Orchard Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (824)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en736
fr22
zh22
de12
es8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us570
cn36
ir6
de2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Orchard4
Mirai3
BumbleBee3
Cobalt Strike3
Bashlite3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined250
WordPress Plugin54
Content Management System32
Web Browser28
Operating System24

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined198
Google34
Microsoft34
Apple16
IBM16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome22
Microsoft Windows16
Apple iOS8
Apple iPadOS8
Google Android8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.000.01847CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix2.210.00954CVE-2010-0966
3jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00289CVE-2019-7550
4jforum cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00165CVE-2012-5337
5JForum Login input validation6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.080.00181CVE-2012-5338
6MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.660.03468CVE-2007-0354
7School Club Application System cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00070CVE-2022-1288
8Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.730.00000
9LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable2.280.00000
10Xintian Smart Table Integrated Management System AddUpdateRole.aspx sql injection5.55.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00077CVE-2023-4712
11Microsoft Windows Server Service unrestricted upload8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.040.80595CVE-2022-30216
12Kamailio SIP Message build_res_buf_from_sip_req input validation8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.87480CVE-2018-14767
13HTC One/Sense Mail Client certificate validation4.84.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.090.00120CVE-2013-10001
14Samsung Smartphone RPMB ldfw buffer overflow5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00044CVE-2022-23431
15Apache HTTP Server mod_lua Multipart Parser r:parsebody out-of-bounds write8.58.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.030.16909CVE-2021-44790
16OpenBSD OpenSSH X11 Forwarding 7pk security9.89.1$25k-$100k$0-$5kUnprovenOfficial Fix0.040.00365CVE-2016-1908
17Linux Foundation Xen EFLAGS Register SYSENTER input validation6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00062CVE-2013-1917
18phpPgAds adclick.php unknown vulnerability5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.400.00317CVE-2005-3791
19Gallery add_comment.php cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00414CVE-2005-0219
20Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00108CVE-2009-4935

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.61.185.36Orchard08/05/2022verifiedHigh
245.61.185.231Orchard08/05/2022verifiedHigh
3XX.XX.XXX.XXXxxxxxx08/05/2022verifiedHigh
4XX.XX.XXX.XXxxxxxx08/06/2022verifiedHigh
5XX.XX.XXX.XXXXxxxxxx08/05/2022verifiedHigh
6XXX.XXX.XXX.XXXXxxxxxx08/05/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (26)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22, CWE-23Pathname TraversalpredictiveHigh
2T1040CWE-294, CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74InjectionpredictiveHigh
4T1059CWE-94, CWE-1321Cross Site ScriptingpredictiveHigh
5T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6T1068CWE-264, CWE-269, CWE-284J2EE Misconfiguration: Weak Access Permissions for EJB MethodspredictiveHigh
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
12TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
14TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
17TXXXXCWE-XXXXxxxxxxx Xxxxxxxxx Xx X Xxxxxxxxxxx'x Xxxxx Xx XxxxxpredictiveHigh
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
19TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
20TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
21TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
22TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
23TXXXXCWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
24TXXXX.XXXCWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
25TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh
26TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (214)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin.php/news/admin/lists/zhuanpredictiveHigh
2File/admin/bookings/view_details.phppredictiveHigh
3File/admin/edit.phppredictiveHigh
4File/admin/maintenance/view_designation.phppredictiveHigh
5File/admin/profile/save_profilepredictiveHigh
6File/admin/reports.phppredictiveHigh
7File/api/v1/chat.getThreadsListpredictiveHigh
8File/App_Resource/UEditor/server/upload.aspxpredictiveHigh
9File/bin/shpredictiveLow
10File/cgi-bin/luci/api/diagnosepredictiveHigh
11File/classes/conf/db.properties&config=filemanager.config.jspredictiveHigh
12File/coders/palm.cpredictiveHigh
13File/collection/allpredictiveHigh
14File/dcim/rack/predictiveMedium
15File/EditEventTypes.phppredictiveHigh
16File/etc/groupspredictiveMedium
17File/file/upload/1predictiveHigh
18File/formSetPortTrpredictiveHigh
19File/forum/away.phppredictiveHigh
20File/goform/wlanPrimaryNetworkpredictiveHigh
21File/index.php?module=help_pages/pages&entities_id=24predictiveHigh
22File/it-IT/splunkd/__raw/services/get_snapshotpredictiveHigh
23File/nova/bin/userpredictiveHigh
24File/novel-admin/src/main/java/com/java2nb/common/controller/FileController.javapredictiveHigh
25File/plesk-site-preview/predictiveHigh
26File/public/admin/profile/update.htmlpredictiveHigh
27File/xxxxxxxx/xxxpredictiveHigh
28File/xxxx/xxx/x/xxxxxxpredictiveHigh
29File/xxxx/xxxxx/predictiveMedium
30File/xxx/xxx/xxx/xxx_xxxxxx.xpredictiveHigh
31File/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
32File/xxxxxx/xxxxxxx.xxpredictiveHigh
33File/xxxpredictiveLow
34File/xxxxxxx/predictiveMedium
35File/xxxxxxpredictiveLow
36File/xxx/xxxx/xxxxxpredictiveHigh
37File/xxxxxxxx_xxxxx/xxxxxxx/xxxxxx.xxx?x=xxxxxx_xxxxxxxxpredictiveHigh
38Filexxx/xxxx_xxxx.xxxpredictiveHigh
39Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
40Filexxxxxxx.xxxpredictiveMedium
41Filexxx_xxxxxxx.xxxpredictiveHigh
42Filexxxxx.xxx?xxxx=xxxx-xxxxxpredictiveHigh
43Filexxxxx/xxxxxxxxxxxxx/xxxxxx.xxxpredictiveHigh
44Filexxxxx/xxxxx.xxxpredictiveHigh
45Filexxxxx_xxxxxxx.xxxpredictiveHigh
46Filexxxx/xxxxxxxxx.xxxpredictiveHigh
47Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
48Filexxxxxxxxxxx.xxxpredictiveHigh
49Filexxx/xxxxxx/xxxx.xxpredictiveHigh
50Filexxx\xxxxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
51Filex/xx/xxxxx/xxxxxxxx.xpredictiveHigh
52Filex:\xxxxxxx xxxxx (xxx)\xxxxxxxxxxxxx\xxxxxx.xxxpredictiveHigh
53Filexxxxxxxxxxxxxx.xxxpredictiveHigh
54Filexxxxxxxxx.xxxpredictiveHigh
55Filexxxxxx.xxxpredictiveMedium
56Filexxxxxxx/xxxxx-xxx-xxxxxxxx.xxxpredictiveHigh
57Filexxx.xxxxxxx.xxxxxx.xxx.xxxxxxxxxxxxx.xxxxpredictiveHigh
58Filexxxxxxx_xxx.xxxpredictiveHigh
59Filexxxxxxxxxxx.xpredictiveHigh
60Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
61Filexxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
62Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
63Filexxxx_xxx.xxxpredictiveMedium
64Filexxxx/xxxxx.xxpredictiveHigh
65Filexxxxxxxxxxx.xxxpredictiveHigh
66Filexxxxxxx/xxx/xxxx/xxxx.xpredictiveHigh
67Filexxxxx.xxxpredictiveMedium
68Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
69Filexxxx.xxxpredictiveMedium
70Filexxxxxxxx/xxxx.xxpredictiveHigh
71Filexxxx_xxxxxxx.xpredictiveHigh
72Filexxx.xxxpredictiveLow
73Filexxxx.xxxpredictiveMedium
74Filexxxxxxxxx.xxxpredictiveHigh
75Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
76Filexxx/xxxxxx.xxxpredictiveHigh
77Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
78Filexxx/xxxxxxx/xxxxxxxxxxxxx/xxxxx.xxxpredictiveHigh
79Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictiveHigh
80Filexxxxx.xxxpredictiveMedium
81Filexxxxxx/xxxxxx/xxx_x.xxxpredictiveHigh
82Filexx_xxxxx.xxxpredictiveMedium
83Filexxx/xxxxxxx/xxxx/xxxxxxx_xxxx.xxpredictiveHigh
84Filexxx/xxxxxxxxxx/xxxxxxx/xxxxxxx_xxxxxxxxx.xxpredictiveHigh
85Filexxxxxxxxxxxx.xxpredictiveHigh
86Filexxxxxxxxxxxxxx.xxxpredictiveHigh
87Filexxxxxxxxxxxxxxxx.xpredictiveHigh
88Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxx_xxxxxxx.xxxpredictiveHigh
89Filexxxxxxxx.xxxpredictiveMedium
90Filexxx_xxxx.xxxpredictiveMedium
91Filexxxxxxx.xxxxpredictiveMedium
92Filexxxxx/xxxxxxxxxxx/xxxxxxxxxx_xxxxxxxxxxx.xxxpredictiveHigh
93Filexxxxxxx/x/x?xxxx=x&xxxxx=x&predictiveHigh
94Filexxxxxxxxx.xxxpredictiveHigh
95Filexxxxx.xxxpredictiveMedium
96Filexxxxx.xxxpredictiveMedium
97Filexxxxxxxxxx.xxxpredictiveHigh
98Filexxxxxxxx.xxxpredictiveMedium
99Filexxxxxxxx.xxx?xxxx=xxxxxxxxxxxpredictiveHigh
100Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
101Filexxxxxx.xpredictiveMedium
102Filexxxx_xxxxxx.xxxpredictiveHigh
103Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
104Filexxx.xxxxx/xxxxxxx/xxxxxx_xxxxx.xxxpredictiveHigh
105Filexxxxxxxxxx/xxxx_xxxxxxxxxx.xpredictiveHigh
106Filexxxx-xxx/xxxxxxxx.xxx?xxxx=xxxxxxxxx_xxxxxxx.xxxpredictiveHigh
107Filexxxx-xxx/xxxxxxxx.xxx?xxxx=xxx_xxxxxxxx.xxxpredictiveHigh
108Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
109Filexxxx.xxxpredictiveMedium
110Filexxxxxxxxxxxxx.xxpredictiveHigh
111Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
112Filexxxx-xxxxx.xxxpredictiveHigh
113Filexxxx/xxxxxxxxxxxxxxxx.xxpredictiveHigh
114Filexxxxxx_xxxxxxxxxxxxx_xxxx.xxxpredictiveHigh
115Filexxxxxx.xpredictiveMedium
116Filexxx-xxxxx.xxxpredictiveHigh
117Filexxxxxx/xxxxxxxxxxx/xxxx_xxxxxx.xxxpredictiveHigh
118Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
119Filexx-xxxxxxxxxxx.xxxpredictiveHigh
120Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
121Filexx-xxxxxxxx.xxxpredictiveHigh
122File\xxxxx\xxxxxxxxx_xxxx.xxxpredictiveHigh
123File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxx.xxxpredictiveHigh
124File~/xxxxxxxx/xxxxxxxx/xxxxxx/xxxx/xxxx/xxxxxxxx.xxxpredictiveHigh
125File~/xxx-xxx-xxxx.xxxpredictiveHigh
126File~/xxxxpredictiveLow
127Library/xxx/xxx/xxxxxx/xxxxx/xxxxxxxxxx.xxxxx.xxxpredictiveHigh
128Libraryxx_xxxxxx.xxxpredictiveHigh
129Libraryxxxxxx.xxxpredictiveMedium
130Libraryxxxxxxxxxxxxxx.xxxpredictiveHigh
131Libraryxxxxxx.xxpredictiveMedium
132Libraryxxxxxxxxxxxxxxx.xxxpredictiveHigh
133Libraryxxxxxxx.xxxpredictiveMedium
134Argument$_xxxxxx["xxx_xxxx"]predictiveHigh
135ArgumentxxxxxxpredictiveLow
136Argumentxxx xxxxxxxxpredictiveMedium
137Argumentxxxxxxxxxxxxxxxx.xxxxxxxxxxxpredictiveHigh
138ArgumentxxxxxxxxpredictiveMedium
139ArgumentxxxxxxxxpredictiveMedium
140Argumentxxxxx_xxxxxxxxxxxpredictiveHigh
141Argumentxxxxxxx-xxxxxpredictiveHigh
142ArgumentxxxxxpredictiveLow
143ArgumentxxxxxxxxpredictiveMedium
144ArgumentxxxxxxxpredictiveLow
145Argumentxxxxxxxxxxx_xxx_xxxxpredictiveHigh
146Argumentxxxxxxx/xxxxxxx/xxxxxxx_xxxxxxxxxx/xxxxxxx_xxxxxx/xxxxxxxx/xxxx_xxxxxpredictiveHigh
147ArgumentxxxxxxxpredictiveLow
148Argumentxxxxxxx_xxxx_xxxxpredictiveHigh
149ArgumentxxpredictiveLow
150ArgumentxxxxxxxxpredictiveMedium
151ArgumentxxxxxxxpredictiveLow
152Argumentx-xxxxpredictiveLow
153Argumentxx_xxxxpredictiveLow
154ArgumentxxxxxxpredictiveLow
155Argumentxxx_xxxx_xxxxpredictiveHigh
156ArgumentxxxxpredictiveLow
157Argumentxxxx/xxxxxpredictiveMedium
158Argumentxxxxx xxxxxxxpredictiveHigh
159ArgumentxxxxxxxxxpredictiveMedium
160ArgumentxxpredictiveLow
161Argumentxxxx_xxxxxpredictiveMedium
162ArgumentxxxxxxxxpredictiveMedium
163ArgumentxxpredictiveLow
164ArgumentxxxpredictiveLow
165ArgumentxxxxxxxxpredictiveMedium
166ArgumentxxpredictiveLow
167Argumentxxxxxxxxxxxxxx.xxxxxxxxxxxxxpredictiveHigh
168ArgumentxxxxxxpredictiveLow
169Argumentxxxxxxx_xxpredictiveMedium
170ArgumentxxxxxxxxxxxxxxpredictiveHigh
171ArgumentxxxxxxpredictiveLow
172ArgumentxxxxxxxxxxpredictiveMedium
173Argumentxxxxxx xxx xxxxxx(x)predictiveHigh
174ArgumentxxxxpredictiveLow
175ArgumentxxxxpredictiveLow
176ArgumentxxxxxxxxpredictiveMedium
177ArgumentxxpredictiveLow
178ArgumentxxxxxxxpredictiveLow
179ArgumentxxxxxxxpredictiveLow
180ArgumentxxxxpredictiveLow
181ArgumentxxxxxxxxpredictiveMedium
182Argumentxxxxxxx_xxxxpredictiveMedium
183ArgumentxxxxxxxxpredictiveMedium
184Argumentxxxx-xxxxxxxpredictiveMedium
185ArgumentxxxxxpredictiveLow
186Argumentxxxxxxxxxxxx_xxxxxxxxxpredictiveHigh
187ArgumentxxxxxxxxpredictiveMedium
188ArgumentxxxxxxxxxxpredictiveMedium
189ArgumentxxxxxxxpredictiveLow
190Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
191ArgumentxxxxxxxxpredictiveMedium
192ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveHigh
193ArgumentxxxxxxpredictiveLow
194Argumentxxxx_xxxxpredictiveMedium
195Argumentxxxxxxxxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
196ArgumentxxxpredictiveLow
197ArgumentxxxpredictiveLow
198Argumentxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxpredictiveHigh
199ArgumentxxxxpredictiveLow
200ArgumentxxxxxpredictiveLow
201ArgumentxxpredictiveLow
202ArgumentxxxxxpredictiveLow
203ArgumentxxxxxxxxxxxpredictiveMedium
204ArgumentxxxpredictiveLow
205ArgumentxxxpredictiveLow
206Argumentxxxx_xxxxxpredictiveMedium
207Argumentxx_xxxxpredictiveLow
208Argument主题predictiveLow
209Input Value%xx%xx%xxxxx%xxxxx=x%xxxxxxxxx=xxxxx(x)%xxpredictiveHigh
210Input Value<xxxxxxxx>\xpredictiveMedium
211Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
212Input Value><xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
213Input Valuexxx://xxxxxx/xxxx=xxxxxxx.xxxxxx-xxxxxx/xxxxxxxx=xxxxx_xxxxxpredictiveHigh
214Network Portxxx/xxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!