LightBasin Analysis

IOB - Indicator of Behavior (54)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en44
zh6
ar2
jp2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn26
us22
cz2
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft IIS4
Lutron Quantum BACnet Integration4
Microsoft Exchange Server2
Yii Framework2
Microsoft Windows2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2Toshiba Home Gateway HEM-GW16A/Home Gateway HEM-GW26A Access Restriction access control6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.000840.03CVE-2018-16197
3Scadaengine BACnet OPC Client csv memory corruption10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.564510.06CVE-2010-4740
4Microsoft IIS FTP Command information disclosure5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003610.26CVE-2012-2532
5ImageMagick pcx.c ReadPCXImage resource management5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002520.00CVE-2017-12432
6e-Quick Cart shopprojectlogin.asp sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.03
7SAS Intrnet DS2CSF Macro file inclusion5.55.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.008300.00CVE-2021-41569
8TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010756.69CVE-2006-6168
9Apache OFBiz path traversal3.53.5$5k-$25k$0-$5kNot DefinedNot Defined0.108660.03CVE-2022-47501
10Onedev HTTP Header git-prereceive-callback improper authentication8.18.1$0-$5k$0-$5kNot DefinedOfficial Fix0.003340.03CVE-2022-39205
11Microsoft IIS HTTP 1.0 Request IP Address information disclosure3.13.0$5k-$25k$0-$5kHighOfficial Fix0.003600.00CVE-2000-0649
12Mikrotik RouterOS SNMP out-of-bounds8.07.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.003240.09CVE-2022-45315
13HubSpot Plugin Proxy REST Endpoint server-side request forgery5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.00CVE-2022-1239
14Huawei ACXXXX/SXXXX SSH Packet input validation7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002460.09CVE-2014-8572
15GIT Client Path privileges management8.58.4$5k-$25k$0-$5kHighOfficial Fix0.949880.00CVE-2014-9390
16codemirror Regular Expression incorrect regex5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.014840.00CVE-2020-7760
17Microsoft Windows IIS Remote Code Execution7.67.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.001180.00CVE-2022-30209
18Huawei SXXXX XML Parser input validation3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000560.03CVE-2017-15346
19Openfind MailGates Email command injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.008660.04CVE-2020-12782
20Microsoft Exchange Server information disclosure6.35.7$5k-$25k$0-$5kHighOfficial Fix0.347490.00CVE-2021-33766

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (24)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/DbXmlInfo.xmlpredictiveHigh
2File/deviceIPpredictiveMedium
3File/git-prereceive-callbackpredictiveHigh
4File/xxx/xxxxxxxxxx.xxxpredictiveHigh
5Filexxxxxxxxxxxxx.xxxpredictiveHigh
6Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
7Filexxxx.xpredictiveLow
8Filexxxxxx/xxx.xpredictiveMedium
9FilexxxpredictiveLow
10Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
11Filexxx/xxx.xxpredictiveMedium
12Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
13Filex_xxxxxxxx_xxxxxpredictiveHigh
14Filexxx.xxxpredictiveLow
15Filexxxxxxx.xxxpredictiveMedium
16Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxx-xxxxxxxx.xxxpredictiveHigh
18Libraryxx.xxxpredictiveLow
19Libraryxxxxxxxx.xxxpredictiveMedium
20Argumentxxxxx_xxpredictiveMedium
21Argumentx_xxxxxxxxpredictiveMedium
22ArgumentxxxxxxxxxpredictiveMedium
23Argumentx-xxxxxxxxx-xxxpredictiveHigh
24Argumentx-xxxx-xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!