Korea Unknown Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (109)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en84
zh14
pl4
ru2
pt2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA34
CN: China26
AR: Argentina8
TH: Thailand4
PL: Poland4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Stealc2
RedLine Stealer2
MooBot2
Remcos2
DCRat1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined44
Content Management System14
Photo Gallery Software2
Survey Software2
Forum Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined32
Intel2
FastStone2
Squitosoft2
bradvin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress6
Redis4
Web Based Quiz System2
Human Resource Management System2
Intel NUC2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked:

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.028200.15CVE-2010-0966
2Linux Kernel IPv4 fib_semantics.c fib_nh_match out-of-bounds4.34.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001620.05CVE-2022-3435
3WordPress sql injection8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.008610.01CVE-2017-14723
4vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.002330.02CVE-2018-6200
5FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.002910.11CVE-2008-5928
6Ignition Automation Ignition JavaSerializationCodec deserialization9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.001260.04CVE-2023-39476
7SourceCodester Web-Based Student Clearance System add-student.php prepare cross site scripting4.14.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000680.03CVE-2022-3434
8Human Resource Management System Authentication Error Message cross site scripting4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000610.00CVE-2022-45218
9Lexmark Universal Print Driver access control8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001500.00CVE-2021-35449
10Microsoft Outlook memory corruption7.77.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.056720.06CVE-2020-16947
11Microsoft Windows Kernel privileges management6.66.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.000670.00CVE-2020-1034
12Microsoft IIS uncpath cross site scripting5.25.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.311380.04CVE-2017-0055
13Infopop Ultimate Bulletin Board privileges management9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.028760.02CVE-2000-0141
14University College London SDR SIP Message privileges management7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.004880.00CVE-1999-0938
15bradvin Best WordPress Gallery Plugin foogallery_attachment_modal_save cross site scripting5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000570.00CVE-2024-2081
16WordPress XML-RPC API data processing8.68.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.010530.03CVE-2017-9062
17WordPress WP_Query sql injection6.36.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.887930.04CVE-2022-21661
18WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.002830.00CVE-2017-5611
19WordPress wpdb->prepare sql injection8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.005860.02CVE-2017-16510
20Mambo sitemap sitemap.xml.php code injection8.17.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.056350.00CVE-2006-3749

IOC - Indicator of Compromise (56)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
120.197.35.16Korea Unknown11/13/2024verifiedVery High
243.133.227.69Korea Unknown09/04/2024verifiedVery High
343.153.68.27Korea Unknown09/05/2024verifiedVery High
445.200.148.139Korea Unknown11/13/2024verifiedVery High
547.236.146.107Korea Unknown11/13/2024verifiedVery High
647.237.128.104Korea Unknown11/13/2024verifiedVery High
750.127.177.194static-50-127-177-194.chtn.wv.frontiernet.netKorea Unknown11/13/2024verifiedVery High
852.142.229.204Korea Unknown11/13/2024verifiedVery High
957.73.214.0Korea Unknown01/08/2025verifiedHigh
1058.211.191.14Korea Unknown11/13/2024verifiedVery High
1161.7.241.146Korea Unknown09/10/2024verifiedVery High
1262.36.40.104mail1.prevecam.esKorea Unknown11/13/2024verifiedVery High
13XX.XX.XXX.XXXXxxxx Xxxxxxx09/10/2024verifiedVery High
14XX.XX.XX.XXXxxxx Xxxxxxx09/04/2024verifiedVery High
15XX.XXX.XXX.XXXxxxx-xx-xxx-xxx-xxx.xxxx.xxxxx.xxxxxxxx.xxXxxxx Xxxxxxx11/13/2024verifiedVery High
16XXX.X.XXX.XXXxxxx Xxxxxxx09/06/2024verifiedVery High
17XXX.XXX.XXX.XXXXxxxx Xxxxxxx11/13/2024verifiedVery High
18XXX.XXX.X.XXXxxxx Xxxxxxx09/05/2024verifiedVery High
19XXX.XX.XX.XXXxxxx Xxxxxxx11/13/2024verifiedVery High
20XXX.XXX.XXX.XXXXxxxx Xxxxxxx09/06/2024verifiedVery High
21XXX.XXX.XXX.XXXXxxxx Xxxxxxx09/04/2024verifiedVery High
22XXX.XXX.XXX.XXXxxxx-xx-xxxxxx-xxx.xxx.xxx.xxx.xxxxxxxxxxxxxxx.xxXxxxx Xxxxxxx11/13/2024verifiedVery High
23XXX.XXX.XX.XXXxxxxxxx.xxxxxx.xxx.xxxXxxxx Xxxxxxx11/13/2024verifiedVery High
24XXX.XXX.XXX.XXXXxxxx Xxxxxxx09/10/2024verifiedVery High
25XXX.XX.XXX.XXXxxxx Xxxxxxx09/11/2024verifiedVery High
26XXX.XXX.XX.XXXXxxxx Xxxxxxx09/04/2024verifiedVery High
27XXX.XXX.XXX.XXXxxxx Xxxxxxx11/13/2024verifiedVery High
28XXX.XX.XXX.XXxxxx Xxxxxxx01/08/2025verifiedHigh
29XXX.XXX.XXX.XXXXxxxx Xxxxxxx09/11/2024verifiedVery High
30XXX.XXX.XX.XXXXxxxx Xxxxxxx09/11/2024verifiedVery High
31XXX.XXX.XXX.XXXxxxx Xxxxxxx09/05/2024verifiedVery High
32XXX.XXX.XXX.XXXxxxxxxx.xxx-xxx-xxx.xxxxxx.xxx.xxXxxxx Xxxxxxx09/06/2024verifiedVery High
33XXX.XXX.XXX.Xx.xxx.xxx.xxx.xxxx.xxxxxxxxxxxx.xxxXxxxx Xxxxxxx11/13/2024verifiedVery High
34XXX.XXX.XX.XXXxxxxxxxxx.xxxxx.xxxxxXxxxx Xxxxxxx09/11/2024verifiedHigh
35XXX.XX.XXX.XXXXxxxx Xxxxxxx09/05/2024verifiedVery High
36XXX.XXX.XXX.XXXXxxxx Xxxxxxx06/17/2024verifiedVery High
37XXX.XXX.XXX.XXXXxxxx Xxxxxxx06/17/2024verifiedVery High
38XXX.XXX.XXX.XXXXxxxx Xxxxxxx06/17/2024verifiedVery High
39XXX.XXX.XXX.XXXXxxxx Xxxxxxx06/17/2024verifiedVery High
40XXX.XXX.XXX.XXXXxxxx Xxxxxxx06/17/2024verifiedVery High
41XXX.XXX.XXX.XXXXxxxx Xxxxxxx06/17/2024verifiedVery High
42XXX.XXX.XXX.XXXXxxxx Xxxxxxx06/17/2024verifiedVery High
43XXX.XXX.XXX.XXXXxxxx Xxxxxxx06/17/2024verifiedVery High
44XXX.XXX.XXX.XXXXxxxx Xxxxxxx06/17/2024verifiedVery High
45XXX.XXX.XXX.XXXXxxxx Xxxxxxx06/17/2024verifiedVery High
46XXX.XXX.XXX.XXXXxxxx Xxxxxxx06/17/2024verifiedVery High
47XXX.XXX.XXX.XXXXxxxx Xxxxxxx06/17/2024verifiedVery High
48XXX.XXX.XXX.XXXXxxxx Xxxxxxx06/17/2024verifiedVery High
49XXX.XXX.XXX.XXXXxxxx Xxxxxxx06/17/2024verifiedVery High
50XXX.XXX.XXX.XXXXxxxx Xxxxxxx06/17/2024verifiedVery High
51XXX.XXX.XXX.XXXXxxxx Xxxxxxx06/17/2024verifiedVery High
52XXX.XXX.XXX.XXXXxxxx Xxxxxxx06/17/2024verifiedVery High
53XXX.XXX.XXX.XXXXxxxx Xxxxxxx06/17/2024verifiedVery High
54XXX.XXX.XXX.XXXXxxxx Xxxxxxx06/17/2024verifiedVery High
55XXX.XXX.XXX.XXXXxxxx Xxxxxxx06/17/2024verifiedVery High
56XXX.XXX.XXX.XXXXxxxx Xxxxxxx06/17/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (83)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/Admin/add-student.phppredictiveHigh
2File/admin/index.phppredictiveHigh
3File/admin/subject.phppredictiveHigh
4File/cart.phppredictiveMedium
5File/picturesPreviewpredictiveHigh
6File/sysmanage/licence.phppredictiveHigh
7File/uncpath/predictiveMedium
8Fileadmin.cropcanvas.phppredictiveHigh
9Fileadmin_class.phppredictiveHigh
10Filease.phppredictiveLow
11Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexx.xxxpredictiveLow
13Filexxxxx.xpredictiveLow
14Filexxxxxxx.xxxpredictiveMedium
15Filexxxx.xxxpredictiveMedium
16Filexxxxxx.xxxpredictiveMedium
17Filexxxxxx_xxxx/xxxxxx/xxxx-xxxxxxxxx/xx/xxxxxxxxxx.xxpredictiveHigh
18Filexxxxxxx/xxx/xxxxxxxx/xxxxxxxxx/xxx/xxxxxxx/xxx_xxxxxxx.xpredictiveHigh
19Filexxxx.xxxpredictiveMedium
20Filexxxxxxxx.xxxpredictiveMedium
21Filexxxxxxxx.xxxpredictiveMedium
22Filexxx/xxxxxx.xxxpredictiveHigh
23Filexxxxxxx.xxxpredictiveMedium
24Filexxxxx.xxxpredictiveMedium
25Filexxxxx.xxxpredictiveMedium
26Filexxxxx.xxxpredictiveMedium
27Filexxxx.xpredictiveLow
28Filexxx/xxxxxxxx.xxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexxx/xxxx/xxx_xxxxxxxxx.xpredictiveHigh
31Filexxx/xxxx/xxxxxx_xxxx.xpredictiveHigh
32Filexxxxxxxxx.xxx.xxxpredictiveHigh
33Filexxxxxxx_xxxx.xxxpredictiveHigh
34Filexxxxx.xxxpredictiveMedium
35Filexxxxxxxxxx.xxxpredictiveHigh
36Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveHigh
37Filexxxx-xxx/xxxxxxxx.xxx?xxxx=xxxxxxxx_xxxx_xxxxx.xxxpredictiveHigh
38Filexxxxxxx.xxx.xxxpredictiveHigh
39Filexxxx.xxxpredictiveMedium
40Filexxx/xxx/xxx/xxxxxxx/xxxxxxxx/xxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
41Filexxxx-xxxxx.xxxpredictiveHigh
42Filexxxx/xxxxxxxx.xxxpredictiveHigh
43Filexxx/xxx-xxxxxxxx.xxxpredictiveHigh
44Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
45Filexxxx.xxxpredictiveMedium
46Libraryxxxx.xxx.xxxpredictiveMedium
47Libraryxxxxxx.xxxpredictiveMedium
48ArgumentxxxxxxxxxxxpredictiveMedium
49ArgumentxxxxxxxxpredictiveMedium
50ArgumentxxxpredictiveLow
51ArgumentxxxxxxxxxxpredictiveMedium
52ArgumentxxxpredictiveLow
53ArgumentxxxxxxxxpredictiveMedium
54ArgumentxxxxxxxxxxxxxpredictiveHigh
55ArgumentxxxxxxxxxxxxpredictiveMedium
56ArgumentxxxxxpredictiveLow
57Argumentxxxx_xxxx/xxxx_xxxx/xxxxxxxpredictiveHigh
58ArgumentxxxxxxxxpredictiveMedium
59ArgumentxxpredictiveLow
60ArgumentxxxxpredictiveLow
61ArgumentxxxxxxpredictiveLow
62ArgumentxxxxxpredictiveLow
63ArgumentxxxxxxxpredictiveLow
64ArgumentxxxxxxxpredictiveLow
65Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
66ArgumentxxxpredictiveLow
67ArgumentxxxxxxxpredictiveLow
68ArgumentxxxxxxxpredictiveLow
69ArgumentxxxxxxxxxpredictiveMedium
70ArgumentxxxpredictiveLow
71Argumentxxxxxxxx/xxxxxxpredictiveHigh
72Argumentxxxxxx/xxxxx/xxxxxxxx/xxxxpredictiveHigh
73Argumentxxxxxxxxxx.xxxxxxxxxxxpredictiveHigh
74ArgumentxxxxxxxxpredictiveMedium
75ArgumentxxxpredictiveLow
76ArgumentxxxxxxxxpredictiveMedium
77Argumentxxxxx/xxxxxxpredictiveMedium
78Argumentxxxx->xxxxxxxpredictiveHigh
79Argument_xxxx[_xxx_xxxx_xxxx]predictiveHigh
80Argument_xxxxxx[xxxx_xxxx]predictiveHigh
81Argument系统工具/公告管理predictiveHigh
82Input Value../../predictiveLow
83Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveHigh

References (13)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!