Leviathan Analysis

IOB - Indicator of Behavior (35)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en20
it16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us22
ru6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Cisco IP Phone 68004
Cisco IP Phone 78004
Cisco IP Phone 88004
Cloud Foundry CF Networking Release2
QEMU2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Drupal sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.001350.00CVE-2008-2999
2Unisoc S8000 Telephony Service denial of service3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000420.05CVE-2022-48447
3Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 denial of service7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001720.03CVE-2023-20079
4Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 command injection9.89.7$5k-$25k$5k-$25kNot DefinedOfficial Fix0.002870.00CVE-2023-20078
5iRZ RUH2 Firmware Patch data authenticity6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002260.00CVE-2016-2309
6Joomla sql injection6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001420.05CVE-2022-23797
7Microsoft Access memory corruption7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.003300.00CVE-2020-1582
8libvirtd API virDomainSaveImageGetXMLDesc access control7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.02CVE-2019-10161
9nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.03CVE-2020-12440
10Desiscripts Desi Short URL Script index.php improper authentication7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.009330.00CVE-2009-2642
11Cisco FirePOWER Management Center Web UI memory corruption8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.001070.00CVE-2019-12688
12vsftpd deny_file unknown vulnerability3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003120.05CVE-2015-1419
13phpMyAdmin information disclosure6.16.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.182900.04CVE-2019-6799
14WallacePOS resetpassword.php cross site scripting5.25.0$0-$5k$0-$5kNot DefinedNot Defined0.001010.00CVE-2017-7388
15Linksys Spa921 denial of service7.56.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.018340.00CVE-2006-7121
16Zabbix zabbix_agentd config4.03.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000420.00CVE-2007-6210
17BEA WebLogic Mobility Server improper authentication7.36.9$5k-$25k$0-$5kProof-of-ConceptNot Defined0.020560.00CVE-2007-6384
18Netop Remote Control Guest Client memory corruption4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000630.02CVE-2017-5216
19Samsung Mobile Phone Application Installation bad_alloc input validation4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000550.02CVE-2017-5217
20Splunk Header cross site scripting4.34.3$0-$5k$0-$5kHighNot Defined0.002130.00CVE-2014-8380

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
154.87.87.13ec2-54-87-87-13.compute-1.amazonaws.comLeviathan12/23/2020verifiedMedium
254.242.66.219ec2-54-242-66-219.compute-1.amazonaws.comLeviathan12/23/2020verifiedMedium
3XX.XX.XXX.XXXXxxxxxxxx12/23/2020verifiedHigh
4XX.XX.XXX.XXXXxxxxxxxx12/23/2020verifiedHigh
5XX.XX.XXX.XXXXxxxxxxxx12/23/2020verifiedHigh
6XXX.XXX.XXX.XXXXxxxxxxxx12/17/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileencrypt.cpredictiveMedium
2Fileept.cpredictiveLow
3Filexxxxx.xxxpredictiveMedium
4Filexxxxx:xxxxxxxxxxx.xxpredictiveHigh
5Filexxxx-xxx.xxxpredictiveMedium
6Filexxxxxxxxxx-xxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
7ArgumentxxxxxxxpredictiveLow
8Argumentxxxxxxx_xxpredictiveMedium
9ArgumentxxxpredictiveLow
10ArgumentxxxxxpredictiveLow
11Input Valuexxxxxx/**/xxxx.predictiveHigh
12Input Valuexxxxxxxxxx:xxxxxx("xxx xx xxxxxxxxxxx");predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!