NetWalker Analysis

IOB - Indicator of Behavior (213)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en190
de10
it8
zh2
ar2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us168
co10
ch8
ca2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

PHP6
Webmin6
Apache HTTP Server4
Oracle Java SE4
Jenkins4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Microsoft Windows improper authentication6.56.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.03884CVE-2004-0540
2SourceCodester Library Management System index.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00885CVE-2022-2492
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
4Tiki Wiki CMS Groupware tiki-edit_wiki_section.php cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.080.01018CVE-2010-4240
5Tiki TikiWiki tiki-editpage.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.01319CVE-2004-1386
6Apple M1 Register s3_5_c15_c10_1 M1RACLES access control8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00000CVE-2021-30747
7Francisco Burzi PHP-Nuke Downloads Module viewsdownload sql injection5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.040.01055CVE-2005-0996
8Apple macOS WebKit memory corruption6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.02166CVE-2021-1844
9Laravel Framework Illuminate PendingCommand.php __destruct deserialization8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00000CVE-2019-9081
10Ecommerce Online Store Kit shop.php sql injection9.89.4$0-$5kCalculatingNot DefinedOfficial Fix0.030.04386CVE-2004-0300
11freeciv os command injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01108CVE-2010-2445
12Samba smb.conf samrchangepassword privileges management6.36.0$0-$5k$0-$5kHighOfficial Fix0.090.79403CVE-2007-2447
13BestXsoftware Best Free Keylogger syscrb.exe untrusted search path6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2018-18519
14Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix1.120.25090CVE-2017-0055
15Trapeze TransitMaster GetSubscriber information disclosure6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2017-14943
16Jenkins workspaceCleanup permission5.85.6$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00950CVE-2017-2611
17WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.01974CVE-2017-5611
18Apache HTTP Server mod_proxy_fcgi.c handle_headers memory corruption5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.240.05242CVE-2014-3583
19roxlukas LMeve proxy.php insert_log sql injection5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01018CVE-2018-25071
20simple_php_link_shortener index.php sql injection5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00954CVE-2018-25057

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (125)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/admin/api/theme-edit/predictiveHigh
3File/apply_noauth.cgipredictiveHigh
4File/cgi-bin/wapopenpredictiveHigh
5File/config.cgi?webminpredictiveHigh
6File/index.phppredictiveMedium
7File/lib/predictiveLow
8File/manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1predictiveHigh
9File/public/login.htmpredictiveHigh
10File/public_main_modul.phppredictiveHigh
11File/rom-0predictiveLow
12File/uncpath/predictiveMedium
13File/var/run/beaker/container_file/predictiveHigh
14File/wordpress/wp-admin/options-general.phppredictiveHigh
15File/workspaceCleanuppredictiveHigh
16Filex.x.x\xxxxxx.xxxpredictiveHigh
17Filexxxxxxx.xxxpredictiveMedium
18Filexxxxx-xxxx.xxxpredictiveHigh
19Filexxxxxx.xxxpredictiveMedium
20Filexxxx.xxxpredictiveMedium
21Filexxxxxxx.xxpredictiveMedium
22Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
23Filexxx/xxxxxxx.xxpredictiveHigh
24Filexxxxx.xx_xxxxxxxxx.xxxpredictiveHigh
25Filexxxxxxxx/xxxxxxxxxx.xxxxpredictiveHigh
26Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
27Filexxxxx.xxxpredictiveMedium
28Filexxxxxxxx.xxxpredictiveMedium
29Filexxx_xxxx.xpredictiveMedium
30Filexxx_xxxx.xxxpredictiveMedium
31Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
32Filexxxxx_xxxxxx.xxxpredictiveHigh
33Filexxx/xxxxxx.xxxpredictiveHigh
34Filexxxxxxx.xxxpredictiveMedium
35Filexxxxxxx/xxxxx/xxx_xxxx.xpredictiveHigh
36Filexxxxx.xxxpredictiveMedium
37Filexxxxxxxxxxxx.xxxpredictiveHigh
38Filexxxx_xxxx.xxxpredictiveHigh
39Filex_xxxxxx.xxxpredictiveMedium
40Filexxxxxx/xxxxxx.xpredictiveHigh
41Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveHigh
42Filexxx_xxxxx_xxx.xxxpredictiveHigh
43Filexxxxxxxxxxxxxxxx.xxxx/xxxxxxxxxxxxxpredictiveHigh
44Filexxxxxx/xxxxxx_xxxx.xxxpredictiveHigh
45Filexxxxxxxx.xxpredictiveMedium
46Filexxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
47Filexxx_xxxxx_xxxx.xpredictiveHigh
48Filexxxxxxxxxxxxxx.xxxpredictiveHigh
49Filexxxxxxx.xxxpredictiveMedium
50Filexxxxxxxxxxxxxx.xxxpredictiveHigh
51Filexxxxxxx.xxxpredictiveMedium
52Filexxxxxxxxxx.xxxpredictiveHigh
53Filexxxxx.xxxxpredictiveMedium
54Filexxxxxxxx.xxxpredictiveMedium
55Filexxxxxxxx.xxxpredictiveMedium
56Filexxxxxxxx.xxxpredictiveMedium
57Filexxxxxx_xxxx.xxxpredictiveHigh
58Filexxxx.xxxpredictiveMedium
59Filexxx.xxxxpredictiveMedium
60Filexxx/xxxxxxx/xxxxxxx/xxxxxxxxx.xxpredictiveHigh
61Filexxx/xxxxx.xxpredictiveMedium
62Filexxxxxxx-xxxxxxxx.xxxpredictiveHigh
63Filexxxxxxx.xxxpredictiveMedium
64Filexxx/xxxxx/xxxxxx.xxx?xxxxxxx=xxxxxxxpredictiveHigh
65Filexxxx-xxxxxxxx.xxxpredictiveHigh
66Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictiveHigh
67Filexxx-xxxxxxx.xpredictiveHigh
68Filexx_xxxxx.xxxxpredictiveHigh
69Filexxxx.xxxxpredictiveMedium
70Filexxxxxxxx.xxxpredictiveMedium
71Filexxxxxxxxxx/xxx/xxx_xxxxx.xxxpredictiveHigh
72Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxx_xxxxxx_xxxxxxpredictiveHigh
73Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
74Filexxxxxxx/xxxxxx/xxxxx.xxxpredictiveHigh
75Filexxxx.xxpredictiveLow
76Library/xxx/xxx/xxxpredictiveMedium
77Libraryxxxxxxx.xxxpredictiveMedium
78Argument$xxxx["xx"]predictiveMedium
79Argument-xpredictiveLow
80ArgumentxxxxxxxxpredictiveMedium
81Argumentxxxxx_xxpredictiveMedium
82ArgumentxxxxxpredictiveLow
83Argumentxxxxxxx_xxxpredictiveMedium
84Argumentxxxx_xxpredictiveLow
85ArgumentxxxxxxpredictiveLow
86ArgumentxxxxxxpredictiveLow
87ArgumentxxxxpredictiveLow
88Argumentxxxxxxxx_xxpredictiveMedium
89ArgumentxxxxxpredictiveLow
90ArgumentxxxxxxxxxxpredictiveMedium
91Argumentxxxxxxx[xx_xxx_xxxx]predictiveHigh
92ArgumentxxxxxxxxpredictiveMedium
93ArgumentxxxxpredictiveLow
94Argumentxxxxxxx/xxxxxxxxxxxpredictiveHigh
95ArgumentxxpredictiveLow
96ArgumentxxxxpredictiveLow
97ArgumentxxxxpredictiveLow
98ArgumentxxxpredictiveLow
99ArgumentxxxpredictiveLow
100ArgumentxxxpredictiveLow
101ArgumentxxxxpredictiveLow
102ArgumentxxxxxxxpredictiveLow
103ArgumentxxxxxxxxpredictiveMedium
104Argumentxxxx_xxxpredictiveMedium
105ArgumentxxxxxxxxpredictiveMedium
106ArgumentxxxxxpredictiveLow
107ArgumentxxxxxxpredictiveLow
108ArgumentxxxpredictiveLow
109ArgumentxxxxxxxxxxxxpredictiveMedium
110ArgumentxxxxxpredictiveLow
111ArgumentxxxxpredictiveLow
112Argumentxxxx/xxxx/xxxpredictiveHigh
113ArgumentxxxxxxpredictiveLow
114ArgumentxxxxxxpredictiveLow
115ArgumentxxxxxxxxpredictiveMedium
116Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
117Argumentxxxxxx/xxxxxx/xxxx/xxxxpredictiveHigh
118Input Value"><xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
119Input Value-x/xxxxxxxxxxpredictiveHigh
120Input Value../..predictiveLow
121Input Value;[xxxxxxx]predictiveMedium
122Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
123Input Valuexxxxxxxxxx:/*predictiveHigh
124Network Portxxx/xxxxpredictiveMedium
125Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!