OilRig Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (496)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en478
de8
fr8
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA352
IR: Iran100
CN: China6
FR: France4
GB: Great Britain4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

OilRig8
APT342
Cobalt Strike1
Mount Locker1
IRATA1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined148
Operating System30
Chip Software28
Web Server14
Content Management System14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined116
Microsoft36
Qualcomm26
Apache24
Google22

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Qualcomm Snapdragon Auto26
Qualcomm Snapdragon Compute26
Qualcomm Snapdragon Consumer IOT26
Qualcomm Snapdragon Industrial IOT26
Qualcomm Snapdragon Mobile26

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot definedUnavailable 0.000000.36
2woo-variation-swatches Plugin admin.php cross site scripting5.25.2$0-$5k$0-$5kNot definedNot defined 0.001900.04CVE-2019-14774
3OpenSLP out-of-bounds write8.58.5$0-$5k$0-$5kAttackedNot definedverified0.870660.05CVE-2019-5544
4Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
5nginx request smuggling6.96.9$0-$5k$0-$5kNot definedNot defined 0.000000.16CVE-2020-12440
6vldPersonals index.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.002250.07CVE-2014-9005
7Couchbase Sync Gateway Sync Document cleartext storage2.62.6$0-$5k$0-$5kNot definedNot defined 0.003250.07CVE-2021-43963
8BusyBox netstat privilege escalation7.57.4$0-$5k$0-$5kNot definedOfficial fix 0.071900.03CVE-2022-28391
9Google Chrome TabStrip heap-based overflow7.57.2$25k-$100k$5k-$25kNot definedOfficial fix 0.016880.00CVE-2021-21159
10DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.086880.14CVE-2007-1167
11VMware vRealize Operations JMX RMI Service input validation8.58.2$5k-$25k$0-$5kNot definedOfficial fix 0.017280.00CVE-2020-3943
12PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot definedNot defined 0.004000.04CVE-2015-4134
13vBulletin redirector.php6.66.6$0-$5k$0-$5kNot definedNot defined 0.187770.06CVE-2018-6200
14ZNC Web Skin Name path traversal5.95.8$0-$5k$0-$5kNot definedOfficial fix 0.006810.04CVE-2018-14056
15Alt-N MDaemon Worldclient injection4.94.7$5k-$25k$0-$5kNot definedOfficial fix 0.008570.02CVE-2021-27182
16Moodle Lesson Question Import path traversal6.36.0$5k-$25k$0-$5kNot definedOfficial fix 0.089410.00CVE-2022-35650
17Flask-RESTX Regular Expression email_regex resource consumption6.46.3$0-$5k$0-$5kNot definedOfficial fix 0.013670.08CVE-2021-32838
18Couchbase Sync Gateway REST API sql injection8.58.5$0-$5k$0-$5kNot definedNot defined 0.003030.00CVE-2019-9039
19SkaDate Skadate Online Dating Software featured_list.php path traversal5.35.3$0-$5k$0-$5kHighUnavailablepossible0.083660.00CVE-2007-5299
20WordPress WP_Query sql injection6.36.1$5k-$25k$0-$5kProof-of-ConceptOfficial fixexpected0.905930.03CVE-2022-21661

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
111.24.237.110OilRig12/22/2020verifiedLow
224.125.0.1OilRig12/22/2020verifiedLow
331.3.225.55h31-3-225-55.host.redstation.co.ukOilRig12/23/2020verifiedLow
433.33.94.94OilRig12/22/2020verifiedLow
5XX.XX.XX.XXXxxxxx12/22/2020verifiedLow
6XX.XX.XX.XXXxxxxx12/22/2020verifiedLow
7XX.XX.XX.XXXxxxxx12/22/2020verifiedLow
8XX.XX.XX.XXXXxxxxx12/23/2020verifiedLow
9XX.XX.XX.XXXXxxxxx12/22/2020verifiedLow
10XX.XX.XX.XXXXxxxxx12/22/2020verifiedLow
11XX.XXX.XXX.XXXXxxxxx12/23/2020verifiedLow
12XX.XXX.XXX.XXXxxxxxxxxxxxxxxx-xxxxxxxxxxxxxx.xxx.xxx.xxxxx.xxxxxx.xxxXxxxxx12/22/2020verifiedVery Low
13XXX.XXX.XXX.XXXxxxxxx.xxx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx12/23/2020verifiedVery Low
14XXX.XX.XXX.XXXXxxxxx12/23/2020verifiedLow
15XXX.XX.XX.XXXxxxxx12/23/2020verifiedLow
16XXX.XX.XX.XXxxx.xx.xxx-xxxxxxx-xx-xxx.xxxXxxxxx12/23/2020verifiedLow
17XXX.XXX.XXX.XXXxxxxx12/22/2020verifiedLow
18XXX.XXX.XXX.XXXXxxxxx12/22/2020verifiedLow
19XXX.XXX.XX.XXxxxxx03/05/2024verifiedHigh
20XXX.XXX.XX.XXxx-xx-xxx-xxx.xxxx.xxxXxxxxx03/05/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23, CWE-37Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-XXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
18TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxxpredictiveHigh
19TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
20TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
21TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (162)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/index.phppredictiveHigh
2File/bdswebui/assignusers/predictiveHigh
3File/bin/goaheadpredictiveMedium
4File/cgi-bin/lucipredictiveHigh
5File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
6File/dev/dri/card1predictiveHigh
7File/forum/away.phppredictiveHigh
8File/GetCSSashx/?CP=%2fwebconfigpredictiveHigh
9File/HNAP1predictiveLow
10File/horde/util/go.phppredictiveHigh
11File/login.htmlpredictiveMedium
12File/models/management_model.phppredictiveHigh
13File/proc/#####/fd/3predictiveHigh
14File/squashfs-root/www/HNAP1/control/SetWizardConfig.phppredictiveHigh
15File/uir/predictiveLow
16File/uncpath/predictiveMedium
17File/xpdf/Stream.ccpredictiveHigh
18Fileactions.hsppredictiveMedium
19Fileadclick.phppredictiveMedium
20Filexxx_xxxx_xxxx.xxxpredictiveHigh
21Filexxxxx/xxxxxxxxx/predictiveHigh
22Filexxxxx/xxxxx.xxxpredictiveHigh
23Filexxx/xxpredictiveLow
24Filexxxxxxx.xxxpredictiveMedium
25Filexxxxxxx/xxxxxxxxxxx.xpredictiveHigh
26Filexxxxx_xxx.xxxpredictiveHigh
27Filexxx\xxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
28Filexxxxx_xxxx.xpredictiveMedium
29Filexxxxx.xxxpredictiveMedium
30Filexxx-xxxx.xxxpredictiveMedium
31Filexxxxxxx=xxxxxxxxxx&xxxx=xxxx&xxxxxxxxxxxxx=/predictiveHigh
32Filexxxxx_xx_xxxx.xxxpredictiveHigh
33Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
34Filexxxxxx.xxxpredictiveMedium
35Filexxxxxxx/xxxx/xxxxxx.xpredictiveHigh
36Filexxxxxxx/xxx/xxxxxx/xxx-xxxxx-xxxxxxx.xpredictiveHigh
37Filexxxxxxx/xxx/xxx.xpredictiveHigh
38Filexxxxxxx/xxxx/xxxxxxxx/xxxxxxxx_xxx_xxxx.xpredictiveHigh
39Filexxxxxxxx.xpredictiveMedium
40Filexxxxx.xxxpredictiveMedium
41Filexxxx/xxxxxxxxxx/xxxxxx-xxxxx.xpredictiveHigh
42Filexxx_xx/xxx/xxx/xxxxxx_xxxxxxx.xxxpredictiveHigh
43Filexxxx.xxxpredictiveMedium
44Filexxxx.xpredictiveLow
45Filexxx/xxxx/xxxx_xxxxxx.xpredictiveHigh
46Filexxxxxxxx_xxxx.xxxpredictiveHigh
47Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
48Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
49Filexxxxxxxx.xxxxpredictiveHigh
50Filexxxxxxx.xpredictiveMedium
51Filexxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
52Filexx/xxx/xxxxx.xpredictiveHigh
53Filexxxxxxxxx.xxxpredictiveHigh
54Filexxxxxxxxx/xxx_xxxx_xxxxxx.xxxpredictiveHigh
55Filexxxxxx.xxxpredictiveMedium
56Filexxxxxx/xxxxxxxxxxxpredictiveHigh
57Filexxxx.xxxpredictiveMedium
58Filexxxx.xxxpredictiveMedium
59Filexxxxxxxxx/xxxxxx/xxxxxxx.xxxpredictiveHigh
60Filex/xpredictiveLow
61Filexxxxxx_xxxx.xxxpredictiveHigh
62Filexxx/xxxxxx.xxxpredictiveHigh
63Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
64Filexxxxx.xxxpredictiveMedium
65Filexxxxx.xxx/xxxxxxxxxx/xxx_xxxxxxxxpredictiveHigh
66Filexx-xxx.xpredictiveMedium
67Filexx_xxxxx/xxx_xxxx.xpredictiveHigh
68Filexxxxxxxxxxxx/xxxxxx_xxxxx.xxpredictiveHigh
69Filexxxxx.xxxpredictiveMedium
70Filexxxxx.xxxxpredictiveMedium
71Filexxxxx.xxxpredictiveMedium
72Filexxxxxx/xxx.xxxpredictiveHigh
73Filexxx/xxx_xxx/xxxxxx/xxx_xxxxx.xpredictiveHigh
74Filexxx/xxxxxxxxx/xxxxx_xxxx.xpredictiveHigh
75Filexxx/xxxx/xxxxxx_xxx_xxxx.xpredictiveHigh
76Filexxx_xxxx.xpredictiveMedium
77Filexxxxx-xxxxx.xpredictiveHigh
78Filexxxxxxxxx.xxxpredictiveHigh
79Filexxxxx.xxxpredictiveMedium
80Filexxxxxxxx.xxpredictiveMedium
81Filexxxxxxxxxx.xxxpredictiveHigh
82Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
83Filexxx.xxxpredictiveLow
84Filexxxxx.xxxpredictiveMedium
85Filexxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxx%xxxxxxxxx/xxxxxxxxxxxxxx.xxxxpredictiveHigh
86Filex/xxxxx.xxxpredictiveMedium
87Filexxx_xxxx.xpredictiveMedium
88Filexxx_xxxxxx.xxxpredictiveHigh
89Filexxxxxxx/xxx_xxxx_xxx.xxxpredictiveHigh
90Filexxx.xxxpredictiveLow
91Filexxxxx.xxxpredictiveMedium
92Filexxxx.xpredictiveLow
93Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
94Filexx-xxxxx/xxxxx.xxxpredictiveHigh
95Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxx_xxxxxxxxpredictiveHigh
96Filexx-xxxxx/xxxxx.xxx?xxxx=xxx-xxxxxxxxx-xxxxxxxx-xxxxxxxxpredictiveHigh
97Filexx-xxxx.xxxpredictiveMedium
98Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
99Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
100Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
101Filexx-xxxxxxxxxxx.xxxpredictiveHigh
102Filexxx_xxxxxx.xpredictiveMedium
103Filexxx.xxxxpredictiveMedium
104Library/xxx/xxxx/xxxxx.x/xx-xxxx-xxxxxxx.xxxxxpredictiveHigh
105Libraryxxxxxx.xxxpredictiveMedium
106Libraryxxxxxxxxx/xxxxxxx_xxxxxxx.xxx.xxxpredictiveHigh
107Argumentxxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:predictiveHigh
108ArgumentxxxxxxxxpredictiveMedium
109ArgumentxxxxxxpredictiveLow
110Argumentxx_xxpredictiveLow
111Argumentxxxx/xxxxpredictiveMedium
112Argumentxxxxx$xxxxxxxxxxxxxx$xxxxxxxxxxxpredictiveHigh
113ArgumentxxxxpredictiveLow
114Argumentxxxxxx_xxxx_xxxxpredictiveHigh
115ArgumentxxxxpredictiveLow
116ArgumentxxxxxxxxxpredictiveMedium
117Argumentxxxxxx_xxxxxx_xxxxxpredictiveHigh
118Argumentxxxx_xxpredictiveLow
119ArgumentxxxxxxxpredictiveLow
120ArgumentxxxxxxxpredictiveLow
121ArgumentxxxxpredictiveLow
122ArgumentxxxxxxxxpredictiveMedium
123ArgumentxxpredictiveLow
124ArgumentxxxxxxxxxpredictiveMedium
125ArgumentxxxxxpredictiveLow
126ArgumentxxxxpredictiveLow
127Argumentxxx_xxxxx_xxxxxxxxpredictiveHigh
128Argumentxxx_xxxxxxxxpredictiveMedium
129ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
130Argumentx_xxxxx/x_xxxxxpredictiveHigh
131ArgumentxxxxxxxxpredictiveMedium
132ArgumentxxxxxxxxpredictiveMedium
133Argumentxxxxxx_xxxxpredictiveMedium
134Argumentx_xxxxxxxxpredictiveMedium
135ArgumentxxxxxxxxpredictiveMedium
136ArgumentxxxxxxxxxpredictiveMedium
137ArgumentxxxxxxxxxpredictiveMedium
138ArgumentxxxpredictiveLow
139Argumentxxxxx_xxxxxxpredictiveMedium
140Argumentxxx-xxxxxxxxxx-xxxxpredictiveHigh
141ArgumentxxxxxpredictiveLow
142Argumentxxxxxxxx/xxxxxxpredictiveHigh
143ArgumentxxxpredictiveLow
144ArgumentxxxxxxxxpredictiveMedium
145ArgumentxxxxpredictiveLow
146ArgumentxxxpredictiveLow
147ArgumentxxxxxxxxpredictiveMedium
148Argumentxxxx_xxpredictiveLow
149Argumentx_xxxxpredictiveLow
150Argumentxxxx_xxxxpredictiveMedium
151Argumentxxxxxx_xxxxxxx_xxxpredictiveHigh
152Input Value../predictiveLow
153Input Value../../xxxxxxx.xxxpredictiveHigh
154Input Value./../predictiveLow
155Input Value/../predictiveLow
156Input Valuex">[xxx/xxxxxx=xxxxx(x)]predictiveHigh
157Input Valuexxxxxxx-xxxxxxxxxxx: xxxx-xxxx; xxxx="xx"[\x][\x][\x]predictiveHigh
158Input Valuexxxx://xxx.xxxxxx.xxxpredictiveHigh
159Pattern|xx|xx|xx|predictiveMedium
160Network Portxxx/xx (xxx)predictiveMedium
161Network Portxxx/xx (xxx)predictiveMedium
162Network Portxxx xxxxxx xxxxpredictiveHigh

References (8)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!