Poison Ivy Analysis

IOB - Indicator of Behavior (81)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en56
zh12
de10
sv2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us64
cn6
ru4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

APT-C-015
SilverFish1
Tropic Trooper1
Mirai_ptea1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined38
Content Management System10
Operating System6
Web Server4
Smartphone Operating System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined34
Microsoft6
Apple4
Google4
Apache4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress6
Google Android4
Microsoft Windows4
Coppermine Photo Gallery2
Apple Mac OS X Server2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Litespeed Technologies OpenLiteSpeed access control8.07.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.07308CVE-2021-26758
2OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.490.49183CVE-2016-6210
3SourceCodester Online Flight Booking Management System POST Parameter review_search.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined10.000.00954CVE-2023-0283
4Apple tvOS WebKit memory corruption6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.01889CVE-2021-30849
5Igno Saitz libmikmod denial of service5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.010.01537CVE-2007-6720
6PEEL phpinfo.php phpinfo information disclosure5.35.1$0-$5k$0-$5kHighUnavailable0.000.01136CVE-2008-1506
7Gallery file inclusion5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.010.06790CVE-2004-2124
8Apple iOS Cache dyld.cpp openSharedCacheFile memory corruption9.08.6$100k and more$0-$5kNot DefinedOfficial Fix0.090.01108CVE-2013-3950
9OKLite File Upload modulec_control.php unrestricted upload6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2019-16131
10HPE System Management Homepage improper authentication5.85.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00890CVE-2017-12549
11Google Android ion.c ion_buffer_kmap_get integer overflow5.35.1$25k-$100k$5k-$25kNot DefinedOfficial Fix0.050.01036CVE-2021-39714
12Maccms Video cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2021-45787
13Seafile authorization6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2021-43820
14PostgreSQL ALTER improper authorization4.13.9$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00890CVE-2020-1720
15PostgreSQL integer overflow5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00950CVE-2021-32027
16Spyce cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.080.01917CVE-2008-0980
17SOY CMS Inquiry Form deserialization8.67.6$0-$5k$0-$5kNot DefinedOfficial Fix0.010.05634CVE-2020-15188
18Oracle Application Server sql injection9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.010.01537CVE-2006-3710
19RoundCube E-Mail Message cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.070.01108CVE-2021-46144

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Poison Ivy

IOC - Indicator of Compromise (23)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
123.27.112.216Tropic TrooperPoison IvyverifiedHigh
245.32.8.13745.32.8.137.vultr.comPoison IvyverifiedMedium
345.76.125.17645.76.125.176.vultr.comPoison IvyverifiedMedium
445.76.228.6145.76.228.61.vultr.comPoison IvyverifiedMedium
549.254.211.75Tropic TrooperPoison IvyverifiedHigh
6XX.XXX.XX.XXXXxxxxx XxxxxxxXxxxxx XxxverifiedHigh
7XX.X.XXX.XXXXxxxxxxxXxxxxx XxxverifiedHigh
8XX.XX.X.XXXxxxxx.xx.xx.xx-xxxx.xxxxXxxxxxxxXxxxxx XxxverifiedHigh
9XX.XX.X.XXXxxxxx.xx.xx.xx-xxxx.xxxxXxxxxxxxXxxxxx XxxverifiedHigh
10XX.XX.X.XXXxxxxx.xx.xx.xx-xxxx.xxxxXxxxxxxxXxxxxx XxxverifiedHigh
11XX.XX.X.XXXxxxxx.xx.xx.xx-xxxx.xxxxXxxxxxxxXxxxxx XxxverifiedHigh
12XX.XXX.XXX.XXxx-xxx-xxx-xx.xxxxx-xx.xxxxx.xxxXxxxxx XxxxxxxXxxxxx XxxverifiedHigh
13XXX.XXX.XXX.XXXxxx.xxxxxxx-xxx-xxx.xxxxxxx.xxxxxx.xxXxxxxx XxxxxxxXxxxxx XxxverifiedHigh
14XXX.XX.XXX.XXXxxxxx XxxxxxxXxxxxx XxxverifiedHigh
15XXX.XXX.XXX.XXXxxxxxxxXxxxxx XxxverifiedHigh
16XXX.XXX.XX.XXxxxxxxxxx.xxxxxxxx.xx.xx-xxx.xx.xxXxxxxx XxxverifiedHigh
17XXX.X.XX.XXXxxxxx.xxxxx.xxxx.xxxxxx-xxxxxxx.xxxxxxXxxxxx XxxverifiedHigh
18XXX.XXX.XXX.XXXxxxxxx.xxxxxxx.xxxxxxxxxxxxx.xxXxxxxx XxxverifiedHigh
19XXX.XXX.XX.XXXxxxxx XxxverifiedHigh
20XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxx.xxxxx.xxxXxxxxx XxxxxxxXxxxxx XxxverifiedHigh
21XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxxxxxxxxxxxx.xxxXxxxxx XxxxxxxXxxxxx XxxverifiedHigh
22XXX.XXX.XXX.XXxxx-xxx-xxx-xx-xxxxxx.xxxxxxx.xxx.xxXxxxxx XxxxxxxXxxxxx XxxverifiedHigh
23XXX.XX.XX.XXXXxxxxx XxxxxxxXxxxxx XxxverifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (58)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2File/goform/saveParentControlInfopredictiveHigh
3File/secure/admin/InsightDefaultCustomFieldConfig.jspapredictiveHigh
4File/SSOPOST/metaAlias/%realm%/idpv2predictiveHigh
5File/uncpath/predictiveMedium
6File2020\Messages\SDNotify.exepredictiveHigh
7Fileadmin/admin_disallow.phppredictiveHigh
8Filexxxx.xxxpredictiveMedium
9Filexxxxx.xxxpredictiveMedium
10Filexxxxx.xxxpredictiveMedium
11Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveHigh
12Filexxxxxxxxx/xxxxx/xxxxxxx_xxxxxxx.xxxpredictiveHigh
13Filexxxx.xxxpredictiveMedium
14Filexxx/xxxxxx.xxxpredictiveHigh
15Filexxxxx.xxx?x=xxxxx&x=xxxxxxx&x=xxxxpredictiveHigh
16Filexxxxx.xxx?xx=xxxxxxx&xxx=xxxpredictiveHigh
17FilexxxxxxxxxxpredictiveMedium
18Filexxx.xpredictiveLow
19Filexxx/xxxxxxx/xxxxxxx/xxxxxxx.xxxxpredictiveHigh
20Filexxxxxxx.xxxpredictiveMedium
21Filexxxx/xxxxxpredictiveMedium
22Filexxxxx.xxxpredictiveMedium
23Filexxxxxx_xxxxxx.xxxpredictiveHigh
24Filexxxxxx.xxxpredictiveMedium
25Filexxxxxxxxx/xxxxxxxxxxpredictiveHigh
26Filexx-xxxxxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
27Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
28Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
29Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictiveHigh
30Filexx-xxxxxxxx/xx/xxxxxxxxxxxxpredictiveHigh
31Filexxxx.xxpredictiveLow
32Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveHigh
33Libraryxxxxxxxx/xxxxxxx/xxxxx/xxx.xxxpredictiveHigh
34ArgumentxxxxxxxxpredictiveMedium
35ArgumentxxxxxpredictiveLow
36ArgumentxxxxxxxxpredictiveMedium
37Argumentxxxxxxxx/xxxxpredictiveHigh
38Argumentxxxxx->xxxxpredictiveMedium
39ArgumentxxxxxxxxxxxpredictiveMedium
40ArgumentxxxxxxpredictiveLow
41Argumentxxxxxxx_xxxxxxxpredictiveHigh
42Argumentxxxx_xxxxxxxpredictiveMedium
43ArgumentxxpredictiveLow
44ArgumentxxxxxxxxpredictiveMedium
45ArgumentxxxxpredictiveLow
46ArgumentxxxxxxpredictiveLow
47Argumentxxxx/xxxxxxxpredictiveMedium
48Argumentxxxxxx xxxxxxpredictiveHigh
49ArgumentxxxxxxxxpredictiveMedium
50Argumentxxxx_xxpredictiveLow
51ArgumentxxxpredictiveLow
52ArgumentxxxxxxxxxxxpredictiveMedium
53ArgumentxxxxxxxxxxpredictiveMedium
54ArgumentxxxxxxxxxpredictiveMedium
55ArgumentxxxpredictiveLow
56Argumentxxxx->xxxxxxxpredictiveHigh
57Input Valuexxxx://xxxxx@xxxxxx:xxx/xxxx_xx.xxxpredictiveHigh
58Network Portxxx/xxxxpredictiveMedium

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!