OilRig Analysis

IOB - Indicator of Behavior (423)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en408
de8
fr4
es2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us306
ir78
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

OilRig5
APT342
Mount Locker1
MuddyWater1
Chafer1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined124
Chip Software24
Content Management System16
Operating System14
Virtualization Software10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined104
Qualcomm24
Cisco18
Google18
Apache18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Qualcomm Snapdragon Auto24
Qualcomm Snapdragon Compute24
Qualcomm Snapdragon Industrial IOT24
Qualcomm Snapdragon Mobile24
Qualcomm Snapdragon Connectivity22

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.510.00000
2woo-variation-swatches Plugin cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2019-14774
3OpenSLP out-of-bounds write8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.20148CVE-2019-5544
4Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
5vldPersonals index.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.01055CVE-2014-9005
6BusyBox netstat Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.040.04836CVE-2022-28391
7Google Chrome TabStrip heap-based overflow7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.010.01319CVE-2021-21159
8DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.06790CVE-2007-1167
9VMware vRealize Operations JMX RMI Service input validation8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01156CVE-2020-3943
10PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.020.01213CVE-2015-4134
11vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.090.00885CVE-2018-6200
12ZNC Web Skin Name path traversal5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00954CVE-2018-14056
13Alt-N MDaemon Worldclient injection4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.10855CVE-2021-27182
14nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined1.460.00000CVE-2020-12440
15Moodle Lesson Question Import path traversal6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01213CVE-2022-35650
16Flask-RESTX Regular Expression email_regex resource consumption6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01108CVE-2021-32838
17Couchbase Sync Gateway REST API sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00954CVE-2019-9039
18SkaDate Skadate Online Dating Software featured_list.php path traversal5.35.3$0-$5k$0-$5kHighUnavailable0.000.06790CVE-2007-5299
19WordPress WP_Query sql injection6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.11157CVE-2022-21661
20vldPersonals index.php cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010.01055CVE-2014-9004

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
111.24.237.110OilRigverifiedHigh
224.125.0.1OilRigverifiedHigh
331.3.225.55h31-3-225-55.host.redstation.co.ukOilRigverifiedHigh
433.33.94.94OilRigverifiedHigh
5XX.XX.XX.XXXxxxxxverifiedHigh
6XX.XX.XX.XXXxxxxxverifiedHigh
7XX.XX.XX.XXXxxxxxverifiedHigh
8XX.XX.XX.XXXXxxxxxverifiedHigh
9XX.XX.XX.XXXXxxxxxverifiedHigh
10XX.XX.XX.XXXXxxxxxverifiedHigh
11XX.XXX.XXX.XXXXxxxxxverifiedHigh
12XX.XXX.XXX.XXXxxxxxxxxxxxxxxx-xxxxxxxxxxxxxx.xxx.xxx.xxxxx.xxxxxx.xxxXxxxxxverifiedHigh
13XXX.XXX.XXX.XXXxxxxxx.xxx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxverifiedHigh
14XXX.XX.XXX.XXXXxxxxxverifiedHigh
15XXX.XX.XX.XXXxxxxxverifiedHigh
16XXX.XX.XX.XXxxx.xx.xxx-xxxxxxx-xx-xxx.xxxXxxxxxverifiedHigh
17XXX.XXX.XXX.XXXxxxxxverifiedHigh
18XXX.XXX.XXX.XXXXxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22, CWE-23Pathname TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74InjectionpredictiveHigh
4T1059CWE-94Cross Site ScriptingpredictiveHigh
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
17TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
18TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (142)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/index.phppredictiveHigh
2File/bdswebui/assignusers/predictiveHigh
3File/bin/goaheadpredictiveMedium
4File/cgi-bin/lucipredictiveHigh
5File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
6File/dev/dri/card1predictiveHigh
7File/forum/away.phppredictiveHigh
8File/GetCSSashx/?CP=%2fwebconfigpredictiveHigh
9File/HNAP1predictiveLow
10File/horde/util/go.phppredictiveHigh
11File/login.htmlpredictiveMedium
12File/proc/#####/fd/3predictiveHigh
13File/squashfs-root/www/HNAP1/control/SetWizardConfig.phppredictiveHigh
14File/uir/predictiveLow
15File/uncpath/predictiveMedium
16File/xpdf/Stream.ccpredictiveHigh
17Fileactions.hsppredictiveMedium
18Filexxxxxxx.xxxpredictiveMedium
19Filexxx_xxxx_xxxx.xxxpredictiveHigh
20Filexxxxx/xxxxxxxxx/predictiveHigh
21Filexxxxx/xxxxx.xxxpredictiveHigh
22Filexxxxxxx.xxxpredictiveMedium
23Filexxxxxxx/xxxxxxxxxxx.xpredictiveHigh
24Filexxxxx_xxx.xxxpredictiveHigh
25Filexxx\xxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
26Filexxxxx.xxxpredictiveMedium
27Filexxx-xxxx.xxxpredictiveMedium
28Filexxxxx_xx_xxxx.xxxpredictiveHigh
29Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
30Filexxxxxx.xxxpredictiveMedium
31Filexxxxxxx/xxxx/xxxxxx.xpredictiveHigh
32Filexxxxxxx/xxxx/xxxxxxxx/xxxxxxxx_xxx_xxxx.xpredictiveHigh
33Filexxxxxxxx.xpredictiveMedium
34Filexxxxx.xxxpredictiveMedium
35Filexxxx/xxxxxxxxxx/xxxxxx-xxxxx.xpredictiveHigh
36Filexxx_xx/xxx/xxx/xxxxxx_xxxxxxx.xxxpredictiveHigh
37Filexxxx.xxxpredictiveMedium
38Filexxxx.xpredictiveLow
39Filexxx/xxxx/xxxx_xxxxxx.xpredictiveHigh
40Filexxxxxxxx_xxxx.xxxpredictiveHigh
41Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
42Filexxxxxxxx.xxxxpredictiveHigh
43Filexxxxxxx.xpredictiveMedium
44Filexxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
45Filexx/xxx/xxxxx.xpredictiveHigh
46Filexxxxxxxxx/xxx_xxxx_xxxxxx.xxxpredictiveHigh
47Filexxxxxx.xxxpredictiveMedium
48Filexxxx.xxxpredictiveMedium
49Filexxxxxxxxx/xxxxxx/xxxxxxx.xxxpredictiveHigh
50Filex/xpredictiveLow
51Filexxxxxx_xxxx.xxxpredictiveHigh
52Filexxx/xxxxxx.xxxpredictiveHigh
53Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
54Filexxxxx.xxxpredictiveMedium
55Filexx-xxx.xpredictiveMedium
56Filexxxxxxxxxxxx/xxxxxx_xxxxx.xxpredictiveHigh
57Filexxxxx.xxxpredictiveMedium
58Filexxxxx.xxxxpredictiveMedium
59Filexxxxx.xxxpredictiveMedium
60Filexxx/xxx_xxx/xxxxxx/xxx_xxxxx.xpredictiveHigh
61Filexxx/xxxxxxxxx/xxxxx_xxxx.xpredictiveHigh
62Filexxx/xxxx/xxxxxx_xxx_xxxx.xpredictiveHigh
63Filexxx_xxxx.xpredictiveMedium
64Filexxxxx-xxxxx.xpredictiveHigh
65Filexxxxx.xxxpredictiveMedium
66Filexxxxxxxx.xxpredictiveMedium
67Filexxxxxxxxxx.xxxpredictiveHigh
68Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
69Filexxx.xxxpredictiveLow
70Filexxxxx.xxxpredictiveMedium
71Filexxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxx%xxxxxxxxx/xxxxxxxxxxxxxx.xxxxpredictiveHigh
72Filexxx_xxxx.xpredictiveMedium
73Filexxx_xxxxxx.xxxpredictiveHigh
74Filexxxxxxx/xxx_xxxx_xxx.xxxpredictiveHigh
75Filexxx.xxxpredictiveLow
76Filexxxxx.xxxpredictiveMedium
77Filexxxx.xpredictiveLow
78Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
79Filexx-xxxxx/xxxxx.xxxpredictiveHigh
80Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxx_xxxxxxxxpredictiveHigh
81Filexx-xxxxx/xxxxx.xxx?xxxx=xxx-xxxxxxxxx-xxxxxxxx-xxxxxxxxpredictiveHigh
82Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
83Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
84Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
85Filexx-xxxxxxxxxxx.xxxpredictiveHigh
86Filexxx_xxxxxx.xpredictiveMedium
87Filexxx.xxxxpredictiveMedium
88Library/xxx/xxxx/xxxxx.x/xx-xxxx-xxxxxxx.xxxxxpredictiveHigh
89Libraryxxxxxx.xxxpredictiveMedium
90Libraryxxxxxxxxx/xxxxxxx_xxxxxxx.xxx.xxxpredictiveHigh
91Argumentxxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:predictiveHigh
92ArgumentxxxxxxxxpredictiveMedium
93ArgumentxxxxxxpredictiveLow
94Argumentxxxx/xxxxpredictiveMedium
95Argumentxxxxx$xxxxxxxxxxxxxx$xxxxxxxxxxxpredictiveHigh
96ArgumentxxxxpredictiveLow
97Argumentxxxxxx_xxxx_xxxxpredictiveHigh
98ArgumentxxxxpredictiveLow
99ArgumentxxxxxxxxxpredictiveMedium
100Argumentxxxxxx_xxxxxx_xxxxxpredictiveHigh
101Argumentxxxx_xxpredictiveLow
102ArgumentxxxxxxxpredictiveLow
103ArgumentxxxxxxxpredictiveLow
104ArgumentxxxxpredictiveLow
105ArgumentxxxxxxxxpredictiveMedium
106ArgumentxxpredictiveLow
107ArgumentxxxxxxxxxpredictiveMedium
108ArgumentxxxxpredictiveLow
109Argumentxxx_xxxxx_xxxxxxxxpredictiveHigh
110Argumentxxx_xxxxxxxxpredictiveMedium
111ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
112ArgumentxxxxxxxxpredictiveMedium
113ArgumentxxxxxxxxpredictiveMedium
114Argumentxxxxxx_xxxxpredictiveMedium
115Argumentx_xxxxxxxxpredictiveMedium
116ArgumentxxxxxxxxpredictiveMedium
117ArgumentxxxxxxxxxpredictiveMedium
118ArgumentxxxxxxxxxpredictiveMedium
119ArgumentxxxpredictiveLow
120Argumentxxxxx_xxxxxxpredictiveMedium
121Argumentxxx-xxxxxxxxxx-xxxxpredictiveHigh
122ArgumentxxxxxpredictiveLow
123Argumentxxxxxxxx/xxxxxxpredictiveHigh
124ArgumentxxxpredictiveLow
125ArgumentxxxxpredictiveLow
126ArgumentxxxpredictiveLow
127ArgumentxxxxxxxxpredictiveMedium
128Argumentxxxx_xxpredictiveLow
129Argumentx_xxxxpredictiveLow
130Argumentxxxx_xxxxpredictiveMedium
131Argumentxxxxxx_xxxxxxx_xxxpredictiveHigh
132Input Value../predictiveLow
133Input Value../../xxxxxxx.xxxpredictiveHigh
134Input Value./../predictiveLow
135Input Value/../predictiveLow
136Input Valuex">[xxx/xxxxxx=xxxxx(x)]predictiveHigh
137Input Valuexxxxxxx-xxxxxxxxxxx: xxxx-xxxx; xxxx="xx"[\x][\x][\x]predictiveHigh
138Input Valuexxxx://xxx.xxxxxx.xxxpredictiveHigh
139Pattern|xx|xx|xx|predictiveMedium
140Network Portxxx/xx (xxx)predictiveMedium
141Network Portxxx/xx (xxx)predictiveMedium
142Network Portxxx xxxxxx xxxxpredictiveHigh

References (6)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!