NOTROBIN Analysisinfo

IOB - Indicator of Behavior (25)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en22
zh2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Intelliants Subrion CMS8
Subrion CMS4
SonarQube2
Hibernate-Validator2
Allegro RomPager2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Intelliants Subrion CMS Salt Cookie sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.00CVE-2015-4129
2Hibernate-Validator SafeHtml Validator HTML injection5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.001610.05CVE-2019-10219
3Dolibarr ERP CRM unrestricted upload8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.001990.04CVE-2023-38887
4Apache HTTP Server Inbound Connection request smuggling7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.003450.02CVE-2022-22720
5Allegro RomPager HTTP POST Request usertable.htm cross-site request forgery5.85.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000850.06CVE-2024-0522
6CodeCanyon RISE Rise Ultimate Project Manager signin redirect5.65.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000540.02CVE-2024-0545
7Page View Count Plugin REST Endpoint sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.052810.06CVE-2022-0434
8Intelliants Subrion CMS ia.core.users.php code injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002130.00CVE-2017-5543
9Intelliants Subrion CMS database sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001940.00CVE-2017-6013
10Subrion CMS add injection6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001660.00CVE-2020-12468
11Subrion CMS blocks.php deserialization6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000740.00CVE-2020-12469
12Subrion CMS PDO Connection sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.004000.00CVE-2020-18155
13Subrion CMS Visual-Mode sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001540.00CVE-2021-41947
14Intelliants Subrion CMS Search search.php sql injection8.58.1$0-$5k$0-$5kNot DefinedOfficial Fix0.055660.00CVE-2017-11444
15SonarQube values missing encryption6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.396410.03CVE-2020-27986
16Google Chrome Prompts use after free6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.003750.00CVE-2022-1635
17Google Android ParsedIntentInfo.java ParsedtentInfo deserialization6.56.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2021-0685
18PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.02CVE-2015-4134
19Allegro RomPager Embedded Web Server rom-0 information disclosure5.34.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.05
20Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.038280.00CVE-2007-1192

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
180.240.31.21880.240.31.218.vultrusercontent.comNOTROBIN01/17/2020verifiedVery Low
2XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxx01/17/2020verifiedVery Low
3XXX.X.X.Xxxxxxxxxx.xxx.xxxXxxxxxxx01/17/2020verifiedLow

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/front/search.phppredictiveHigh
3File/index.php/signinpredictiveHigh
4File/xxx-xpredictiveLow
5Filexxxxx/xxxxxx.xxxpredictiveHigh
6Filexxxxx/xxxxxxxx/predictiveHigh
7Filexxx/xxxxxxxx/xxxxxxpredictiveHigh
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
9Filexxxx.xxxpredictiveMedium
10Filexxxxxxxx/xxxxxxx/xx.xxxx.xxxxx.xxxpredictiveHigh
11Filexxxxxxxxxxxxxxxx.xxxxpredictiveHigh
12Filexxxxxxx/xxx/predictiveMedium
13Filexxxxxxxxx.xxx?xxxxxx=xxxxxxpredictiveHigh
14Argument$_xxxpredictiveLow
15Argumentxxxx_xxxpredictiveMedium
16ArgumentxxxxxpredictiveLow
17ArgumentxxxxxxxxpredictiveMedium
18ArgumentxxxpredictiveLow
19ArgumentxxxxxxxxpredictiveMedium
20Input Valuexxxx://xxxx.xxxpredictiveHigh
21Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!