131 | Library | xxx/xxxxxxx-xxxxxxxxx-x.x.x.xxx | predictive | High |
132 | Library | xxx/xxxxxxx/xxxxxxxxx.xxx | predictive | High |
133 | Library | xxx/xxxx/xxx.xx | predictive | High |
134 | Library | xxx/xxx/xxxxxxx.x | predictive | High |
135 | Library | xxx/xxxxx.xxx | predictive | High |
136 | Library | xxx/xx/xxx.xx | predictive | High |
137 | Library | xxx/xxxx/xxxxxx.x | predictive | High |
138 | Library | xxxx.xx.x | predictive | Medium |
139 | Library | xxx_xxx.x | predictive | Medium |
140 | Library | xxxxxxxx.xxx | predictive | Medium |
141 | Library | xxxxxxx.xxx | predictive | Medium |
142 | Library | xxxxxxxx.xxx | predictive | Medium |
143 | Library | xxx/xxx/xxxx/xxx/xxxx.xxx | predictive | High |
144 | Library | xxxxxxx.xxx | predictive | Medium |
145 | Argument | $_xxx | predictive | Low |
146 | Argument | -x | predictive | Low |
147 | Argument | x/x | predictive | Low |
148 | Argument | xxxxxx | predictive | Low |
149 | Argument | xxxxxxxxxxxx | predictive | Medium |
150 | Argument | xxxxxx_xx[] | predictive | Medium |
151 | Argument | xxxxx.xxxxxxxx | predictive | High |
152 | Argument | xxx | predictive | Low |
153 | Argument | xxxxxxx_xx | predictive | Medium |
154 | Argument | xxxxxx | predictive | Low |
155 | Argument | xxxxxx_xxxxxx_xxxxx | predictive | High |
156 | Argument | xxx | predictive | Low |
157 | Argument | xxxxxxxx | predictive | Medium |
158 | Argument | xxx | predictive | Low |
159 | Argument | xxxxxxx | predictive | Low |
160 | Argument | xxxxxx | predictive | Low |
161 | Argument | xxxxxxxxx | predictive | Medium |
162 | Argument | xxxxxxxxxxxxxxxx | predictive | High |
163 | Argument | xxxx | predictive | Low |
164 | Argument | xxxxxx | predictive | Low |
165 | Argument | xxxxxxxxxxx | predictive | Medium |
166 | Argument | xxxxxxxxxx | predictive | Medium |
167 | Argument | xxxxxxxx | predictive | Medium |
168 | Argument | xxxxxx/xxxx | predictive | Medium |
169 | Argument | xxxxx | predictive | Low |
170 | Argument | xxxxx | predictive | Low |
171 | Argument | xxxxxxx_xx | predictive | Medium |
172 | Argument | xxxx_xx | predictive | Low |
173 | Argument | xxxxxx[x] | predictive | Medium |
174 | Argument | xxxx | predictive | Low |
175 | Argument | xxxxxxxx | predictive | Medium |
176 | Argument | xxxxxxxx | predictive | Medium |
177 | Argument | xxxxxxxx | predictive | Medium |
178 | Argument | xxxx_xxxx | predictive | Medium |
179 | Argument | xxxxxxxxxx | predictive | Medium |
180 | Argument | xxxxxxxxxx | predictive | Medium |
181 | Argument | xxxxx | predictive | Low |
182 | Argument | xx_xxxxxx | predictive | Medium |
183 | Argument | x_xxxx | predictive | Low |
184 | Argument | xxxx | predictive | Low |
185 | Argument | xxxx | predictive | Low |
186 | Argument | xxxxxxxx | predictive | Medium |
187 | Argument | xx | predictive | Low |
188 | Argument | xxxxx_xxxxx_xxxxxx | predictive | High |
189 | Argument | xxx | predictive | Low |
190 | Argument | xx_xxxx | predictive | Low |
191 | Argument | xxxxx_xxx | predictive | Medium |
192 | Argument | xxxx | predictive | Low |
193 | Argument | xxxx | predictive | Low |
194 | Argument | xxxxxxxx=xx | predictive | Medium |
195 | Argument | xxxxxx | predictive | Low |
196 | Argument | xxxxx[xxxxxxx] | predictive | High |
197 | Argument | xxx_xxxxxxxx_xxxxxx | predictive | High |
198 | Argument | xxxxx | predictive | Low |
199 | Argument | xxxx | predictive | Low |
200 | Argument | xxxxxxx | predictive | Low |
201 | Argument | xxxxxxxx | predictive | Medium |
202 | Argument | xxxxx | predictive | Low |
203 | Argument | xxx | predictive | Low |
204 | Argument | xxxxxxxxxxxxxxxxxx | predictive | High |
205 | Argument | xxxxxxxx | predictive | Medium |
206 | Argument | xxxx | predictive | Low |
207 | Argument | xxx | predictive | Low |
208 | Argument | xxxxxxxx | predictive | Medium |
209 | Argument | xxxxxx | predictive | Low |
210 | Argument | xxxxx_xxxxxxxx/xxxxx_xxxxxx/xxxxx_xxxxxxxxxxx | predictive | High |
211 | Argument | xxxxx | predictive | Low |
212 | Argument | xxxxxxxx_xx | predictive | Medium |
213 | Argument | xxxxxxxxxxx | predictive | Medium |
214 | Argument | xxxxxxxx | predictive | Medium |
215 | Argument | xxxxxx | predictive | Low |
216 | Argument | xxxxxxxxxxxxxx | predictive | High |
217 | Argument | xxxxxx | predictive | Low |
218 | Argument | xxxxxx | predictive | Low |
219 | Argument | xxxxxxx | predictive | Low |
220 | Argument | xxxxxxx | predictive | Low |
221 | Argument | xxxxxxxx | predictive | Medium |
222 | Argument | xxxxx | predictive | Low |
223 | Argument | xxxxxxxxxxxxxx | predictive | High |
224 | Argument | xx | predictive | Low |
225 | Argument | xxx_xxxx | predictive | Medium |
226 | Argument | xxxxxxxxxxxx/xxxxxxxxxxxxxxxx | predictive | High |
227 | Argument | xxx_xxxxx_xxx_xxxx | predictive | High |
228 | Argument | xxxx | predictive | Low |
229 | Argument | xxxxx | predictive | Low |
230 | Argument | xx | predictive | Low |
231 | Argument | xxxxxx | predictive | Low |
232 | Argument | xxxxxxxxxx_xxxx_xxxxxxx/xxxxxxxxxx_xxxx_xxxxxx/xxxxxxxxxx_xxxx_xxxx/xxxxxxxxxx_xxxx_xxxxxxx/xxxxxxxxxx_xxxx_xxx | predictive | High |
233 | Argument | xxxxxxxx | predictive | Medium |
234 | Argument | xxxxxxxx | predictive | Medium |
235 | Argument | xxxxxxxx/xxxxxxxx | predictive | High |
236 | Argument | xxxx_xx | predictive | Low |
237 | Argument | xxxxxx | predictive | Low |
238 | Argument | xxx xxx xxx/xxxxxxx xxxx | predictive | High |
239 | Argument | x_xx | predictive | Low |
240 | Argument | x_xx_xxxxxxxxxxxxxxxxxxx | predictive | High |
241 | Argument | xxx | predictive | Low |
242 | Argument | _xxxxx | predictive | Low |
243 | Input Value | <xxxxxx>xxxxx(x)</xxxxxx>xxx | predictive | High |
244 | Input Value | xxxx://:xx | predictive | Medium |
245 | Network Port | xxx/xxx | predictive | Low |
References (5)
The following list contains external sources which discuss the actor and the associated activities:
- https://github.com/eset/malware-ioc/tree/master/interception
- https://github.com/vuldb/cyber_threat_intelligence/tree/main/actors/Inception
- https://securelist.com/recent-cloud-atlas-activity/92016/
- https://unit42.paloaltonetworks.com/unit42-inception-attackers-target-europe-year-old-office-vulnerability/
- https://www.threatminer.org/report.php?q=bcs_wp_InceptionReport_EN_v12914.pdf&y=2014