LeetHozer Analysis

IOB - Indicator of Behavior (197)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en182
zh8
es4
fr2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us90
cn46
ru6
ce6
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress10
cPanel4
QNAP QTS4
Comcast MX011ANM4
Kayako SupportSuite4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00251CVE-2013-5033
2Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00112CVE-2021-3056
3WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00467CVE-2022-21664
4VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00250CVE-2019-13275
5Linksys WRT54GL Web Management Interface SysInfo1.htm information disclosure4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.00046CVE-2024-1406
6Teclib GLPI unlock_tasks.php sql injection8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.040.12149CVE-2019-10232
7Sophos Firewall User Portal/Webadmin improper authentication8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.97434CVE-2022-1040
8CutePHP CuteNews unrestricted upload7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.02365CVE-2019-11447
9WordPress Object injection5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00334CVE-2022-21663
10Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k and more$0-$5kProof-of-ConceptOfficial Fix0.000.07920CVE-2022-26923
11QNAP QTS Media Library access control8.58.2$0-$5k$0-$5kHighOfficial Fix0.000.01394CVE-2017-13067
12RoundCube Webmail rcube_plugin_api.php path traversal8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01163CVE-2020-12640
13Samurai Build File util.c canonpath out-of-bounds write6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.070.00085CVE-2019-19795
14Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
15Phpsugar PHP Melody page_manager.php cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00083CVE-2017-15648
16RealNetworks RealServer Port 7070 Service denial of service7.57.3$0-$5k$0-$5kNot DefinedWorkaround0.030.02116CVE-2000-0272
17Microsoft Windows Themes information disclosure5.95.6$25k-$100k$5k-$25kUnprovenOfficial Fix0.040.00073CVE-2024-21320
18Royal Elementor Addons and Templates Plugin unrestricted upload8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.96723CVE-2023-5360
19Hikvision Intercom Broadcasting System ping.php os command injection7.57.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.90160CVE-2023-6895
20Hikvision Hybrid SAN Messages access control8.28.2$0-$5k$0-$5kNot DefinedNot Defined0.060.00091CVE-2023-28808

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (90)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/RecordingList/DownloadRecord?file=predictiveHigh
2File/apply.cgipredictiveMedium
3File/php/ping.phppredictiveHigh
4File/rapi/read_urlpredictiveHigh
5File/scripts/unlock_tasks.phppredictiveHigh
6File/SysInfo1.htmpredictiveHigh
7File/sysinfo_json.cgipredictiveHigh
8File/system/user/modules/mod_users/controller.phppredictiveHigh
9File/wp-admin/admin-post.php?es_skip=1&option_namepredictiveHigh
10FileAjaxFileUploadHandler.axdpredictiveHigh
11Filexxxxxxx/xxxx.xxxpredictiveHigh
12Filexxxxxx/xxx.xpredictiveMedium
13Filexxxxxxxxx.xxx.xxxpredictiveHigh
14Filexxxxx/xxxxx.xxxpredictiveHigh
15Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxx_xxxxx.xxxpredictiveHigh
17Filexxxxx.xxxpredictiveMedium
18Filexxxxxx.xxxpredictiveMedium
19Filexx/xx-xx.xpredictiveMedium
20Filexxx/xxxx_xxxx.xpredictiveHigh
21Filexxxxxx/xxxxxxxxxxxpredictiveHigh
22Filexxxx_xxxxxx.xpredictiveHigh
23Filexxxx/xxxxxxx.xpredictiveHigh
24Filexxx/xxxxxx.xxxpredictiveHigh
25Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
26Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveHigh
27Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
28Filexxxxxxxxxx.xxxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
31Filexxx/xxx.xxxpredictiveMedium
32Filexxxx_xxxxxxx.xxxpredictiveHigh
33Filexxxxxx.xpredictiveMedium
34Filexxxx.xxxpredictiveMedium
35Filexxxxx.xxxpredictiveMedium
36Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
37Filexxxxx_xxxxxx_xxx.xxxpredictiveHigh
38Filexxxxxxxx.xxxpredictiveMedium
39Filexxxx.xxxpredictiveMedium
40Filexxxxx/xxxxx.xxxpredictiveHigh
41Filexxxxxxxx.xxxpredictiveMedium
42Filexxxx-xxxxx.xxxpredictiveHigh
43Filexxxxxxxxx.xxxpredictiveHigh
44Filexxxx.xpredictiveLow
45FilexxxxxxxxxxpredictiveMedium
46Filexxxx_xxx_xxx_xxxx.xxxpredictiveHigh
47Filexxxxxxx/xxxxx.xxxpredictiveHigh
48Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
49ArgumentxxxxxxpredictiveLow
50Argumentxxxxxxx_xxxxpredictiveMedium
51Argumentxxxxxx_xxxxpredictiveMedium
52ArgumentxxxxxxxxpredictiveMedium
53ArgumentxxxpredictiveLow
54ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
55ArgumentxxxxxpredictiveLow
56Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
57Argumentxxxxxx_xxpredictiveMedium
58ArgumentxxxpredictiveLow
59ArgumentxxxxxxpredictiveLow
60ArgumentxxxxxxpredictiveLow
61ArgumentxxxxpredictiveLow
62ArgumentxxxxpredictiveLow
63ArgumentxxpredictiveLow
64Argumentxxxxx_xxxxpredictiveMedium
65Argumentxxxxxxxx[xx]predictiveMedium
66ArgumentxxxxxxxpredictiveLow
67Argumentxxxxxxxx_xxxxpredictiveHigh
68Argumentxxx_xxxxpredictiveMedium
69Argumentxxxx_xxxxxpredictiveMedium
70ArgumentxxxxxxxxpredictiveMedium
71Argumentxxxx_xxpredictiveLow
72Argumentxxxxxxx/xxxxxpredictiveHigh
73Argumentxxxxxx_xxxpredictiveMedium
74Argumentxxxx_xxpredictiveLow
75Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
76ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
77Argumentxxxx_xxpredictiveLow
78ArgumentxxxpredictiveLow
79ArgumentxxxxpredictiveLow
80ArgumentxxxxxxxxpredictiveMedium
81Argumentxxxx/xx/xxxx/xxxpredictiveHigh
82Input Value.%xx.../.%xx.../predictiveHigh
83Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
84Input Valuexxxxxxx -xxxpredictiveMedium
85Input ValuexxxxxxxxxxpredictiveMedium
86Network PortxxxxpredictiveLow
87Network PortxxxxpredictiveLow
88Network Portxxxx xxxxpredictiveMedium
89Network Portxxx/xxxpredictiveLow
90Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!