PAPERWALL Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

zh14
en8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China18
US: USA4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

PAPERWALL4
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined10
Smartphone Operating System2
Web Server2
Printing Software2
WordPress Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined4
Google2
0xJacky2
Canonical2
HP2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android2
0xJacky nginx-ui2
Canonical Linux2
HP Linux Imaging And Printing Project2
square okio2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1eSyndicat Directory Software suggest-listing.php cross site scripting3.53.5$0-$5k$0-$5kNot definedNot defined 0.000000.94
2H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request setsyncpppoecfg FCGI_WizardProtoProcess command injection8.07.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.012980.37CVE-2025-3543
3vercel Next.js Header improper authorization8.27.8$0-$5k$0-$5kProof-of-ConceptOfficial fixexpected0.914160.66CVE-2025-29927
4Gradio Access Control List improper authorization5.35.1$0-$5k$0-$5kNot definedOfficial fix 0.000590.06CVE-2025-23042
5GitLab Community Edition/Enterprise Edition Project cross-site request forgery6.36.2$0-$5k$0-$5kNot definedOfficial fix 0.000930.03CVE-2022-4138
6Canonical Linux cache link following8.47.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.004410.00CVE-2010-0832
7HP Linux Imaging And Printing Project Access Restriction check_permission_v1 access control8.48.4$5k-$25k$5k-$25kNot definedNot defined 0.000690.03CVE-2013-4325
8CodegearThemes Designer Plugin filename control6.26.1$0-$5k$0-$5kNot definedNot defined 0.005250.00CVE-2024-54225
9SourceCodester Best Online News Portal Comment Section news-details.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000170.00CVE-2024-9008
10Git Cloning process control7.57.4$0-$5k$0-$5kNot definedOfficial fix 0.010760.09CVE-2024-32004
11square okio GzipSource signed to unsigned conversion error5.75.7$0-$5k$0-$5kNot definedOfficial fix 0.002470.00CVE-2023-3635
120xJacky nginx-ui Certificate Import write_file.go path traversal8.58.4$0-$5k$0-$5kNot definedOfficial fix 0.022050.04CVE-2024-23827
13Clash Proxies Name Column injection5.55.3$0-$5k$0-$5kNot definedNot defined 0.003750.03CVE-2022-26255
14Hashicorp Terraform path traversal6.06.0$0-$5k$0-$5kNot definedOfficial fix 0.000470.00CVE-2023-4782
15Google Android ShannonRcs information disclosure4.44.3$5k-$25k$0-$5kNot definedOfficial fix 0.000090.00CVE-2023-20923
16Google Android ActivityManagerService.java openContentUri information disclosure3.33.2$5k-$25k$0-$5kNot definedOfficial fix 0.000250.00CVE-2023-21292
17Elasticsearch Searchable Snapshot permission assignment3.53.4$0-$5k$0-$5kNot definedOfficial fix 0.003140.00CVE-2021-22147
18Elasticsearch Grok Parser infinite loop3.53.4$0-$5k$0-$5kNot definedOfficial fix 0.003020.03CVE-2021-22144
19Elasticsearch Error Report information exposure4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial fixpossible0.582220.05CVE-2021-22145
20Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot definedNot defined 0.000001.03

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
143.153.75.48PAPERWALL02/08/2024verifiedHigh
243.155.173.104PAPERWALL02/08/2024verifiedHigh
3XX.XXX.XX.XXXXxxxxxxxx02/08/2024verifiedHigh
4XX.XXX.XX.XXXXxxxxxxxx02/08/2024verifiedHigh
5XX.XXX.XXX.XXXXxxxxxxxx02/08/2024verifiedHigh
6XX.XX.XX.XXXxxxxxxxx02/08/2024verifiedHigh
7XXX.XX.XXX.XXXxxxxxxxx02/08/2024verifiedHigh
8XXX.XXX.XXX.XXXxxxxxxxx02/08/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3TXXXX.XXXCAPEC-XXCWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/wizard/setsyncpppoecfgpredictiveHigh
2File/news-details.phppredictiveHigh
3Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
4FilexxxxxpredictiveLow
5Filexxxxx.xxxpredictiveMedium
6Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
7Filexxxxx_xxxx.xxpredictiveHigh
8ArgumentxxpredictiveLow
9ArgumentxxxxpredictiveLow
10ArgumentxxxxxpredictiveLow
11Argumentx-xxxxxxxxxx-xxxxxxxxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!