NDSW Analysis

IOB - Indicator of Behavior (85)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en70
ru12
de2
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ru62
us18
hr2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows4
Flat PHP Board4
beContent2
WP Symposium2
moziloCMS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.35CVE-2007-0529
2MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013021.76CVE-2007-0354
3LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.86
4Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.23CVE-2009-4935
5phpMyAdmin phpinfo.php information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001420.04CVE-2016-9848
6DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.43CVE-2010-0966
7LushiWarPlaner register.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.007840.04CVE-2007-0864
8Flat PHP Board path traversal3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04
9Simple PHP Guestbook guestbook.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.04
10212cafe 212cafeboard view.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.000640.04CVE-2008-4713
11Microsoft Office Object data processing7.06.9$5k-$25k$0-$5kHighOfficial Fix0.973390.07CVE-2017-8570
12Lars Ellingsen Guestserver guestbook.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001690.04CVE-2005-4222
13Huawei SmartCare Dashboard Stored cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000650.00CVE-2017-15312
14Flat PHP Board path traversal3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04
15Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
16TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010755.40CVE-2006-6168
17Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.003390.45CVE-2015-5911
18DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.87CVE-2007-1167
19D-Link DIR-865L register_send.php improper authentication7.57.1$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.001090.05CVE-2013-3096
20jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.05CVE-2019-7550

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1109.234.35.249v1020533.hosted-by-vdsina.ruNDSW07/29/2022verifiedMedium
2XXX.XX.XXX.XXXxxx07/29/2022verifiedHigh
3XXX.XXX.XXX.XXXxxxx.xxXxxx07/29/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (44)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2Fileadmin/conf_users_edit.phppredictiveHigh
3Fileadmin/index.phppredictiveHigh
4Fileblog.phppredictiveMedium
5Filecomments/feedpredictiveHigh
6Filedata/gbconfiguration.datpredictiveHigh
7Filexxxxxxxx.xxxpredictiveMedium
8Filexxx/xxx/xxxxxpredictiveHigh
9Filexxxxx.xxxpredictiveMedium
10Filexxxxx.xxxpredictiveMedium
11Filexxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxx/xxxxxx.xxxpredictiveHigh
15Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
16Filexxxxx.xxxxpredictiveMedium
17Filexxxxxxxx.xxxpredictiveMedium
18Filexxxx.xxxpredictiveMedium
19Filexxx_xxxx.xxxpredictiveMedium
20Filexxxxxxx.xxxpredictiveMedium
21Filexxxxxxxx.xxxpredictiveMedium
22Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
23Filexxxxxxxx_xxxx.xxxpredictiveHigh
24Filexxx.xpredictiveLow
25Filexxxx-xxxxxxxx.xxxpredictiveHigh
26Filexxxxxx.xxxpredictiveMedium
27Filexxxx.xxxpredictiveMedium
28Filexxxxxx.xxxpredictiveMedium
29ArgumentxxxxxxpredictiveLow
30ArgumentxxxxxxxxpredictiveMedium
31ArgumentxxxpredictiveLow
32ArgumentxxxxxxxxxxxpredictiveMedium
33ArgumentxxxxxxxpredictiveLow
34ArgumentxxxxpredictiveLow
35ArgumentxxpredictiveLow
36ArgumentxxxxpredictiveLow
37ArgumentxxxpredictiveLow
38ArgumentxxxxxxxxpredictiveMedium
39ArgumentxxxxxxxxpredictiveMedium
40ArgumentxxxxxxxxpredictiveMedium
41ArgumentxxxxxxpredictiveLow
42ArgumentxxxxpredictiveLow
43ArgumentxxxxxpredictiveLow
44ArgumentxxxxxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!