Oyster Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (37)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en26
ru6
zh6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA22
RU: Russia10
IR: Iran2
GB: Great Britain2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Rhysida3
Cobalt Strike2
Havoc2
IcedID2
RecordBreaker2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined22
Virtualization Software2
Content Management System2
Web Browser2
Server Management Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined10
SourceCodester4
Chamilo2
Google2
Campcodes2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Docker Swarm Plugin2
Chamilo LMS2
SourceCodester Clinic Queuing System2
Google Chrome2
Campcodes Online Laundry Management System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1FusionPBX fax_send.php command injection7.67.5$0-$5k$0-$5kNot definedOfficial fix 0.005820.08CVE-2022-35153
2SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot definedOfficial fix 0.023051.20CVE-2022-28959
3Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot definedNot defined 0.000000.08
4Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial fix 0.003910.20CVE-2015-5911
5TP-Link TL-WR902AC dm_fillObjByStr stack-based overflow6.56.4$0-$5k$0-$5kNot definedNot defined 0.006430.05CVE-2023-50225
6Keenetic KN-1010/KN-1410/KN-1711/KN-1810/KN-1910 Version Data version.js information disclosure5.35.1$0-$5k$0-$5kProof-of-ConceptWorkaround 0.000720.00CVE-2024-4022
7MikroTik RouterOS Winbox improper authentication8.58.4$0-$5k$0-$5kAttackedOfficial fixverified0.928430.00CVE-2018-14847
8ananich bitstorm announce.php sql injection6.96.9$0-$5k$0-$5kNot definedOfficial fix 0.000450.02CVE-2014-125062
9PhpWebThings myaccount.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.007430.00CVE-2005-4218
10Maran PHP Shop prod.php sql injection7.37.3$0-$5k$0-$5kHighUnavailablepossible0.001670.06CVE-2008-4879
11nginx SPDY memory corruption7.36.4$0-$5k$0-$5kUnprovenOfficial fix 0.209130.03CVE-2014-0133
12JetBrains TeamCity authentication bypass9.08.9$0-$5k$0-$5kAttackedOfficial fixverified0.945740.00CVE-2024-27198
13SAP NetWeaver Application Server ABAP and ABAP Platform unrestricted upload9.29.0$5k-$25k$0-$5kNot definedOfficial fix 0.003900.00CVE-2024-33006
14Campcodes Online Laundry Management System admin_class.php improper authorization4.33.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.001060.07CVE-2024-4819
15Google Chrome V8 out-of-bounds8.07.9$25k-$100k$5k-$25kAttackedOfficial fixverified0.002110.00CVE-2024-0519
16Ruijie RG-UAC commit.php os command injection4.74.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.003260.00CVE-2024-4501
17SourceCodester Prison Management System edit-photo.php unrestricted upload7.16.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.000580.15CVE-2024-4500
18Microsoft Azure Health Bot Service buffer.SlowBuffer uninitialized resource4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.000000.00
19SourceCodester Clinic Queuing System GET Parameter index.php file inclusion7.57.4$0-$5k$0-$5kProof-of-ConceptNot defined 0.006790.20CVE-2024-0265
20OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial fixexpected0.924870.06CVE-2016-6210

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
164.95.10.243Oyster06/18/2024verifiedHigh
2XXX.XXX.XX.XXXxxxxx06/18/2024verifiedHigh
3XXX.XX.XXX.XXXXxxxxx08/16/2024verifiedVery High
4XXX.XXX.XXX.XXXXxxxxx06/18/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059.007CAPEC-209CWE-79Basic Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
10TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/Employee/edit-photo.phppredictiveHigh
2File/fax/fax_send.phppredictiveHigh
3File/index.phppredictiveMedium
4File/spip.phppredictiveMedium
5File/xxx/xxxxx/xpredictiveMedium
6File/xxxxxxx.xxpredictiveMedium
7File/xxxx/xxxxxxxx/xxxxxxxxxxx/xxxxxx.xxxpredictiveHigh
8File/xxxxxxxx/xxxxxxx/xxxxxxxpredictiveHigh
9Filexxxxx_xxxxx.xxxpredictiveHigh
10Filexxxxxxxx.xxxpredictiveMedium
11Filexxxxx.xxxpredictiveMedium
12Filex_xxxxxxxx_xxxxxpredictiveHigh
13Filexxxxxxxxx/xxxx-xxxxpredictiveHigh
14Filexxxxxxxxx.xxxpredictiveHigh
15Filexxxx.xxxpredictiveMedium
16Filexxxxxxxxx/xxxxx.xxxpredictiveHigh
17ArgumentxxxpredictiveLow
18ArgumentxxxxxxxxxxpredictiveMedium
19ArgumentxxxxxpredictiveLow
20Argumentx_xxxxxxxxpredictiveMedium
21ArgumentxxxxpredictiveLow
22ArgumentxxxxxxxxpredictiveMedium
23ArgumentxxxxpredictiveLow
24Argumentxxx_xxxxxxpredictiveMedium
25ArgumentxxxxxxxpredictiveLow
26ArgumentxxxxxxxpredictiveLow
27ArgumentxxxxpredictiveLow
28ArgumentxxxxxxxxxpredictiveMedium
29Input Value../..predictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!