NaturalFreshMall Analysis

IOB - Indicator of Behavior (16)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us14
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress4
OpenCart2
polkit2
Linux Kernel2
Laravel2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1WordPress wp_die information disclosure4.54.4$5k-$10k$0-$1kNot DefinedOfficial Fix0.000.00890CVE-2021-39200
2polkit pkexec access control8.88.1$2k-$5k$0-$1kProof-of-ConceptWorkaround0.160.04106CVE-2021-4034
3Laravel deserialization6.36.1$2k-$5k$0-$1kProof-of-ConceptNot Defined0.310.00885CVE-2022-2886
4glib pkexec information disclosure5.55.4$0-$1k$0-$1kNot DefinedOfficial Fix0.020.01108CVE-2021-3800
5WordPress Object injection5.35.2$10k-$25k$1k-$2kNot DefinedOfficial Fix0.040.01034CVE-2022-21663
6Linux Kernel ptrace.c access control7.87.0$10k-$25kCalculatingProof-of-ConceptOfficial Fix0.000.02302CVE-2019-13272
7Linux Kernel futex.c futex_requeue integer overflow5.55.3$5k-$10k$0-$1kNot DefinedOfficial Fix0.030.01547CVE-2018-6927
8Linux Kernel i2c-core-smbus.c i2c_smbus_xfer_emulated out-of-bounds write6.05.7$5k-$10kCalculatingNot DefinedOfficial Fix0.010.00950CVE-2017-18551
9WordPress User Activation Email Plugin user-activation-email.php cross site scripting5.25.1$0-$1kCalculatingNot DefinedOfficial Fix0.000.00885CVE-2021-38325
10EyouCms URL saveRemote server-side request forgery5.04.7$2k-$5k$0-$1kProof-of-ConceptNot Defined0.010.00954CVE-2021-39497
11Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$10k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
12Google Go IP Address net.ParseCIDR access control7.37.0$10k-$25k$2k-$5kNot DefinedOfficial Fix0.000.01537CVE-2021-29923
13IBM Rational ClearQuest ActiveX Control cqole.dll memory corruption10.09.5$25k-$50k$0-$1kHighOfficial Fix0.020.72300CVE-2012-0708
14OpenCart Divido Plugin sql injection6.86.8$2k-$5k$0-$1kNot DefinedNot Defined0.020.00885CVE-2018-11231

IOC - Indicator of Compromise (112)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
123.106.125.64NaturalFreshMallverifiedHigh
245.72.18.133begrudgingly.househelpdirect.comNaturalFreshMallverifiedHigh
345.72.18.234libertie.househelpdirect.comNaturalFreshMallverifiedHigh
445.72.18.236shindy.househelpdirect.comNaturalFreshMallverifiedHigh
545.72.31.112NaturalFreshMallverifiedHigh
645.72.85.178NaturalFreshMallverifiedHigh
745.72.86.142NaturalFreshMallverifiedHigh
845.72.86.201NaturalFreshMallverifiedHigh
945.72.112.143nydodefdsw.pottspsychic.siteNaturalFreshMallverifiedHigh
10132.255.135.51NaturalFreshMallverifiedHigh
11132.255.135.230NaturalFreshMallverifiedHigh
12138.36.92.216NaturalFreshMallverifiedHigh
13138.36.92.253NaturalFreshMallverifiedHigh
14138.36.93.206NaturalFreshMallverifiedHigh
15138.36.94.2NaturalFreshMallverifiedHigh
16138.36.94.59NaturalFreshMallverifiedHigh
17138.36.94.224NaturalFreshMallverifiedHigh
18138.36.94.241NaturalFreshMallverifiedHigh
19138.94.216.131NaturalFreshMallverifiedHigh
20138.94.216.172NaturalFreshMallverifiedHigh
21138.94.216.186NaturalFreshMallverifiedHigh
22138.94.216.230NaturalFreshMallverifiedHigh
23141.193.20.147unit-achat.endeasier.comNaturalFreshMallverifiedHigh
24XXX.XXX.XXX.XXxxxxxxxxxxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
25XXX.XXX.XXX.XXxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
26XXX.XXX.XXX.XXXxxxxxxxxxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
27XXX.XXX.XXX.XXXxxxxxxxxxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
28XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
29XXX.XXX.XXX.XXxxxxxxxxxxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
30XXX.XXX.XX.XXXxxxxxxxxxxxxxxxverifiedHigh
31XXX.XXX.XX.XXXxxxxxxxxxxxxxxxverifiedHigh
32XXX.XXX.XX.XXXxxxxxxxxxxxxxxxverifiedHigh
33XXX.XXX.XX.XXXXxxxxxxxxxxxxxxxverifiedHigh
34XXX.XXX.XX.XXXXxxxxxxxxxxxxxxxverifiedHigh
35XXX.XXX.XX.XXXXxxxxxxxxxxxxxxxverifiedHigh
36XXX.XXX.XX.XXXXxxxxxxxxxxxxxxxverifiedHigh
37XXX.XXX.XX.XXxxxxxxxxxxxxxxxverifiedHigh
38XXX.XXX.XX.XXXxxxxxxxxxxxxxxxverifiedHigh
39XXX.XXX.XX.XXXxxxxxxxxxxxxxxxverifiedHigh
40XXX.XXX.XX.XXXXxxxxxxxxxxxxxxxverifiedHigh
41XXX.XXX.XX.XXXXxxxxxxxxxxxxxxxverifiedHigh
42XXX.XXX.XX.XXXxxxxxxxxxxxxxxxverifiedHigh
43XXX.XXX.XX.XXXXxxxxxxxxxxxxxxxverifiedHigh
44XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxxverifiedHigh
45XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxxverifiedHigh
46XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxxverifiedHigh
47XXX.XXX.XXX.XXxxxxxxxxxxxxxxxverifiedHigh
48XXX.XXX.XXX.XXXxxxxxxxxxxxxxxxverifiedHigh
49XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxxverifiedHigh
50XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxxverifiedHigh
51XXX.XXX.XXX.XXXxxxxxxxxxxxxxxxverifiedHigh
52XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxxverifiedHigh
53XXX.XXX.XXX.XXXxxxxxxxxxxxxxxxverifiedHigh
54XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxxverifiedHigh
55XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxxverifiedHigh
56XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxxverifiedHigh
57XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxxverifiedHigh
58XXX.XXX.XXX.XXXxxxxxxxxxxxxxxxverifiedHigh
59XXX.XXX.XXX.XXXxxxxxxxxxxxxxxxverifiedHigh
60XXX.XXX.XXX.XXXxxxxxxxxxxxxxxxverifiedHigh
61XXX.XXX.XXX.XXXxxxxxxxxxxxxxxxverifiedHigh
62XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxxverifiedHigh
63XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxxverifiedHigh
64XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxxverifiedHigh
65XXX.XXX.XX.XXXXxxxxxxxxxxxxxxxverifiedHigh
66XXX.X.XXX.XXXxxxxxxxxxxxxxxxverifiedHigh
67XXX.XX.X.XXxxxxxxxxxxxxxxxverifiedHigh
68XXX.XX.X.XXXxxxxxxxxxxxxxxxverifiedHigh
69XXX.XX.X.XXXxxxxxxxxxxxxxxxverifiedHigh
70XXX.XX.X.XXXxxxxxxxxxxxxxxxverifiedHigh
71XXX.XXX.XXX.XXXxxxxxxxx.xxxxxXxxxxxxxxxxxxxxxverifiedHigh
72XXX.XXX.XX.XXXxxxxxx.xxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
73XXX.XXX.XX.XXXxxxxxxxxxxx.xxxxxx.xxXxxxxxxxxxxxxxxxverifiedHigh
74XXX.XXX.XX.XXXxxxxxxxxx.xxxxx.xx.xxxXxxxxxxxxxxxxxxxverifiedHigh
75XXX.XXX.XXX.XXXxxxxxxxxxxxxxxxverifiedHigh
76XXX.XXX.XX.Xxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
77XXX.XXX.XX.XXxxxx.xxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
78XXX.XXX.XX.XXxxxx.xxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
79XXX.XXX.XX.XXXxxxxx.xxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
80XXX.XXX.XX.XXxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
81XXX.XXX.XX.XXXxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
82XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
83XXX.XXX.XXX.XXxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
84XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
85XXX.XXX.XXX.XXxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
86XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
87XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
88XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
89XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
90XXX.XXX.XXX.XXxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
91XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
92XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
93XXX.XXX.XXX.XXXxxxxx.xxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
94XXX.XXX.XXX.XXXxxxxx.xxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
95XXX.XXX.XXX.XXxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
96XXX.XXX.XXX.XXxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
97XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
98XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
99XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
100XXX.XXX.XXX.XXxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
101XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
102XXX.XXX.XXX.XXxxxx.xxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
103XXX.XXX.XXX.XXXxxxxx.xxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
104XXX.XXX.XXX.XXXxxxxxxxxxxxxxxxverifiedHigh
105XXX.XXX.XXX.XXXxxxxxxxxxxxxxxxverifiedHigh
106XXX.XXX.XXX.XXXxxxxxxxxxxxxxxxverifiedHigh
107XXX.XXX.XXX.XXXxxxxxxxxxxxxxxxverifiedHigh
108XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxxverifiedHigh
109XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxxverifiedHigh
110XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxxverifiedHigh
111XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxxverifiedHigh
112XXX.XXX.XXX.XXXxxx-xxx.xxx.xxx.xxx.xxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1055CWE-74InjectionpredictiveHigh
2TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/usr/bin/pkexecpredictiveHigh
2Filedata/gbconfiguration.datpredictiveHigh
3Filexxxxxxx/xxx/xxx-xxxx-xxxxx.xpredictiveHigh
4Filexxxxxx/xxxxx.xpredictiveHigh
5Filexxxxxx/xxxxxx.xpredictiveHigh
6File~/xxxx-xxxxxxxxxx-xxxxx.xxxpredictiveHigh
7Libraryxxxxx.xxxpredictiveMedium
8Argumentxxx-xxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!