KingMiner Analysis

IOB - Indicator of Behavior (306)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en220
de82
pl4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us292

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft IIS4
Apple Mac OS X Server4
MGB OpenSource Guestbook2
Jadu Limited Jadu CMS2
CONTROLzx HMS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.870.04187CVE-2010-0966
3TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.900.01136CVE-2006-6168
4FreeBSD FPU x87 Register information disclosure4.03.8$0-$5kCalculatingNot DefinedOfficial Fix0.050.00000
5Russcom Network Loginphp register.php cross site scripting4.34.1$0-$5kCalculatingProof-of-ConceptUnavailable0.000.01213CVE-2006-2160
6Jelsoft vBulletin register.php denial of service7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.010.01136CVE-2006-4272
7CONTROLzx HMS register_domain.php cross site scripting3.53.3$0-$5kCalculatingProof-of-ConceptNot Defined0.010.00000
8Ultimate PHP Board register.php unknown vulnerability5.35.3$0-$5kCalculatingNot DefinedNot Defined0.010.01055CVE-2006-3206
9SloughFlash SF-Users register.php cross site scripting4.34.1$0-$5kCalculatingProof-of-ConceptNot Defined0.030.01319CVE-2006-2167
10Linux Kernel FXSAVE x87 Register cryptographic issues4.33.9$5k-$25kCalculatingProof-of-ConceptOfficial Fix0.060.01547CVE-2006-1056
11X7 Group X7 Chat register.php cross site scripting4.33.9$0-$5kCalculatingProof-of-ConceptOfficial Fix0.030.01319CVE-2006-2282
12Kailash Nadh boastMachine Admin Interface register.php cross site scripting4.33.8$0-$5kCalculatingProof-of-ConceptUnavailable0.020.01319CVE-2006-3826
13GeoClassifieds Enterprise register.php cross site scripting3.53.3$0-$5kCalculatingProof-of-ConceptNot Defined0.010.00000
14PhotoPost PHP register.php privileges management5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00000
15Tritanium Bulletin Board register.php cross site scripting4.34.1$0-$5kCalculatingProof-of-ConceptNot Defined0.030.01213CVE-2006-1815
16Free File Hosting register.php privileges management5.35.3$0-$5kCalculatingNot DefinedNot Defined0.010.00000
17Wired Community Software WWWThreads register.php sql injection6.56.2$0-$5kCalculatingProof-of-ConceptUnavailable0.060.01319CVE-2006-1958
18aWebBB register.php cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.01319CVE-2006-1612
19TheWebForum register.php cross site scripting4.34.2$0-$5kCalculatingHighUnavailable0.020.01776CVE-2006-0134
20Jadu Limited Jadu CMS register.php cross site scripting5.45.1$0-$5kCalculatingProof-of-ConceptNot Defined0.030.01213CVE-2006-2305

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
195.179.131.5495.179.131.54.vultr.comKingMinerverifiedMedium
2107.154.161.209107.154.161.209.ip.incapdns.netKingMinerverifiedHigh
3XXX.XXX.XX.XXXXxxxxxxxxverifiedHigh
4XXX.XX.XX.XXXXxxxxxxxxverifiedHigh
5XXX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
6XXX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
7XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxx.xxxXxxxxxxxxverifiedMedium

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (40)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/adduserspredictiveHigh
2File/uncpath/predictiveMedium
3Fileapply.cgipredictiveMedium
4Filedata/gbconfiguration.datpredictiveHigh
5Fileeditprofile.phppredictiveHigh
6Fileemail.phppredictiveMedium
7Fileinc/config.phppredictiveHigh
8Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
9Filexxxxx.xxxpredictiveMedium
10Filexxxx_xxxxxxx.xxxpredictiveHigh
11Filexxxxxxxx.xxxxpredictiveHigh
12Filexxxxxxxx.xxxpredictiveMedium
13Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
14Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
15Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
16Filexxxxx.xxxpredictiveMedium
17Filexxxx-xxxxxxxx.xxxpredictiveHigh
18Filexxxxx_xxxxxx.xxxpredictiveHigh
19Filexxxx.xxpredictiveLow
20Argumentxx_xxxx_xxxxpredictiveMedium
21ArgumentxxxxxxxxxpredictiveMedium
22ArgumentxxxxxxpredictiveLow
23ArgumentxxxxxxxxpredictiveMedium
24Argumentx[xxxxx]predictiveMedium
25ArgumentxxxxxxxxpredictiveMedium
26Argumentxxxxxxx=xxxxxxxxpredictiveHigh
27ArgumentxxxxpredictiveLow
28ArgumentxxpredictiveLow
29Argumentxxxxxxx_xxxxpredictiveMedium
30ArgumentxxxxxxxxpredictiveMedium
31ArgumentxxxxxpredictiveLow
32Argumentxxxx_xxxxxpredictiveMedium
33Argumentxxxxxxx_xxxpredictiveMedium
34Argumentxx_xxxxpredictiveLow
35ArgumentxxxxxxpredictiveLow
36ArgumentxxxxxpredictiveLow
37ArgumentxxxxxpredictiveLow
38ArgumentxxxxxxxxpredictiveMedium
39ArgumentxxxpredictiveLow
40Pattern|xx|predictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!