India Police Analysis

IOB - Indicator of Behavior (184)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	164
es	10
zh	6
de	2
fr	2

Country

us	86
cn	30
au	14
ag	10
nl	4

Actors

India Police	10
Cobalt Strike	3
Lazarus	1
LimeRAT	1
Charming Kitten	1

Activities

Interest

Timeline

Type

Not Defined	70
Content Management System	12
Operating System	12
Application Server Software	8
Firewall Software	6

Vendor

Not Defined	50
Microsoft	14
Oracle	8
Adiscon	4
BMC	4

Product

Microsoft Windows	10
WordPress	6
Adiscon LogAnalyzer	4
QNAP QTS	4
QNAP QuTS Hero	4

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	Microsoft IIS IP/Domain Restriction access control	6.5	5.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.05	0.00817	CVE-2014-4078
2	Adiscon LogAnalyzer Login Button Referer Field login.php cross site scripting	5.2	4.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.00268	CVE-2018-19877
3	Apple iOS IOMobileFramebuffer memory corruption	8.3	8.1	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00	0.00167	CVE-2016-4654
4	Bitrix Site Manager Vote Module Remote Code Execution	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00329	CVE-2022-27228
5	WordPress Password Reset wp-login.php mail password recovery	6.1	5.8	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.05	0.03548	CVE-2017-8295
6	Jalios JCMS ajaxPortal.jsp cross site scripting	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00141	CVE-2020-15497
7	XiongMai uc-httpd memory corruption	8.5	8.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.03403	CVE-2018-10088
8	Websense Forcepoint User ID Service Port 5001 unrestricted upload	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.16917	CVE-2019-6139
9	F5 BIG-IP Configuration Utility path traversal	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.03339	CVE-2015-4040
10	WordPress WP_Query class-wp-query.php sql injection	8.5	8.4	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.05	0.00318	CVE-2017-5611
11	Microsoft Windows Remote Desktop Service code injection	10.0	9.0	$100k and more	$0-$5k	High	Official Fix	0.05	0.69476	CVE-2012-0002
12	Kentico CMS os command injection	6.7	6.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00805	CVE-2018-7046
13	Drei 3Kundenzone X.509 Certificate cryptographic issues	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00049	CVE-2014-5828
14	vsftpd deny_file unknown vulnerability	3.7	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.16	0.00312	CVE-2015-1419
15	GitLab Community Edition/Enterprise Edition Runner Registration Token information disclosure	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.05444	CVE-2022-0735
16	OpenSSH FIDO Authentication improper authentication	5.6	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.05	0.00107	CVE-2021-36368
17	Fortinet FortiADC cross site scripting	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.07	0.00046	CVE-2022-38374
18	WAPPushManager sql injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.65	0.00301	CVE-2014-8507
19	Linux Kernel nfnetlink_queue.c nfqnl_mangle denial of service	6.5	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00134	CVE-2022-36946
20	aaPanel Websocket webssh os command injection	4.6	4.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.05	0.00294	CVE-2021-37840

Campaigns (1)

These are the campaigns that can be associated with the actor:

Spyware

IOC - Indicator of Compromise (44)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	5.1.82.106	5-1-82-106.static.creoline.net	India Police	Spyware	06/28/2022	verified	High
2	8.5.1.33		India Police	Spyware	06/28/2022	verified	High
3	8.5.1.49		India Police	Spyware	06/28/2022	verified	High
4	34.246.254.156	ec2-34-246-254-156.eu-west-1.compute.amazonaws.com	India Police	Spyware	06/28/2022	verified	Medium
5	36.86.63.182		India Police	Spyware	06/28/2022	verified	High
6	52.4.209.250	ec2-52-4-209-250.compute-1.amazonaws.com	India Police	Spyware	06/28/2022	verified	Medium
7	54.210.47.225	ec2-54-210-47-225.compute-1.amazonaws.com	India Police	Spyware	06/28/2022	verified	Medium
8	64.15.205.100		India Police	Spyware	06/28/2022	verified	High
9	64.15.205.101		India Police	Spyware	06/28/2022	verified	High
10	XX.XXX.XXX.XX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
11	XX.XXX.XXX.XX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
12	XX.XX.XXX.XXX	xxxx.xxxxxxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
13	XX.X.XXX.XXX	xxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
14	XX.XXX.XX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
15	XX.XXX.XXX.XX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
16	XXX.XXX.XXX.XXX	xxx-x.xxxxxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
17	XXX.XXX.XXX.X		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
18	XXX.XXX.XX.XXX	xxx-xxx-xx-xxx.xxxxxx-xx-xxxxxxxxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
19	XXX.X.XXX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
20	XXX.X.XXX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
21	XXX.XXX.XX.XXX	xxx-xxxxx.xxxxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
22	XXX.XXX.XX.XXX	xxx.xx.xxx.xxx.xx.xxxxxxxxxxxxxxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	Medium
23	XXX.XX.XXX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
24	XXX.XXX.XX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
25	XXX.XX.XXX.XX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
26	XXX.XX.XXX.XXX	xxx.xxxxxxxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
27	XXX.XXX.XX.XXX	xxx-xxx-xx-xxx.xxxx-xxxxx.xx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
28	XXX.XXX.XX.XX	xxxxxxxxx.xxxxxxxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
29	XXX.XXX.XX.XX	xxxxxxxxx.xxxxxxxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
30	XXX.XXX.XXX.XX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
31	XXX.XX.XXX.XXX	xxx.xx.xxx.xxx.xxxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
32	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xxxxxx.xxxxxxxxxxxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
33	XXX.XXX.XXX.XX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
34	XXX.XX.XXX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
35	XXX.XX.XXX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
36	XXX.XX.XXX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
37	XXX.XX.XXX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
38	XXX.XXX.XX.XX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
39	XXX.XX.XX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
40	XXX.XX.XX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
41	XXX.XX.XXX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
42	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
43	XXX.XXX.XXX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
44	XXX.XX.XX.XXX	xxx.xxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CWE-22	Pathname Traversal	predictive	High
2	T1055	CWE-74	Injection	predictive	High
3	T1059	CWE-88, CWE-94	Cross Site Scripting	predictive	High
4	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	X2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx Xxxxxxx	predictive	High
6	TXXXX	CWE-XXX	Xxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxx	predictive	High
7	TXXXX.XXX	CWE-XXX, CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx Xxxxxxxx	predictive	High
8	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxxxxxx	predictive	High
9	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
10	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
11	TXXXX	CWE-XXX	Xxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx Xxxx	predictive	High
12	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx	predictive	High
13	TXXXX.XXX	CWE-XX	Xxxxxxxxxxxxx	predictive	High
14	TXXXX	CWE-XXX, CWE-XXX	X2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx Xxxxxxxxxx	predictive	High
15	TXXXX.XXX	CWE-XXX	Xxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (99)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	%PROGRAMDATA%\Razer Chroma\SDK\Apps	predictive	High
2	File	.htaccess	predictive	Medium
3	File	/cgi-bin/webviewer_login_page	predictive	High
4	File	/mgmt/tm/util/bash	predictive	High
5	File	/recordings/index.php	predictive	High
6	File	/uncpath/	predictive	Medium
7	File	/webssh	predictive	Low
8	File	add_vhost.php	predictive	High
9	File	admin-ajax.php	predictive	High
10	File	and/or	predictive	Low
11	File	arsys/servlet/AttachServlet	predictive	High
12	File	xxxxxxxx.xxx	predictive	Medium
13	File	xxx-xxx/xxxxx/xxxxx.xxx	predictive	High
14	File	xxxxx/xxxxxxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
15	File	xxxxx.xxxxxxxxx.xxx	predictive	High
16	File	xxxxxx/xxxxx.x	predictive	High
17	File	xxxx/xxxxxxxxxxxxxx.xxx	predictive	High
18	File	xxxxxxxxxxxxx.xxxx	predictive	High
19	File	xxx/xxxx/xxxx.x	predictive	High
20	File	xxxxxxxxxxxx.xxx	predictive	High
21	File	xxxxxxxx_xxx	predictive	Medium
22	File	xxxxxxxxx/xxxx-xxxxxxx-xxx.xxx	predictive	High
23	File	xxxxx.xxx	predictive	Medium
24	File	xxxx_xxxx.x	predictive	Medium
25	File	xxxxx.xxx	predictive	Medium
26	File	xxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx	predictive	High
27	File	xxxx.xxx	predictive	Medium
28	File	xxxx_xxxx.xxx	predictive	High
29	File	xxxxx/xxxxxx/xxxxxxxxxx.xxx	predictive	High
30	File	xx/xxx/xxxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxx_xxxxx/_/xxxxxxx_xxx	predictive	High
31	File	xxxxx.xxx	predictive	Medium
32	File	xxxxxxx/	predictive	Medium
33	File	xxxxxxxx.x	predictive	Medium
34	File	xxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxx.xxxx_xxxxxx.xxx/xxxx_xxxxxx.xxx	predictive	High
35	File	xxxxxxx\xxxxxxxxx\xxxxxxx.xxx	predictive	High
36	File	xxx/xxxxxxxxx/xxxxxxxxx_xxxxx.x	predictive	High
37	File	xxxx.xxx	predictive	Medium
38	File	xxxx_xxx_xxxxxxx.x	predictive	High
39	File	xxxxxxxxxx.xxx.xxx	predictive	High
40	File	xxxxxxx.xxx	predictive	Medium
41	File	xxxxx_xxx.xxx	predictive	High
42	File	xxx.x	predictive	Low
43	File	xxxxxxxx.xxx	predictive	Medium
44	File	xxxxxxxx.xx	predictive	Medium
45	File	xxxxxx.xxxx	predictive	Medium
46	File	xxxxxx_xxxxxxx.xxx	predictive	High
47	File	xxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxx	predictive	High
48	File	xxx%xxxxx-xxxxxxxxxxxxx+xxxxxxx/xxxxxxx+xxxxx+xxxx/	predictive	High
49	File	xxxxx/xxxxxx.x	predictive	High
50	File	xxxx.x	predictive	Low
51	File	xxxx/xxxxxxxx/xxxxxxxx.xxxx	predictive	High
52	File	xxxxxxxx.xxx	predictive	Medium
53	File	xxxxx/xxxxxxxx	predictive	High
54	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	High
55	File	xx-xxxxx.xxx	predictive	Medium
56	File	xx/xx/xxxxx	predictive	Medium
57	File	xxxxxxxxxxxxx.xx	predictive	High
58	Library	xxxxxxxx_xxxxxxxxx.xxx.xxx	predictive	High
59	Library	xxx/xxxxxxxxx.xxx	predictive	High
60	Library	xxxxxx	predictive	Low
61	Argument	--xxx	predictive	Low
62	Argument	xxxxxxx xx/xxxxxxx xxxx	predictive	High
63	Argument	xxxxxx	predictive	Low
64	Argument	xxxxxx	predictive	Low
65	Argument	xxxxx	predictive	Low
66	Argument	xxxxxxxxxx	predictive	Medium
67	Argument	xxx[xxxxxx][xxxxxxxxx]	predictive	High
68	Argument	xxx	predictive	Low
69	Argument	xxx	predictive	Low
70	Argument	xxxx_xx	predictive	Low
71	Argument	xxxxxx	predictive	Low
72	Argument	xxxxx	predictive	Low
73	Argument	xxxxxxxx	predictive	Medium
74	Argument	xxxxxxxxx	predictive	Medium
75	Argument	xxxx	predictive	Low
76	Argument	xx	predictive	Low
77	Argument	xxxxxx	predictive	Low
78	Argument	xxxxxxx	predictive	Low
79	Argument	xxxx_xxxxxx_xx	predictive	High
80	Argument	xxxxx	predictive	Low
81	Argument	xxxxx_xxxxxxxx	predictive	High
82	Argument	xxx	predictive	Low
83	Argument	xxxxxxxx	predictive	Medium
84	Argument	xxxxxxxx	predictive	Medium
85	Argument	xxxxxxxxx	predictive	Medium
86	Argument	xxx	predictive	Low
87	Argument	xxxxx	predictive	Low
88	Argument	xxxx	predictive	Low
89	Argument	xxxxxx	predictive	Low
90	Argument	xxxxxxxx	predictive	Medium
91	Argument	xxxxxx_xxxxxxxx	predictive	High
92	Argument	_xxxxxxx	predictive	Medium
93	Input Value	%xx	predictive	Low
94	Input Value	'>[xxx]	predictive	Low
95	Input Value	xxx.xxxx.%xxx.%xxx	predictive	High
96	Input Value	</xxxxxx><xxxxxx>xxxxx(x)</xxxxxx>	predictive	High
97	Input Value	xxxxx	predictive	Low
98	Pattern	\|xx xx xx xx\|	predictive	High
99	Network Port	xxx/xxxx (xxx)	predictive	High

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Might our Artificial Intelligence support you?

Check our Alexa App!