LoggerMiner Analysis

IOB - Indicator of Behavior (30)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en22
zh6
ja2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn16
us8
jp2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

LoggerMiner3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined14
Web Browser4
WordPress Plugin2
Connectivity Software2
Log Management Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
Microsoft4
NXP2
Google2
Splunk2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

NXP LPC55S66JBD642
NXP LPC55S66JBD1002
NXP LPC55S66JEV982
NXP LPC55S69JBD642
NXP LPC55S69JBD1002

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Splunk Enterprise Forwarder Bundle access control8.58.3$0-$5k$0-$5kNot DefinedOfficial Fix0.050.01440CVE-2022-32158
2Google Chrome resource management7.37.0$25k-$100kCalculatingNot DefinedOfficial Fix0.010.01213CVE-2011-2796
3Samsung TizenRT l2_packet_pcap.c l2_packet_receive_timeout denial of service5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00954CVE-2022-40279
4Microsoft Internet Explorer FTP Server memory corruption6.36.3$25k-$100k$0-$5kHighUnavailable0.020.69671CVE-2009-3023
5Microsoft Windows Shell Shortcut Parser input validation10.09.5$100k and more$0-$5kHighOfficial Fix0.040.91230CVE-2010-2568
6TOTOLINK EX1200T command injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.020.02509CVE-2021-42872
7Cellopoint Cellos URL server-side request forgery6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2020-17386
8Fortinet FortiOS/FortiProxy Administrative Interface authentication bypass9.89.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.060.89292CVE-2022-40684
9HCL iNotes Form weak password5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2022-27558
10Google Chrome FedCM use after free6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.070.27766CVE-2022-2852
11SourceCodester Expense Management System POST Parameter report.php fetch_report_credit sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00885CVE-2022-2688
12kaptcha Captcha DefaultTextCreator.java Random random values8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.01055CVE-2018-18531
13NXP LPC55S69JEV98 SB2 Update Parser buffer overflow5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.010.01005CVE-2022-22819
14SRS Simple Hits Counter Plugin sql injection7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.020.01055CVE-2020-5766
15Dell EMC SRS Policy Manager XML Parser xml external entity reference7.37.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000.01055CVE-2021-21517
16Apache Log4j Lookup infinite loop6.46.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.060.44262CVE-2021-45105
17DRAM Target Row Refresh Blacksmith input validation9.09.0$0-$5k$0-$5kNot DefinedNot Defined0.010.00954CVE-2021-42114
18Spring Integration XML Data xml external entity reference8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.050.00954CVE-2019-3772
19SoftEther VPN Server See.sys Kernel 7pk security6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00890CVE-2019-11868
20Itech Dating Script see_more_details.php sql injection7.57.2$0-$5k$0-$5kProof-of-ConceptUnavailable0.040.01564CVE-2017-20135

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
134.92.166.158158.166.92.34.bc.googleusercontent.comLoggerMinerverifiedMedium
2XX.XX.XXX.XXxx.xx.xxx.xx.xxxxx.xxxXxxxxxxxxxxverifiedMedium
3XXX.XXX.XXX.XXXxxxxxxxxxxverifiedHigh
4XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059CWE-94Cross Site ScriptingpredictiveHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
3TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/see_more_details.phppredictiveHigh
2Fileapply.cgipredictiveMedium
3Filexxxxx-xxx.xpredictiveMedium
4Filexxx/xxxxxx.xxxpredictiveHigh
5Filexxxxxx.xxxpredictiveMedium
6Filexxxx-xxxxxx.xpredictiveHigh
7Filexxxx/xxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
8Filexxx_xxxxxxxxxx/xxx/xx_xxxxxx/xx_xxxxxx_xxxx.xpredictiveHigh
9Libraryxxx.xxxpredictiveLow
10ArgumentxxxxxxxxpredictiveMedium
11Argumentxxxx/xxpredictiveLow
12ArgumentxxpredictiveLow
13ArgumentxxxxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!