LeetHozer Analysis

IOB - Indicator of Behavior (129)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en114
zh6
fr6
de2
ar2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us60
cn28
ru4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

QNAP QTS6
Sophos Firewall4
WordPress4
MantisBT4
Cacti4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00954CVE-2019-13275
2CutePHP CuteNews unrestricted upload7.56.8$0-$5kCalculatingProof-of-ConceptNot Defined0.030.35200CVE-2019-11447
3WordPress Object injection5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.120.01034CVE-2022-21663
4Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k and more$0-$5kProof-of-ConceptOfficial Fix0.090.02288CVE-2022-26923
5QNAP QTS Media Library access control8.58.2$0-$5k$0-$5kHighOfficial Fix0.050.27000CVE-2017-13067
6WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.01034CVE-2022-21664
7RoundCube Webmail rcube_plugin_api.php path traversal8.58.2$0-$5kCalculatingNot DefinedOfficial Fix0.050.02762CVE-2020-12640
8Samurai Build File util.c canonpath out-of-bounds write6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2019-19795
9Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
10Phpsugar PHP Melody page_manager.php cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2017-15648
11Sophos Firewall User Portal/Webadmin code injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.01156CVE-2022-3236
12Proxmox Virtual Environment/Mail Gateway HTTP Request server-side request forgery8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.050.01018CVE-2022-35508
13SOGo Web Calendar cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01136CVE-2016-6191
14OpenLDAP Backend sql injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.15351CVE-2022-29155
15Pydio pydio-core proxy.php unrestricted upload8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.01440CVE-2019-9642
16BlueMind Contact Application data processing7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00954CVE-2019-9563
17Sophos Firewall User Portal/Webadmin improper authentication8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.64728CVE-2022-1040
18Grafana Dashboard path traversal3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.070.01108CVE-2022-32275
19Home Assistant path traversal5.45.2$0-$5kCalculatingNot DefinedOfficial Fix0.000.00885CVE-2021-3152
20OPNsense Login Page redirect5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2020-23015

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22, CWE-23Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/RecordingList/DownloadRecord?file=predictiveHigh
2File/rapi/read_urlpredictiveHigh
3File/wp-admin/admin-post.php?es_skip=1&option_namepredictiveHigh
4FileAjaxFileUploadHandler.axdpredictiveHigh
5Filecoders/png.cpredictiveMedium
6Filecustomoid.inc.phppredictiveHigh
7Filedapur/index.phppredictiveHigh
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
9Filexxxx_xxxxx.xxxpredictiveHigh
10Filexxxxx.xxxpredictiveMedium
11Filexxxxxx.xxxpredictiveMedium
12Filexx/xx-xx.xpredictiveMedium
13Filexxx/xxxx_xxxx.xpredictiveHigh
14Filexxxx_xxxxxx.xpredictiveHigh
15Filexxxx/xxxxxxx.xpredictiveHigh
16Filexxx/xxxxxx.xxxpredictiveHigh
17Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
18Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
19Filexxxxxxxxxx.xxxpredictiveHigh
20Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
21Filexxx/xxx.xxxpredictiveMedium
22Filexxxx_xxxxxxx.xxxpredictiveHigh
23Filexxxxxx.xpredictiveMedium
24Filexxxx.xxxpredictiveMedium
25Filexxxxx.xxxpredictiveMedium
26Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
27Filexxxxx_xxxxxx_xxx.xxxpredictiveHigh
28Filexxxx.xxxpredictiveMedium
29Filexxxxx/xxxxx.xxxpredictiveHigh
30Filexxxxxxxx.xxxpredictiveMedium
31Filexxxx.xpredictiveLow
32FilexxxxxxxxxxpredictiveMedium
33Filexxxx_xxx_xxx_xxxx.xxxpredictiveHigh
34Filexxxxxxx/xxxxx.xxxpredictiveHigh
35Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
36Argumentxxxxxx_xxxxpredictiveMedium
37ArgumentxxxxxxxxpredictiveMedium
38ArgumentxxxpredictiveLow
39ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
40Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
41Argumentxxxxxx_xxpredictiveMedium
42ArgumentxxxpredictiveLow
43ArgumentxxxxxxpredictiveLow
44ArgumentxxxxxxpredictiveLow
45ArgumentxxxxpredictiveLow
46ArgumentxxpredictiveLow
47Argumentxxxxx_xxxxpredictiveMedium
48ArgumentxxxxxxxpredictiveLow
49Argumentxxxxxxxx_xxxxpredictiveHigh
50Argumentxxxx_xxxxxpredictiveMedium
51Argumentxxxx_xxpredictiveLow
52Argumentxxxx_xxpredictiveLow
53Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
54ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
55ArgumentxxxpredictiveLow
56ArgumentxxxxpredictiveLow
57Argumentxxxx/xx/xxxx/xxxpredictiveHigh
58Input Value.%xx.../.%xx.../predictiveHigh
59Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
60Input ValuexxxxxxxxxxpredictiveMedium
61Network PortxxxxpredictiveLow
62Network Portxxxx xxxxpredictiveMedium
63Network Portxxx/xxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!