Peach Sandstorm Analysisinfo

IOB - Indicator of Behavior (54)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en38
zh12
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Interspire Email Marketer4
MetalGenix GeniXCMS2
OpenSSL2
ThinkPHP2
BannerSky BSK Forms Blacklist Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Interspire Email Marketer Dynamiccontenttags.php sql injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2018-19551
2Sales / Company Management System member_order.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.005120.00CVE-2018-19925
3Interspire Email Marketer Dynamiccontenttags.php sql injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2018-19549
4Zen Cart findPluginAdminPage file inclusion7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002680.03CVE-2024-5762
5All-in-One WP Migration Plugin class-ai1wm-backups.php path traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000970.03CVE-2022-1476
6VMware vCenter Server/Cloud Foundation vSphere Client Privilege Escalation8.07.9$5k-$25k$0-$5kHighOfficial Fix0.974190.03CVE-2021-21972
7Advanced Comment System admin.php sql injection8.58.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.007480.03CVE-2018-18619
8Interspire Email Marketer Dynamiccontenttags.php sql injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000870.02CVE-2018-19553
9TwinOaks CoreDX DDS Packet6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000950.03CVE-2021-43547
10BannerSky BSK Forms Blacklist Plugin cross site scripting5.75.6$0-$5k$0-$5kNot DefinedNot Defined0.000430.05CVE-2024-47624
11Acronis Cyber Protect 16 cleartext transmission4.54.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.04CVE-2024-49387
12SSL Zen Plugin access control3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-1076
13ThinkPHP Language Pack pearcmd.php file inclusion8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.070900.02CVE-2022-47945
14SonicWALL SMA1000 HTTP Connection access control6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.002630.02CVE-2022-22282
15Omeka Classic cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001090.00CVE-2021-26799
16AgileConfig JWT Secret hard-coded key7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.002680.06CVE-2022-35540
17Apache Airflow UI code injection7.17.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.148170.00CVE-2022-40127
18Support Board Plugin sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002260.00CVE-2021-24741
19GitLab Project Import permission assignment8.78.6$0-$5k$0-$5kNot DefinedOfficial Fix0.940310.03CVE-2022-2185
20cPanel cpsrvd cross site scripting5.04.9$0-$5k$0-$5kNot DefinedOfficial Fix0.012460.03CVE-2023-29489

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Holmium

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/var/www/xms/xmsdb/default.dbpredictiveHigh
2FileDynamiccontenttags.phppredictiveHigh
3Fileinternal/advanced_comment_system/admin.phppredictiveHigh
4Filexxxxxx/xxxxxx_xxxxx.xxxpredictiveHigh
5Filexxxxxxx.xxxpredictiveMedium
6Filexxxxxxxx.xxpredictiveMedium
7Filexx_xxxxx/xxxxxx/xxxxxxx/xxx/xxxxxx_xxxxxxx.xxxpredictiveHigh
8Library/xxxxxxx/xxxxx/xxx.xxxpredictiveHigh
9Libraryxxx/xxx/xxxx.xxxxx.xxxpredictiveHigh
10Library~/xxx/xxxxx/xxxxx-xxxxx-xxxxxxx.xxxpredictiveHigh
11Argumentxxxxxxx[]predictiveMedium
12Argumentxxxxx/xxxxxxpredictiveMedium
13ArgumentxxxxpredictiveLow
14ArgumentxxpredictiveLow
15ArgumentxxxxpredictiveLow
16Argumentxxx_xxpredictiveLow
17ArgumentxxxxxxxxxpredictiveMedium
18ArgumentxxxxxxpredictiveLow
19Argumentxxxxxx_xxxx/xxxxxxxxxx/xxxx_xx/xxxxxxxxxxxx_xx/xxxxxxxxxxxx_xxxxxx_xxxx/xxxxxxxxx_xxpredictiveHigh
20Argumentxxxx/x_xxxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!