Palevo Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (379)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en328
zh30
pl8
es6
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn206
us142
ru10
es4
ua2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Palevo5
Cobalt Strike2
PingPull1
pupy1
Lotus Blossom1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined104
Content Management System38
Router Operating System36
Wireless LAN Software12
WordPress Plugin10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined126
D-Link24
Cisco10
Joomla10
Netgear10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Joomla CMS10
WordPress10
Wireshark10
D-Link DIR-8786
AWStats6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1AWStats Config awstats.pl Privilege Escalation5.04.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.00000
2Trend Micro Apex One/Apex One as a Service Management Server path traversal8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.020.00215CVE-2023-32557
3WordPress Metadata deserialization8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01578CVE-2018-20148
4Hitron CODA-5310 System Configuration Interface missing authentication8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00148CVE-2023-30604
5request-baskets API Request {name} server-side request forgery6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000.05974CVE-2023-27163
6Galaxy gunicorn path traversal7.17.1$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00131CVE-2022-23470
7Cisco Identity Services Engine tcpdump command injection5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00097CVE-2022-20964
8Drupal File file access3.73.6$0-$5kCalculatingNot DefinedOfficial Fix0.020.00729CVE-2017-6922
9VMware Horizon DaaS RDP File input validation5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00079CVE-2017-4897
10Ubiquiti EdgeRouter X OSPF command injection [Disputed]8.17.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00934CVE-2023-1458
11AWStats awstats.pl Path information disclosure5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.050.00176CVE-2018-10245
12Fortinet FortiOS SSH Server access control9.89.6$25k-$100k$0-$5kHighOfficial Fix0.020.68188CVE-2016-1909
13D-Link DIR-815 getcfg.php information disclosure8.57.9$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00438CVE-2018-10106
14Hitron CODA-5310 Telnet hard-coded credentials9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.040.00155CVE-2023-30603
15D-Link DIR-867/DIR-878/DIR-882 authentication bypass7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00098CVE-2020-15633
16Linux Kernel Page Table Isolation EntryBleed information disclosure4.94.9$5k-$25k$0-$5kNot DefinedNot Defined0.040.00042CVE-2022-4543
17vsftpd deny_file unknown vulnerability3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00312CVE-2015-1419
18D-Link DIR-820L lan.asp Privilege Escalation6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000.45615CVE-2022-26258
19Netgear RV340/RV340W/RV345/RV345P os command injection4.94.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00142CVE-2023-20007
20Realtek Jungle SDK MP Daemon UDPServer memory corruption7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.030.96667CVE-2021-35394

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
142.120.158.78Palevo06/13/2021verifiedHigh
267.210.170.16967-210-170.169.static.tel-ott.comPalevo06/13/2021verifiedHigh
376.74.255.138loom.comPalevo06/13/2021verifiedHigh
4XX.XXX.X.XXXXxxxxx06/13/2021verifiedHigh
5XX.XXX.XXX.XXxxx.xxxxxxxxx.xxXxxxxx06/13/2021verifiedHigh
6XXX.XX.XXX.XXXxxxx.xxxxx.xxxXxxxxx06/13/2021verifiedHigh
7XXX.XXX.XX.XXXXxxxxx06/13/2021verifiedHigh
8XXX.XXX.XXX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxxx06/13/2021verifiedHigh
9XXX.XXX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxx06/13/2021verifiedHigh
10XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx-xxx.xxxx-xxxxxxxxx.xxx.xxXxxxxx06/13/2021verifiedHigh
11XXX.X.XXX.XXXxxxxx06/13/2021verifiedHigh
12XXX.X.XXX.XXXxxxxx06/13/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Path TraversalpredictiveHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CWE-88, CWE-94Argument InjectionpredictiveHigh
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
18TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
19TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
20TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
21TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
22TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (165)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/addnews.htmlpredictiveHigh
3File/admin/system/database/filedown.phppredictiveHigh
4File/api/baskets/{name}predictiveHigh
5File/bin/boapredictiveMedium
6File/bin/protestpredictiveMedium
7File/cgi-bin/cstecgi.cgipredictiveHigh
8File/cgi-bin/ExportSettings.shpredictiveHigh
9File/cgi-bin/upload_vpntarpredictiveHigh
10File/getcfg.phppredictiveMedium
11File/HNAP1predictiveLow
12File/htdocs/web/getcfg.phppredictiveHigh
13File/lan.asppredictiveMedium
14File/MTFWUpredictiveLow
15File/network_test.phppredictiveHigh
16File/okm:rootpredictiveMedium
17File/SetTriggerLEDBlink/BlinkpredictiveHigh
18File/spip.phppredictiveMedium
19File/wp-content/plugins/updraftplus/admin.phppredictiveHigh
20Filexxxxx.xxx/xxxxx-x.x.xxx/xxxxxxx.xxx/xxxx.xxxpredictiveHigh
21Filexxx.xxxpredictiveLow
22Filexxxxx.xxx?x=xxxxxx&x=xxxxxx&x=xxxxxxpredictiveHigh
23Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
24Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
25Filexxxxx/xxxxx.xxx?x=xx_xxx&x=xxxxx&x=xxxxx&x=xxxxx_xxxx_xxxxxxx&xxxxx=xxxx&xxxxx=xpredictiveHigh
26Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
27Filexxx.xxxpredictiveLow
28Filexxxxx/xxxxxxx/xxxxxxxxxxxxxpredictiveHigh
29Filexxxxxx.xxxpredictiveMedium
30Filexxxxxxx.xxpredictiveMedium
31Filexxx-xxx/xxxxxxxxxxxx.xxx/xxxxxxxxxxxxpredictiveHigh
32Filexxxx/xxxxxx/xxxxx.xxxpredictiveHigh
33Filexxxxxx.xxxpredictiveMedium
34Filexxxxxxxx.xxxpredictiveMedium
35Filexxx/xxxx_xxxxxpredictiveHigh
36Filexxxxxx.xxxpredictiveMedium
37Filexxxxx.xxxpredictiveMedium
38Filexxxx/xxxxxxxxxx/xxxxxx-xxxx.xpredictiveHigh
39Filexxxx/xxxxxxxxxx/xxxxxx-xxxxx.xpredictiveHigh
40Filexxxx/xxxxxxxxxx/xxxxxx-xxx.xpredictiveHigh
41Filexx_xxx_xx.xpredictiveMedium
42Filexxxxxxxxx.xxxpredictiveHigh
43Filexxxxx.xxxpredictiveMedium
44Filexxxx.xxxpredictiveMedium
45Filexxxxx.xxxxpredictiveMedium
46Filexxxxx_xxxxx.xxxpredictiveHigh
47Filexxxxxxxx/xxxxxxx/xxxxx.xxxxx.xxxpredictiveHigh
48Filexxxxxxxx/xxxxxx.xxxpredictiveHigh
49Filexxxxx.xxxpredictiveMedium
50Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictiveHigh
51Filexxxxxxx.xxxpredictiveMedium
52Filexxx/xxx.xpredictiveMedium
53Filexxx_xxxxxxxxx.xxxpredictiveHigh
54Filexxxxxx.xpredictiveMedium
55Filexxxxxx/xxx_xxxxxx.xpredictiveHigh
56Filexxxxxx.xxpredictiveMedium
57Filexxxxxxx/xxxxx/xx/xxxxxx.xxxxx.xxxpredictiveHigh
58Filexxxx/xxxxxx/xxxxx.xxxpredictiveHigh
59Filexxxxx.xxxpredictiveMedium
60Filexxxxxxxx.xxxpredictiveMedium
61Filexxxxxxxx.xxxpredictiveMedium
62Filexxx_xxx.xpredictiveMedium
63Filexxx/xxxx/xxxx.xpredictiveHigh
64Filexxxxxxx.xxxpredictiveMedium
65Filexxxxxxxxxxx-xxxx.xxpredictiveHigh
66Filexxxxxxx.xxxpredictiveMedium
67Filexxxxxxxxxxx.xxxpredictiveHigh
68Filexxxxx.xpredictiveLow
69Filexxxxxxxx.xxxxx.xxxpredictiveHigh
70Filexxxx/xxxxxxxxx.xxxpredictiveHigh
71Filexxxx.xxxpredictiveMedium
72Filexxxxx_xxxxx.xxxpredictiveHigh
73Filexxxxxxxx.xxxpredictiveMedium
74Filexxxxxx/xxxxx/xxx.xpredictiveHigh
75Filexxxxxxx.xxxpredictiveMedium
76Filexxxxxx_xxxxx.xxx/xxxxx_xxxxxxx_xxxxxxxxxx.xxpredictiveHigh
77Filexxxxx.xxxpredictiveMedium
78Filexxx_xxxxxx.xxxpredictiveHigh
79Filexxxxx-xxxxxxxxxxxx.xxxpredictiveHigh
80Filexxxxx/_xxxxxxxx.xxxpredictiveHigh
81FilexxxxxxxxxpredictiveMedium
82Filexxxxxx.xxxpredictiveMedium
83Filexxxx_xxxxx_xxxxx.xxxpredictiveHigh
84Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
85Filexxxx/xxxx/xxxxx.xxxpredictiveHigh
86Filexxxx_xxx_xxx_xxxx.xxxpredictiveHigh
87Filexxxxx.xxxpredictiveMedium
88Filexxx/xxxxxx-xxxxxxx.xxxpredictiveHigh
89Filexxxxx.xxxpredictiveMedium
90Filexxxxxxx/xxx.xpredictiveHigh
91Filexxxxxxx/xxxxxxxxx.xpredictiveHigh
92Filexx-xxxxx/xxxx-xxx.xxxpredictiveHigh
93Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
94Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
95Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
96Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
97Filexxxxxx.xxx?xxxxxx=xxxxxxxxx.xxxx&xxxxxxxxxxx=xpredictiveHigh
98Libraryxxxxxx.xxxpredictiveMedium
99Libraryxxxxx.xxxpredictiveMedium
100Libraryxxx/xxxxxx/xxxxxx.xxpredictiveHigh
101Libraryxxx/xxxxxxxxxxxxx/xxxxxxxxxx.xxpredictiveHigh
102Libraryxxxxxx.xxxpredictiveMedium
103Argument$_xxxxxpredictiveLow
104Argument$_xxxxxxx['xxxx']predictiveHigh
105Argumentxx_xxxxx_xxx_xxxxpredictiveHigh
106Argumentxxxxxx_xxxxxxpredictiveHigh
107ArgumentxxxxpredictiveLow
108ArgumentxxxxxxpredictiveLow
109ArgumentxxxxxxpredictiveLow
110Argumentxxxxxxxxxx_xxxxpredictiveHigh
111ArgumentxxxpredictiveLow
112Argumentxxxxxx_xxxxxxxpredictiveHigh
113ArgumentxxxxxxpredictiveLow
114ArgumentxxxxxxxxpredictiveMedium
115Argumentxxxxxx xxxxpredictiveMedium
116ArgumentxxxpredictiveLow
117ArgumentxxxxpredictiveLow
118ArgumentxxxpredictiveLow
119ArgumentxxxxxxpredictiveLow
120ArgumentxxxxxxxpredictiveLow
121ArgumentxxxxpredictiveLow
122ArgumentxxxxxxxxpredictiveMedium
123ArgumentxxxxxxxxxpredictiveMedium
124Argumentxxxxxx_xxxxx_xxxpredictiveHigh
125ArgumentxxxxxpredictiveLow
126Argumentxxxxxxxxx/xxxxxxpredictiveHigh
127ArgumentxxxxxxxpredictiveLow
128Argumentxxxxx_xxpredictiveMedium
129Argumentxxxxx_xxxxxxpredictiveMedium
130ArgumentxxxxpredictiveLow
131ArgumentxxxxpredictiveLow
132ArgumentxxpredictiveLow
133ArgumentxxxxxxxxxxxxxpredictiveHigh
134Argumentxxxxxxx_xxxxxxpredictiveHigh
135ArgumentxxxpredictiveLow
136ArgumentxxxxpredictiveLow
137Argumentxxxxxx_xxxx_xxxxpredictiveHigh
138ArgumentxxxxxxxxxxxxxxpredictiveHigh
139ArgumentxxxxxxxxxxxxxpredictiveHigh
140ArgumentxxxxxxxpredictiveLow
141Argumentxxx_xxxxxpredictiveMedium
142ArgumentxxxxpredictiveLow
143ArgumentxxxxpredictiveLow
144ArgumentxxxxxpredictiveLow
145ArgumentxxxxxxxxpredictiveMedium
146ArgumentxxxxxxxxxxxxxxpredictiveHigh
147ArgumentxxxxxxpredictiveLow
148ArgumentxxxxpredictiveLow
149Argumentxxxxxxx/xxxxxxxpredictiveHigh
150Argumentxxxxxx-xxxx-xxpredictiveHigh
151ArgumentxxxxxpredictiveLow
152Argumentxxxxxxx[]predictiveMedium
153Argumentxxxxxxxxxx[xxxx]predictiveHigh
154ArgumentxxxxpredictiveLow
155Argumentxxxxxxxxxx_xxxx_xxxxxxxpredictiveHigh
156ArgumentxxpredictiveLow
157ArgumentxxxxxxxxpredictiveMedium
158Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
159ArgumentxxxpredictiveLow
160Argumentxxxx->xxxxxxxpredictiveHigh
161Argument_xxxxxxxxxpredictiveMedium
162Argument_xxxxxxxpredictiveMedium
163Input Value../../predictiveLow
164Input Value..\predictiveLow
165Network Portxxx/xxx (xxxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!