NDSW Analysis

IOB - Indicator of Behavior (26)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	26

Country

ru	12
us	10
fr	2
hr	2

Actors

NDSW	3
SilverFish	1
Donot	1

Activities

Interest

Timeline

Type

Not Defined	8
Operating System	4
Connectivity Software	2
Office Suite Software	2
Router Operating System	2

Vendor

Microsoft	8
Not Defined	4
Cisco	2
TBDev	2
TP-LINK	2

Product

Microsoft Windows	4
OpenSSH	2
Microsoft Office	2
Cisco IronPort AsyncOS	2
TBDev TBDev.NET	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.48	0.04187	CVE-2010-0966
2	Microsoft Office Object data processing	7.0	6.3	$5k-$25k	Calculating	Proof-of-Concept	Official Fix	0.02	0.90147	CVE-2017-8570
3	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	Calculating	High	Workaround	0.04	0.04187	CVE-2007-1192
4	Microsoft Windows Active Directory Domain Services Privilege Escalation	7.5	6.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.04	0.02288	CVE-2021-42287
5	OpenSSH scp scp.c os command injection	6.4	6.4	$25k-$100k	$25k-$100k	Not Defined	Unavailable	0.12	0.01787	CVE-2020-15778
6	Microsoft Visual Studio Code Remote Code Execution	6.0	5.2	$5k-$25k	$0-$5k	Unproven	Official Fix	0.02	0.01789	CVE-2021-28477
7	Laravel Image Upload ValidatesAttributes.php unrestricted upload	5.5	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.06	0.29468	CVE-2021-43617
8	Cisco IronPort AsyncOS Login Page cross site scripting	4.3	3.9	$5k-$25k	Calculating	Proof-of-Concept	Official Fix	0.01	0.01319	CVE-2009-1162
9	TBDev TBDev.NET makepoll.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.01136	CVE-2009-2141
10	Adobe Presenter viewer.swf cross site scripting	4.3	3.9	$0-$5k	Calculating	Proof-of-Concept	Official Fix	0.00	0.01213	CVE-2008-3515
11	moziloCMS download.php path traversal	5.3	4.8	$0-$5k	Calculating	Proof-of-Concept	Unavailable	0.03	0.04482	CVE-2008-3589
12	D-Link DIR-800 Session Cookie Login memory corruption	9.8	9.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.04	0.05785	CVE-2016-5681
13	beContent news.php sql injection	7.3	6.9	$0-$5k	Calculating	Proof-of-Concept	Not Defined	0.02	0.00986	CVE-2008-0921
14	WPML Comment feed sql injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.01319	CVE-2015-2314
15	WP Symposium forum.php sql injection	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00	0.01564	CVE-2015-3325
16	Microsoft Windows NetBIOS WinNuke denial of service	7.5	7.2	$25k-$100k	$0-$5k	High	Official Fix	0.01	0.12890	CVE-1999-0153
17	Alliedtelesyn AT-TFTP stack-based overflow	10.0	10.0	$0-$5k	$0-$5k	High	Not Defined	0.01	0.71464	CVE-2006-6184
18	WordPress cross-site request forgery	6.5	6.3	$5k-$25k	Calculating	High	Official Fix	0.03	0.43772	CVE-2016-6897
19	A-Blog blog.php sql injection	7.3	6.9	$0-$5k	Calculating	Proof-of-Concept	Not Defined	0.00	0.01055	CVE-2008-0677
20	TP-LINK TL-WDR4300 CSRF Prevention Filter cross-site request forgery	7.1	6.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.04	0.01018	CVE-2013-4848

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Type	Confidence
1	109.234.35.249	v1020533.hosted-by-vdsina.ru	NDSW	verified	High
2	XXX.XX.XXX.XX		Xxxx	verified	High
3	XXX.XXX.XXX.XXX	xxxx.xx	Xxxx	verified	High

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CWE-22	Pathname Traversal	predictive	High
2	T1059	CWE-94	Cross Site Scripting	predictive	High
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
4	TXXXX	CWE-XX	Xxxxxxx Xxxxxxxxx	predictive	High
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
6	TXXXX	CWE-XXX	Xxxxxxxxxxxxx	predictive	High
7	TXXXX.XXX	CWE-XXX	Xxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	blog.php	predictive	Medium
2	File	comments/feed	predictive	High
3	File	data/gbconfiguration.dat	predictive	High
4	File	xxxxxxxx.xxx	predictive	Medium
5	File	xxx/xxx/xxxxx	predictive	High
6	File	xxxxx.xxx	predictive	Medium
7	File	xxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxx	predictive	High
8	File	xxx/xxxxxx.xxx	predictive	High
9	File	xxxxxxxx.xxx	predictive	Medium
10	File	xxxx.xxx	predictive	Medium
11	File	xxx.x	predictive	Low
12	File	xxxxxx.xxx	predictive	Medium
13	Argument	xxxxxxxx	predictive	Medium
14	Argument	xxx	predictive	Low
15	Argument	xxxxxxxxxxx	predictive	Medium
16	Argument	xx	predictive	Low
17	Argument	xxxx	predictive	Low
18	Argument	xxxxxxxx	predictive	Medium
19	Argument	xxxxxxxx	predictive	Medium
20	Argument	xxxxxx	predictive	Low
21	Argument	xxxx	predictive	Low

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!