MedusaHTTP Analysisinfo

IOB - Indicator of Behavior (618)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en536
de22
it12
zh10
es10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Moodle14
Google Android8
Linux Kernel8
Google Chrome6
PHP4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.021950.48CVE-2010-0966
2Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.20
3Trivantis Coursemill Learning Management System userlogin.jsp input validation9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.003720.03CVE-2013-3599
4Moodle Manifest locallib.php information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.003130.00CVE-2014-3543
5TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010751.66CVE-2006-6168
6Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009361.03CVE-2020-15906
7jforum username User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
8LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000001.07
9PHPizabi index.php path traversal6.55.7$0-$5k$0-$5kUnprovenUnavailable0.008600.08CVE-2008-3723
10MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013021.11CVE-2007-0354
11V-EVA Press Release Script page.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001870.20CVE-2010-5047
12Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.021470.00CVE-2007-1192
13eTicket newticket.php cross site scripting4.34.1$0-$5k$0-$5kHighOfficial Fix0.002440.04CVE-2008-0093
14PHP phpinfo cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.069380.05CVE-2006-0996
15Hypersilence Silentum Guestbook silentum_guestbook.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001070.03CVE-2009-4687
16Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.003390.39CVE-2015-5911
17PHPizabi template.class.php assignuser information disclosure4.34.2$0-$5k$0-$5kHighUnavailable0.004580.04CVE-2008-2018
18PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.017440.04CVE-2007-1287
19vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001210.05CVE-2018-6200
20jforum cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001640.00CVE-2012-5337

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1176.119.29.14dedicated.vsys.hostMedusaHTTP08/15/2019verifiedLow
2XXX.XX.XX.XXXXxxxxxxxxx08/15/2019verifiedLow

TTP - Tactics, Techniques, Procedures (23)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23, CWE-425Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-XXXCWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
17TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
18TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
19TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxxpredictiveHigh
20TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
21TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
22TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
23TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (199)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/?page=system_info/contact_infopredictiveHigh
2File/admin/index.phppredictiveHigh
3File/admin/login.phppredictiveHigh
4File/admin/produts/controller.phppredictiveHigh
5File/admin/user/teampredictiveHigh
6File/book-services.phppredictiveHigh
7File/cgi-bin/system_mgr.cgipredictiveHigh
8File/common/logViewer/logViewer.jsfpredictiveHigh
9File/crmeb/app/admin/controller/store/CopyTaobao.phppredictiveHigh
10File/en/blog-comment-4predictiveHigh
11File/foms/routers/cancel-order.phppredictiveHigh
12File/forum/away.phppredictiveHigh
13File/getcfg.phppredictiveMedium
14File/goform/aspFormpredictiveHigh
15File/h/predictiveLow
16File/hocms/classes/Master.php?f=delete_collectionpredictiveHigh
17File/mifs/c/i/reg/reg.htmlpredictiveHigh
18File/ms/cms/content/list.dopredictiveHigh
19File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
20File/orms/predictiveLow
21File/plesk-site-preview/predictiveHigh
22File/project/PROJECTNAME/reports/predictiveHigh
23File/protocol/iscuser/uploadiscuser.phppredictiveHigh
24File/report/printlogs.phppredictiveHigh
25File/xxxxxx/xxxxx/xxx_xxxxx_xxxxxxx.xxxpredictiveHigh
26File/xxxxxxx-xxxxxxx-xxxxxx/xxx.xxx?xxxx=xxxxxpredictiveHigh
27File/xxxxxxxxx.xxxpredictiveHigh
28File/xxxxxxx/predictiveMedium
29File/xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
30Filexxxxxxx.xxxpredictiveMedium
31Filexxxxxxx.xxxpredictiveMedium
32Filexxxxxxx.xxxpredictiveMedium
33Filexxxxx-xxxx.xxxpredictiveHigh
34Filexxxxx.xxxpredictiveMedium
35Filexxxxx/xxxxxxxxxx.xxxpredictiveHigh
36Filexxxxx/xxxx-xxxx.xxxpredictiveHigh
37Filexxxxx/xxxxx.xxxpredictiveHigh
38Filexxxxx_xxxxxxx_xxxxx.xxxpredictiveHigh
39Filexxx/xxxx/xxxxxxxxxxxxx/xxxx.xxxpredictiveHigh
40Filexxxx.xxx_xxxxx_xxxx_xxxxx.xxxpredictiveHigh
41Filexxxxxx.xxxpredictiveMedium
42Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
43Filexxxxxxxxx.xxxpredictiveHigh
44Filexxxxx.xxxpredictiveMedium
45Filexxxxxxxxxxxxxxxxxxxxxxx.xpredictiveHigh
46Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
47Filexxxxxxxxxx/xxx.xxxxxxxxxx/xxx.xxxxxxxxxx.xxpredictiveHigh
48Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
49Filexxxxxxx.xxxpredictiveMedium
50Filexxxxxx.xxxpredictiveMedium
51Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
52Filexxxxxxxxxxx/xx/xxx/xxxxxx/xxxxxx_xxx.xpredictiveHigh
53Filexxxx_xxxx.xxxpredictiveHigh
54Filexxxxx.xxxpredictiveMedium
55Filexxx/xxxx/xxxxxxxx/xxxxxxxx_xxxx.xpredictiveHigh
56Filexxx/xxxxxxxx/xxxx_xxxxx_xxxxxxx.xpredictiveHigh
57Filexxxxxxx.xxxpredictiveMedium
58Filexxxxx.xxxpredictiveMedium
59Filexxxxxxxxx.xxxpredictiveHigh
60Filexxx/xxxxxx.xxxpredictiveHigh
61Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
62Filexxxxx.xxxxpredictiveMedium
63Filexxxxx.xxxpredictiveMedium
64Filexxxx.xpredictiveLow
65Filexx/xxx.xxpredictiveMedium
66Filexxxxxxxxx_xx.x/xxxxx/xxxxx.xxx?x=xxxxxxxxxxxxx&x=xxxpredictiveHigh
67Filexxxxxx.xpredictiveMedium
68Filexxxxxxxxxxx.xxxpredictiveHigh
69Filexxx/xxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
70Filexxx/xxxxxx/xxxxxxxxx.xxxpredictiveHigh
71Filexxx/xxx/xxxx.xxxpredictiveHigh
72Filexxxxxxx/xxxxxx/xxxxx.xxxpredictiveHigh
73Filexxxxxxxxx/xxxx-xxxxpredictiveHigh
74Filexxxxxxxxx.xxxpredictiveHigh
75Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
76Filexxx_xxxx.xxxpredictiveMedium
77Filexxxxxxx.xxxxpredictiveMedium
78Filexxxx.xxxpredictiveMedium
79Filexxxxxxxxxxx.xxpredictiveHigh
80Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
81Filexxxx/xxxx_xxxxxx.xxxpredictiveHigh
82Filexxxx.xxxpredictiveMedium
83Filexxxx.xxxpredictiveMedium
84Filexxxxx.xxxpredictiveMedium
85Filexxxxx.xxxpredictiveMedium
86Filexxxxxxxxxx.xxxpredictiveHigh
87Filexxxxxxxx.xxxpredictiveMedium
88Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
89Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
90Filexxxxxxx/xxx-xxxxxx-xxxxpredictiveHigh
91Filexxx/xxxxxxx_xxxxxxx.xxxpredictiveHigh
92Filexxxxx.xxxpredictiveMedium
93Filexxxxxxxx_xxxxxxxxx.xxxpredictiveHigh
94Filexxx/xxxxxx.xpredictiveMedium
95Filexxx_xxxx.xxxpredictiveMedium
96Filexxxxxx_xxxxxxx.xpredictiveHigh
97Filexxxxxxx_xxxxxxxx.xxxpredictiveHigh
98Filexxxxxxxx.xxxxx.xxxpredictiveHigh
99Filexxxx-xxxxxx_xxxxxxxxxx.xxxpredictiveHigh
100Filexxxx-xxxxxxxx.xxxpredictiveHigh
101Filexxxx-xxxxx.xxxpredictiveHigh
102Filexxxx-xxxxx.xxxpredictiveHigh
103Filexxxx-xxxxxxxx.xxxpredictiveHigh
104Filexxxxxxxxx.xxpredictiveMedium
105Filexxxxxx/xxxxx/xxxxx_xxxxx.xxxpredictiveHigh
106Filexxxxxxx/xxxxxxxx-xxxxpredictiveHigh
107Filexxxxxxxxx.xxxpredictiveHigh
108Filexxx/xxx/xxx-xxxxxxpredictiveHigh
109Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
110Filexx-xxxxx/xxxx.xxxpredictiveHigh
111Library/xxxxxxxx/xxxxxxx.xxxpredictiveHigh
112Library/xxx/xxx/xxxx.xxxpredictiveHigh
113Library/xxx/xxxxxx.xxxxx.xxxpredictiveHigh
114Libraryxxx/xxxx_xxxxxxx/xxxxxxpredictiveHigh
115Libraryxxx/xxxxxxx.xxxpredictiveHigh
116Libraryxxx/xxxxx/xxxxxxxx.xxxpredictiveHigh
117Libraryxxx/xxx/xxxxxxxx.xxxpredictiveHigh
118Libraryxxx.xxxpredictiveLow
119Libraryxxxxxxx.xxxpredictiveMedium
120Libraryxxxxxxxx.xxxpredictiveMedium
121Libraryxxxxxxxxxxxx.xxxpredictiveHigh
122Libraryxxxxxxx.xxxpredictiveMedium
123Argument-xpredictiveLow
124Argumentxxxxx xxxxpredictiveMedium
125ArgumentxxxxxxxxxxxxxxpredictiveHigh
126ArgumentxxxxxxxxpredictiveMedium
127ArgumentxxxxpredictiveLow
128ArgumentxxxpredictiveLow
129ArgumentxxxxxxxxxxpredictiveMedium
130Argumentxxx_xxpredictiveLow
131Argumentxx_xxxxxpredictiveMedium
132ArgumentxxxxxxxpredictiveLow
133Argumentxxxxxxx_xxxx/xxxxxxx_xxxxxxxpredictiveHigh
134Argumentxxxxxxx_xxpredictiveMedium
135ArgumentxxxxpredictiveLow
136ArgumentxxxpredictiveLow
137ArgumentxxxxxxxpredictiveLow
138ArgumentxxxxxxxxxxxpredictiveMedium
139ArgumentxxxxpredictiveLow
140ArgumentxxxxxxxxxxxxxxpredictiveHigh
141ArgumentxxxxxpredictiveLow
142Argumentxxxxx_xxxpredictiveMedium
143ArgumentxxxxpredictiveLow
144ArgumentxxpredictiveLow
145Argumentxxxx_xxxxpredictiveMedium
146ArgumentxxxxxxxxpredictiveMedium
147Argumentxxxx_xxxxxpredictiveMedium
148Argumentxxxx_xxxxxxx_xxxxxxxxxpredictiveHigh
149Argumentxxxx_xxxxxxxpredictiveMedium
150ArgumentxxpredictiveLow
151Argumentxxx_xxxxxxxxpredictiveMedium
152Argumentxxxxx_xxx_xxxxxxxxxpredictiveHigh
153ArgumentxxxxxxpredictiveLow
154ArgumentxxxxxpredictiveLow
155Argumentxx_xxxxxxxxpredictiveMedium
156ArgumentxxxxxxxpredictiveLow
157ArgumentxxxxpredictiveLow
158ArgumentxxxxpredictiveLow
159ArgumentxxxxxxxpredictiveLow
160ArgumentxxxxxxxxxxxxxxpredictiveHigh
161ArgumentxxxxxxxxxpredictiveMedium
162Argumentxx_xxxxxxxxpredictiveMedium
163Argumentxx_xxxxxpredictiveMedium
164Argumentxxx_xxxxxxxpredictiveMedium
165ArgumentxxxxxpredictiveLow
166ArgumentxxxxxxxxpredictiveMedium
167ArgumentxxxxxpredictiveLow
168ArgumentxxxxxxxxxpredictiveMedium
169Argumentx_xxxxxxxpredictiveMedium
170ArgumentxxxxxxxxpredictiveMedium
171Argumentxxxxxxxx_xxxpredictiveMedium
172ArgumentxxxxxxpredictiveLow
173Argumentxxx_xxxxxxpredictiveMedium
174Argumentxxxxxx/xxxxxxxxxxxx/xxxxxxxxpredictiveHigh
175Argumentxxxxxx_xxxxpredictiveMedium
176ArgumentxxxxxxxxpredictiveMedium
177ArgumentxxxxxxxxxxxxxpredictiveHigh
178Argumentxxx_xxxxx/xxx_xxxxxx/xxx_xxxxxpredictiveHigh
179ArgumentxxxxxxpredictiveLow
180ArgumentxxxxxxxxpredictiveMedium
181ArgumentxxxxxxxpredictiveLow
182ArgumentxxxxxxxxxpredictiveMedium
183ArgumentxxxpredictiveLow
184ArgumentxxxxxxxxpredictiveMedium
185Argumentxxxxxx_xxxxpredictiveMedium
186ArgumentxxxpredictiveLow
187ArgumentxxxpredictiveLow
188ArgumentxxxxxxxxpredictiveMedium
189ArgumentxxxxxpredictiveLow
190Argument_xxxxxxpredictiveLow
191Argument__x/xxxxxxpredictiveMedium
192Input Valuexxxxx"][xxxxxx]xxxxx('xxx')[/xxxxxx]predictiveHigh
193Input Value<xxxxxx>xxxxx(x);</xxxxxx>predictiveHigh
194Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
195Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
196Input Valuexxxx:./../predictiveMedium
197Pattern|xx|xx|xx|predictiveMedium
198Network Portxxx/xxxxxpredictiveMedium
199Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!