KingMiner Analysis

IOB - Indicator of Behavior (320)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en212
de102
pl4
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us296
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

FreeBSD4
Devilz Clanportal2
Macromedia ColdFusion Fusebox2
Jadu Limited Jadu CMS2
Apple Mac OS X Server2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.95CVE-2010-0966
3TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.0107510.00CVE-2006-6168
4FreeBSD FPU x87 Register information disclosure4.03.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.00
5Russcom Network Loginphp register.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.006770.04CVE-2006-2160
6Jelsoft vBulletin register.php denial of service7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.015620.00CVE-2006-4272
7CONTROLzx HMS register_domain.php cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
8Ultimate PHP Board register.php unknown vulnerability5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003170.00CVE-2006-3206
9SloughFlash SF-Users register.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.005870.04CVE-2006-2167
10Linux Kernel FXSAVE x87 Register cryptographic issues4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001010.05CVE-2006-1056
11X7 Group X7 Chat register.php cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.006150.00CVE-2006-2282
12Kailash Nadh boastMachine Admin Interface register.php cross site scripting4.33.8$0-$5k$0-$5kProof-of-ConceptUnavailable0.008070.00CVE-2006-3826
13GeoClassifieds Enterprise register.php cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
14PhotoPost PHP register.php privileges management5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
15Tritanium Bulletin Board register.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.006770.00CVE-2006-1815
16Free File Hosting register.php privileges management5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04
17Wired Community Software WWWThreads register.php sql injection6.56.2$0-$5k$0-$5kProof-of-ConceptUnavailable0.004710.00CVE-2006-1958
18aWebBB register.php cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.026760.00CVE-2006-1612
19TheWebForum register.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.588490.00CVE-2006-0134
20Jadu Limited Jadu CMS register.php cross site scripting5.45.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.006770.00CVE-2006-2305

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
195.179.131.5495.179.131.54.vultr.comKingMiner05/31/2021verifiedMedium
2107.154.161.209107.154.161.209.ip.incapdns.netKingMiner05/31/2021verifiedHigh
3XXX.XXX.XX.XXXXxxxxxxxx05/31/2021verifiedHigh
4XXX.XX.XX.XXXXxxxxxxxx05/31/2021verifiedHigh
5XXX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
6XXX.XXX.XXX.XXXXxxxxxxxx05/31/2021verifiedHigh
7XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxx.xxxXxxxxxxxx05/31/2021verifiedMedium

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (57)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/config/uploadicon.phppredictiveHigh
2File/api/adduserspredictiveHigh
3File/inquiries/view_inquiry.phppredictiveHigh
4File/uncpath/predictiveMedium
5Fileapply.cgipredictiveMedium
6Filebooking.phppredictiveMedium
7Filebrowse-category.phppredictiveHigh
8Filedata/gbconfiguration.datpredictiveHigh
9Fileeditprofile.phppredictiveHigh
10Filexxxxx.xxxpredictiveMedium
11Filexxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxx.xxxpredictiveMedium
13Filexxx/xxxxxx.xxxpredictiveHigh
14Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
15Filexxxxx.xxxpredictiveMedium
16Filexxxxx.xxxpredictiveMedium
17Filexxxxx.xxxpredictiveMedium
18Filexxxxxxx.xxxpredictiveMedium
19Filexxxx_xxxxxxx.xxxpredictiveHigh
20Filexxxxx_xxx.xxxpredictiveHigh
21Filexxxxxxxx.xxxxpredictiveHigh
22Filexxxxxxxx.xxxpredictiveMedium
23Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
24Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
25Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
26Filexxxxx.xxxpredictiveMedium
27Filexxxx-xxxxxxxx.xxxpredictiveHigh
28Filexxxxx_xxxxxx.xxxpredictiveHigh
29Filexxxx.xxpredictiveLow
30Argumentxx_xxxx_xxxxpredictiveMedium
31ArgumentxxxxxxxxxpredictiveMedium
32ArgumentxxxxxxpredictiveLow
33ArgumentxxxxxxxxpredictiveMedium
34ArgumentxxxpredictiveLow
35Argumentx[xxxxx]predictiveMedium
36ArgumentxxxxxxxxpredictiveMedium
37Argumentxxxxxxx=xxxxxxxxpredictiveHigh
38ArgumentxxxxpredictiveLow
39ArgumentxxxxxxxxpredictiveMedium
40ArgumentxxxxxxxxxxpredictiveMedium
41ArgumentxxpredictiveLow
42Argumentxxxxxxx_xxxxpredictiveMedium
43ArgumentxxxxxxxxpredictiveMedium
44ArgumentxxxxxpredictiveLow
45Argumentxxxx_xxxxxpredictiveMedium
46Argumentxxxxxxx_xxxpredictiveMedium
47Argumentxx_xxxxpredictiveLow
48ArgumentxxxxxxpredictiveLow
49ArgumentxxxpredictiveLow
50ArgumentxxxpredictiveLow
51ArgumentxxxxxxpredictiveLow
52ArgumentxxxxxxxpredictiveLow
53ArgumentxxxxxpredictiveLow
54ArgumentxxxxxpredictiveLow
55ArgumentxxxxxxxxpredictiveMedium
56ArgumentxxxpredictiveLow
57Pattern|xx|predictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!