OilRig Analysis

IOB - Indicator of Behavior (487)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en470
de8
fr4
zh2
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us344
ir96
gb6
fr4
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Qualcomm Snapdragon Auto24
Qualcomm Snapdragon Compute24
Qualcomm Snapdragon Consumer IOT24
Qualcomm Snapdragon Industrial IOT24
Qualcomm Snapdragon Mobile24

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable3.680.00000
2woo-variation-swatches Plugin cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.020.00076CVE-2019-14774
3OpenSLP out-of-bounds write8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.03272CVE-2019-5544
4Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
5nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.090.00241CVE-2020-12440
6vldPersonals index.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00167CVE-2014-9005
7Couchbase Sync Gateway Sync Document cleartext storage2.62.6$0-$5k$0-$5kNot DefinedNot Defined0.020.00065CVE-2021-43963
8BusyBox netstat Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.060.01132CVE-2022-28391
9Google Chrome TabStrip heap-based overflow7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.01048CVE-2021-21159
10DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.600.02733CVE-2007-1167
11VMware vRealize Operations JMX RMI Service input validation8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00894CVE-2020-3943
12PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00348CVE-2015-4134
13vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.230.00141CVE-2018-6200
14ZNC Web Skin Name path traversal5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00190CVE-2018-14056
15Alt-N MDaemon Worldclient injection4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.00090CVE-2021-27182
16Moodle Lesson Question Import path traversal6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00293CVE-2022-35650
17Flask-RESTX Regular Expression email_regex resource consumption6.46.3$0-$5kCalculatingNot DefinedOfficial Fix0.000.00547CVE-2021-32838
18Couchbase Sync Gateway REST API sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00415CVE-2019-9039
19SkaDate Skadate Online Dating Software featured_list.php path traversal5.35.3$0-$5k$0-$5kHighUnavailable0.020.01416CVE-2007-5299
20WordPress WP_Query sql injection6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.93536CVE-2022-21661

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22, CWE-23, CWE-37Path TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CWE-94Argument InjectionpredictiveHigh
5T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
18TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
19TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
20TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
21TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (157)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/index.phppredictiveHigh
2File/bdswebui/assignusers/predictiveHigh
3File/bin/goaheadpredictiveMedium
4File/cgi-bin/lucipredictiveHigh
5File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
6File/dev/dri/card1predictiveHigh
7File/forum/away.phppredictiveHigh
8File/GetCSSashx/?CP=%2fwebconfigpredictiveHigh
9File/HNAP1predictiveLow
10File/horde/util/go.phppredictiveHigh
11File/login.htmlpredictiveMedium
12File/proc/#####/fd/3predictiveHigh
13File/squashfs-root/www/HNAP1/control/SetWizardConfig.phppredictiveHigh
14File/uir/predictiveLow
15File/uncpath/predictiveMedium
16File/xpdf/Stream.ccpredictiveHigh
17Fileactions.hsppredictiveMedium
18Fileadclick.phppredictiveMedium
19Filexxx_xxxx_xxxx.xxxpredictiveHigh
20Filexxxxx/xxxxxxxxx/predictiveHigh
21Filexxxxx/xxxxx.xxxpredictiveHigh
22Filexxx/xxpredictiveLow
23Filexxxxxxx.xxxpredictiveMedium
24Filexxxxxxx/xxxxxxxxxxx.xpredictiveHigh
25Filexxxxx_xxx.xxxpredictiveHigh
26Filexxx\xxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
27Filexxxxx_xxxx.xpredictiveMedium
28Filexxxxx.xxxpredictiveMedium
29Filexxx-xxxx.xxxpredictiveMedium
30Filexxxxxxx=xxxxxxxxxx&xxxx=xxxx&xxxxxxxxxxxxx=/predictiveHigh
31Filexxxxx_xx_xxxx.xxxpredictiveHigh
32Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
33Filexxxxxx.xxxpredictiveMedium
34Filexxxxxxx/xxxx/xxxxxx.xpredictiveHigh
35Filexxxxxxx/xxx/xxxxxx/xxx-xxxxx-xxxxxxx.xpredictiveHigh
36Filexxxxxxx/xxx/xxx.xpredictiveHigh
37Filexxxxxxx/xxxx/xxxxxxxx/xxxxxxxx_xxx_xxxx.xpredictiveHigh
38Filexxxxxxxx.xpredictiveMedium
39Filexxxxx.xxxpredictiveMedium
40Filexxxx/xxxxxxxxxx/xxxxxx-xxxxx.xpredictiveHigh
41Filexxx_xx/xxx/xxx/xxxxxx_xxxxxxx.xxxpredictiveHigh
42Filexxxx.xxxpredictiveMedium
43Filexxxx.xpredictiveLow
44Filexxx/xxxx/xxxx_xxxxxx.xpredictiveHigh
45Filexxxxxxxx_xxxx.xxxpredictiveHigh
46Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
47Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
48Filexxxxxxxx.xxxxpredictiveHigh
49Filexxxxxxx.xpredictiveMedium
50Filexxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
51Filexx/xxx/xxxxx.xpredictiveHigh
52Filexxxxxxxxx.xxxpredictiveHigh
53Filexxxxxxxxx/xxx_xxxx_xxxxxx.xxxpredictiveHigh
54Filexxxxxx.xxxpredictiveMedium
55Filexxxxxx/xxxxxxxxxxxpredictiveHigh
56Filexxxx.xxxpredictiveMedium
57Filexxxx.xxxpredictiveMedium
58Filexxxxxxxxx/xxxxxx/xxxxxxx.xxxpredictiveHigh
59Filex/xpredictiveLow
60Filexxxxxx_xxxx.xxxpredictiveHigh
61Filexxx/xxxxxx.xxxpredictiveHigh
62Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
63Filexxxxx.xxxpredictiveMedium
64Filexx-xxx.xpredictiveMedium
65Filexx_xxxxx/xxx_xxxx.xpredictiveHigh
66Filexxxxxxxxxxxx/xxxxxx_xxxxx.xxpredictiveHigh
67Filexxxxx.xxxpredictiveMedium
68Filexxxxx.xxxxpredictiveMedium
69Filexxxxx.xxxpredictiveMedium
70Filexxx/xxx_xxx/xxxxxx/xxx_xxxxx.xpredictiveHigh
71Filexxx/xxxxxxxxx/xxxxx_xxxx.xpredictiveHigh
72Filexxx/xxxx/xxxxxx_xxx_xxxx.xpredictiveHigh
73Filexxx_xxxx.xpredictiveMedium
74Filexxxxx-xxxxx.xpredictiveHigh
75Filexxxxxxxxx.xxxpredictiveHigh
76Filexxxxx.xxxpredictiveMedium
77Filexxxxxxxx.xxpredictiveMedium
78Filexxxxxxxxxx.xxxpredictiveHigh
79Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
80Filexxx.xxxpredictiveLow
81Filexxxxx.xxxpredictiveMedium
82Filexxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxx%xxxxxxxxx/xxxxxxxxxxxxxx.xxxxpredictiveHigh
83Filex/xxxxx.xxxpredictiveMedium
84Filexxx_xxxx.xpredictiveMedium
85Filexxx_xxxxxx.xxxpredictiveHigh
86Filexxxxxxx/xxx_xxxx_xxx.xxxpredictiveHigh
87Filexxx.xxxpredictiveLow
88Filexxxxx.xxxpredictiveMedium
89Filexxxx.xpredictiveLow
90Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
91Filexx-xxxxx/xxxxx.xxxpredictiveHigh
92Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxx_xxxxxxxxpredictiveHigh
93Filexx-xxxxx/xxxxx.xxx?xxxx=xxx-xxxxxxxxx-xxxxxxxx-xxxxxxxxpredictiveHigh
94Filexx-xxxx.xxxpredictiveMedium
95Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
96Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
97Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
98Filexx-xxxxxxxxxxx.xxxpredictiveHigh
99Filexxx_xxxxxx.xpredictiveMedium
100Filexxx.xxxxpredictiveMedium
101Library/xxx/xxxx/xxxxx.x/xx-xxxx-xxxxxxx.xxxxxpredictiveHigh
102Libraryxxxxxx.xxxpredictiveMedium
103Libraryxxxxxxxxx/xxxxxxx_xxxxxxx.xxx.xxxpredictiveHigh
104Argumentxxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:predictiveHigh
105ArgumentxxxxxxxxpredictiveMedium
106ArgumentxxxxxxpredictiveLow
107Argumentxx_xxpredictiveLow
108Argumentxxxx/xxxxpredictiveMedium
109Argumentxxxxx$xxxxxxxxxxxxxx$xxxxxxxxxxxpredictiveHigh
110ArgumentxxxxpredictiveLow
111Argumentxxxxxx_xxxx_xxxxpredictiveHigh
112ArgumentxxxxpredictiveLow
113ArgumentxxxxxxxxxpredictiveMedium
114Argumentxxxxxx_xxxxxx_xxxxxpredictiveHigh
115Argumentxxxx_xxpredictiveLow
116ArgumentxxxxxxxpredictiveLow
117ArgumentxxxxxxxpredictiveLow
118ArgumentxxxxpredictiveLow
119ArgumentxxxxxxxxpredictiveMedium
120ArgumentxxpredictiveLow
121ArgumentxxxxxxxxxpredictiveMedium
122ArgumentxxxxxpredictiveLow
123ArgumentxxxxpredictiveLow
124Argumentxxx_xxxxx_xxxxxxxxpredictiveHigh
125Argumentxxx_xxxxxxxxpredictiveMedium
126ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
127ArgumentxxxxxxxxpredictiveMedium
128ArgumentxxxxxxxxpredictiveMedium
129Argumentxxxxxx_xxxxpredictiveMedium
130Argumentx_xxxxxxxxpredictiveMedium
131ArgumentxxxxxxxxpredictiveMedium
132ArgumentxxxxxxxxxpredictiveMedium
133ArgumentxxxxxxxxxpredictiveMedium
134ArgumentxxxpredictiveLow
135Argumentxxxxx_xxxxxxpredictiveMedium
136Argumentxxx-xxxxxxxxxx-xxxxpredictiveHigh
137ArgumentxxxxxpredictiveLow
138Argumentxxxxxxxx/xxxxxxpredictiveHigh
139ArgumentxxxpredictiveLow
140ArgumentxxxxpredictiveLow
141ArgumentxxxpredictiveLow
142ArgumentxxxxxxxxpredictiveMedium
143Argumentxxxx_xxpredictiveLow
144Argumentx_xxxxpredictiveLow
145Argumentxxxx_xxxxpredictiveMedium
146Argumentxxxxxx_xxxxxxx_xxxpredictiveHigh
147Input Value../predictiveLow
148Input Value../../xxxxxxx.xxxpredictiveHigh
149Input Value./../predictiveLow
150Input Value/../predictiveLow
151Input Valuex">[xxx/xxxxxx=xxxxx(x)]predictiveHigh
152Input Valuexxxxxxx-xxxxxxxxxxx: xxxx-xxxx; xxxx="xx"[\x][\x][\x]predictiveHigh
153Input Valuexxxx://xxx.xxxxxx.xxxpredictiveHigh
154Pattern|xx|xx|xx|predictiveMedium
155Network Portxxx/xx (xxx)predictiveMedium
156Network Portxxx/xx (xxx)predictiveMedium
157Network Portxxx xxxxxx xxxxpredictiveHigh

References (8)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!