MirrorFace Analysisinfo

IOB - Indicator of Behavior (356)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en250
zh58
es14
ru12
ja10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache HTTP Server10
Linux Kernel8
Microsoft Exchange Server6
Microsoft IIS6
GitLab Community Edition4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.08CVE-2009-4935
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.021950.88CVE-2010-0966
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.021470.00CVE-2007-1192
4Microsoft Edge PDF Reader memory corruption6.05.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.446320.00CVE-2020-1568
5MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013021.59CVE-2007-0354
6nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.76CVE-2020-12440
7Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009361.12CVE-2020-15906
8Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000001.23
9Apache Spark UI command injection7.17.0$5k-$25k$0-$5kHighOfficial Fix0.973100.03CVE-2022-33891
10Microsoft IIS uncpath cross site scripting5.25.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.004830.06CVE-2017-0055
11HP Router/Switch SNMP information disclosure3.73.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.002850.03CVE-2012-3268
12Esoftpro Online Guestbook Pro ogp_show.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.002090.03CVE-2009-2441
13Microsoft IIS Frontpage Server Extensions shtml.dll Username information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.159580.03CVE-2000-0114
14vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001210.00CVE-2018-6200
15OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002480.04CVE-2005-1612
16Cisco ASA IKEv1/IKEv2 ikev2_add_rcv_frag memory corruption9.99.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.968800.03CVE-2016-1287
17Apache Struts ExceptionDelegator input validation8.88.4$5k-$25k$0-$5kHighOfficial Fix0.186480.04CVE-2012-0391
18Schneider Electric Vijeo Designer path traversal5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002760.00CVE-2021-22704
19Hscripts PHP File Browser Script index.php path traversal5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.001510.00CVE-2018-16549
20Nfec.de RechnungsZentrale authent.php4 sql injection5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.015130.04CVE-2006-1954

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • LiberalFace

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (158)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/admin/app/service_crud.phppredictiveHigh
3File/balance/service/listpredictiveHigh
4File/cgi-bin/nas_sharing.cgipredictiveHigh
5File/cgi-bin/wapopenpredictiveHigh
6File/debug/pprofpredictiveMedium
7File/forum/away.phppredictiveHigh
8File/include/helpers/upload.helper.phppredictiveHigh
9File/index.phppredictiveMedium
10File/lam/tmp/predictiveMedium
11File/lan.asppredictiveMedium
12File/LDMS/frm_splitfrm.aspxpredictiveHigh
13File/members/view_member.phppredictiveHigh
14File/mhds/clinic/view_details.phppredictiveHigh
15File/NAGErrorspredictiveMedium
16File/newpredictiveLow
17File/owa/auth/logon.aspxpredictiveHigh
18File/rest/api/latest/projectvalidate/keypredictiveHigh
19File/xxxxxx/xxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
20File/xxxxxxx/xxxxxxxxx/%xxxxx%/xxxxxpredictiveHigh
21File/xxxxxxx/predictiveMedium
22File/xxx-xxx/xxx.xxxpredictiveHigh
23Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
24Filexxxxxxx.xxxpredictiveMedium
25Filexxxxxxxx.xxxpredictiveMedium
26Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
27Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
28Filexxxxx/xxxxx.xxxpredictiveHigh
29Filexxxxxxx.xxxpredictiveMedium
30Filexxx/xxxxxx/xxxx/predictiveHigh
31Filexxx/xxxxxxxxxx/xx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
32Filexxx_xxxx.xxxpredictiveMedium
33Filexxx/xxxxxx/xxxxxxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
34Filexxxxxxx.xxxxpredictiveMedium
35Filexxxxxxx.xxpredictiveMedium
36Filexxx/xxx.xxxpredictiveMedium
37Filex:\xxxxxxpredictiveMedium
38Filexxx-xxx/xxxxxxx.xxpredictiveHigh
39Filexxxxx.xxxpredictiveMedium
40Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxxpredictiveHigh
41Filexxxxxx.xxxxxxxpredictiveHigh
42Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
43Filexxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
44Filexxxx/xxxxx_xxxx.xxxpredictiveHigh
45Filexxxxx.xpredictiveLow
46Filexxxx.xpredictiveLow
47Filexxxx.xxxpredictiveMedium
48Filexxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
49Filexxxxxxx/xxxx/xxxx/xxxx_xxxxxxxxxx.xpredictiveHigh
50Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
51Filexxxxx.xxxpredictiveMedium
52Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveHigh
53Filexxx/xxxx/xxxx.xpredictiveHigh
54Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
55Filexxxx_xx.xxpredictiveMedium
56Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
57Filexxxxx.xxxxpredictiveMedium
58Filexxx/xxxxxx.xxxpredictiveHigh
59Filexxxxx.xxxpredictiveMedium
60Filexxxxxxx/xxxxxxx.xxxpredictiveHigh
61Filexxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxx/predictiveHigh
62Filexxxxxxxx/xx/xxxx.xxpredictiveHigh
63Filexxxx_xxxxxxx.xxxxpredictiveHigh
64Filexxx?xxxx.xxxpredictiveMedium
65Filexxxxxx/xxxxx/xxxx.xpredictiveHigh
66Filexxxx/xxxxx_xxx.xxxxpredictiveHigh
67Filexxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxxpredictiveHigh
68Filexxxx.xxxpredictiveMedium
69Filexxxxxx_xxxxxxxxx.xxpredictiveHigh
70Filexxx_xxxxx_xxxx.xpredictiveHigh
71Filexx.xxxxx.xxxxpredictiveHigh
72Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictiveHigh
73Filexxx/xxxxxpredictiveMedium
74Filexxx_xxxx.xxxpredictiveMedium
75Filexxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
76Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
77Filexxxx.xxxpredictiveMedium
78Filexxxxxxxxxx.xxxpredictiveHigh
79Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
80Filexxxxxxxxxxxxxx.xxxxxxxxxxxxxxxpredictiveHigh
81Filexxxxxxxxx.xxxpredictiveHigh
82Filexxx/xxxx/xxxx/xxx.xxxxxxxx.xxxxxxx/xxxxxxx/xxx/xxxxxx.xxxxpredictiveHigh
83Filexxxx-xxxxx.xxxpredictiveHigh
84Filexxxx-xxxxxxxx.xxxpredictiveHigh
85Filexxx.xpredictiveLow
86Filexxxxxxxxxxx.xxxpredictiveHigh
87Filexxxx_xxxxxxxx_xxxxxxx.xxxpredictiveHigh
88Filexxxxxxxxxx.xxxpredictiveHigh
89Filexxxx.xxpredictiveLow
90Filexxxx.xxpredictiveLow
91Filexxxx/xxxx_xxx_xxxxxx.xpredictiveHigh
92File~/xxxxxxxx/xxx-xxxxxxxxx/xxxxx/xxxxx-xxx-xxxxx-xxxxxxxx.xxxpredictiveHigh
93File~/xxxxx-xxxxxx/xxxxxx_xx.xxxpredictiveHigh
94Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
95Libraryxxxxxxxxxxxx/xxxx/xxxxxxxxxx.xxxpredictiveHigh
96Libraryxxx/xxxxxx.xpredictiveMedium
97ArgumentxxxxxxxxpredictiveMedium
98ArgumentxxxxxpredictiveLow
99ArgumentxxxxxxxxxxpredictiveMedium
100Argumentxx_xxxxx_xxxxxx_xxxpredictiveHigh
101ArgumentxxxxxxxxpredictiveMedium
102ArgumentxxxxxxxxxpredictiveMedium
103ArgumentxxxxxxpredictiveLow
104Argumentxxxx_xxxxxpredictiveMedium
105ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
106ArgumentxxxxpredictiveLow
107Argumentxxxxxx xxxxpredictiveMedium
108ArgumentxxxxxxxpredictiveLow
109ArgumentxxxpredictiveLow
110ArgumentxxxxxpredictiveLow
111ArgumentxxxxpredictiveLow
112ArgumentxxxxxxxxxxpredictiveMedium
113ArgumentxxxxxxxxpredictiveMedium
114Argumentxx_xxpredictiveLow
115Argumentxxxxxxxxx/xxxxxxpredictiveHigh
116Argumentxxxxxxx[xx_xxx_xxxx]predictiveHigh
117ArgumentxxpredictiveLow
118ArgumentxxxxxxxxxpredictiveMedium
119ArgumentxxxxpredictiveLow
120ArgumentxxpredictiveLow
121ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveHigh
122ArgumentxxxxpredictiveLow
123ArgumentxxxpredictiveLow
124ArgumentxxxxxxpredictiveLow
125ArgumentxxxxpredictiveLow
126Argumentxxxxxx xxxxxxpredictiveHigh
127ArgumentxxxxxxxpredictiveLow
128Argumentx[xxx]predictiveLow
129ArgumentxxxxxxxxpredictiveMedium
130ArgumentxxxxpredictiveLow
131ArgumentxxxxxpredictiveLow
132ArgumentxxxxxxxpredictiveLow
133Argumentxxxxxxx xxxxxpredictiveHigh
134Argumentxxxxxxxxx_predictiveMedium
135Argumentxxxxx_xxxxxxpredictiveMedium
136ArgumentxxxxxxxxxxpredictiveMedium
137ArgumentxxxxxxpredictiveLow
138Argumentxxxxx/xxxxxxxpredictiveHigh
139ArgumentxxxxxxxxxxxpredictiveMedium
140ArgumentxxxxxxxxpredictiveMedium
141ArgumentxxxxpredictiveLow
142ArgumentxxxpredictiveLow
143ArgumentxxxpredictiveLow
144ArgumentxxxpredictiveLow
145ArgumentxxxxpredictiveLow
146ArgumentxxxxxxxxpredictiveMedium
147ArgumentxxxxxpredictiveLow
148Argumentx-xxxxxxxxx-xxxxxxpredictiveHigh
149ArgumentxxxxpredictiveLow
150Input Value../predictiveLow
151Input Value../..predictiveLow
152Input Value.xxx?/../../xxxx.xxxpredictiveHigh
153Input Value/xxx/xxxxxxpredictiveMedium
154Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
155Input Valuexxx?xxxx.xxxpredictiveMedium
156Input Valuex=xpredictiveLow
157Input ValuexxxxxxxxxxpredictiveMedium
158Network Portxxx/xxx (xxxx)predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!