Iron Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en999
it1

Country

es1000

Actors

Rocke1000

Activities

Interest

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1OpenEMR HTTP Request cross-site request forgery6.16.1$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-13569
2VMware Spring Cloud Function SpEL Expression code injection9.89.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.42CVE-2022-22963
3Bento4 Ap4RtpAtom.cpp AP4_RtpAtom buffer overflow3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-21064
4Google Chrome XMLHttpRequest ResourceResponse.cpp race condition7.36.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2012-2868
5Microsoft Internet Explorer Layout memory corruption6.35.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2012-1526
6Microsoft Internet Explorer Deleted Virtual Function Table code injection5.55.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2012-2522
7Microsoft Internet Explorer insertAdjacentText Elements code injection7.16.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2012-1879
8Oracle MySQL Server denial of service4.33.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2012-1756
9Oracle MySQL Server InnoDB denial of service4.33.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2012-1757
10Oracle Database Server CTXSYS.CONTEXT sql injection6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2012-3132
11Oracle MySQL Server Server Optimizer denial of service6.55.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2012-1735
12Microsoft Windows memory corruption4.44.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2012-0217
13Microsoft Internet Explorer Same ID Property Deleted Object code injection6.36.0$25k-$100k$0-$5kHighOfficial Fix0.00CVE-2012-1875
14Microsoft Internet Explorer OnRowsInserted Elements code injection6.35.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2012-1881
15Microsoft Internet Explorer OnBeforeDeactivate code injection7.16.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2012-1878
16Microsoft Internet Explorer information disclosure4.33.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.06CVE-2012-1882
17Oracle Enterprise Privilege Escalation8.87.7$25k-$100k$0-$5kUnprovenOfficial Fix0.03CVE-2012-0527
18GNU LibreDWG bits.c bit_calc_CRC heap-based overflow5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-21830
19Foxit Reader U3D File out-of-bounds read4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-31468
20Unibox SMB/Enterprise Series/Campus Series network-trace cross-site request forgery3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-21884

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • XBash

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsConfidence
1142.44.215.177ns554604.ip-142-44-215.netIronXBashHigh
2XXX.XXX.XX.XXXxxxxx.xx-xxx-xxx-xx.xxxXxxxXxxxxHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (305)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File%PROGRAMDATA%\ASUS\GamingCenterLibHigh
2File/account/loginHigh
3File/adherents/note.php?id=1High
4File/admin/ajax.phpHigh
5File/admin/gallery.phpHigh
6File/Api/ASFMedium
7File/bin/shLow
8File/cgi-bin/cgiServer.exxHigh
9File/cgi?1&5Medium
10File/clients/editclient.phpHigh
11File/dl/dl_sendmail.phpHigh
12File/downloadmaster/dm_apply.cgi?action_mode=initial&download_type=General&special_cgi=get_languageHigh
13File/formStaticDHCPHigh
14File/formVirtualAppHigh
15File/formVirtualServHigh
16File/goform/rlmswitchr_processHigh
17File/goforms/rlminfoHigh
18File/include/make.phpHigh
19File/jsonrpcMedium
20File/magnoliaAuthor/.magnolia/High
21File/master/core/PostHandler.phpHigh
22File/medianet/sgcontentset.aspxHigh
23File/Nodes-Traffic.phpHigh
24File/procLow
25File/proc/pid/syscallHigh
26File/restapi/v1/certificates/FFM-SSLInspectHigh
27File/rss.xmlMedium
28File/send_joinMedium
29File/settings/profileHigh
30File/SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.cHigh
31File/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.cHigh
32File/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.cHigh
33File/sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.cHigh
34File/xxx/xxxxx.xxxHigh
35File/xxxxx/xxxxxxx-xxxxxHigh
36File/xxxx/xxxxxxx.xxxxHigh
37File/xxxxx/{xx}Medium
38File/xxx/xxxxx/xxx/xxx.xxxHigh
39File/xxx/xxx/xxxxxxxx-$xxxxHigh
40File/xxxxxxx/xxxxxxHigh
41File/xxxxxxx/xxx/xxx.xxxHigh
42Filexxx-xxxxxxx.xxxHigh
43Filexxxxx-xxxx.xxx?xxxxxx=xxx_xxxxxxx xxxxx[x][xxx]High
44Filexxxxx/xxxx/xxxxxxxx/xxx/High
45Filexxxxx/xxxxx/xxxx.xxxxHigh
46Filexxxxx/xxxxxxxxxxxxx.xxxHigh
47Filexxxx/xxxxxx.xxxHigh
48Filexxxxxxx.xxxMedium
49Filexxx/xxLow
50Filexxxxxxxxxx.xxxHigh
51Filexxx.xxxLow
52Filexxx/xxxxx/xxxxxx/xxxxx/xxxxx.xxxHigh
53Filexxxxxxxxxxxx/xxxx-xxx-xxxx/xxxxxx/xxxxx/xxx/xxxx/xxxxxx.xxxHigh
54Filexxxx/xxxxx_xxxxxxx/xxxxxxxxHigh
55Filexxx\xxxxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxxx.xxxHigh
56Filexxxxxx/xxxxxxx/xxxxxxxxxxx.xxHigh
57Filexxxxxx-xxxxxxxxx.xHigh
58Filexxxx_xxx.xxMedium
59Filexxxx.xLow
60Filexxx_xxxx_xxxxx.xHigh
61Filex:\xxx\Low
62Filex:\xxxxxxxxxxx\High
63Filex:\xxxxxxxxxxxx\High
64Filex:\xxxxx.xxxMedium
65Filex:\xxxxxx\ÚÈÏÇáÑÍãä.xxxHigh
66Filex:\xxxLow
67Filex:\xxxxxxxxxx.xxx\High
68Filex:\xxxxxx\Medium
69Filexxxxxx.xxxMedium
70Filexxxxxxx/xxxxxxxx_xxxxxxx.xxx?xxxx=xxxxxxxx_xxxxxHigh
71Filexxx-xxx/xxxxxxxxxHigh
72Filexxx/xxxx/xxxxxxHigh
73Filexxxxxxxxx.xxxHigh
74Filexxxxxx.xxxMedium
75Filexxxx.xLow
76Filexxxxxx/xxx.xMedium
77Filexxxxxx.xMedium
78Filexxxxxxx.xxxMedium
79Filexxxxxxxxx.xxxHigh
80Filexxxx/xxxxxxx/xxxx_xxxx_xxxxx_xxxxx.xxHigh
81Filexxxx/xxxxxxx/xxxxx/xxxx_xxxxxxxx_xxx_xx.xxHigh
82Filexxxx/xxxxxxx/xxxxxx_xxxxxxx_xxx_xxx.xxHigh
83Filexxxxxx/xxxxxxxxxxx/xxxxxx.xxx#xxxxxxxxHigh
84Filexxxxxx.xxxxxxxHigh
85Filexxxx/xxxxxxxx/xxxxxxxx.xxxHigh
86Filexxxxxx_x_x.xxxHigh
87Filexxxxxx.xMedium
88Filexxxxxxxxxx_xxxxxx.xHigh
89Filexxxxxxxxxxxxx.xxxHigh
90Filexxxxxxxxxxxx.xxHigh
91Filexxxxxxxxxxx/xx/xxx/xxxxxx/*.xHigh
92Filexxxxxxx/xxxxx_xxxxx_xxxxxx.xHigh
93Filexxx_xxxxxx.xMedium
94Filexxxxxxxx/#/x/xxxxxxxxxxHigh
95Filexxxxxxxx/#/x/xxxxxHigh
96Filexxxxxxx/xxxxx/xxx-xxxxxxx/xxxxxxx.xHigh
97Filexxxxxxx/xxx/xxxxxxxx/xxxxx.xHigh
98Filexxxxxxx/xxxx/xxxx_xxxxxxxxx_xxxxx.xHigh
99Filexxxxxxx/xxx/xxx_xx.xHigh
100Filexxxxxxx/xxxxx/xxxx.xHigh
101Filexxxxxxxxxxxxx.xxxHigh
102Filexxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxHigh
103Filexxxx/xxxxxxx_xxxxxxxxxxHigh
104Filexxxxx-xxxx.xxxHigh
105Filexxxxx_xxxxxx_xxxxx/xxxxxHigh
106Filexxxxxxxxxxxxx.xHigh
107Filexxxxxxxxxxxxx.xxHigh
108Filexx/xxxxx_xxx.xHigh
109Filexx/xxxx/xxxx_x.xHigh
110Filexx/xx_xxxxx.xHigh
111Filexxxxxxxx.xxxMedium
112Filexxxxxxxxx/xxxx_xxxxxx.xxxHigh
113Filexxx-xxx-xxxxxxxx.xHigh
114Filexxxxxxxx-xxxxx.xHigh
115Filexxx.xxxLow
116Filexxxxxx/xxxxxxxxxxxxHigh
117Filexxx-xxx-xx.xMedium
118Filexxxxx/xxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxHigh
119Filexx/xxxxxxxxxxxx.xxxHigh
120Filexxxx/xxxx.xxMedium
121Filexxxxxxxxxx.xxxHigh
122Filexx/xxx/xxxxxx/xxxxxx.xHigh
123Filexxxxxxxxxx/xxxx/xxx/xxx.xHigh
124Filexxxxxxx/xxxxxxxxxx.xxxHigh
125Filexxxxxxx/xxxxxxx.xxxHigh
126Filexxxxx.xxxMedium
127Filexxxxx.xxxMedium
128Filexxxxx.xxx?x=/xxxxx/xxxxxxxx/xxxxxx/xxxxxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxHigh
129Filexxxx.xLow
130Filexxxxxxx.xMedium
131Filexxxxxxxx/xxxx_xxxxx.xHigh
132Filexxxxxxxx.xxxMedium
133Filexxxxxxxxxx/xxx.xHigh
134Filexxxxxxxxxxx/xxxxxxx.xHigh
135Filexxxxxx.xMedium
136Filexxxxxxxx.xMedium
137Filexxxxxxxxxxxxxxx.xxxHigh
138Filexxxxxxxx.xxxMedium
139Filexxxxx.xxxMedium
140Filexxxxx.xxxMedium
141Filexxxxxxxxxx/xxx.xHigh
142Filexxxxxxxxxx/xxxxxx.xHigh
143Filexxxxxxxxxx/xxxxxx-xxxxxxx.xHigh
144Filexxxx.xLow
145Filexxxxxxxxxxxxxxxx.xHigh
146Filexxxxxxxx/xxxx?xxxxxx=xxHigh
147Filexxxxxxxx/xx/xxxxxxx/xxxxxxxx.xHigh
148Filexxxxxx/xxxx/xxxxxxxxxxxxxxxxxxxxxxx/xxxxxxHigh
149Filexx_xxxxxxxxxx.xxxHigh
150Filexxxxxxxx/xxxxxx/xxxxxxxHigh
151Filexxxxxx.xxxMedium
152Filexxx/xxxxx/xxx_xxxxx.xHigh
153Filexxxxxxx-xxxx.xHigh
154Filexxxxxxx.xxxMedium
155Filexxxxxxx.xMedium
156Filexxxx_xxxx.xxxHigh
157Filexxxx_xxx_xxxxxx.xHigh
158Filexxxx.xxxMedium
159Filexxxxxxxx/xxxxxxx.xHigh
160Filexxxxxxx_xxxxx.xxxHigh
161Filexxxxx-xxxxxxxx.xxxHigh
162Filexxxxxxxxxxxxxxxx.xxxHigh
163Filexxxx/xxxxx/xxxx.xxHigh
164Filexxxx.xLow
165Filexxxxxxxxxx/xxxx_xxxxxxxxxx.xHigh
166Filexxxxx_xxxxxxx/xxxxx_xxxx.xHigh
167Filexxxxxxxx/xxxxx.xxxHigh
168Filexxx_xxxxxx.xxx?xxxxxxx=x&xxxx=x&xxxxxx=xHigh
169Filexxxxxxxxxxxxxxx.xxxxHigh
170Filexxxxxxxxxxxxxx.xxxHigh
171Filexxx/xxxxxxx/xxx_xxxx.xHigh
172Filexxx/xxxxx.xMedium
173Filexxxx.xLow
174Filexxx-xxxxx.xxxHigh
175Filexxxxxx.xxxMedium
176Filexxxxx.xLow
177Filexxxxxxxx.xxxMedium
178Filexxxx/xxxxxMedium
179Filexxxxxxxxxx.xMedium
180Filexxxx.xLow
181Filexxxxxxx.xxxMedium
182Filexxxxxxxxx.xxxHigh
183Filexxxx.xxxxMedium
184Filexxxxxxxx/xxxxx_xxxxxHigh
185Filexxxxxxx-xxxxx.xxxHigh
186Filexxxxxxxxxxxx.xxxHigh
187Filexx/xxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxx/xxxxx.xxHigh
188Filexxxxx/xxxxxxxxx/xxxxx.xxxxxxxxxxxxxxxxx.xxxHigh
189Filexxxxx/xxxx.xxHigh
190Filexxxx_xxxxx.xxxHigh
191Filexxxxxxxxxxxxxxxxxxxxx.xxxxHigh
192Filexxxxxxx/xxxx/xxxxx/xxxx_xxxxxxxxxxxx.xxxHigh
193Filexxx/xxxx.xxxMedium
194Filexxxxxxxxx/xxx/xxx.xHigh
195Filexxxxxxxxxx.xxxHigh
196Filexxxxxxxxx.xxxHigh
197Filexx-xxxxxxx/xxxxxxx/xxxx-xx-xxxx/High
198Filexxx/xxxxx/xxx.xxxHigh
199Filexxxxxxx_xxxxxxx.xxxHigh
200Filexxx-xxxxxxxx.xHigh
201Filexxx_xxxxxxxx.xxxHigh
202File\xxxxx\xxxxxxxxxx\xxxxxxxx.xxxHigh
203File~/xxxxxxx/xxxxxxx/xxxxxxxxxxxx.xxxHigh
204Library/xxxxxx/xxxxxx.xxxxx.xxxHigh
205Library/xxx/xxxxxx.xxxxx.xxxHigh
206Libraryxxxxxx/xxxx/xxx/xxx++.xxHigh
207Libraryxxxxxx.xxxMedium
208Libraryxxx/xxxxx.xxMedium
209Libraryxxxxxxxxx.xMedium
210Libraryxxxxxxxxx.xxxHigh
211Libraryxxxxxxxx/xxxxxxxxx/xxxxxxxxx.xxxHigh
212Libraryxxxxx.xxxMedium
213Libraryxxxxxx.xxxMedium
214Libraryxxx/xxx/xxxxxxx/xxxxHigh
215Libraryxxxxxxx.xxxMedium
216Libraryxxxxxxxxx.xxxHigh
217Argument$_xxxxxxx['xxx_xxxxxx']High
218ArgumentxxxxxLow
219ArgumentxxxxxxLow
220ArgumentxxLow
221ArgumentxxxLow
222ArgumentxxxLow
223ArgumentxxxxxxxxMedium
224ArgumentxxLow
225ArgumentxxxxxxxLow
226ArgumentxxxxxxxxxxMedium
227Argumentxxxxxx_xxxxxxHigh
228ArgumentxxxxxxxxxxxxMedium
229ArgumentxxxxxxxxxxxMedium
230ArgumentxxxxxxxxxxMedium
231ArgumentxxxxLow
232Argumentxxxx_xxxxxx_xxxxxxxxxHigh
233ArgumentxxxxxxLow
234ArgumentxxxxxLow
235ArgumentxxxxxLow
236ArgumentxxxxxxxxMedium
237ArgumentxxxxLow
238ArgumentxxxxxxxxMedium
239ArgumentxxxxxxxxxxxMedium
240Argumentxxxxx xxxx/xxxx xxxxHigh
241ArgumentxxxxxxxxMedium
242ArgumentxxxxxxLow
243ArgumentxxxLow
244ArgumentxxxxLow
245ArgumentxxLow
246ArgumentxxLow
247ArgumentxxxLow
248Argumentxxxxxxxxxxxxxxxxx/xxxxxxx/xxxxx/xxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxHigh
249ArgumentxxxxLow
250ArgumentxxxxLow
251Argumentxxxx/xxxxxxxxHigh
252Argumentxxxxxxxx xxxxHigh
253ArgumentxxxLow
254Argumentxx/xxLow
255ArgumentxxxxxxxLow
256ArgumentxxxxLow
257ArgumentxxxxLow
258Argumentxxxx/xxxxxxxxxxxHigh
259ArgumentxxxxxxxxMedium
260ArgumentxxxxxxxxxMedium
261Argumentxxxxx/xxxxxxxHigh
262ArgumentxxxxxxxLow
263Argumentxxxxx_xxMedium
264ArgumentxxxxxxxxMedium
265ArgumentxxxxxxxxMedium
266ArgumentxxxxxxLow
267ArgumentxxxxLow
268Argumentxxxxxx_xxxxxxHigh
269Argumentxxxx_xxxxxxxMedium
270ArgumentxxLow
271Argumentxxxxxxx xxxxMedium
272Argumentxxxxx_xxxxMedium
273ArgumentxxxxxxLow
274ArgumentxxxxxxxLow
275ArgumentxxxxLow
276ArgumentxxLow
277ArgumentxxxxxxxxxxxxxxHigh
278Argumentxxxxxxx xxxxMedium
279ArgumentxxxxxxxLow
280ArgumentxxxxxxxxxxxxMedium
281Argumentxxxx_xxxxMedium
282ArgumentxxxxxxLow
283ArgumentxxxxxxxxMedium
284Argumentxxxxx/xxxxxMedium
285ArgumentxxxxxLow
286Argumentxxxxxx/xxxxxxxHigh
287Argumentxxxx_xxxxxx_xxxxHigh
288ArgumentxxxxxxxxxMedium
289ArgumentxxxLow
290ArgumentxxxxLow
291ArgumentxxxxxLow
292ArgumentxxxxxLow
293Argumentxxxxx/xxxxxxxHigh
294ArgumentxxxLow
295ArgumentxxxxxxxxxMedium
296ArgumentxxxxxLow
297ArgumentxxxxLow
298ArgumentxxxLow
299ArgumentxxxLow
300ArgumentxxxLow
301Argumentxxx xxxxxxxMedium
302Argumentxxxx/xxxxMedium
303ArgumentxxxxxxxxMedium
304Argumentxxxxxxxx/xxxx_xxxxHigh
305Argumentx-xxxx-xxxxxMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!