Orangeworm Analysis

IOB - Indicator of Behavior (820)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en772
de24
es8
fr8
it6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

vn820

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows28
WordPress22
PHP14
Apache Traffic Server10
nginx8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.420.04187CVE-2010-0966
3nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined1.460.00000CVE-2020-12440
4Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.060.29797CVE-2014-4078
5Invision Power Services IP.Board URL resource management5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01055CVE-2015-6812
6Samsung Members samsungrewards Scheme for Deeplink improper authorization5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.050.09029CVE-2021-25374
7Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.080.25090CVE-2017-0055
8Invision Power Services IP.Board cross site scripting7.36.4$0-$5k$0-$5kUnprovenOfficial Fix0.050.01213CVE-2014-3149
9Synacor Zimbra Collaboration xml external entity reference8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.200.01055CVE-2016-9924
10Apache Traffic Server request smuggling7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.020.00885CVE-2021-37147
11WSO2 API Manager File Upload unrestricted upload9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.060.91841CVE-2022-29464
12Microsoft Exchange Server ProxyShell Remote Code Execution9.58.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.61804CVE-2021-34473
13LanSuite LanParty Intranet System index.php sql injection5.35.0$0-$5k$0-$5kProof-of-ConceptUnavailable0.010.01139CVE-2006-1001
14WSO2 Management Console login.jsp cross site scripting4.84.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.06344CVE-2020-17453
15Laravel save.php Error sql injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2018-6330
16Adult Script Pro download sql injection8.58.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.01564CVE-2017-15959
17DrayTek Vigor2960/Vigor3900/Vigor300B mainfunction.cgi injection9.89.8$100k and more$25k-$100kNot DefinedNot Defined0.040.64728CVE-2020-8515
18WordPress PNG File exif_imagetype Path information disclosure4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00000CVE-2019-10675
19FileZilla Filezilla Server File Upload infinite loop5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.040.01055CVE-2005-0851
20Kentico CMS GetDocLink.ashx redirect7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.020.01055CVE-2015-7823

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (275)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/.htpasswdpredictiveMedium
2File//etc/RT2870STA.datpredictiveHigh
3File/api/user/{ID}predictiveHigh
4File/bin/proc.cgipredictiveHigh
5File/cgi-bin/login_action.cgipredictiveHigh
6File/data/vendor/tclpredictiveHigh
7File/downloadpredictiveMedium
8File/etc/tomcat8/Catalina/attackpredictiveHigh
9File/files.md5predictiveMedium
10File/forum/away.phppredictiveHigh
11File/getcfg.phppredictiveMedium
12File/modules/profile/index.phppredictiveHigh
13File/modules/registration_admission/patient_register.phppredictiveHigh
14File/news.dtl.phppredictiveHigh
15File/public/plugins/predictiveHigh
16File/rapi/read_urlpredictiveHigh
17File/rest/api/2/user/pickerpredictiveHigh
18File/sbin/acos_servicepredictiveHigh
19File/scripts/iisadmin/bdir.htrpredictiveHigh
20File/secure/admin/InsightDefaultCustomFieldConfig.jspapredictiveHigh
21File/squashfs-root/www/HNAP1/control/SetWizardConfig.phppredictiveHigh
22File/SSOPOST/metaAlias/%realm%/idpv2predictiveHigh
23File/uncpath/predictiveMedium
24File/usr/bin/pkexecpredictiveHigh
25File/ViewUserHover.jspapredictiveHigh
26File/WEB-INF/web.xmlpredictiveHigh
27File/wp-admin/admin-ajax.phppredictiveHigh
28File/wp-json/oembed/1.0/embed?urlpredictiveHigh
29File/www/cgi-bin/popen.cgipredictiveHigh
30File5.2.9\syscrb.exepredictiveHigh
31Filead.cgipredictiveLow
32Filexxxxxxx.xxxpredictiveMedium
33Filexxx-xxxxxxxx.xxxpredictiveHigh
34Filexxxxx.xxxpredictiveMedium
35Filexxxxx/xxxxxx/xxxxxxx.xxxpredictiveHigh
36Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
37Filexxxxx/xxxxx.xxx?xx=xxxxxxxxxxxxpredictiveHigh
38Filexxxxx/xxxxx.xxx?xx=xxxxxx&xxxxxx=xxxx_xxxxxpredictiveHigh
39Filexxxxxxxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
40Filexxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.xpredictiveHigh
41Filexxxx.xxxpredictiveMedium
42Filexxxxxxxxxxx.xxxpredictiveHigh
43Filexxxx-xxxx.xpredictiveMedium
44Filexxxxxxx.xxpredictiveMedium
45Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
46Filexx-xxxxxx/xxxx/xxxxxx-xxxxxx.xxxpredictiveHigh
47Filexxxxxxx/xxxxxxx/xxxxxxx.xxxx?xxxxpredictiveHigh
48Filexxxxxx/xxxxx/xxxxx.xxxpredictiveHigh
49Filexxxx.xxxpredictiveMedium
50Filexxx-xxx/xxxx/xxxxxxxpredictiveHigh
51Filexxx-xxx/xxxxxxxxxxxx.xxxpredictiveHigh
52Filexxx.xpredictiveLow
53Filexxxx_xxxxx.xxxpredictiveHigh
54Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
55Filexxxxxxxxxx/xxxxxxx.xxxxpredictiveHigh
56Filexxxxxxxx/xxxxxxxxxx.xxxxpredictiveHigh
57Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictiveHigh
58Filexxxxxxxxxx/xxxx.xxxpredictiveHigh
59Filexxxxxxx.xxxpredictiveMedium
60Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
61Filexxxx_xxxxx.xxxpredictiveHigh
62Filexxx_xxxxx.xxxpredictiveHigh
63Filexxxxxxx/xxx/xxxxxx.xpredictiveHigh
64Filexxxxx.xxxpredictiveMedium
65Filexxxx.xxxpredictiveMedium
66Filexxxxxxxxxxxx.xxxpredictiveHigh
67Filexxxxxxxx.xxxpredictiveMedium
68Filexx/xxxxxxx.xpredictiveMedium
69Filexxxxxxxxx.xxxpredictiveHigh
70Filexxx_xxxxxx.xxxpredictiveHigh
71Filexxxxxxxx/xxxx_xxxxpredictiveHigh
72Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
73Filexxxxxxxx/xxxx/xxxx.xxpredictiveHigh
74Filexxxxxx/xxxxxx/xx/xxx_xxx_xxxxx.xxxpredictiveHigh
75Filexxxx/predictiveLow
76Filexxxxxxxx.xxxpredictiveMedium
77Filexxx/xxxxxx.xxxpredictiveHigh
78Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
79Filexxxxxxx/xxxxx/xxxxx.xpredictiveHigh
80Filexxxxxxxx/xxxxxxx.xxxpredictiveHigh
81Filexxxxx.xxxxpredictiveMedium
82Filexxxxx.xxxpredictiveMedium
83Filexxxxxxxx.xxxxpredictiveHigh
84Filexxxxx/xxxxx/xxxxxxxx.xxxpredictiveHigh
85Filexxxxx.xxxpredictiveMedium
86Filexxxxx.xxxpredictiveMedium
87Filexxxxx/predictiveLow
88Filexxxxxxxx.xpredictiveMedium
89Filexxxxxxxxxxxxxx.xxxpredictiveHigh
90Filexxx_xxxxxxx.xpredictiveHigh
91Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
92Filexxxxxx_xxxxxx/xxxxxxx/xxx.xxx.xxxx.xxxxxx.xxxxxxx.xxxxxxxxxxx.xxxpredictiveHigh
93Filexx/xxxxpredictiveLow
94Filexxxxxxxx.xxxpredictiveMedium
95Filexxxxx_xxxxx.xxxpredictiveHigh
96Filexxxxxxx.xxxpredictiveMedium
97Filexxx-xxxxxxxx/xxx-xxxxxxxx.xxxpredictiveHigh
98Filexxxx.xxxpredictiveMedium
99Filexxx/xxxx/xxxx.xxpredictiveHigh
100Filexxxxx_xxxxx.xxxpredictiveHigh
101Filexxxxx_xxx.xxxpredictiveHigh
102Filexxxx.xxxpredictiveMedium
103Filexxxxxxxx.xxxpredictiveMedium
104Filexxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
105Filexxx/xxx.xxxpredictiveMedium
106Filexxxxxxx.xpredictiveMedium
107Filexxxxx.xxxpredictiveMedium
108Filexxxxx.xxxpredictiveMedium
109Filexxxxxxxxxx.xxxpredictiveHigh
110Filexxxxxxxx.xxxpredictiveMedium
111Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
112Filexxxxxxxxxx/xxxxxxxxxx_xxxxxxxxxx.xxxpredictiveHigh
113Filexxxxx/xxxxxxx.xxxxxxxpredictiveHigh
114Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
115Filexxx.xxxpredictiveLow
116Filexxxx.xxxpredictiveMedium
117Filexxxxxx.xpredictiveMedium
118Filexxxxxx.xxpredictiveMedium
119Filexxxxxxx_xxxxxxxxxxxxx.xxxpredictiveHigh
120Filexxxxxxxx/xxxx/xxxxxxx/xxxxx.xxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
121Filexxxx-xxxxxx.xpredictiveHigh
122Filexxxx.xxxpredictiveMedium
123Filexxxxxxxxxxxx.xxxpredictiveHigh
124Filexxxxxxxxxxxxxx.xxxpredictiveHigh
125Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
126Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
127Filexxxxxx.xxxpredictiveMedium
128Filexxxxx.xxxpredictiveMedium
129Filexxxx.xxxpredictiveMedium
130Filexxxxxxxx-xxxxxxxxxxx.xxxpredictiveHigh
131Filexxx/xxxxxxxx.xpredictiveHigh
132Filexxxxxx.xxxpredictiveMedium
133Filexxxxx.xpredictiveLow
134Filexxxxxxxxxxxxxx.xxxxpredictiveHigh
135Filexxxxx-xxxx.xxxpredictiveHigh
136Filexxx.xxxpredictiveLow
137Filexxxxxxxx/xxxxxxxxpredictiveHigh
138Filexxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
139Filexxxxx.xpredictiveLow
140Filexxx/xxx/xxx-xxx/xxxx.xxxpredictiveHigh
141Filexxxxxxxx.xxxpredictiveMedium
142Filexxxxxxxxx.xxxpredictiveHigh
143Filexxxxxxxxxxxx.xxxpredictiveHigh
144Filexxxxxxxxxxx.xxxpredictiveHigh
145Filexxx.xxxpredictiveLow
146Filexxxxxxxxx/xxxxxxxxpredictiveHigh
147Filexx-xxxxx/xxxxx-xxxx.xxx?xxx_xxxxx=xxxx_xxxxxxxpredictiveHigh
148Filexx-xxxxx/xxxxx-xxx.xxx?xxxxxxx-xxxxxxxxpredictiveHigh
149Filexx-xxxxx/xxxxxx-xxxx.xxxpredictiveHigh
150Filexx-xxxxxxx/xxxxxxxpredictiveHigh
151Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
152Filexx-xxxxxxxx/xxxxx-xx-xxxxxx-xxxxxx.xxxpredictiveHigh
153Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
154Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
155Filexx-xxxxx.xxxpredictiveMedium
156Filexx-xxxxxxxx.xxxpredictiveHigh
157Filexxx/xxxx/xxxxx/xxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxx.xxxpredictiveHigh
158Filexxxx.xxxpredictiveMedium
159File\xxx\xxxxxxxx\xxxxxxxx\xxxxxxxx.xxxpredictiveHigh
160Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
161Libraryxxx.xxxpredictiveLow
162Libraryxxxxxxxxxxx.xxxpredictiveHigh
163Libraryxxxxxxx/xxx/xxxxxx.xxx.xxxpredictiveHigh
164Libraryxxx/xxxx/xxxxx.xxxpredictiveHigh
165Libraryxxxxxx.xxxpredictiveMedium
166Libraryxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
167Libraryxx/xxx.xxx.xxxpredictiveHigh
168Libraryxxxxxxx.xxx.xx.xxxpredictiveHigh
169Libraryxxxxxxxxxx.xxxpredictiveHigh
170Argument--xxxx=xxxpredictiveMedium
171ArgumentxxxxxpredictiveLow
172ArgumentxxpredictiveLow
173Argumentxxxxxx_xxxxpredictiveMedium
174ArgumentxxxxxxxxpredictiveMedium
175Argumentxxxx_xxpredictiveLow
176ArgumentxxxxxxxpredictiveLow
177Argumentxxx_xxxpredictiveLow
178ArgumentxxxpredictiveLow
179ArgumentxxxxxxxxxpredictiveMedium
180Argumentxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
181ArgumentxxxxxxxxxxpredictiveMedium
182ArgumentxxxxxpredictiveLow
183Argumentxxx_xxpredictiveLow
184ArgumentxxxpredictiveLow
185ArgumentxxxpredictiveLow
186ArgumentxxxxxxxpredictiveLow
187ArgumentxxxxxxpredictiveLow
188ArgumentxxxxxxxxxxpredictiveMedium
189ArgumentxxxxpredictiveLow
190Argumentxxx_xxxx/xxx_xxxxxxxpredictiveHigh
191Argumentxxxx_xxxxxx=xxxxpredictiveHigh
192Argumentxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
193ArgumentxxxpredictiveLow
194ArgumentxxxxpredictiveLow
195ArgumentxxxxxxxxpredictiveMedium
196ArgumentxxxxxxxxpredictiveMedium
197ArgumentxxxxpredictiveLow
198ArgumentxxxxxxxpredictiveLow
199ArgumentxxpredictiveLow
200Argumentxxxx/xxxxpredictiveMedium
201ArgumentxxxxpredictiveLow
202ArgumentxxxxxxxxpredictiveMedium
203ArgumentxxxxpredictiveLow
204ArgumentxxpredictiveLow
205Argumentxx_xxxxxxxxpredictiveMedium
206Argumentxxxxx xxxxxpredictiveMedium
207Argumentxxxxxxxxx_xxxxpredictiveHigh
208Argumentxxxx xxxxxxxpredictiveMedium
209Argumentxxxxx[xxxxx][xx]predictiveHigh
210ArgumentxxxxxxxxpredictiveMedium
211Argumentxxxx_xxxxpredictiveMedium
212ArgumentxxxxpredictiveLow
213ArgumentxxxxxxxxxpredictiveMedium
214ArgumentxxxxxxxpredictiveLow
215ArgumentxxxpredictiveLow
216ArgumentxxxpredictiveLow
217ArgumentxxxpredictiveLow
218ArgumentxxxpredictiveLow
219ArgumentxxxxxpredictiveLow
220ArgumentxxxxpredictiveLow
221Argumentxxxx/xxxxxxxpredictiveMedium
222Argumentxxxx[]predictiveLow
223Argumentxxxx_xxxxxx/xxxx_xxx/xxxxxxx/xxxx_xxxxxx/xxxx_x/xxxx_xpredictiveHigh
224Argumentxxxxxx xxxxxxpredictiveHigh
225ArgumentxxxxxxxxpredictiveMedium
226ArgumentxxxxxxxxpredictiveMedium
227Argumentxxxx_xxxxpredictiveMedium
228ArgumentxxxxxxxxpredictiveMedium
229Argumentxx_xxxxpredictiveLow
230Argumentxxx_xxxx_xxxxxx_xxxx_xxxxxxx_xxxxx_xxxxxxx_xxxxxx_xxxx_xx_xxxxxx_xxxxpredictiveHigh
231ArgumentxxxxxxxxxxxpredictiveMedium
232ArgumentxxxxxxxxpredictiveMedium
233ArgumentxxxxxxxxxxxpredictiveMedium
234ArgumentxxxxxxpredictiveLow
235Argumentxxxxxxxxxx/xxxxxpredictiveHigh
236ArgumentxxxxxxxxxxpredictiveMedium
237ArgumentxxxxxxxpredictiveLow
238ArgumentxxxxxxxxpredictiveMedium
239ArgumentxxxpredictiveLow
240Argumentxxxxxxxx[xxxx]predictiveHigh
241Argumentxxxx xxxxpredictiveMedium
242Argumentxxxxx_xxpredictiveMedium
243ArgumentxxxxxxxxxxxxpredictiveMedium
244Argumentxxx_xxxpredictiveLow
245Argumentxxxxxxxxxx[xxxx]predictiveHigh
246ArgumentxxxxxpredictiveLow
247ArgumentxxxxxxxpredictiveLow
248ArgumentxxxpredictiveLow
249ArgumentxxxxxxxpredictiveLow
250Argumentxxxx-xxxxxpredictiveMedium
251ArgumentxxxxxxpredictiveLow
252ArgumentxxxxxxxxpredictiveMedium
253Argumentxxxxxxxx/xxxxpredictiveHigh
254Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
255Argumentxxxx->xxxxxxxpredictiveHigh
256Argumentx-xxxxxxxxx-xxxpredictiveHigh
257Argument_xx_xxxxpredictiveMedium
258Argument_xxx_xxxxxxx_xxxx_xxxxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxx_xxxxpredictiveHigh
259Argument_xxxxxxxpredictiveMedium
260Argument_xxxxxpredictiveLow
261Input Value%xx%xx%xxpredictiveMedium
262Input Value..predictiveLow
263Input Value../predictiveLow
264Input Value/..predictiveLow
265Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
266Input Value??x:\predictiveLow
267Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
268Input Valuexxxxxxxxxx:xxxxxxxxxpredictiveHigh
269Pattern|xx|predictiveLow
270Network PortxxxxxpredictiveLow
271Network Portxxx/xxxx (xxxxx)predictiveHigh
272Network Portxxx/xxxxpredictiveMedium
273Network Portxxx/xxxxxpredictiveMedium
274Network Portxxx/xxx (xxxx)predictiveHigh
275Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!