JSOutProx Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (109)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en74
de28
fr4
pl2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA82
DE: Germany10
FR: France4
GB: Great Britain4
SE: Sweden2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Remcos5
Nanocore RAT5
STRRAT5
Vjw0rm5
AsyncRAT5

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined24
Operating System8
Content Management System6
Web Server4
WordPress Plugin4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined38
Microsoft8
Google4
SonicWALL2
Todd Miller2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
PHPX4
phpMyAdmin4
SonicWALL AntiSpam 2
SonicWALL EMail Security Appliance2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1All Enthusiast Inc Reviewpost Php Pro showproduct.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.006100.00CVE-2004-2175
2Squitosoft Squito Gallery photolist.inc.php memory corruption7.37.3$0-$5k$0-$5kNot definedNot defined 0.028710.00CVE-2005-2258
3PhotoPost PHP Pro showproduct.php sql injection9.89.4$0-$5k$0-$5kNot definedOfficial fix 0.008610.00CVE-2004-0250
4Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System BatchOrder sql injection5.55.4$0-$5k$0-$5kProof-of-ConceptNot defined 0.000480.06CVE-2024-10947
5OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial fixexpected0.924870.21CVE-2016-6210
6BitTorrent uTorrent Bencoding Parser input validation6.46.4$0-$5k$0-$5kNot definedNot defined 0.207260.06CVE-2020-8437
7MDaemon Webmail cross site scripting5.45.3$0-$5k$0-$5kNot definedOfficial fix 0.003400.06CVE-2019-8983
8Synology DiskStation Manager Change Password password recovery7.17.0$0-$5k$0-$5kNot definedOfficial fix 0.002330.06CVE-2018-8916
9Microsoft IIS uncpath cross site scripting5.25.0$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.013870.00CVE-2017-0055
10WordPress Thumbnail input validation7.57.5$5k-$25k$5k-$25kNot definedNot defined 0.292360.00CVE-2018-1000773
11Netgear XR300/R8500/R7000P HTTP POST Request l2tp.cgi stack-based overflow8.88.8$25k-$100k$5k-$25kNot definedNot defined 0.000760.00CVE-2024-51002
12Brokerage Technology Solutions Aero API Endpoint reliance on untrusted inputs in a security decision9.89.5$0-$5k$0-$5kNot definedNot defined 0.002280.04CVE-2024-51561
13mariazevedo88 travels-java-api JWT Secret JwtAuthenticationTokenFilter.java doFilterInternal hard-coded key3.12.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.000960.06CVE-2024-10920
14PSAUX CyberPanel File Manager upload ProcessUtilities.outputExecutioner os command injection9.99.7$0-$5k$0-$5kNot definedOfficial fixexpected0.854500.05CVE-2024-51568
15PhpBB Plus lang_main_album.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009380.07CVE-2007-5100
16VerliAdmin language.php path traversal7.37.1$0-$5k$0-$5kFunctionalUnavailable 0.027970.00CVE-2007-0098
17Pligg CMS load_data_for_groups.php sql injection8.08.0$0-$5k$0-$5kNot definedNot defined 0.000840.00CVE-2022-34956
18GZ Scripts PHP GZ Appointment Scheduling Script load.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.002550.06CVE-2023-3559
19Metinfo language_general.class.php sql injection5.55.5$0-$5k$0-$5kNot definedNot defined 0.004870.14CVE-2022-23335
20PNphpBB file inclusion7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.069820.00CVE-2006-4968

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
179.134.225.32JSOutProx08/13/2021verifiedLow
279.134.225.40JSOutProx05/17/2023verifiedMedium
3XX.XXX.XXX.XXxx-xxx-xxx-xx.xxxxxx.xxx-xxxxxxx.xxxXxxxxxxxx05/31/2023verifiedLow
4XX.XXX.XXX.XXxx-xxx-xxx-xx.xxxxxx.xxx-xxxxxxx.xxxXxxxxxxxx03/29/2023verifiedLow
5XXX.XX.XX.XXXXxxxxxxxx08/18/2021verifiedLow
6XXX.X.XX.XXXxxxxxxxx02/09/2022verifiedLow
7XXX.X.XX.XXXXxxxxxxxx11/16/2021verifiedLow
8XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxx-xxxx.xxxXxxxxxxxx03/07/2022verifiedVery Low

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-XCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (76)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/etc/sudoerspredictiveMedium
2File/filemanager/uploadpredictiveHigh
3File/interlib/order/BatchOrder?cmdACT=admin_order&xsl=adminOrder_OrderList.xslpredictiveHigh
4File/load.phppredictiveMedium
5File/ndmComponents.jspredictiveHigh
6File/see_more_details.phppredictiveHigh
7File/showfile.phppredictiveHigh
8File/uncpath/predictiveMedium
9File/wp-admin/admin-ajax.phppredictiveHigh
10Fileabout.phppredictiveMedium
11Filexxxxx.xxxxxxx.xxxx.xxxpredictiveHigh
12Filexxxxx/xxxx.xxxpredictiveHigh
13Filexxxx.xxx.xxxpredictiveMedium
14Filexxxx_xxxxxxx.xxxpredictiveHigh
15Filexxx.xxxpredictiveLow
16Filexxxxxx.xxxpredictiveMedium
17Filexxxx\xx_xx.xxxpredictiveHigh
18Filexxxxxx.xxxpredictiveMedium
19Filexxxxxx.xxxpredictiveMedium
20Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
21Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
22Filexxxxxxxxxxx/xxxxx.xxxpredictiveHigh
23Filexxxxxxx.xxxpredictiveMedium
24Filexxxxx.xxxpredictiveMedium
25Filexxxx.xxxpredictiveMedium
26Filexxxxxxxx.xxxpredictiveMedium
27Filexxxxxxxx/xxxx_xxxxxxx/xxxx_xxxx_xxxxx.xxxpredictiveHigh
28Filexxxxxxxx_xxxxxxx.xxxxx.xxxpredictiveHigh
29Filexxxxx/xxxxxxxx.xpredictiveHigh
30Filexxxx_xxxx_xxx_xxxxxx.xxxpredictiveHigh
31Filexxx.xxpredictiveLow
32Filexxxxxxxxx.xxx.xxxpredictiveHigh
33Filexxxxxxx.xxxpredictiveMedium
34Filexxxxxxxx.xxxpredictiveMedium
35Filexxxx.xxxpredictiveMedium
36Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
37Filexxxx_xxxxxxxxx.xxxpredictiveHigh
38Filexxxx.xxxpredictiveMedium
39Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
40Filexxxxxxxxxxx.xxxpredictiveHigh
41Filexxxxx/xxxx/xxxx.xxxpredictiveHigh
42Filexxxxxxx-xxxx-xxx-xxxxxx\xxx\xxxx\xxxx\xx\xxxxxx\xxxxxxxxxxxxx\xxxxxxxxxxxxxx\xxxxxxx\xxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
43Filexxxxxx.xxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
44Libraryxxxxxx.xxxpredictiveMedium
45Libraryxxxxxxx/xxxxxx/xxx/xxxxxx_xxxxxx_xxxxx.xxxpredictiveHigh
46ArgumentxxxxxxxxpredictiveMedium
47ArgumentxxxxxxxxxpredictiveMedium
48Argumentxxxx_xxx_xxxxpredictiveHigh
49ArgumentxxxpredictiveLow
50ArgumentxxxxxpredictiveLow
51Argumentxxx_xxpredictiveLow
52Argumentxxxxxxxxx_xxxpredictiveHigh
53Argumentxxxxxx[xxx_xxxx_xxxx]predictiveHigh
54ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
55Argumentxxxxx_xxxxxxxpredictiveHigh
56ArgumentxxxxpredictiveLow
57Argumentxxxxx_xxxx/xxxxxx_xxxx/xxxxx/xxxxxxx_x/xxxxxxxpredictiveHigh
58ArgumentxxxxxxxxpredictiveMedium
59ArgumentxxpredictiveLow
60ArgumentxxxpredictiveLow
61Argumentxxx_xxxpredictiveLow
62ArgumentxxxxpredictiveLow
63Argumentxxxx_xxpredictiveLow
64Argumentxx-xxxxxx-xxxxxx-xxxxpredictiveHigh
65Argumentxxxx_xxxx_xxpredictiveMedium
66ArgumentxxxxxpredictiveLow
67ArgumentxxxxpredictiveLow
68Argumentxxxx_xxxxpredictiveMedium
69ArgumentxxxxxxxxpredictiveMedium
70ArgumentxxxxxxxxxpredictiveMedium
71Argumentxxxxx_xxxx_xxxxpredictiveHigh
72ArgumentxxxxxxxxpredictiveMedium
73ArgumentxxxxxxxxpredictiveMedium
74ArgumentxxxxxxxxxpredictiveMedium
75ArgumentxxxxxxxxpredictiveMedium
76Pattern|xx xx xx|predictiveMedium

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!