Kimsuky Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en467
zh109
es7
fr4
it2

Country

cn328
us85
mn12
gb4
jp3

Actors

Kimsuky425
APT10106
RagnarLocker26
Indexsinas26
APT110

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Product

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
2Rarlab WinRAR Expiration mshtml.dll injection5.65.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2021-35052
3Grafana path traversal6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-43798
4Cisco Secure Access Control System EAP-FAST Authentication Module improper authentication9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2013-3466
5jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2019-7550
6Postfix Admin functions.inc.php sql injection7.37.0$5k-$25k$0-$5kHighOfficial Fix0.05CVE-2014-2655
7ipTIME NAS-I Bulletin Manage unrestricted upload7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-7847
8Fortinet FortiOS SSL VPN Web Portal memory corruption5.95.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2018-13383
9DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.44CVE-2010-0966
10WordPress sql injection8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2017-14723
11WordPress WP_Query class-wp-query.php sql injection8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2017-5611
12Grafana information disclosure5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-19039
13Roundcube webmail sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2013-6172
14Grandstream GAC2500/GXP2200/GVC3202/GXV3275/GXV3240 memory corruption8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2019-10655
15IBM API Connect Web UI cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2018-1430
16Dell EMC Unisphere for VMAX Virtual Appliance XML Parser xml external entity reference8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2018-1183
17Export Users to CSV Plugin injection6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-9466
18Linux Kernel PicoLCD HID Device Driver memory corruption9.38.5$5k-$25k$5k-$25kUnprovenOfficial Fix0.03CVE-2014-3186
19Huawei HiSilicon Telnet Service privileges management9.88.9$5k-$25k$0-$5kProof-of-ConceptNot Defined0.05CVE-2020-24218
20Jelsoft vBulletin lsof inlinemod.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.04CVE-2007-1292

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (35)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
123.106.122.239KimsukyverifiedHigh
227.102.102.70KimsukyverifiedHigh
327.102.107.63KimsukyAppleSeedverifiedHigh
427.102.112.44KimsukyverifiedHigh
527.102.112.58KimsukyverifiedHigh
627.102.114.63KimsukyverifiedHigh
727.102.114.79KimsukyverifiedHigh
8XX.XXX.XXX.XXXxxxxxxXxxxxxxxxverifiedHigh
9XX.XXX.XXX.XXXXxxxxxxverifiedHigh
10XX.XXX.XXX.XXXXxxxxxxverifiedHigh
11XX.XXX.XX.XXXXxxxxxxverifiedHigh
12XX.XXX.XX.XXXxxxxxxverifiedHigh
13XX.XXX.XX.XXXXxxxxxxverifiedHigh
14XX.XXX.XX.XXXXxxxxxxverifiedHigh
15XX.XXX.XX.XXXXxxxxxxverifiedHigh
16XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxx-xxxxxxxx.xxXxxxxxxverifiedHigh
17XX.XX.XXX.XXXXxxxxxxXxxxxxxxxxverifiedHigh
18XX.XX.XXX.XXXXxxxxxxXxxxxxxxxverifiedHigh
19XX.XX.XX.XXXxxxxxxXxxxxxxxxverifiedHigh
20XX.XXX.XXX.XXXXxxxxxxXxxxxxxxxverifiedHigh
21XX.XX.XXX.XXXXxxxxxxverifiedHigh
22XX.XX.XXX.XXXxxxxxxxxx.xxxxx.xxxXxxxxxxverifiedHigh
23XX.XX.XXX.XXXXxxxxxxverifiedHigh
24XX.XXX.XX.XXXXxxxxxxverifiedHigh
25XX.XXX.XX.XXXXxxxxxxverifiedHigh
26XX.XXX.XX.XXXxxxxxxx-xx-xxx-xx.xxxxxxx.xxxXxxxxxxXxxxxxxxxxverifiedHigh
27XXX.XXX.XX.XXXXxxxxxxverifiedHigh
28XXX.XXX.XXX.XXXXxxxxxxXxxxxxxxxxverifiedHigh
29XXX.XX.XXX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxverifiedHigh
30XXX.XXX.XX.XXXxxxxxxverifiedHigh
31XXX.XX.XXX.XXXxxxxxxXxxxxxxxxverifiedHigh
32XXX.XX.XXX.XXXXxxxxxxverifiedHigh
33XXX.XX.XXX.XXXXxxxxxxXxxxxxxxxverifiedHigh
34XXX.XXX.XX.XXXxxxxxxXxxxxxxxxxverifiedHigh
35XXX.XXX.XXX.XXXxxxxxxXxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
3TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
4TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (218)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/.envpredictiveLow
2File/?/admin/snippet/addpredictiveHigh
3File/assets/something/services/AppModule.classpredictiveHigh
4File/bin/falsepredictiveMedium
5File/cgi-bin/webprocpredictiveHigh
6File/editsettingspredictiveHigh
7File/expert_wizard.phppredictiveHigh
8File/forum/away.phppredictiveHigh
9File/images/browserslide.jpgpredictiveHigh
10File/includes/lib/get.phppredictiveHigh
11File/loginpredictiveLow
12File/main?cmd=invalid_browserpredictiveHigh
13File/manager?action=getlogcatpredictiveHigh
14File/mcpredictiveLow
15File/plugins/Dashboard/Controller.phppredictiveHigh
16File/public/plugins/predictiveHigh
17File/rest/jpo/1.0/hierarchyConfigurationpredictiveHigh
18File/SASWebReportStudio/logonAndRender.dopredictiveHigh
19File/scas/admin/predictiveMedium
20File/tlogin.cgipredictiveMedium
21File/tmp/scfgdndfpredictiveHigh
22File/uncpath/predictiveMedium
23File/uploadpredictiveLow
24File/usr/ucb/mailpredictiveHigh
25File/xxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx-xxxxxxxx/xxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxx/xxxxxxxxxxx.xxxpredictiveHigh
26Filexxxxxxx.xxxpredictiveMedium
27Filexxxxxxx.xxxpredictiveMedium
28Filexxx/xxxxxxxxxx_xxxx_xxxxxx.xxxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexxxxx/xxxxx.xxx?xxxxxx=xxx_xxxxpredictiveHigh
31Filexxxx/xxxxxx/xxxxxx_xxxpredictiveHigh
32Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
33Filexxxxxxx/xxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
34Filexxx.xxx/xxx/xxxxxxpredictiveHigh
35Filexxx/xxxxxxxx/xxxxxxpredictiveHigh
36Filexxxxxx/xxxxxxxx.xxxxpredictiveHigh
37Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
38Filexxxx.xpredictiveLow
39Filexxx.xxxpredictiveLow
40Filexxxxx/xxxxxxx.xxxpredictiveHigh
41Filexxxxxx/xxx.xpredictiveMedium
42Filexxxxxx/xxxx.xpredictiveHigh
43Filexxxx.xpredictiveLow
44Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
45Filexxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
46Filexxxx_xxxxx.xxxpredictiveHigh
47Filexxxx_xxxxxxx.xxxpredictiveHigh
48Filexxxxxxxx_xxxx.xxxpredictiveHigh
49Filexxxxx.xxxpredictiveMedium
50Filexxxx.xxxxpredictiveMedium
51Filexxxxx.xxxpredictiveMedium
52Filexxxx_xxxxxxxx.xxxpredictiveHigh
53Filexxxx_xxxxxxxx_xxxxxxxxx.xpredictiveHigh
54Filexxxxxx.xxxpredictiveMedium
55Filexxxx/xxxxxxxxxxxxxxxxpredictiveHigh
56Filexxxxx/xxxx.xxxpredictiveHigh
57Filexx/xx_xxxxx.xpredictiveHigh
58Filexxxxxxxxx.xxx.xxxpredictiveHigh
59Filexxxxxxx.xxxpredictiveMedium
60Filexxxxxxx.xxxpredictiveMedium
61Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
62Filexxx.xxxpredictiveLow
63Filexxxxxxxxx.xxxxpredictiveHigh
64Filexxxx.xxxpredictiveMedium
65Filexxxxx_xxxx.xxxpredictiveHigh
66Filexxxx.xpredictiveLow
67Filexxxx_xxxx.xpredictiveMedium
68Filexx/xxx/xxx-xxxx.xpredictiveHigh
69Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
70Filexxx/xxxxxx.xxxpredictiveHigh
71Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
72Filexxxxxxx/xxxxxxx.xxxpredictiveHigh
73Filexxxxx.xxxpredictiveMedium
74Filexxxxxxxxx.xxxpredictiveHigh
75Filexxxxxxx-xxxxxxxxx>/xxxxxxxxxx/xxx-xxxpredictiveHigh
76Filexxxxxxxxxxxxx.xxxpredictiveHigh
77Filexxx/xxx_xxxxxxxxxx.xpredictiveHigh
78Filexxxxxx.xpredictiveMedium
79Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
80Filexxxxxx/xxxxxx.xpredictiveHigh
81Filexxxxxx/xxxxx.xpredictiveHigh
82Filexxxxxxx.xx.xpredictiveMedium
83Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
84Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveHigh
85Filexxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxxpredictiveHigh
86Filexxxxx.xxxpredictiveMedium
87Filexxxxx.xxxpredictiveMedium
88Filexxxx.xxxpredictiveMedium
89Filexxxxxxxx.xxxpredictiveMedium
90Filexxxxxx.xxxpredictiveMedium
91Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHigh
92Filexxxx/xxxxxx.xxxpredictiveHigh
93Filexxxx/xxxxxx.xxxpredictiveHigh
94Filexxxxxxxx.xxxpredictiveMedium
95Filexxxxxxx_xxxxxx.xxxpredictiveHigh
96Filexxxxx_xxxx.xpredictiveMedium
97Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
98Filexxxxx.xxxpredictiveMedium
99Filexxxxxxxxxx.xxxpredictiveHigh
100Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
101Filexxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
102Filexxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
103Filexxxxxx_xxx_xxxxxx.xxxpredictiveHigh
104Filexxxxx.xxxpredictiveMedium
105Filexxxx-xxxxxx.xpredictiveHigh
106Filexxxxxxx.xxxpredictiveMedium
107Filexxxxxxxx/xxxxx/xxxxxxx.xxxx?xxxxxxxxxx=xxxxxxxxxxxxxxxx/xxxxpredictiveHigh
108Filexxx/xxxx/xxxx/xxx.xxxxxxxx.xxxxxxx/xxxxxxx/xxx/xxxxxx.xxxxpredictiveHigh
109Filexxx/xxx.xxpredictiveMedium
110Filexxx_xxxxxx.xxxpredictiveHigh
111Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
112Filexxxx-xxxxxxxx.xxxpredictiveHigh
113FilexxxxxpredictiveLow
114Filexxxxxx.xxxpredictiveMedium
115Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxxxx_xxxx.xxxpredictiveHigh
116Filexxx.xxxpredictiveLow
117Filexxxx-xxxxxxx-xxxxxx.xxxpredictiveHigh
118Filexxx.xxxpredictiveLow
119Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
120Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
121Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
122Filexx-xxxxx.xxxpredictiveMedium
123File_xx_xxxxxpredictiveMedium
124File_x_/xxxx/_x_/xxx/xxxxxx_xxxxxxxxxxxxxpredictiveHigh
125Library/xxx/xxx/xxxx.xxxpredictiveHigh
126Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxxxxxx.xxxpredictiveHigh
127Libraryxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
128Libraryxxxxxxxxx.xxxpredictiveHigh
129Libraryxxxxxx.xxxpredictiveMedium
130Libraryxxxxxxxx.xxxpredictiveMedium
131Libraryxxxxxxx.xxxpredictiveMedium
132Libraryxxx/xxxxxxxxx.xxxpredictiveHigh
133Libraryxxxxxxx/xxxx/xxxxxxx/xxx/xxxxxxx.xxxpredictiveHigh
134Libraryxxxxxxxx.xxxpredictiveMedium
135Libraryxxxxxx.xxx.xxxxxx.xxxpredictiveHigh
136Libraryxxxxxx.xxxpredictiveMedium
137Libraryxxxxxxxxxxxxx.xxxpredictiveHigh
138Libraryxxxxxxx.xxx.xx.xxxpredictiveHigh
139Libraryxxxxxx.xxxxxxx('xxxxx_xxxx:/xxx/xxxxxx')predictiveHigh
140ArgumentxxxxpredictiveLow
141Argumentxxx_xxxpredictiveLow
142Argumentxxxx_xxpredictiveLow
143ArgumentxxxxxxxxpredictiveMedium
144Argumentxxxxx_xxxxpredictiveMedium
145ArgumentxxxxpredictiveLow
146ArgumentxxxxxpredictiveLow
147Argumentxxx_xxpredictiveLow
148ArgumentxxxxxxxpredictiveLow
149ArgumentxxxxxxxpredictiveLow
150Argumentxxxxxxx_xxx/xxxxxpredictiveHigh
151ArgumentxxxxxxxxxxxxxxpredictiveHigh
152Argumentxxxxxx/xxxxxxxpredictiveHigh
153ArgumentxxxxxxxxxxxxxxxpredictiveHigh
154Argumentxxxx_xxxxxx_xxxxxxxxxpredictiveHigh
155ArgumentxxxxxpredictiveLow
156Argumentxx_xxxxx_xxpredictiveMedium
157ArgumentxxxxxpredictiveLow
158Argumentxxxxxxx xxxxpredictiveMedium
159ArgumentxxxxpredictiveLow
160ArgumentxxxxxxxxpredictiveMedium
161ArgumentxxxxxxxpredictiveLow
162Argumentxx_x~xxpredictiveLow
163ArgumentxxxxpredictiveLow
164ArgumentxxxxpredictiveLow
165ArgumentxxxxxxxxpredictiveMedium
166Argumentxxxx_xxxxxpredictiveMedium
167ArgumentxxpredictiveLow
168ArgumentxxxxxpredictiveLow
169ArgumentxxxxxxpredictiveLow
170ArgumentxxxxpredictiveLow
171ArgumentxxxpredictiveLow
172ArgumentxxxxpredictiveLow
173Argumentxxxxx_xxxxx_xxpredictiveHigh
174ArgumentxxxxxpredictiveLow
175ArgumentxxxxxxxpredictiveLow
176ArgumentxxxxxpredictiveLow
177Argumentxxxxx_xxxxpredictiveMedium
178ArgumentxxxxpredictiveLow
179ArgumentxxxxxxxxpredictiveMedium
180ArgumentxxxxxxxxpredictiveMedium
181ArgumentxxxpredictiveLow
182ArgumentxxxxxxxpredictiveLow
183Argumentxxxx_xxxxxpredictiveMedium
184Argumentxxxxxx_xxxxxx_xxxxpredictiveHigh
185ArgumentxxxxxxxxpredictiveMedium
186ArgumentxxxxxxxxpredictiveMedium
187Argumentxxxx_xxxx_xxxxpredictiveHigh
188Argumentxxxxxx_xxxxxxx_xxxxxxxxx_xxxx/xxxxxx_xxxxxxx_xxxxxxx_xxxxpredictiveHigh
189ArgumentxxxxpredictiveLow
190ArgumentxxxxxxxxxxpredictiveMedium
191ArgumentxxxxpredictiveLow
192Argumentxxxx_xxxxxpredictiveMedium
193ArgumentxxxpredictiveLow
194Argumentxxxx_xxpredictiveLow
195Argumentxxx_xxxxxpredictiveMedium
196ArgumentxxxxxxxxpredictiveMedium
197ArgumentxxxxxxxxxpredictiveMedium
198Argumentxxxxxxxxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
199ArgumentxxxxxxxxpredictiveMedium
200ArgumentxxxxxxxxxxpredictiveMedium
201ArgumentxxxxpredictiveLow
202ArgumentxxxxxxxxpredictiveMedium
203ArgumentxxxpredictiveLow
204ArgumentxxxpredictiveLow
205Argumentxxx_xxx_xxxxxxxxpredictiveHigh
206ArgumentxxpredictiveLow
207Argumentxxxxxxxxxxxx[xxxx]predictiveHigh
208ArgumentxxxxxpredictiveLow
209Argumentxxxx->xxxxxxxpredictiveHigh
210Argumentx-xxxx-xxxxxpredictiveMedium
211Argument_x_xxxxxxxxxxpredictiveHigh
212Argument_xxxxxxxpredictiveMedium
213Input Value%xx%xx%xxxxx%xxxxx=x%xxxxxxxxx=xxxxx(x)%xxpredictiveHigh
214Input Value..predictiveLow
215Input Value/%xxpredictiveLow
216Input Valuex'predictiveLow
217Network PortxxxxpredictiveLow
218Network Portxxx/xxx (xxxx)predictiveHigh

References (6)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!