LeetHozer Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (223)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en198
zh16
ru4
fr4
ar2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA102
CN: China60
RU: Russia8
GB: Great Britain6
CE: Chechnya2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

NetSupportManager RAT12
Cobalt Strike12
Raccoon9
SideWinder8
RecordBreaker8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined86
WordPress Plugin16
Router Operating System14
Firewall Software12
Content Management System8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined66
Microsoft16
Comcast10
Hikvision4
asith-eranga4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress6
Comcast DPC39396
Microsoft Exchange Server4
asith-eranga ISIC Tour Booking4
QNAP QTS4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot definedOfficial fix 0.003820.04CVE-2013-5033
2Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow8.88.6$0-$5k$0-$5kNot definedOfficial fix 0.007510.00CVE-2021-3056
3WordPress sql injection6.86.7$5k-$25k$0-$5kNot definedOfficial fix 0.067480.08CVE-2022-21664
4VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5k$0-$5kNot definedOfficial fix 0.012560.04CVE-2019-13275
5Linksys WRT54GL Web Management Interface SysInfo1.htm information disclosure4.34.1$0-$5k$0-$5kProof-of-ConceptNot defined 0.000330.08CVE-2024-1406
6Teclib GLPI unlock_tasks.php sql injection8.58.5$0-$5k$0-$5kNot definedOfficial fixexpected0.877960.00CVE-2019-10232
7Sophos Firewall User Portal/Webadmin improper authentication9.09.0$0-$5k$0-$5kHighNot definedverified0.944230.00CVE-2022-1040
8CutePHP CuteNews index.php unrestricted upload7.56.8$0-$5k$0-$5kProof-of-ConceptNot definedpossible0.664900.00CVE-2019-11447
9WordPress Object injection5.35.2$5k-$25k$0-$5kNot definedOfficial fix 0.006850.08CVE-2022-21663
10Microsoft Windows Active Directory Domain Services certificate validation8.88.3$25k-$100k$0-$5kHighOfficial fixverified0.913520.00CVE-2022-26923
11QNAP QTS Media Library access control8.58.2$0-$5k$0-$5kHighOfficial fixpossible0.510690.02CVE-2017-13067
12RoundCube Webmail rcube_plugin_api.php path traversal8.58.2$0-$5k$0-$5kNot definedOfficial fix 0.200840.00CVE-2020-12640
13Samurai Build File util.c canonpath out-of-bounds write6.56.5$0-$5k$0-$5kNot definedNot defined 0.003120.06CVE-2019-19795
14Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
15Phpsugar PHP Melody page_manager.php cross site scripting5.24.9$0-$5k$0-$5kNot definedOfficial fix 0.003010.00CVE-2017-15648
16Issabel PBX Asterisk-Cli index.php os command injection6.46.3$0-$5k$0-$5kProof-of-ConceptNot definedexpected0.805180.08CVE-2024-0986
17itsourcecode Simple ChatBox delete.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot defined 0.000450.03CVE-2025-25876
18itsourcecode Simple ChatBox del.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot defined 0.000320.09CVE-2025-25878
19Linux Kernel netfilter nf_reject_ip6_tcphdr_put uninitialized resource6.76.6$5k-$25k$0-$5kNot definedOfficial fix 0.002440.00CVE-2024-47685
20Thekelleys Dnsmasq Interfaces denial of service5.35.1$0-$5k$0-$5kNot definedOfficial fix 0.000760.00CVE-2013-0198

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
137.49.226.171LeetHozer02/11/2022verifiedLow
264.225.64.58LeetHozer02/11/2022verifiedLow
3XXX.XXX.XXX.XXXXxxxxxxxx02/11/2022verifiedLow
4XXX.XXX.XX.XXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxx02/11/2022verifiedVery Low
5XXX.XXX.XX.XXXxxxxx.xxxxxxx.xxxXxxxxxxxx02/11/2022verifiedLow
6XXX.XXX.XX.XXXXxxxxxxxx02/11/2022verifiedLow

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23, CWE-37Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-XCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (107)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/RecordingList/DownloadRecord?file=predictiveHigh
2File/apply.cgipredictiveMedium
3File/cgi-bin/cstecgi.cgipredictiveHigh
4File/del.phppredictiveMedium
5File/delete.phppredictiveMedium
6File/index.php?menu=asterisk_clipredictiveHigh
7File/php/ping.phppredictiveHigh
8File/rapi/read_urlpredictiveHigh
9File/scripts/unlock_tasks.phppredictiveHigh
10File/SysInfo1.htmpredictiveHigh
11File/sysinfo_json.cgipredictiveHigh
12File/system/dictData/loadDictItempredictiveHigh
13File/xxxxxx/xxxx/xxxxxxx/xxx_xxxxx/xxxxxxxxxx.xxxpredictiveHigh
14File/xxxx/xxx/xxxxxxx/xxx_xxxxxx.xxxpredictiveHigh
15File/xx-xxxxx/xxxxx-xxxx.xxx?xx_xxxx=x&xxxxxx_xxxxpredictiveHigh
16Filexxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxx/xxxx.xxxpredictiveHigh
18Filexxxxxx/xxxxxxx/xxxx/xxxxx.xxxpredictiveHigh
19Filexxxxxx/xxx.xpredictiveMedium
20Filexxxxxxx=xxxxxxxxxx&xxxx=xxxx&xxxxxxxxxxxxx=/predictiveHigh
21Filexxxxxxxxx.xxx.xxxpredictiveHigh
22Filexxxxx/xxxxx.xxxpredictiveHigh
23Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
24Filexxxx_xxxxx.xxxpredictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexxxxxx.xxxpredictiveMedium
27Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
28Filexx/xx-xx.xpredictiveMedium
29Filexxx/xxxx_xxxx.xpredictiveHigh
30Filexxxxxx/xxxxxxxxxxxpredictiveHigh
31Filexxxx_xxxxxx.xpredictiveHigh
32Filexxxx/xxxxxxx.xpredictiveHigh
33Filexxx/xxxxxx.xxxpredictiveHigh
34Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
35Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveHigh
36Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
37Filexxxxxxxxxx.xxxpredictiveHigh
38Filexxxxx.xxxpredictiveMedium
39Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
40Filexxx/xxx.xxxpredictiveMedium
41Filexxxx_xxxxxxx.xxxpredictiveHigh
42Filexxxxxx.xpredictiveMedium
43Filexxxx.xxxpredictiveMedium
44Filexxxxx.xxxpredictiveMedium
45Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
46Filexxxxx_xxxxxx_xxx.xxxpredictiveHigh
47Filexxxxxxxxxxx.xxxpredictiveHigh
48Filexxxxxxxx.xxxpredictiveMedium
49Filexxxx.xxxpredictiveMedium
50Filexxxxx/xxxxx.xxxpredictiveHigh
51Filexxxxxxxx.xxxpredictiveMedium
52Filexxxx-xxxxx.xxxpredictiveHigh
53Filexxxx.xxxxxxxx.xxxpredictiveHigh
54Filexxxxxxxxx.xxxpredictiveHigh
55Filexxxxxxxxx.xxxpredictiveHigh
56Filexxxx.xpredictiveLow
57FilexxxxxxxxxxpredictiveMedium
58Filexxxx_xxx_xxx_xxxx.xxxpredictiveHigh
59Filexxxxxxx/xxxxx.xxxpredictiveHigh
60Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
61ArgumentxxxxxxpredictiveLow
62Argumentxxxxxxx_xxxxpredictiveMedium
63Argumentxxxxxx_xxxxpredictiveMedium
64ArgumentxxxxxxxxpredictiveMedium
65ArgumentxxxpredictiveLow
66ArgumentxxxxxxxpredictiveLow
67ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
68ArgumentxxxxxpredictiveLow
69Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
70Argumentxxxxxx_xxpredictiveMedium
71ArgumentxxxpredictiveLow
72ArgumentxxxxxpredictiveLow
73ArgumentxxxxpredictiveLow
74ArgumentxxxxxxpredictiveLow
75ArgumentxxxxxxpredictiveLow
76ArgumentxxxxpredictiveLow
77ArgumentxxxxpredictiveLow
78ArgumentxxpredictiveLow
79Argumentxxxxx_xxxxpredictiveMedium
80Argumentxxxxxxxx[xx]predictiveMedium
81ArgumentxxxpredictiveLow
82ArgumentxxxxxxxpredictiveLow
83Argumentxxxxxxxx_xxxxpredictiveHigh
84Argumentxxx_xxxxpredictiveMedium
85Argumentxxxx_xxxxxpredictiveMedium
86ArgumentxxxxxxxxpredictiveMedium
87ArgumentxxxxxxxpredictiveLow
88Argumentxxxx_xxpredictiveLow
89Argumentxxxxxxx/xxxxxpredictiveHigh
90Argumentxxxxxx_xxxpredictiveMedium
91Argumentxxxx_xxpredictiveLow
92Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
93ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
94Argumentxxxx_xxpredictiveLow
95ArgumentxxxpredictiveLow
96ArgumentxxxxpredictiveLow
97ArgumentxxxxxxxxpredictiveMedium
98Argumentxxxx/xx/xxxx/xxxpredictiveHigh
99Input Value.%xx.../.%xx.../predictiveHigh
100Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
101Input Valuexxxxxxx -xxxpredictiveMedium
102Input ValuexxxxxxxxxxpredictiveMedium
103Network PortxxxxpredictiveLow
104Network PortxxxxpredictiveLow
105Network Portxxxx xxxxpredictiveMedium
106Network Portxxx/xxxpredictiveLow
107Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!