KHRAT Analysisinfo

IOB - Indicator of Behavior (231)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en164
ru48
zh14
sv2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress6
Jitsi Meet4
Microsoft Windows4
phpMyAdmin4
Esri ArcGIS Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.038280.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.028200.19CVE-2010-0966
3Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.006300.07CVE-2022-27228
4jQuery html cross site scripting5.95.8$0-$5k$0-$5kHighOfficial Fix0.381510.02CVE-2020-11023
5Znuny AJAX Request sql injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-32493
6ILIAS Cloze Test Text gap Persistent cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001350.00CVE-2019-1010237
7Harbor improper authentication6.96.8$0-$5k$0-$5kNot DefinedNot Defined0.064190.06CVE-2022-46463
8Jitsi Meet hard-coded credentials8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.002790.00CVE-2020-11878
9nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002410.32CVE-2020-12440
10WordPress Pingback server-side request forgery5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.002640.02CVE-2022-3590
11Bitrix24 ajax.php server-side request forgery8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.012220.00CVE-2020-13484
12Fortinet FortiOS/FortiProxy Administrative Interface authentication bypass9.89.7$25k-$100k$0-$5kHighOfficial Fix0.972430.04CVE-2022-40684
13Apache Tomcat HTTP Digest Authentication Implementation improper authentication8.27.1$5k-$25k$0-$5kUnprovenOfficial Fix0.004030.00CVE-2012-5887
14TEM FLEX-1080/FLEX-1085 Log log.cgi information disclosure5.34.7$0-$5k$0-$5kProof-of-ConceptWorkaround0.001410.07CVE-2022-1077
15F5 BIG-IP iControl REST Authentication bash missing authentication9.89.6$5k-$25k$0-$5kHighOfficial Fix0.465820.02CVE-2022-1388
16Vmware Workspace ONE Access/Identity Manager Template injection9.89.4$5k-$25k$0-$5kHighOfficial Fix0.974830.02CVE-2022-22954
17Apache Groovy MethodClosure.java MethodClosure injection8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.060450.00CVE-2015-3253
18LightCMS External Image NEditorController.php Privilege Escalation8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.007690.00CVE-2021-27112
19phpPgAds adclick.php5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002440.04CVE-2005-3791
20E-topbiz Viral DX 1 adclick.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.001340.07CVE-2008-2867

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Cambodia Attacks

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1194.87.94.61ptr.ruvds.comKHRATCambodia Attacks08/31/2021verifiedLow

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (107)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/login.phppredictiveHigh
2File/app/Http/Controllers/Admin/NEditorController.phppredictiveHigh
3File/mgmt/tm/util/bashpredictiveHigh
4File/mifs/c/i/reg/reg.htmlpredictiveHigh
5File/secure/ViewCollectorspredictiveHigh
6File/SessionpredictiveMedium
7File/usr/bin/pkexecpredictiveHigh
8File/xAdmin/html/cm_doclist_view_uc.jsppredictiveHigh
9Fileadclick.phppredictiveMedium
10Fileadd_comment.phppredictiveHigh
11Fileadmin/content.phppredictiveHigh
12Filecgi-bin/awstats.plpredictiveHigh
13Filexxxxxxxx.xxxpredictiveMedium
14Filexxxxxx.xxxpredictiveMedium
15Filexxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
16Filex_xxxxxxpredictiveMedium
17Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxxxx_xxxxx.xxxpredictiveHigh
19Filexxxxx.xxxpredictiveMedium
20Filexxxx_xxxxxxxx.xxxpredictiveHigh
21Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
22Filexxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
23Filexxxxxxxxxxx.xpredictiveHigh
24Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
25Filexxxxxxxxx.xxxpredictiveHigh
26Filexxx/xxxxxx.xxxpredictiveHigh
27Filexxxxx.xxxpredictiveMedium
28Filexxxxx.xxx/xxxxxxx/xxxxxpredictiveHigh
29Filexxxxx.xxpredictiveMedium
30Filexxxxxxx.xxxpredictiveMedium
31Filexxxx.xxxpredictiveMedium
32Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveHigh
33Filexxx.xxxpredictiveLow
34Filexxxxx-xxxx-xxxx.xxxpredictiveHigh
35Filexxx_xxxxx_xxxx.xpredictiveHigh
36Filexxxxxxx.xxxpredictiveMedium
37Filexxxxxxx_xxxxxxx_xxxx.xxxpredictiveHigh
38Filexxx_xxxxxx.xxxxpredictiveHigh
39Filexxxxxxxx.xxxpredictiveMedium
40Filexxxxxxxx.xxxpredictiveMedium
41Filexxxxxxx.xxxpredictiveMedium
42Filexxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
43Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
44Filexxxxxx.xxpredictiveMedium
45Filexxxxxx_xxxxxxx.xxxpredictiveHigh
46Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictiveHigh
47Filexxxx.xxxpredictiveMedium
48Filexxxx.xxpredictiveLow
49Filexxxxxxxx_xxxx.xxxpredictiveHigh
50Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
51Filexxxxx.xxxpredictiveMedium
52Filexxxxxxxx.xxxxx.xxxpredictiveHigh
53Filexxxxx.xpredictiveLow
54Filexxx-xxx/predictiveMedium
55Filexxxxxxx/xxx/xxxxxxxpredictiveHigh
56Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxxxxxpredictiveHigh
57Filexx-xxxx.xxxpredictiveMedium
58Filexx-xxxxxxxxx.xxxpredictiveHigh
59Argument*xxxxpredictiveLow
60ArgumentxxpredictiveLow
61ArgumentxxxxxxxxxxxxpredictiveMedium
62ArgumentxxxxxxpredictiveLow
63ArgumentxxxxxxxxpredictiveMedium
64ArgumentxxxxxxxxpredictiveMedium
65ArgumentxxxxxxxxpredictiveMedium
66Argumentxxx_xxpredictiveLow
67Argumentxxxxxx_xxpredictiveMedium
68ArgumentxxxxxxpredictiveLow
69Argumentxxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxxpredictiveHigh
70ArgumentxxxxpredictiveLow
71ArgumentxxxpredictiveLow
72ArgumentxxxxxxxxxxpredictiveMedium
73ArgumentxxxxxxxpredictiveLow
74Argumentxx_xxxx/xxxxx/xxxpredictiveHigh
75Argumentxxxxxxxxx->xxxxxxxxxpredictiveHigh
76ArgumentxxxxpredictiveLow
77ArgumentxxxxxxxxpredictiveMedium
78Argumentxxxxxx_xxxxx_xxxpredictiveHigh
79ArgumentxxxxpredictiveLow
80Argumentxxxx_xxxxxpredictiveMedium
81ArgumentxxpredictiveLow
82ArgumentxxpredictiveLow
83ArgumentxxxxxxpredictiveLow
84ArgumentxxxxxxxpredictiveLow
85Argumentxxxxxxx/xxxxxxxxxpredictiveHigh
86ArgumentxxxxpredictiveLow
87Argumentxx_xxx_xxxpredictiveMedium
88ArgumentxxxxxxxxxxxxxxxxxxxpredictiveHigh
89ArgumentxxxxxxxxxpredictiveMedium
90Argumentxxxxxxxx_xxpredictiveMedium
91Argumentxxxxxxx xxxxxpredictiveHigh
92ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
93ArgumentxxxxxxpredictiveLow
94ArgumentxxxxxxpredictiveLow
95Argumentxxxxxx_xxxpredictiveMedium
96ArgumentxxxxxxpredictiveLow
97Argumentxx_xxpredictiveLow
98Argumentxxxxxxxxxxx/xxxxxxxxxxxpredictiveHigh
99ArgumentxxxxxpredictiveLow
100ArgumentxxpredictiveLow
101ArgumentxxxxxxpredictiveLow
102Argument_xxxxxx[xxxxxxxx_xxxx]predictiveHigh
103Input Value/xxxxxx/..%xxpredictiveHigh
104Input Valuexxxxx"][xxxxxx]xxxxx('xxx')[/xxxxxx]predictiveHigh
105Pattern__xxxxxxxxx=predictiveMedium
106Network PortxxxxpredictiveLow
107Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!