MirrorBlast Analysis

IOB - Indicator of Behavior (468)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en406
ru18
zh14
fr10
es8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

sc144
us118
cn48
ru40
li18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

MirrorBlast11
SideWinder6
FIN75
Raccoon Stealer4
TA4103

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined166
Content Management System22
Operating System20
Groupware Software20
Programming Language Software18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined156
Microsoft32
Oracle14
Apple12
Apache10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows16
QNAP QTS10
Microsoft Exchange Server10
Circontrol CirCarLife8
Apple iOS6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Daemon-tools DAEMON Tools mfc80loc.dll untrusted search path8.47.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.01761CVE-2010-5239
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
3Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined1.670.00000
4Microsoft Exchange Server ProxyShell Remote Code Execution9.58.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.080.61804CVE-2021-34473
5WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.240.01034CVE-2022-21664
6VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00954CVE-2019-13275
7Jetty URI access control5.35.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.52164CVE-2021-34429
8Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix1.040.25090CVE-2017-0055
9phpMyAdmin Username sql injection7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00950CVE-2016-9864
10HP Router/Switch SNMP information disclosure3.73.4$5k-$25kCalculatingProof-of-ConceptOfficial Fix0.000.01815CVE-2012-3268
11MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.880.02800CVE-2007-0354
12DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.740.04187CVE-2010-0966
13CutePHP CuteNews unrestricted upload7.56.8$0-$5kCalculatingProof-of-ConceptNot Defined0.030.35200CVE-2019-11447
14Hscripts PHP File Browser Script index.php path traversal5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2018-16549
15WordPress Object injection5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.080.01034CVE-2022-21663
16OpenProject Activities API sql injection7.77.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.93596CVE-2019-11600
17WordPress Update URI Plugin Header Remote Code Execution7.87.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.160.01978CVE-2021-44223
18Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.960.29797CVE-2014-4078
19Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k and more$0-$5kProof-of-ConceptOfficial Fix0.090.02288CVE-2022-26923
20Huawei ACXXXX/SXXXX SSH Packet input validation7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.090.01055CVE-2014-8572

IOC - Indicator of Compromise (15)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.189.222.161rfd285-5.comMirrorBlastverifiedHigh
223.19.58.52MirrorBlastverifiedHigh
345.79.239.23sv3front-dev.goya.coMirrorBlastverifiedHigh
4XX.XXX.XX.XXXxxxxxxx-xx.xxxxx-xxxxx.xxxXxxxxxxxxxxverifiedHigh
5XX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxxxverifiedHigh
6XXX.XX.XX.XXXXxxxxxxxxxxverifiedHigh
7XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxxverifiedHigh
8XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxxxverifiedHigh
9XXX.XX.XX.XXXxxx.xx.xx.xxx.xx.xxx.xxXxxxxxxxxxxverifiedHigh
10XXX.XXX.XXX.XXXxxxxxx.xxxxxx.xxXxxxxxxxxxxverifiedHigh
11XXX.XXX.XX.XXXXxxxxxxxxxxverifiedHigh
12XXX.XXX.XX.XXXxxxx.xxXxxxxxxxxxxverifiedHigh
13XXX.XXX.XX.XXXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxxxverifiedHigh
14XXX.XXX.XXX.Xxxx-xxx-xxx-x.xxxxxxxxx.xxxXxxxxxxxxxxverifiedHigh
15XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (24)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22, CWE-23Pathname TraversalpredictiveHigh
2T1040CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74InjectionpredictiveHigh
4T1059CWE-94Cross Site ScriptingpredictiveHigh
5T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
13TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
15TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
16TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxxxxxxxxx XxxxxxxxxpredictiveHigh
18TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictiveHigh
19TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
20TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
21TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
22TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
23TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
24TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (183)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/sysmon.phppredictiveHigh
2File/api/content/posts/commentspredictiveHigh
3File/api/RecordingList/DownloadRecord?file=predictiveHigh
4File/cgi-bin/koha/acqui/supplier.pl?op=enterpredictiveHigh
5File/Home/GetAttachmentpredictiveHigh
6File/html/device-idpredictiveHigh
7File/html/devstat.htmlpredictiveHigh
8File/html/repositorypredictiveHigh
9File/index.phppredictiveMedium
10File/members/view_member.phppredictiveHigh
11File/modules/projects/vw_files.phppredictiveHigh
12File/nova/bin/consolepredictiveHigh
13File/owa/auth/logon.aspxpredictiveHigh
14File/rapi/read_urlpredictiveHigh
15File/services/config/config.xmlpredictiveHigh
16File/services/system/setup.jsonpredictiveHigh
17File/SSOPOST/metaAlias/%realm%/idpv2predictiveHigh
18File/uncpath/predictiveMedium
19File/WEB-INF/web.xmlpredictiveHigh
20File/wp-admin/admin-post.php?es_skip=1&option_namepredictiveHigh
21Fileadclick.phppredictiveMedium
22Filexxxxx/xxxxxx.xxxpredictiveHigh
23Filexxx/xxx.xxxpredictiveMedium
24Filexxx-xxx/xxxx_xxx.xxxpredictiveHigh
25Filexxxxxx/xxx.xpredictiveMedium
26Filexxxxxxx.xxxpredictiveMedium
27Filexxxxxx.xpredictiveMedium
28Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxxpredictiveHigh
29Filexxxxxxxxx.xxx.xxxpredictiveHigh
30Filexxxxx/xxxxx.xxxpredictiveHigh
31Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
32Filexxxx_xxxxx.xxxpredictiveHigh
33Filexxxx/xxxxpredictiveMedium
34Filexxxxx.xxxpredictiveMedium
35Filexxxxxx.xxxpredictiveMedium
36Filexxxxx.xxxpredictiveMedium
37Filexxxxxx_xxx.xpredictiveMedium
38Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveHigh
39Filexxx/xxxx/xxxx.xpredictiveHigh
40Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
41Filexxxxxxxxxxxxxx.xxpredictiveHigh
42Filexx/xx-xx.xpredictiveMedium
43Filexxx/xxxx_xxxx.xpredictiveHigh
44Filexxxx_xxxxxx.xpredictiveHigh
45Filexxxx/xxxxxxx.xpredictiveHigh
46Filexxxxx.xxxxpredictiveMedium
47Filexx/xxxxxxx/xxx.xpredictiveHigh
48Filexxx/xxxxxx.xxxpredictiveHigh
49Filexxx/xx/xxxx/xxxx.xxxxx.xxxpredictiveHigh
50Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
51Filexxxxx.xxxpredictiveMedium
52Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
53Filexxxxxxxx/xx/xxxx.xxpredictiveHigh
54Filexxxxxxxxxx.xxxpredictiveHigh
55Filexxxxxx.xpredictiveMedium
56Filexxxxxxxx.xxxpredictiveMedium
57Filexx/xxx/xxxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxx_xxxxx/_/xxxxxxx_xxxpredictiveHigh
58Filexxxxxx/xxxxxx.xpredictiveHigh
59Filexxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxxpredictiveHigh
60Filexxxxxxxxxxxx/xxx.xpredictiveHigh
61Filexxx_xxxxxxxxx.xpredictiveHigh
62Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
63Filexxxxxxx.xxxpredictiveMedium
64Filexxx/xxx.xxxpredictiveMedium
65Filexxx_xxxxx_xxxx.xpredictiveHigh
66Filexxx/xxxxxpredictiveMedium
67Filexxx_xxxx.xxxpredictiveMedium
68Filexxxxxxx/xxxxpredictiveMedium
69Filexxxxxxx.xxxpredictiveMedium
70Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
71Filexxxx_xxxxxxx.xxxpredictiveHigh
72Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
73Filexxxxxx.xpredictiveMedium
74Filexxxx.xxxpredictiveMedium
75Filexxxxx.xxxpredictiveMedium
76Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
77Filexxxx.xxxpredictiveMedium
78Filexxxxxxxx.xxpredictiveMedium
79Filexxxxxxxxxx.xxxpredictiveHigh
80Filexxxxxxxx_xxxxxxxxxxxx_xxxxxx.xxpredictiveHigh
81Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
82Filexxx_xxxxx_xxxxxxxxx.xpredictiveHigh
83Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictiveHigh
84Filexxxxx.xxxpredictiveMedium
85Filexxxx.xxxpredictiveMedium
86Filexxxxx/xxxxx.xxxpredictiveHigh
87Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
88Filexxxxxxxx.xxxpredictiveMedium
89Filexxxxxxxx/xxxxxxxxxxxx-xxxxxxxxxxpredictiveHigh
90Filexxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxxpredictiveHigh
91Filexxxx.xxxpredictiveMedium
92Filexxx.xpredictiveLow
93Filexxxxxxxxx.xxxpredictiveHigh
94Filexxxxx/xxx/xxxxxxx/xxxxxx.xxxpredictiveHigh
95Filexxxxxx.xxxpredictiveMedium
96Filexxx xxxx xxxxxxxpredictiveHigh
97Filexxxx.xpredictiveLow
98FilexxxxxxxxxxpredictiveMedium
99Filexxxxxxx/xxxxx.xxxpredictiveHigh
100Filexxxxxx.xxxpredictiveMedium
101Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
102Filexxxxxxxxxxxxx.xxpredictiveHigh
103Libraryxxx-xx-xxx-xxxx-xxxx-xx-x-x.xxxpredictiveHigh
104Libraryxxxxxxxxx/xxx-xxxxxx/xxxxxxxx.xxxpredictiveHigh
105Libraryxxxxxxxx.xxxpredictiveMedium
106Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveHigh
107Libraryxxxxxx.xxxpredictiveMedium
108Argument-xpredictiveLow
109Argumentxxxxxxx xx/xxxxxxx xxxxpredictiveHigh
110Argumentxxxxxx_xxxxpredictiveMedium
111ArgumentxxxxxxxxxxxxxxpredictiveHigh
112ArgumentxxxxxxxxpredictiveMedium
113ArgumentxxxpredictiveLow
114ArgumentxxxxxxxxxxxxxxxpredictiveHigh
115ArgumentxxxpredictiveLow
116ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
117Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
118Argumentxxxxxx_xxpredictiveMedium
119Argumentxxxxxx/xxxxxxxpredictiveHigh
120Argumentxxxxxxxx[xxxx_xxx]predictiveHigh
121Argumentxxxxx->xxxxpredictiveMedium
122ArgumentxxxxpredictiveLow
123ArgumentxxxxxxpredictiveLow
124Argumentxx_xxpredictiveLow
125Argumentxxxxxxxx xxxx/xxxxxxxx xxxxxxxx/xxxxxxxx xxxxxxx xx/xxxxxxx/xxxxpredictiveHigh
126ArgumentxxxxpredictiveLow
127ArgumentxxxxpredictiveLow
128ArgumentxxxxxxxxpredictiveMedium
129ArgumentxxxxpredictiveLow
130ArgumentxxpredictiveLow
131Argumentxxxxx_xxxxpredictiveMedium
132ArgumentxxxxpredictiveLow
133ArgumentxxxpredictiveLow
134ArgumentxxxxxxxpredictiveLow
135ArgumentxxxxxxxxpredictiveMedium
136ArgumentxxxxxxxxxxpredictiveMedium
137Argumentxxxx_xxx_xxxxxxxx_xxxpredictiveHigh
138Argumentxxx_xxxxxxpredictiveMedium
139ArgumentxxxxxxxpredictiveLow
140ArgumentxxxxxxxpredictiveLow
141Argumentxxxx_xxxxxpredictiveMedium
142ArgumentxxxxxxxxpredictiveMedium
143ArgumentxxxxxxxxpredictiveMedium
144ArgumentxxxxpredictiveLow
145Argumentxxxxxx_xxxxpredictiveMedium
146ArgumentxxxxxxxpredictiveLow
147Argumentxxxxxx_xxxxxxxpredictiveHigh
148Argumentxxxxx/xxxxxxxxpredictiveHigh
149ArgumentxxxxxxpredictiveLow
150ArgumentxxxxxpredictiveLow
151ArgumentxxxxxxxxxxxpredictiveMedium
152ArgumentxxxpredictiveLow
153Argumentxxxx_xxpredictiveLow
154Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
155Argumentxx_xxx_xxxxxpredictiveMedium
156ArgumentxxxpredictiveLow
157ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
158Argumentxxxx_xxpredictiveLow
159ArgumentxxxpredictiveLow
160ArgumentxxxpredictiveLow
161ArgumentxxxxpredictiveLow
162ArgumentxxxxxxxxpredictiveMedium
163Argumentxxxx/xx/xxxx/xxxpredictiveHigh
164ArgumentxxxxxxxxxpredictiveMedium
165Argumentx-xxxxxxxxx-xxxxxxpredictiveHigh
166Input Value.%xx.../.%xx.../predictiveHigh
167Input Value../predictiveLow
168Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
169Input ValuexxxxxpredictiveLow
170Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
171Input ValuexxxxxxxxxxpredictiveMedium
172Input Value\xpredictiveLow
173Input Value|<xxxxxxx>predictiveMedium
174Patternxxxxxx.xxxxxxpredictiveHigh
175Network PortxxxxpredictiveLow
176Network Portxxxx xxxxpredictiveMedium
177Network Portxxx/xxpredictiveLow
178Network Portxxx/xxxpredictiveLow
179Network Portxxx/xxxpredictiveLow
180Network Portxxx/xxxx (xxx)predictiveHigh
181Network Portxxx/xxxxpredictiveMedium
182Network Portxxx/xxxxpredictiveMedium
183Network Portxxx/xxx (xxxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!