Lodeinfo Analysis

IOB - Indicator of Behavior (220)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en136
zh70
ja10
es2
jp2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn146
us46
ru8
jp6
kr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Moodle6
Microsoft IIS6
Microsoft Windows6
WordPress4
phpMyAdmin4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1AdRem NetCrunch Web Client hard-coded key7.37.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010.01055CVE-2019-14482
2Microsoft SharePoint Server Privilege Escalation8.88.1$5k-$25k$0-$5kUnprovenOfficial Fix0.020.01967CVE-2022-41036
3Druid Parameter pathname traversal6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2021-33800
4Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.04187CVE-2011-0643
5Bandai Namco FromSoftware Dark Souls III Privilege Escalation6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.040.01156CVE-2021-34170
6HPE integrated Lights Out privileges management6.96.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.02071CVE-2018-7078
7Synology DiskStation Manager Change Password password recovery7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01055CVE-2018-8916
8Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.080.25090CVE-2017-0055
9Deltek Vision RPC over HTTP SQL sql injection8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.040.01156CVE-2018-18251
10Pivotal Spring Framework Read path traversal5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.100.01974CVE-2014-3578
11Apache Xerces-C++ XML Parser input validation7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.01246CVE-2008-4482
12OpenSSH Login Session information exposure3.73.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01408CVE-2016-20012
13EMQ X Dashboard auth information disclosure3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.00885CVE-2021-46434
14Cisco IP Phone 7800/IP Phone 8800 Cisco Discovery Protocol out-of-bounds write8.68.4$5k-$25k$5k-$25kNot DefinedOfficial Fix0.040.00885CVE-2022-20968
15Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k and more$0-$5kProof-of-ConceptOfficial Fix0.040.02288CVE-2022-26923
16quarkus Dev UI Config Editor code injection8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.020.01156CVE-2022-4116
17Google Chrome cryptographic issues3.73.6$5k-$25k$25k-$100kNot DefinedOfficial Fix0.030.18006CVE-2012-4929
18ZCMS ThinkPHP sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2020-19705
19Microsoft Windows Sysmon Privilege Escalation8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.01150CVE-2022-41120

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • LODEINFO

IOC - Indicator of Compromise (23)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (93)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/admin/index.phppredictiveHigh
3File/api /v3/authpredictiveHigh
4File/app/Http/Controllers/Admin/NEditorController.phppredictiveHigh
5File/authpredictiveLow
6File/balance/service/listpredictiveHigh
7File/config/getuserpredictiveHigh
8File/secure/admin/InsightDefaultCustomFieldConfig.jspapredictiveHigh
9File/SiteServer/Ajax/ajaxOtherService.aspxpredictiveHigh
10File/uncpath/predictiveMedium
11File/uploadpredictiveLow
12File/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx/xxx/predictiveHigh
13File/xxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx-xxxxxxxx/xxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxx/xxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
15Filexxxxxxx.xxxxpredictiveMedium
16Filexxxxxx/xxx.xpredictiveMedium
17Filexxxxxx-xxxxxxxx.xxxpredictiveHigh
18Filexxxxx/xxxxxxx.xxxpredictiveHigh
19Filexxxxx.xxxpredictiveMedium
20Filexxx/xxxx/xxxxxxx.xpredictiveHigh
21Filexxxxxxxxxxx/xxxxx.xxxpredictiveHigh
22Filexx-xxxxxxx/xxxxxxxpredictiveHigh
23Filexx/xxxx/xxx.xpredictiveHigh
24Filexxx/xxxxxx.xxxpredictiveHigh
25Filexxxxxxxx/xxxxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxxx.xxxpredictiveHigh
26Filexxxxx.xxxpredictiveMedium
27Filexxxxx.xxxpredictiveMedium
28Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHigh
29Filexxxxxxx.xxxpredictiveMedium
30Filexxxxx.xxxpredictiveMedium
31Filexxxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
33Filexxxxxxx.xxxpredictiveMedium
34Filexxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
35Filexxxx.xxxpredictiveMedium
36Filexxxxxx.xxxpredictiveMedium
37Filexx.xxxpredictiveLow
38Filexxxx.xxxpredictiveMedium
39Filexxxxxx_xxxxx.xxx/xxxxx_xxxxxxx_xxxxxxxxxx.xxpredictiveHigh
40Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictiveHigh
41Filexxxxx.xxxpredictiveMedium
42Filexxxx.xx.xxpredictiveMedium
43Filexxx/xxxx/xxxx/xxx.xxxxxxxx.xxxxxxx/xxxxxxx/xxx/xxxxxx.xxxxpredictiveHigh
44Filexxx/xxxx/xxxx/xxx.xxxxxxxx.xxxxxxx/xxxxxxx/xxx/xxxxxxx/xxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
45Filexxx_xxxxxx.xxxpredictiveHigh
46Filexxxx.xxxpredictiveMedium
47Filexxxxxxxx.xxxpredictiveMedium
48Filexxxxx_xxxxxxxx.xpredictiveHigh
49Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
50Filexx-xxxxx/xxxx.xxxpredictiveHigh
51Filexx-xxxxxxxx/xxxxx.xxxpredictiveHigh
52Filexxxxxxxxxx.xxxpredictiveHigh
53Filexxxx.xxpredictiveLow
54File~/xxxxxxxx/xxx-xxxxxxxxx/xxxxx/xxxxx-xxx-xxxxx-xxxxxxxx.xxxpredictiveHigh
55File~/xxxxx-xxxxxx/xxxxxx_xx.xxxpredictiveHigh
56Libraryxxx.xxxpredictiveLow
57Libraryxxxxxxxxxxxxx.xxxpredictiveHigh
58Libraryxxxxxxxx/xxxxxxx/xxxxx/xxx.xxxpredictiveHigh
59ArgumentxxxxxxxxxxxxxxpredictiveHigh
60ArgumentxxxxxxxxpredictiveMedium
61ArgumentxxxxxpredictiveLow
62ArgumentxxxpredictiveLow
63Argumentxxx_xxpredictiveLow
64Argumentxx_xxxxx_xxxxxx_xxxpredictiveHigh
65ArgumentxxxpredictiveLow
66Argumentxxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxxpredictiveHigh
67Argumentxxx_xxxx/xxx_xxxxxxxpredictiveHigh
68ArgumentxxxxxxpredictiveLow
69Argumentxxxxxx_xxxxx_xxxpredictiveHigh
70ArgumentxxpredictiveLow
71ArgumentxxxxpredictiveLow
72Argumentxxxxxx xxxxxxpredictiveHigh
73ArgumentxxxxxxxxpredictiveMedium
74ArgumentxxxxxxxxxpredictiveMedium
75Argumentxxxxx/xxxxxxxpredictiveHigh
76Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
77Argumentxxxxxxx_xxxxx/xxxxxxx_xxxxxxx/xxxxxxx_xxxxxxxxxx/xxxxxxx_xxxxpredictiveHigh
78ArgumentxxxxxxxxxxxxxxpredictiveHigh
79ArgumentxxxxpredictiveLow
80Argumentxxx_xxxxxpredictiveMedium
81ArgumentxxxpredictiveLow
82ArgumentxxxxxpredictiveLow
83ArgumentxxxxxpredictiveLow
84Argumentxxxxxx/xxxxxxxx/xxxx/xxxpredictiveHigh
85ArgumentxxxpredictiveLow
86ArgumentxxxxpredictiveLow
87Argumentxxxx->xxxxxxxpredictiveHigh
88Input Value.xxx?/../../xxxx.xxxpredictiveHigh
89Input ValuexxxxxpredictiveLow
90Input Valuexxxx/xxxxx/xxxxxxxx/xxxxxxx/xx/xxxxxxx/xxxxxxxxxx/xx_xxxxpredictiveHigh
91Input Value\xpredictiveLow
92Network PortxxxxxpredictiveLow
93Network Portxxx/xx (xxx)predictiveMedium

References (6)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!