LazyScripter Analysis

IOB - Indicator of Behavior (206)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en158
fr28
de10
zh6
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us178
de6
cn4
fr2
in2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
Microsoft IIS4
Ilohamail4
Barracuda VPN Client2
Thomas R. Pasawicz HyperBook Guestbook2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.250.04187CVE-2010-0966
3Gempar Script Toko Online shop_display_products.php sql injection7.36.9$0-$5kCalculatingProof-of-ConceptNot Defined0.080.00986CVE-2009-0296
4Ecommerce Online Store Kit shop.php sql injection9.89.4$0-$5kCalculatingNot DefinedOfficial Fix0.030.04386CVE-2004-0300
5WoltLab Burning Book addentry.php sql injection7.36.8$0-$5kCalculatingFunctionalUnavailable0.020.01319CVE-2006-5509
6FiberHome HG2201T telnet.cgi input validation8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.030.01156CVE-2019-17186
7Google Chrome Utility Process race condition9.89.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.06523CVE-2011-3961
8DataLynx suGuard privileges management5.95.6$0-$5kCalculatingProof-of-ConceptNot Defined0.040.01761CVE-1999-0388
9Dcscripts Dcshop HTTP GET Request auth_user_file.txt Password information disclosure5.35.2$0-$5k$0-$5kNot DefinedWorkaround0.060.04187CVE-2001-0821
10MidiCart PHP Shopping Cart item_show.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00000
11Linksys WVC11B main.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.010.01917CVE-2004-2508
12Asternic Flash Operator Panel User Control Panel command injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.030.01055CVE-2018-5694
13Contenido Contendio allow_url_fopen file inclusion7.36.6$0-$5kCalculatingProof-of-ConceptOfficial Fix0.030.01018CVE-2005-4132
14Microsoft Windows Remote Desktop/Terminal Services Web Connection improper authentication6.36.2$25k-$100k$0-$5kNot DefinedWorkaround0.040.00000
15Ilohamail cross site scripting4.34.1$0-$5kCalculatingNot DefinedOfficial Fix0.020.00000
16Microsoft IIS Error Message cross site scripting6.36.0$5k-$25kCalculatingNot DefinedOfficial Fix0.020.03354CVE-2000-1104
17Microsoft IIS Error Message cross site scripting4.24.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.09772CVE-2003-0223
18Adobe ColdFusion cross site scripting4.33.9$0-$5kCalculatingProof-of-ConceptOfficial Fix0.040.03765CVE-2007-0817
19SourceCodester Garage Management System createUser.php access control6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00885CVE-2022-2578
20D-Link IP Cameras rtpd.cgi insecure inherited permissions9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.02564CVE-2013-1599

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22, CWE-23Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (94)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/catalog/admin/categories.php?cPath=&action=new_productpredictiveHigh
2File/etc/passwdpredictiveMedium
3File/inc/HTTPClient.phppredictiveHigh
4File/php_action/createUser.phppredictiveHigh
5File/var/WEB-GUI/cgi-bin/telnet.cgipredictiveHigh
6Fileaddentry.phppredictiveMedium
7Fileadmin.phppredictiveMedium
8Fileadmin/admin.shtmlpredictiveHigh
9FileAdmin/ADM_Pagina.phppredictiveHigh
10Fileadmin/editcatalogue.phppredictiveHigh
11Fileadmin/menus/edit.phppredictiveHigh
12Filexxxxx.xxxpredictiveMedium
13Filexx_xxxxxxx/xxxxx.xxx?x=xxx&x=xxxxxxxpredictiveHigh
14Filexxxxxxxxxx.xxxpredictiveHigh
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxxxxxxx_xxxx.xxxpredictiveHigh
17Filexxx_xxxx.xpredictiveMedium
18Filexxxxxx-xxxxxpredictiveMedium
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxxxx.xxxpredictiveMedium
21Filexxxxxx.xxxpredictiveMedium
22Filexxxxx_xxx_xxxxx.xxxpredictiveHigh
23Filexxxxxxxxxx-xx-xxxxxx/xxxx/xxxx.xxxpredictiveHigh
24Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
25Filexxx/xxxxxx.xxxpredictiveHigh
26Filexxxxxxx/xxxx_xxxxxxxx.xxxxx.xxxpredictiveHigh
27Filexxxxx.xxxpredictiveMedium
28Filexxxxxxx.xxxpredictiveMedium
29Filexxxx_xxxx.xxxpredictiveHigh
30Filexxxxx_xx.xxxxpredictiveHigh
31Filexxxxxxxxxx/xxxxxxx.xpredictiveHigh
32Filexxxx.xxxpredictiveMedium
33Filexxxxxxxx.xxxpredictiveMedium
34Filexxxxxxxx.xxxpredictiveMedium
35Filexxx_xxxx.xxxpredictiveMedium
36Filexxx_xxxx.xxx.xxxpredictiveHigh
37Filexxxxxx.xxx/xxxx_xxxx_xxxx.xxxpredictiveHigh
38Filexxxxxxxxxx.xxxpredictiveHigh
39Filexxxxxxxx-x.xxpredictiveHigh
40Filexxxx/xxxxxxx/xxxxxxxxxxxxx_xxx.xxxpredictiveHigh
41Filexxxxxxxx.xxxpredictiveMedium
42Filexxxx.xxxpredictiveMedium
43Filexxxxxxxxxxxxx.xxxpredictiveHigh
44Filexxxxxxxxx.xxxpredictiveHigh
45Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
46Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
47Filexxxxx_xxxxx.xxxpredictiveHigh
48Filexxxxxx/xxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
49Filexxxxxx.xxxpredictiveMedium
50Filexxxx_xxxxx.xxxpredictiveHigh
51Filexxx/xxx/xxx-xxx/xxxx.xxxpredictiveHigh
52Filexxxx.xxxpredictiveMedium
53Filexxxxxxxx.xxxpredictiveMedium
54Filexxxxxxx.xxxpredictiveMedium
55Libraryxxxxxx[xxxxxx_xxxxpredictiveHigh
56Libraryxxxxxx.xxxpredictiveMedium
57Libraryxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
58Libraryxxx/xx_xxx.xpredictiveMedium
59Argument(xxxxxx)predictiveMedium
60Argumentxxx_xxpredictiveLow
61ArgumentxxxxxxxxpredictiveMedium
62Argumentxx_xxxx_xxxxpredictiveMedium
63ArgumentxxxpredictiveLow
64ArgumentxxxxxpredictiveLow
65Argumentxxx_xxpredictiveLow
66ArgumentxxxpredictiveLow
67Argumentxxxx_xxpredictiveLow
68ArgumentxxxxxxxpredictiveLow
69Argumentxxxxxx[xxxxxx_xxxx]predictiveHigh
70Argumentxxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxxpredictiveHigh
71Argumentxxxxxx_xxxxpredictiveMedium
72ArgumentxxxxxxxpredictiveLow
73ArgumentxxxxxxxxpredictiveMedium
74ArgumentxxxxxpredictiveLow
75ArgumentxxpredictiveLow
76ArgumentxxpredictiveLow
77Argumentxxxx_xxpredictiveLow
78Argumentxxxxx_xxxxpredictiveMedium
79ArgumentxxxxxxpredictiveLow
80Argumentxxxx_xxxxpredictiveMedium
81Argumentxxx[xxxx][xx_xxxx_xxxx]predictiveHigh
82Argumentxxxx_xxpredictiveLow
83ArgumentxxxxpredictiveLow
84Argumentxxxxxx_xxxxpredictiveMedium
85ArgumentxxxxxxxxpredictiveMedium
86Argumentxxxxxx_xxxx[]predictiveHigh
87ArgumentxxxxxxpredictiveLow
88ArgumentxxxxxpredictiveLow
89ArgumentxxxxpredictiveLow
90ArgumentxxxxxxxxpredictiveMedium
91Argumentx-xxxx-xxxxxpredictiveMedium
92Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
93Input Value//xxx.xxxxxxx.xxxpredictiveHigh
94Pattern|xx xx xx|predictiveMedium

References (4)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!