Johnnie Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en348
es9
de4
fr4
it2

Country

us344
es2
de2
tr1
fr1

Actors

Passwordstealera313
Johnnie49
Ursnif6

Activities

Interest

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1WordPress WP_Query class-wp-query.php sql injection8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.16CVE-2017-5611
2Cisco Wireless LAN Controller IPv6 UDP Ingress input validation6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2016-9219
3Cisco Mobility Express 2800/Mobility Express 3800 802.11 Ingress Packet resource management4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2016-9220
4Cisco Mobility Express 2800/Mobility Express 3800 802.11 Ingress Connection Authentication resource management4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2016-9221
5PostgreSQL os command injection5.95.9$0-$5k$0-$5kHighNot Defined0.27CVE-2019-9193
6PHP unserialize use after free7.36.4$25k-$100k$0-$5kUnprovenOfficial Fix0.16
7Linux Kernel UDP Packet udp.c security check for standard8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2016-10229
8Microsoft Windows Malware Protection Service memory corruption8.87.9$100k and more$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2017-0290
9Linux Kernel udevd 50-udev-default.rules command injection5.35.0$5k-$25k$0-$5kProof-of-ConceptNot Defined0.06CVE-2017-7874
10Microsoft Office RTF Document Necurs Dridex access control7.06.7$25k-$100k$0-$5kHighOfficial Fix0.00CVE-2017-0199
11ZeroShell Net Services kerbynet privileges management7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.04
12Google Chrome Animation use after free6.36.0$25k-$100k$5k-$25kHighOfficial Fix3.48CVE-2022-0609
13McAfee Agent DLL privileges management7.47.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-31847
14Samba smbd _netr_ServerPasswordSet code6.55.7$0-$5k$0-$5kHighOfficial Fix0.05CVE-2015-0240
15Cisco IOS XE Console os command injection6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2017-6606
16Apache Geode Pulse information disclosure6.96.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2017-5649
17Linux Kernel Qualcomm Innovation Center ipc_router_socket.c msm_ipc_router_close null pointer dereference5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2016-5870
18Foxit Reader TIFF Image ConvertToPdf_x86.dll CreateFXPDFConvertor memory corruption6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2016-3740
19Go SSH Library Host Key key management7.77.1$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2017-3204
20F5 SSL Intercept iApp Configuration access control8.58.5$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2017-0305

IOC - Indicator of Compromise (31)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsConfidence
120.36.253.92JohnnieHigh
223.6.69.99a23-6-69-99.deploy.static.akamaitechnologies.comJohnnieHigh
323.105.131.235JohnnieHigh
423.218.140.208a23-218-140-208.deploy.static.akamaitechnologies.comJohnnieHigh
534.107.221.8282.221.107.34.bc.googleusercontent.comJohnnieMedium
634.215.65.187ec2-34-215-65-187.us-west-2.compute.amazonaws.comJohnnieMedium
734.216.80.151ec2-34-216-80-151.us-west-2.compute.amazonaws.comJohnnieMedium
8XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxMedium
9XX.XXX.XXX.XXXxxx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxMedium
10XX.XXX.XXX.XXXxxxxxxHigh
11XX.XX.XX.XXXXxxxxxxHigh
12XX.XXX.X.XXxxx-xx-xxx-x-xx.xxxxxx.xxx.xx.xxxXxxxxxxHigh
13XX.XX.XXX.Xxxxxxx-xx-xx-xxx-x.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxHigh
14XX.XX.XXX.XXXxxxxxx-xx-xx-xxx-xxx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxHigh
15XXX.XX.XX.XXXXxxxxxxHigh
16XXX.XX.XX.XXXxxxxxxHigh
17XXX.XXX.XXX.XXxxxxxxxxxxxxx.xxxxxxxxxxxx.xxxXxxxxxxHigh
18XXX.XXX.XXX.XXXXxxxxxxHigh
19XXX.XX.XXX.Xxx-xxx-xx-xxx-x-xxx.xxxxxx.xxxXxxxxxxHigh
20XXX.XXX.XXX.XXXXxxxxxxHigh
21XXX.XXX.XXX.XXXXxxxxxxHigh
22XXX.XX.XXX.XXXxxxxxxxxxxx.xxxxxxxx.xxXxxxxxxHigh
23XXX.XXX.XXX.XXXxxxxxxHigh
24XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxxxHigh
25XXX.X.XXX.XXxxxxxx.xx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxHigh
26XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxx.xxxx.xxx.xxx.xxXxxxxxxHigh
27XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxx.xxxx.xxxXxxxxxxHigh
28XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx.xxxxxx.xxxXxxxxxxHigh
29XXX.XX.XXX.Xxx-xxx.xxxXxxxxxxHigh
30XXX.XX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxxxHigh
31XXX.XXX.XX.XXxxx-xx-xxxx.xxxxx.xxxXxxxxxxHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (134)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/../conf/config.propertiesHigh
2File/cgi-bin/kerbynetHigh
3File/cgi-bin/supervisor/CloudSetup.cgiHigh
4File/configs/application.iniHigh
5File/domain/addMedium
6File/etc/sudoersMedium
7File/index.php/weblinks-categoriesHigh
8File/plainLow
9File/show_group_members.phpHigh
10File/uncpath/Medium
11File/web/google_analytics.phpHigh
12Filearchive_endian.hHigh
13Fileauction.cgiMedium
14Filebmp.cLow
15Filecgi-bin/jc.cgiHigh
16Filexxxxxxxxxx.xxxHigh
17Filexxx.xxxLow
18Filexxxxxx/xxx.xMedium
19Filexxxxxx/xxx.xMedium
20Filexxxxxx\xxxx.xHigh
21Filexxxx\xxxxxxxxxxxxxxHigh
22Filexxxxxx.xxxMedium
23Filexxxxxxxx_xxxxxxxxx_xxxxx.xxxHigh
24Filexxxxxxx/xxx/xxx/xxxxxx/xxxxxx_xxxxxxx.xHigh
25Filexxxxxxx/xxx/xxx-xxxxxxx.xHigh
26Filexxxxxxx/xxxxx/xxx/xxxxxxx/xxxxxxx-xxx.xHigh
27Filexxxxxxx/xxx/xxxxxx.xHigh
28Filexxxxxxx/xxxxxxxxx/xxxx.xHigh
29Filexxxxxxx.xxxMedium
30Filexx_xxxxxxx.xMedium
31Filexxxxxxx/xxxxxxxxxxxxxxxx.xxxHigh
32Filexxx.xLow
33Filexxxx.xLow
34Filexx/xxxxxxxx/xxxx.xHigh
35Filexx/xxxx/xxxxx.xHigh
36Filexxxxxxxxx.xxx.xxxHigh
37Filexxxxxx.xxxMedium
38Filexxxx/.xxxxxxxxxxxxxxxHigh
39Filexxx/xxx/xxx.xxxHigh
40Filexxxxx.xxxMedium
41Filexxxxxxx/xxxxx.xxxHigh
42Filexxxxxxxxx.xxxHigh
43Filexxxx.xxxx.xxxxx.xxxxxxx.xxxxxxxHigh
44Filexxx/xxxxxxxxxxxxxxx.xxxHigh
45Filexxxxxx/xxxxxx/xxxx.xHigh
46Filexxxx/xxxx/x_xxxxx.xHigh
47Filexxxxxxxxxxxxxxxxxx.xxxHigh
48Filexxxxx-xxxxx/xx-xxxxxx.xHigh
49Filexxxxxxxx/xxxxxxxx.xHigh
50Filexxxxx.xxxxMedium
51Filexxx.xLow
52Filexxx/xxx_xxxxxx/xxx_xxxxxx_xxxxxx.xHigh
53Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xHigh
54Filexxx/xxxx/xxxx.xHigh
55Filexxx/xxx/xx_xxx.xHigh
56Filexxx/xxx/xxxxxxx.xHigh
57Filexxx/xxxxx/xxx_xxx.xHigh
58Filexxx/xxxxxx/xxx.xHigh
59Filexxx/xxxxxxx.xHigh
60Filexxxxxx_xxx.xMedium
61Filexxxxxxx/xxxx-xxxxxx.xHigh
62Filexxxxxx.xMedium
63Filexxxxxxx.xxxMedium
64Filexxxx.xLow
65Filexxx/xxxx.xMedium
66Filexxxxxxxx.xMedium
67Filexx_xxxx.xMedium
68Filexxxxxxxx/xxxxxxxx/xxx.xHigh
69Filexxx_xxxxx.xMedium
70Filexxxx_xxxxxx.xxHigh
71Filexxx.xLow
72Filexxx.xLow
73Filexxxxxxxx/xxxxxxx.xHigh
74Filexxx.xLow
75Filexxxxxx.xxxMedium
76Filexxxxxxxxx.xxxxxHigh
77Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxHigh
78Filexxx_xxxx.xxxMedium
79Filexxxx/xxxx_xxxxxxxxx.xHigh
80Filexxxx/xxxx_xxxxxx.xHigh
81Library/xxx/xxxx/xxxxx.x/xx-xxxx-xxxxxxx.xxxxxHigh
82Library/xxx/xxx/xxxx/High
83Libraryxxxxxxxxxxxx_xxx.xxxHigh
84Libraryxxxxxxxx.xxxMedium
85Libraryxxxxx.xxxMedium
86Libraryxxxxxx.xxxMedium
87Libraryxxx/xxx_xxxx_xxxxxx.xHigh
88Libraryxxxxxx.xxxMedium
89Libraryxxxxxxxx.xxxMedium
90Libraryxx_xxxx.x/xxx_xxxx.x/xx_xxx.xHigh
91Libraryxxxxx.xxxMedium
92Libraryxxxxxx.xxxMedium
93Argument--xxxxxxxMedium
94ArgumentxxxxxxxxxxxxxxxHigh
95ArgumentxxxLow
96Argumentxxxxx_xxMedium
97ArgumentxxxxxxxxxxMedium
98ArgumentxxxLow
99ArgumentxxxxxxLow
100ArgumentxxxxxxxLow
101ArgumentxxxLow
102ArgumentxxxxLow
103ArgumentxxLow
104ArgumentxxxxxxxLow
105Argumentxxxx_xxLow
106Argumentxxxxxxx xxxxMedium
107Argumentxxxx_xxxxMedium
108ArgumentxxxxLow
109ArgumentxxxxxxLow
110ArgumentxxxxxxxxMedium
111ArgumentxxxxxxxxMedium
112ArgumentxxxxxxxxMedium
113ArgumentxxxxxxLow
114ArgumentxxxxxxxxxxxxxxxHigh
115ArgumentxxLow
116ArgumentxxxxxxxxxMedium
117Argumentxxxx_xxxxxMedium
118ArgumentxxxxxxxxMedium
119ArgumentxxxxLow
120ArgumentxxxxxxxxMedium
121ArgumentxxxxxxxxMedium
122Input Value%xx%xxxxx%xx/xxx/xxxxxx%xx%xxHigh
123Input Value' xx 'x'='xMedium
124Input Valuex%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xxHigh
125Input ValuexxxxxxLow
126Input Value<xxxxxx>xxxxx(xxxxxxxx. xxxxxx)</xxxxxx>High
127Input ValuexxLow
128Pattern|xx|xx|xx|Medium
129Network Portxxx/xx (xxxxxx)High
130Network Portxxx/xx (xxx xxxxxxxx)High
131Network Portxxx/xxxxMedium
132Network PortxxxLow
133Network Portxxx/xxx (xxx)High
134Network Portxxx/xxxxMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!