NaturalFreshMall Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (18)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en14
zh2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA16
GB: Great Britain2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

NaturalFreshMall3
PsiXBot1
Kinsing1
TrickBot1
MedusaLocker1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined6
Content Management System4
Programming Language Software2
Operating System2
E-Commerce Management Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined10
Google2
Linux2
WordPress2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Go2
Linux Kernel2
polkit2
Laravel2
glib2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1WordPress wp_die information disclosure4.54.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000930.08CVE-2021-39200
2polkit pkexec access control8.38.2$0-$5k$0-$5kHighWorkaround0.001220.04CVE-2021-4034
3Jupyter Server API information exposure4.04.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000610.04CVE-2023-49080
4Laravel deserialization6.36.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.001560.07CVE-2022-2886
5glib pkexec information disclosure5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.05CVE-2021-3800
6WordPress Object injection5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.004320.08CVE-2022-21663
7Linux Kernel ptrace.c access control7.87.6$5k-$25k$0-$5kHighOfficial Fix0.000520.04CVE-2019-13272
8Linux Kernel futex.c futex_requeue integer overflow5.55.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000640.00CVE-2018-6927
9Linux Kernel i2c-core-smbus.c i2c_smbus_xfer_emulated out-of-bounds write6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2017-18551
10WordPress User Activation Email Plugin user-activation-email.php cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000740.00CVE-2021-38325
11EyouCms URL saveRemote server-side request forgery5.04.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.003390.00CVE-2021-39497
12Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
13Google Go IP Address net.ParseCIDR access control7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.002260.06CVE-2021-29923
14IBM Rational ClearQuest ActiveX Control cqole.dll memory corruption10.09.5$25k-$100k$0-$5kHighOfficial Fix0.953210.00CVE-2012-0708
15OpenCart Divido Plugin sql injection6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.018000.00CVE-2018-11231

IOC - Indicator of Compromise (112)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
123.106.125.64NaturalFreshMall02/11/2022verifiedMedium
245.72.18.133begrudgingly.househelpdirect.comNaturalFreshMall02/11/2022verifiedMedium
345.72.18.234libertie.househelpdirect.comNaturalFreshMall02/11/2022verifiedMedium
445.72.18.236shindy.househelpdirect.comNaturalFreshMall02/11/2022verifiedMedium
545.72.31.112NaturalFreshMall02/11/2022verifiedMedium
645.72.85.178NaturalFreshMall02/11/2022verifiedMedium
745.72.86.142NaturalFreshMall02/11/2022verifiedMedium
845.72.86.201NaturalFreshMall02/11/2022verifiedMedium
945.72.112.143nydodefdsw.pottspsychic.siteNaturalFreshMall02/11/2022verifiedMedium
10132.255.135.51NaturalFreshMall02/11/2022verifiedMedium
11132.255.135.230NaturalFreshMall02/11/2022verifiedMedium
12138.36.92.216NaturalFreshMall02/11/2022verifiedMedium
13138.36.92.253NaturalFreshMall02/11/2022verifiedMedium
14138.36.93.206NaturalFreshMall02/11/2022verifiedMedium
15138.36.94.2NaturalFreshMall02/11/2022verifiedMedium
16138.36.94.59NaturalFreshMall02/11/2022verifiedMedium
17138.36.94.224NaturalFreshMall02/11/2022verifiedMedium
18138.36.94.241NaturalFreshMall02/11/2022verifiedMedium
19138.94.216.131NaturalFreshMall02/11/2022verifiedMedium
20138.94.216.172NaturalFreshMall02/11/2022verifiedMedium
21138.94.216.186NaturalFreshMall02/11/2022verifiedMedium
22138.94.216.230NaturalFreshMall02/11/2022verifiedMedium
23141.193.20.147unit-achat.endeasier.comNaturalFreshMall02/11/2022verifiedMedium
24XXX.XXX.XXX.XXxxxxxxxxxxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
25XXX.XXX.XXX.XXxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
26XXX.XXX.XXX.XXXxxxxxxxxxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
27XXX.XXX.XXX.XXXxxxxxxxxxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
28XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
29XXX.XXX.XXX.XXxxxxxxxxxxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
30XXX.XXX.XX.XXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
31XXX.XXX.XX.XXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
32XXX.XXX.XX.XXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
33XXX.XXX.XX.XXXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
34XXX.XXX.XX.XXXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
35XXX.XXX.XX.XXXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
36XXX.XXX.XX.XXXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
37XXX.XXX.XX.XXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
38XXX.XXX.XX.XXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
39XXX.XXX.XX.XXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
40XXX.XXX.XX.XXXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
41XXX.XXX.XX.XXXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
42XXX.XXX.XX.XXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
43XXX.XXX.XX.XXXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
44XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
45XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
46XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
47XXX.XXX.XXX.XXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
48XXX.XXX.XXX.XXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
49XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
50XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxx10/23/2023verifiedVery High
51XXX.XXX.XXX.XXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
52XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
53XXX.XXX.XXX.XXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
54XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
55XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
56XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
57XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
58XXX.XXX.XXX.XXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
59XXX.XXX.XXX.XXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
60XXX.XXX.XXX.XXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
61XXX.XXX.XXX.XXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
62XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
63XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
64XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxx10/23/2023verifiedVery High
65XXX.XXX.XX.XXXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
66XXX.X.XXX.XXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
67XXX.XX.X.XXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
68XXX.XX.X.XXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
69XXX.XX.X.XXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
70XXX.XX.X.XXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
71XXX.XXX.XXX.XXXxxxxxxxx.xxxxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
72XXX.XXX.XX.XXXxxxxxx.xxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
73XXX.XXX.XX.XXXxxxxxxxxxxx.xxxxxx.xxXxxxxxxxxxxxxxxx02/11/2022verifiedLow
74XXX.XXX.XX.XXXxxxxxxxxx.xxxxx.xx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
75XXX.XXX.XXX.XXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
76XXX.XXX.XX.Xxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
77XXX.XXX.XX.XXxxxx.xxxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
78XXX.XXX.XX.XXxxxx.xxxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
79XXX.XXX.XX.XXXxxxxx.xxxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
80XXX.XXX.XX.XXxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
81XXX.XXX.XX.XXXxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
82XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
83XXX.XXX.XXX.XXxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
84XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
85XXX.XXX.XXX.XXxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
86XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
87XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
88XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
89XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
90XXX.XXX.XXX.XXxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
91XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
92XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
93XXX.XXX.XXX.XXXxxxxx.xxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
94XXX.XXX.XXX.XXXxxxxx.xxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
95XXX.XXX.XXX.XXxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
96XXX.XXX.XXX.XXxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
97XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
98XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
99XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
100XXX.XXX.XXX.XXxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
101XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
102XXX.XXX.XXX.XXxxxx.xxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
103XXX.XXX.XXX.XXXxxxxx.xxxxxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
104XXX.XXX.XXX.XXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
105XXX.XXX.XXX.XXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
106XXX.XXX.XXX.XXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
107XXX.XXX.XXX.XXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
108XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
109XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
110XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
111XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxx02/11/2022verifiedMedium
112XXX.XXX.XXX.XXXxxx-xxx.xxx.xxx.xxx.xxxxxx.xxxXxxxxxxxxxxxxxxx02/11/2022verifiedLow

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
2TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
3TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/usr/bin/pkexecpredictiveHigh
2Filedata/gbconfiguration.datpredictiveHigh
3Filexxxxxxx/xxx/xxx-xxxx-xxxxx.xpredictiveHigh
4Filexxxxxx/xxxxx.xpredictiveHigh
5Filexxxxxx/xxxxxx.xpredictiveHigh
6File~/xxxx-xxxxxxxxxx-xxxxx.xxxpredictiveHigh
7Libraryxxxxx.xxxpredictiveMedium
8Argumentxxx-xxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!