KHRAT Analysis

IOB - Indicator of Behavior (150)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en114
ru22
zh12
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us62
ru52
cn20
gb14
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

PHP4
nginx2
Mail Server2
Cisco Jabber2
underscore2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.640.04187CVE-2010-0966
3Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.110.01156CVE-2022-27228
4WordPress Pingback server-side request forgery5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.780.00885CVE-2022-3590
5Bitrix24 server-side request forgery8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.050.00885CVE-2020-13484
6Fortinet FortiOS/FortiProxy Administrative Interface authentication bypass9.89.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.060.89292CVE-2022-40684
7Apache Tomcat HTTP Digest Authentication Implementation improper authentication8.27.1$5k-$25k$0-$5kUnprovenOfficial Fix0.030.07344CVE-2012-5887
8TEM FLEX-1080/FLEX-1085 Log log.cgi information disclosure5.34.7$0-$5k$0-$5kProof-of-ConceptWorkaround0.110.09029CVE-2022-1077
9F5 BIG-IP iControl REST Authentication bash missing authentication9.89.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.060.91244CVE-2022-1388
10Vmware Workspace ONE Access/Identity Manager Template injection9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.210.93243CVE-2022-22954
11Apache Groovy MethodClosure.java MethodClosure injection8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.020.07978CVE-2015-3253
12LightCMS External Image NEditorController.php Privilege Escalation8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.020.01156CVE-2021-27112
13phpPgAds adclick.php unknown vulnerability5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.130.01055CVE-2005-3791
14E-topbiz Viral DX 1 adclick.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.000.00986CVE-2008-2867
15Huawei Toronto-TL10 information disclosure4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2018-7907
16phpMyAdmin common.inc.php substr credentials management8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00954CVE-2017-18264
17Ember.js Handlebars Variable cross site scripting4.44.3$0-$5kCalculatingNot DefinedOfficial Fix0.000.01055CVE-2014-0013
18PHP denial of service3.73.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00000
19jQuery-UI Datepicker Widget cross site scripting5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.040.02686CVE-2021-41183
20underscore Template Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.060.01791CVE-2021-23358

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Cambodia Attacks

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
1194.87.94.61ptr.ruvds.comKHRATCambodia AttacksverifiedHigh

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (83)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/app/Http/Controllers/Admin/NEditorController.phppredictiveHigh
2File/mgmt/tm/util/bashpredictiveHigh
3File/mifs/c/i/reg/reg.htmlpredictiveHigh
4File/secure/ViewCollectorspredictiveHigh
5File/xAdmin/html/cm_doclist_view_uc.jsppredictiveHigh
6Fileadclick.phppredictiveMedium
7Fileadd_comment.phppredictiveHigh
8Filecgi-bin/awstats.plpredictiveHigh
9Filecheckout.cfmpredictiveMedium
10FileConfig/SaveUploadedHotspotLogoFilepredictiveHigh
11Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxx_xxxxx.xxxpredictiveHigh
13Filexxxxx.xxxpredictiveMedium
14Filexxxx_xxxxxxxx.xxxpredictiveHigh
15Filexxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
16Filexxxxxxxxxxx.xpredictiveHigh
17Filexxxxxxxxx.xxxpredictiveHigh
18Filexxx/xxxxxx.xxxpredictiveHigh
19Filexxxxx.xxxpredictiveMedium
20Filexxxxx.xxx/xxxxxxx/xxxxxpredictiveHigh
21Filexxxxx.xxpredictiveMedium
22Filexxxxxxx.xxxpredictiveMedium
23Filexxxx.xxxpredictiveMedium
24Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveHigh
25Filexxx.xxxpredictiveLow
26Filexxx_xxxxx_xxxx.xpredictiveHigh
27Filexxxxxxx_xxxxxxx_xxxx.xxxpredictiveHigh
28Filexxx_xxxxxx.xxxxpredictiveHigh
29Filexxxxxxxx.xxxpredictiveMedium
30Filexxxxxxxx.xxxpredictiveMedium
31Filexxxxxxx.xxxpredictiveMedium
32Filexxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
33Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
34Filexxxxxx.xxpredictiveMedium
35Filexxxxxx_xxxxxxx.xxxpredictiveHigh
36Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictiveHigh
37Filexxxx.xxxpredictiveMedium
38Filexxxx.xxpredictiveLow
39Filexxxxxxxx_xxxx.xxxpredictiveHigh
40Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
41Filexxxxx.xxxpredictiveMedium
42Filexxxxxxxx.xxxxx.xxxpredictiveHigh
43Filexxxxx.xpredictiveLow
44Filexxx-xxx/predictiveMedium
45Filexx-xxxxxxxxx.xxxpredictiveHigh
46Argument*xxxxpredictiveLow
47ArgumentxxpredictiveLow
48ArgumentxxxxxxpredictiveLow
49ArgumentxxxxxxxxpredictiveMedium
50ArgumentxxxxxxxxpredictiveMedium
51Argumentxxx_xxpredictiveLow
52ArgumentxxxxxxpredictiveLow
53Argumentxxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxxpredictiveHigh
54ArgumentxxxxpredictiveLow
55ArgumentxxxpredictiveLow
56ArgumentxxxxxxxxxxpredictiveMedium
57ArgumentxxxxxxxpredictiveLow
58Argumentxx_xxxx/xxxxx/xxxpredictiveHigh
59Argumentxxxxxxxxx->xxxxxxxxxpredictiveHigh
60ArgumentxxxxpredictiveLow
61ArgumentxxxxxxxxpredictiveMedium
62Argumentxxxxxx_xxxxx_xxxpredictiveHigh
63ArgumentxxxxpredictiveLow
64Argumentxxxx_xxxxxpredictiveMedium
65ArgumentxxpredictiveLow
66ArgumentxxxxxxpredictiveLow
67ArgumentxxxxxxxpredictiveLow
68Argumentxxxxxxx/xxxxxxxxxpredictiveHigh
69ArgumentxxxxpredictiveLow
70ArgumentxxxxxxxxxpredictiveMedium
71Argumentxxxxxxxx_xxpredictiveMedium
72ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
73ArgumentxxxxxxpredictiveLow
74ArgumentxxxxxxpredictiveLow
75Argumentxx_xxpredictiveLow
76ArgumentxxxxxpredictiveLow
77ArgumentxxpredictiveLow
78ArgumentxxxxxxpredictiveLow
79Argument_xxxxxx[xxxxxxxx_xxxx]predictiveHigh
80Input Value/xxxxxx/..%xxpredictiveHigh
81Input Valuexxxxx"][xxxxxx]xxxxx('xxx')[/xxxxxx]predictiveHigh
82Network PortxxxxpredictiveLow
83Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!