Leviathan Analysis

IOB - Indicator of Behavior (32)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en20
it12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Access2
nginx2
Apple Mac OS X Server2
Samsung Mobile Phone2
Desiscripts Desi Short URL Script2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Drupal sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.000.01213CVE-2008-2999
2iRZ RUH2 Firmware Patch data authenticity6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01055CVE-2016-2309
3Joomla sql injection6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.040.00885CVE-2022-23797
4Microsoft Access memory corruption7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.01789CVE-2020-1582
5libvirtd API virDomainSaveImageGetXMLDesc access control6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00950CVE-2019-10161
6nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined5.890.00000CVE-2020-12440
7Desiscripts Desi Short URL Script index.php improper authentication7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.04187CVE-2009-2642
8Cisco FirePOWER Management Center Web UI memory corruption7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01055CVE-2019-12688
9vsftpd deny_file unknown vulnerability3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.210.01136CVE-2015-1419
10phpMyAdmin information disclosure6.15.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00954CVE-2019-6799
11WallacePOS resetpassword.php cross site scripting5.25.0$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2017-7388
12Linksys Spa921 denial of service7.56.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.050.01213CVE-2006-7121
13Zabbix zabbix_agentd config4.03.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.03220CVE-2007-6210
14BEA WebLogic Mobility Server improper authentication7.36.9$5k-$25k$0-$5kProof-of-ConceptNot Defined0.010.01319CVE-2007-6384
15Netop Remote Control Guest Client memory corruption4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2017-5216
16Samsung Mobile Phone Application Installation bad_alloc input validation4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2017-5217
17Splunk Header cross site scripting4.34.3$0-$5k$0-$5kHighNot Defined0.020.01953CVE-2014-8380
18Apple Mac OS X Server accept_connections numeric error7.56.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.10995CVE-2007-6276
19HP HP-UX Software Distributor sw_rpc_agent_init memory corruption10.09.0$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.010.20778CVE-2007-6195
20QEMU qemu-dos.com memory corruption7.87.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.010.01761CVE-2007-6227

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
154.87.87.13ec2-54-87-87-13.compute-1.amazonaws.comLeviathanverifiedMedium
254.242.66.219ec2-54-242-66-219.compute-1.amazonaws.comLeviathanverifiedMedium
3XX.XX.XXX.XXXXxxxxxxxxverifiedHigh
4XX.XX.XXX.XXXXxxxxxxxxverifiedHigh
5XX.XX.XXX.XXXXxxxxxxxxverifiedHigh
6XXX.XXX.XXX.XXXXxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileencrypt.cpredictiveMedium
2Fileept.cpredictiveLow
3Filexxxxx.xxxpredictiveMedium
4Filexxxxx:xxxxxxxxxxx.xxpredictiveHigh
5Filexxxx-xxx.xxxpredictiveMedium
6Filexxxxxxxxxx-xxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
7ArgumentxxxxxxxpredictiveLow
8Argumentxxxxxxx_xxpredictiveMedium
9ArgumentxxxpredictiveLow
10ArgumentxxxxxpredictiveLow
11Input Valuexxxxxx/**/xxxx.predictiveHigh
12Input Valuexxxxxxxxxx:xxxxxx("xxx xx xxxxxxxxxxx");predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!