JSOutProx Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (88)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	62
de	14
fr	6
es	4
pl	2

Country

us	78
fr	4
es	2
gb	2

Actors

Ave Maria	4
AsyncRAT	4
Remcos	4
Nanocore RAT	4
STRRAT	4

Activities

Interest

Timeline

Type

Not Defined	16
Operating System	10
Web Server	6
Programming Language Software	6
Web Browser	4

Vendor

Not Defined	26
Microsoft	10
B&R	4
Todd Miller	2
Interspire	2

Product

Microsoft Windows	8
thttpd	4
B&R GateManager 4260	4
B&R GateManager 9250	4
Todd Miller sudo	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	All Enthusiast Inc Reviewpost Php Pro showproduct.php sql injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00501	CVE-2004-2175
2	PhotoPost PHP Pro showproduct.php sql injection	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00276	CVE-2004-0250
3	Squitosoft Squito Gallery photolist.inc.php memory corruption	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.01371	CVE-2005-2258
4	OpenSSH Authentication Username information disclosure	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.04	0.10737	CVE-2016-6210
5	BitTorrent uTorrent Bencoding Parser input validation	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00867	CVE-2020-8437
6	MDaemon Webmail cross site scripting	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00070	CVE-2019-8983
7	Synology DiskStation Manager Change Password password recovery	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00068	CVE-2018-8916
8	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.04	0.00548	CVE-2017-0055
9	WordPress Thumbnail input validation	7.5	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.03	0.00990	CVE-2018-1000773
10	Google Chrome PDF Remote Code Execution	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.02	0.00134	CVE-2022-1875
11	PHPX news.php cross-site request forgery	4.3	4.1	$0-$5k	Calculating	Proof-of-Concept	Not Defined	0.00	0.00000
12	PHPX auth.inc.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.00357	CVE-2005-3968
13	phpcart phpcart.php input validation	5.3	5.1	$0-$5k	$0-$5k	High	Unavailable	0.00	0.03197	CVE-2005-1398
14	EVOLUCARE ECS Imaging showfile.php os command injection	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Workaround	0.03	0.00371	CVE-2021-3029
15	pollvote pollvote.php code injection	7.3	6.9	$0-$5k	Calculating	Proof-of-Concept	Not Defined	0.03	0.01517	CVE-2005-3775
16	Hassan Consulting Shopping Cart shop.cgi path traversal	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.02149	CVE-2000-0921
17	Ajax Load More Plugin admin-ajax.php sql injection	6.7	6.1	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.08	0.00087	CVE-2021-24140
18	Nextcloud Server getFullPath path traversal	6.6	6.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00083	CVE-2023-25579
19	RoundCube func.inc cross site scripting	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.67612	CVE-2018-19206
20	RoundCube GnuPG MDC Integrity-Protection Warning enigma_driver_gnupg.php information disclosure	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00225	CVE-2018-19205

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	79.134.225.32		JSOutProx	08/13/2021	verified	High
2	79.134.225.40		JSOutProx	05/17/2023	verified	High
3	XX.XXX.XXX.XX	xx-xxx-xxx-xx.xxxxxx.xxx-xxxxxxx.xxx	Xxxxxxxxx	05/31/2023	verified	High
4	XX.XXX.XXX.XX	xx-xxx-xxx-xx.xxxxxx.xxx-xxxxxxx.xxx	Xxxxxxxxx	03/29/2023	verified	High
5	XXX.XX.XX.XXX		Xxxxxxxxx	08/18/2021	verified	High
6	XXX.X.XX.XX		Xxxxxxxxx	02/09/2022	verified	High
7	XXX.X.XX.XXX		Xxxxxxxxx	11/16/2021	verified	High
8	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx.xxxx-xxxx.xxx	Xxxxxxxxx	03/07/2022	verified	High

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CWE-22	Path Traversal	predictive	High
2	T1059	CWE-94	Argument Injection	predictive	High
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	High
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
6	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
9	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
10	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
11	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (49)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/etc/sudoers	predictive	Medium
2	File	/see_more_details.php	predictive	High
3	File	/showfile.php	predictive	High
4	File	/uncpath/	predictive	Medium
5	File	/wp-admin/admin-ajax.php	predictive	High
6	File	admin/news.php	predictive	High
7	File	auth.inc.php	predictive	Medium
8	File	xxx.xxx	predictive	Low
9	File	xxxxxx.xxx	predictive	Medium
10	File	xxxx\xx_xx.xxx	predictive	High
11	File	xxxxxx.xxx	predictive	Medium
12	File	xxxxxxxxxxxxxxxxxx.xxx	predictive	High
13	File	xxxxxxxxxxx/xxxxx.xxx	predictive	High
14	File	xxxxxxx.xxx	predictive	Medium
15	File	xxxxx.xxx	predictive	Medium
16	File	xxxxx/xxxxxxxx.x	predictive	High
17	File	xxx.xx	predictive	Low
18	File	xxxxxxxxx.xxx.xxx	predictive	High
19	File	xxxxxxx.xxx	predictive	Medium
20	File	xxxxxxxx.xxx	predictive	Medium
21	File	xxxx.xxx	predictive	Medium
22	File	xxxxxxx_xxx_xxxxx_xxxxxx.xxxx	predictive	High
23	File	xxxx_xxxxxxxxx.xxx	predictive	High
24	File	xxxx.xxx	predictive	Medium
25	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	High
26	File	xxxxxxxxxxx.xxx	predictive	High
27	File	xxxxx/xxxx/xxxx.xxx	predictive	High
28	File	xxxxxx.xxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxx	predictive	High
29	Library	xxxxxx.xxx	predictive	Medium
30	Library	xxxxxxx/xxxxxx/xxx/xxxxxx_xxxxxx_xxxxx.xxx	predictive	High
31	Argument	xxx	predictive	Low
32	Argument	xxxxx	predictive	Low
33	Argument	xxx_xx	predictive	Low
34	Argument	xxxxx_xxxxxxx	predictive	High
35	Argument	xxxx	predictive	Low
36	Argument	xxxxxxxx	predictive	Medium
37	Argument	xx	predictive	Low
38	Argument	xxx	predictive	Low
39	Argument	xxxx_xx	predictive	Low
40	Argument	xx-xxxxxx-xxxxxx-xxxx	predictive	High
41	Argument	xxxxx	predictive	Low
42	Argument	xxxx	predictive	Low
43	Argument	xxxxxxxx	predictive	Medium
44	Argument	xxxxxxxxx	predictive	Medium
45	Argument	xxxxxxxx	predictive	Medium
46	Argument	xxxxxxxx	predictive	Medium
47	Argument	xxxxxxxxx	predictive	Medium
48	Argument	xxxxxxxx	predictive	Medium
49	Pattern	\|xx xx xx\|	predictive	Medium

References (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Might our Artificial Intelligence support you?

Check our Alexa App!