Molerats Analysis

IOB - Indicator of Behavior (759)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en726
zh12
ar8
sv4
de4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us402
cn24
ru8
ws6
es6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apple Mac OS X38
Apple iOS24
Mozilla Firefox22
Google Chrome18
Google Android18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
2jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.040.04499CVE-2019-7550
3portable SDK for UPnP unique_service_name memory corruption10.09.5$0-$5k$0-$5kHighOfficial Fix0.060.91250CVE-2012-5958
4DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.780.04187CVE-2010-0966
5ptrofimov beanstalk_console cross site scripting6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2022-0501
6Microsoft Windows WLAN AutoConfig Service Remote Code Execution8.87.7$100k and more$5k-$25kUnprovenOfficial Fix0.060.01728CVE-2021-36965
7WordPress Admin Shell privileges management7.36.6$25k-$100k$0-$5kFunctionalWorkaround0.040.00000
8Open Webmail information disclosure3.33.3$0-$5kCalculatingNot DefinedWorkaround0.000.00000
9MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable1.620.02800CVE-2007-0354
10Oracle Hyperion Essbase Security (libcurl) input validation6.56.3$5k-$25kCalculatingNot DefinedOfficial Fix0.030.01537CVE-2015-3237
11jQuery cross site scripting4.33.8$0-$5k$0-$5kNot DefinedOfficial Fix0.060.03407CVE-2011-4969
12Apache HTTP Server mod_reqtimeout resource management5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.110.03718CVE-2007-6750
13st Module passwd path traversal6.46.1$0-$5kCalculatingProof-of-ConceptOfficial Fix0.010.01213CVE-2014-3744
14SafeNet Sentinel Protection Server path traversal5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.10995CVE-2007-6483
15Google Chrome Forms use after free7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.050.17381CVE-2022-4181
16portable SDK for UPnP unique_service_name memory corruption10.09.5$0-$5k$0-$5kNot DefinedOfficial Fix0.020.63697CVE-2012-5959
17QNAP QTS/QuTS Hero command injection5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.090.09029CVE-2020-2509
18Apache Tapestry deserialization8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.00954CVE-2022-46366
19Atlassian Bitbucket Server and Data Center Environment Variable command injection7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.050.01440CVE-2022-43781
20Ametys CMS auto-completion Plugin en.xml information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.170.12965CVE-2022-26159

Campaigns (4)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (21)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (23)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (268)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.encfs6.xmlpredictiveMedium
2File.htaccesspredictiveMedium
3File/admin/admin_manage/deletepredictiveHigh
4File/admin/video/listpredictiveHigh
5File/adminlogin.asppredictiveHigh
6File/cgi-bin/supervisor/CloudSetup.cgipredictiveHigh
7File/dl/dl_sendmail.phppredictiveHigh
8File/drivers/net/ethernet/broadcom/tg3.cpredictiveHigh
9File/etc/passwdpredictiveMedium
10File/etc/qci/answerspredictiveHigh
11File/forms/nslookupHandlerpredictiveHigh
12File/forum/away.phppredictiveHigh
13File/function/booksave.phppredictiveHigh
14File/goform/form2userconfig.cgipredictiveHigh
15File/gracemedia-media-player/templates/files/ajax_controller.phppredictiveHigh
16File/inc/campaign/campaign-delete.phppredictiveHigh
17File/sgmi/predictiveLow
18File/tmppredictiveLow
19File/uncpath/predictiveMedium
20File/usr/lib/print/conv_fixpredictiveHigh
21File/wp-content/plugins/woocommerce/templates/emails/plain/predictiveHigh
22Fileadclick.phppredictiveMedium
23Fileadd_comment.phppredictiveHigh
24Fileadmin.phppredictiveMedium
25Fileadmin.php?page=languagespredictiveHigh
26Fileadmin/controllers/Albumsgalleries.phppredictiveHigh
27Fileadmin/plugin.phppredictiveHigh
28Fileadmin\addgroup.phppredictiveHigh
29Fileagents.phppredictiveMedium
30Fileapi_poller.phppredictiveHigh
31Filexxx/xxxx/xxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxx/xxxxxxxxx.xxpredictiveHigh
33Filexxxx_xxxxxxxxxxxxxx.xxxpredictiveHigh
34Filexxxx_xxxxxxx.xxxpredictiveHigh
35Filexxxx/xxxxxxxxx.xxxpredictiveHigh
36Filexxxxxx.xpredictiveMedium
37Filexxxx.xpredictiveLow
38Filexxxxx/xxxx.xpredictiveMedium
39Filexxxx.xpredictiveLow
40Filexxx.xpredictiveLow
41Filex:\xxxxxxx\predictiveMedium
42Filexxxx.xxxpredictiveMedium
43Filexxx-xxx/xxxxxxxx.xxxpredictiveHigh
44Filexxxxxx_xxxxxxx_xxxxxxx.xxxpredictiveHigh
45Filexxxxxxxxxxxx.xxxpredictiveHigh
46Filexxxxxx/xxx.xpredictiveMedium
47Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxx_xpredictiveHigh
48Filexxxxxx/xxxxxxxxxxx.xxpredictiveHigh
49FilexxxxxxxxxxpredictiveMedium
50Filexxxxxxx.xxxpredictiveMedium
51Filexxxx/xxx/xxxxxxxxxxxxx.xxxpredictiveHigh
52Filexxxx/xxxxxxx/xxxxxxxxxxxxxx.xxxpredictiveHigh
53Filexx-xxxxx.xpredictiveMedium
54Filexxx.xpredictiveLow
55Filexxxx/xxxx-xxxxxxx.xpredictiveHigh
56Filexxxx/xxx-xxxxxxx.xpredictiveHigh
57Filexxxx/xxx.xpredictiveMedium
58Filexxxxx.xxxxpredictiveMedium
59Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
60Filexxxxxx.xpredictiveMedium
61Filexxxxxxxxxxx.xxxpredictiveHigh
62Filexxxxxx.xxxpredictiveMedium
63Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
64Filexxxxxxx.xxpredictiveMedium
65Filexxx/xxxxxx/xxxxxx/xxxxxxxxxxx/xxx.xxxpredictiveHigh
66Filexxx\xxxxxx\xxxxxx\xxxxxxxxxxx\xxxxx\xxxxxxx.xxxpredictiveHigh
67Filexxxxxxxxxxxxxx.xxxpredictiveHigh
68Filexxx_xxxxxxx.xpredictiveHigh
69Filexxxx_xxxxxx.xpredictiveHigh
70Filexxxxx.xxxpredictiveMedium
71Filexxx-xxxx-/xxxxxx.xxxpredictiveHigh
72Filexxx-xxxx/xxx_xxxxxxxx.xxxpredictiveHigh
73Filexxxx/xxxxxxxxxx/xxxxxx-xxxxxx.xpredictiveHigh
74Filexxxxxx_xxx.xxxpredictiveHigh
75Filexxxxx/xxxxx_xxxxx_xpredictiveHigh
76Filexx/xxxxxx_xxxxx.xpredictiveHigh
77Filexxxxxx.xpredictiveMedium
78Filexxxx/xxxxx.xpredictiveMedium
79Filexxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
80Filexxxxxx_xxxxxx_xxxx.xxxpredictiveHigh
81Filexxxxxx/xxxxxxx/xxxx.xxxpredictiveHigh
82Filexxxxxxxxx.xxxpredictiveHigh
83Filexxxxxxxxxxxx.xxxpredictiveHigh
84Filexxx/xxxxxx.xxxpredictiveHigh
85Filexxxxxxx/xxxxxxx/xxxxxxxx.xxx.xxxpredictiveHigh
86Filexxxxxxxx/xxxxx-xxxxxxxxx.xxxpredictiveHigh
87Filexxxxx.xxxpredictiveMedium
88Filexxxxxxx/xxxx_xxxxxxxxxx.xxxpredictiveHigh
89Filexxxx_xxxx.xxxpredictiveHigh
90Filexx/xxx.xxpredictiveMedium
91Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
92Filexxxxxx/xxxxx.xpredictiveHigh
93FilexxxxxxxxxpredictiveMedium
94Filexxxxxxxxxxx/xxxxx.xpredictiveHigh
95Filexxxxxx/xxxxxx.xpredictiveHigh
96Filexxxxx.xxxxpredictiveMedium
97Filexxxxxx/xxxxxx.xpredictiveHigh
98Filexxxxxx-xxxxxxx.xxxpredictiveHigh
99Filexxxxxx.xxxpredictiveMedium
100Filexxxxxxx/xxx.xxxpredictiveHigh
101Filexxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
102Filexxx.xpredictiveLow
103Filexxxxx_xxxxxxx_xxpredictiveHigh
104Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictiveHigh
105Filexxx/xxxxxx/xxx.xpredictiveHigh
106Filexxx/xxxxxxxxxx/xxxxxxxxx_xxx.xxpredictiveHigh
107Filexxx/xxx/xx_xxx.xpredictiveHigh
108Filexxx.xxxpredictiveLow
109Filexx.xxpredictiveLow
110Filexxxx.xxxpredictiveMedium
111Filexxx/xxx-xxxxx.xpredictiveHigh
112Filexxx/xxx-xxxx.xpredictiveHigh
113Filexxxx.xxxpredictiveMedium
114Filexxxxx/xxxxx.xxxpredictiveHigh
115Filexxxxx-x.xxxpredictiveMedium
116Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
117Filexxxxxxx/xxx/xxxxxxx/xxxxxx/xxxx-xxxxxxxxxx/<xxxxxx>/xx.xxxpredictiveHigh
118Filexxxxxxx.xxxpredictiveMedium
119Filexxxx.xxxpredictiveMedium
120Filexxxxx.xpredictiveLow
121Filexxxxxx.xxxpredictiveMedium
122Filexxxxxxxxxxx.xpredictiveHigh
123Filexxxxxxxx.xxxpredictiveMedium
124Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
125Filexxx_xxx.xpredictiveMedium
126Filexxxxxx/xxxxx/xxx.xpredictiveHigh
127Filexxx.xxxpredictiveLow
128Filexxxxxxxxx/xxx.xpredictiveHigh
129Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
130Filexxx_xxxxxx.xpredictiveMedium
131Filexxxxxxxx.xxxpredictiveMedium
132Filexxxxx/xxxxxxx.xxxpredictiveHigh
133Filexxxx.xxxpredictiveMedium
134Filexxxxxxx.xxxpredictiveMedium
135Filexxx/xxxxxx.xpredictiveMedium
136Filexxx/xxx/xxxxxx.xxxpredictiveHigh
137Filexxx/xxxxxxxxxxxxxxxx/xxxxx.xxxxxxxxxxxxxxxxxx._xxxxxxxxxxxxpredictiveHigh
138Filexxxxxxxx.xxxpredictiveMedium
139Filexxxxxx.xpredictiveMedium
140Filexxx/xxxxxxx.xpredictiveHigh
141Filexxxxxxx/xxxxx/xxxxxxxxxxx.xpredictiveHigh
142Filexxxxxx.xxxpredictiveMedium
143Filexxxx.xxxpredictiveMedium
144Filexxxxxxxxx.xxxx.xxpredictiveHigh
145Filexxxx.xxxpredictiveMedium
146Filexxxxx/xxxxxx/xxxxx.xpredictiveHigh
147FilexxxxxxxxxpredictiveMedium
148Filexxxxxxxxxx.xxxxpredictiveHigh
149Filexxxxxx_xxxxxxxxxxxxx_xxxx.xxxpredictiveHigh
150Filexxxxxxxxx.xxxpredictiveHigh
151Filexxxx_xxxx.xxxpredictiveHigh
152Filexxxxxx.xxxpredictiveMedium
153Filexxxxxxx/xxxxxx/_xxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
154Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
155Filexxx xxxxxxxpredictiveMedium
156File~/xxxxxxx/xxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
157File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxx.xxxpredictiveHigh
158File~/xxxxxxxx/xxxxxxxx/xxxxxx/xxxx/xxxx/xxxxxxxx.xxxpredictiveHigh
159Library/xxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
160Libraryx:\xxxxxxx\xxxxxxxx\xxxxxxxxxxx\xxxxxxxxxxxxxx\xxxxxxxx.xxx_xxxxx_xxxxxxxxxxxxxxxx\xxxxx\xxxxxxxxxxx.xxxpredictiveHigh
161Libraryxxxx/xxx/xxxxxxx/xxxx.xpredictiveHigh
162Libraryxxxxx/xxx/xxxxxxxx.xpredictiveHigh
163Libraryxxx/xxx.xxxxxx.xxxpredictiveHigh
164Libraryxxxxxxxx.xxxpredictiveMedium
165Libraryxxxxxxxx.xxxpredictiveMedium
166Libraryxxxxxx.xxxpredictiveMedium
167Libraryxxxxxxx.xxxpredictiveMedium
168Libraryxxx/xxx/xxxx/predictiveHigh
169Argument$xxxxx['xxxxxxx']['xxxxxxxx']predictiveHigh
170Argument$_xxxxxx["xxx_xxxx"]predictiveHigh
171Argument--xxxxxx/--xxxxxxxxpredictiveHigh
172Argument-x/--xxxxxx-xxx/--xxxpredictiveHigh
173Argumentxxxxx_xxpredictiveMedium
174Argumentxxxx xxxxxxpredictiveMedium
175ArgumentxxxxxxxxpredictiveMedium
176ArgumentxxxxxxxxxxxxxpredictiveHigh
177ArgumentxxxpredictiveLow
178ArgumentxxxxxpredictiveLow
179ArgumentxxxpredictiveLow
180ArgumentxxxxxxxxxxxxpredictiveMedium
181Argumentxxxx_xxpredictiveLow
182Argumentxxxxxx xxxxpredictiveMedium
183ArgumentxxxxpredictiveLow
184Argumentxxxxxxx_xxxx_xxxxpredictiveHigh
185Argumentxxxx xxpredictiveLow
186ArgumentxxxxpredictiveLow
187ArgumentxxpredictiveLow
188ArgumentxxxxxxxxxxxpredictiveMedium
189ArgumentxxxxpredictiveLow
190Argumentxxx_xxxxxxxxxpredictiveHigh
191ArgumentxxxxxxxxxxpredictiveMedium
192ArgumentxxxpredictiveLow
193ArgumentxxxxxxxpredictiveLow
194Argumentxxxxxxx:xxxxxxxxpredictiveHigh
195ArgumentxxxxpredictiveLow
196Argumentxxxxxxxx=xpredictiveMedium
197ArgumentxxxxxxpredictiveLow
198ArgumentxxxxxxxpredictiveLow
199Argumentxxxxxxxxxxx/xxxxxxxxxxxpredictiveHigh
200ArgumentxxxxxxxxpredictiveMedium
201Argumentxxxxxx.xxxx/xxxxxx.xxxxx/xxxxxx.xxxxxx/xxx.xxxx/xxx.xxxxxxxpredictiveHigh
202ArgumentxxpredictiveLow
203ArgumentxxxxxpredictiveLow
204Argumentxxxxxxx_xxxxpredictiveMedium
205ArgumentxxxxpredictiveLow
206Argumentxxxx_xxpredictiveLow
207ArgumentxxxxxxxxpredictiveMedium
208ArgumentxxxxxxxpredictiveLow
209ArgumentxxxxpredictiveLow
210Argumentxxxxxxxx.xxxxpredictiveHigh
211ArgumentxxxxxxxxpredictiveMedium
212ArgumentxxxxpredictiveLow
213ArgumentxxxxxxpredictiveLow
214ArgumentxxxpredictiveLow
215ArgumentxxxxpredictiveLow
216ArgumentxxxxxxxxxxxxxxpredictiveHigh
217ArgumentxxxxxxpredictiveLow
218Argumentxxxx/xxxpredictiveMedium
219ArgumentxxxxxxxxxxxxxpredictiveHigh
220Argumentxxx_xxxxpredictiveMedium
221ArgumentxxxxxxxpredictiveLow
222Argumentxxxxx_xxxxxxpredictiveMedium
223ArgumentxxxxxxxxpredictiveMedium
224ArgumentxxxpredictiveLow
225ArgumentxxxxpredictiveLow
226ArgumentxxxxxxxxxxpredictiveMedium
227ArgumentxxxxxxxxxpredictiveMedium
228ArgumentxxxpredictiveLow
229ArgumentxxxxpredictiveLow
230ArgumentxxxxxxxxxxxpredictiveMedium
231Argumentxxxx xxxx xxpredictiveMedium
232ArgumentxxxxxpredictiveLow
233Argumentxxxxxxxxx/xxxxxxxpredictiveHigh
234ArgumentxxxxxxxxxxpredictiveMedium
235ArgumentxxxxxxxxxxpredictiveMedium
236Argumentxx_xxxxpredictiveLow
237ArgumentxxxxxxpredictiveLow
238ArgumentxxxxxpredictiveLow
239ArgumentxxxxpredictiveLow
240ArgumentxxxpredictiveLow
241ArgumentxxxxxxxpredictiveLow
242Argumentxxxx-xxxxxpredictiveMedium
243ArgumentxxxxxxxxpredictiveMedium
244ArgumentxxxxxxxxpredictiveMedium
245Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
246Argumentxxxx->xxxxxxxpredictiveHigh
247ArgumentxxxpredictiveLow
248Argument_xxxxx_xxxxxxx_xxxxxxxxx_xxxxxxx-xxxpredictiveHigh
249Input Value%xx%xxpredictiveLow
250Input Value%xx/xxxxxx%xx%xxxxxxxx%xxxxxxx%xxx%xx%xx%xx/xxxxxx%xxpredictiveHigh
251Input Value%xxxxxxxx%xxxxxxx%xxxxxxxx.xxxxxxxxxxxx%xxxxx,%xxxxx,%xxxxx%xx%xx%xx/xxxxxx%xxpredictiveHigh
252Input Value%xxxxxxxx%xxxxxxx%xxx%xx%xx/xxxxxx%xxpredictiveHigh
253Input Value'xx''='predictiveLow
254Input Value../../xxx/xx_xxxxxx_xxx%xxpredictiveHigh
255Input Value/%xxpredictiveLow
256Input ValuexxxxxxxxxxxxxxxxpredictiveHigh
257Input Valuexxxxxxxx.xxx%xxpredictiveHigh
258Input Valuexxxx://xxx.xxxxxx.xxxpredictiveHigh
259Input Valuexxx:predictiveLow
260Input Valuexx-xxxx://predictiveMedium
261Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%xxxx%xx%xxpredictiveHigh
262Input ValuexxpredictiveLow
263Input Value|xxx${xxx}predictiveMedium
264Pattern/xxxxxxxxxxx.xxxpredictiveHigh
265Pattern/xxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
266Patternxxxxxxx-xxxx|xx|predictiveHigh
267Network Portxxx/xxxx (xxxxx)predictiveHigh
268Network Portxxx/xxxxpredictiveMedium

References (7)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!