PowerShell Empire Analysis

IOB - Indicator of Behavior (77)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en76
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us62
cn8
gr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Mozilla Firefox10
Apple iOS8
FFmpeg6
Linux Kernel4
Adobe Flash Player4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Fishbowl Inventory XML deserialization8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.040.01978CVE-2022-29805
2Itech Movie Portal Script movie.php Reflected cross site scripting4.94.8$0-$5kCalculatingProof-of-ConceptNot Defined0.050.00885CVE-2017-20140
3Hindu Matrimonial Script communitymanagement.php privileges management7.16.9$0-$5kCalculatingProof-of-ConceptNot Defined0.030.00885CVE-2017-20070
4Microsoft Windows wcmsvc.dll access control6.76.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.050.01376CVE-2019-1180
5czproject git-php isRemoteUrlReadable argument injection6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.060.02211CVE-2022-25866
6Kubernetes kubelet pprof information disclosure7.77.4$0-$5kCalculatingNot DefinedOfficial Fix0.040.62923CVE-2019-11248
7Joomla! Blacklist sql injection6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.050.00885CVE-2020-35613
8Eclipse Theia Mini-Browser data authenticity6.26.2$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2019-17636
9Lexmark Product Embedded Web Server Stored cross site scripting4.44.4$0-$5kCalculatingNot DefinedNot Defined0.030.00885CVE-2019-19773
10Open-Xchange App Suite cross site scripting4.54.3$0-$5kCalculatingNot DefinedOfficial Fix0.000.01136CVE-2018-9997
11HPE Intelligent Management Center PLAT input validation8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01055CVE-2019-5347
12SaltStack Salt Salt-api minion command injection7.37.0$0-$5kCalculatingNot DefinedOfficial Fix0.010.02260CVE-2017-5200
13SaltStack Salt Incomplete Fix path traversal7.67.5$0-$5kCalculatingNot DefinedOfficial Fix0.010.01108CVE-2017-14695
14Cisco libsrtp srtp.c memory corruption5.35.3$5k-$25k$5k-$25kNot DefinedOfficial Fix0.050.01955CVE-2013-2139
15Synology DiskStation Manager SYNO.API.Encryption cryptographic issues7.47.2$0-$5kCalculatingNot DefinedOfficial Fix0.020.01055CVE-2017-9553
16cURL file:/ file.c file_do Memory information disclosure4.94.7$0-$5kCalculatingNot DefinedOfficial Fix0.020.01018CVE-2017-1000099
17FFmpeg wmalosslessdec.c memory corruption5.34.6$0-$5kCalculatingUnprovenOfficial Fix0.030.01055CVE-2014-2098
18FFmpeg jpeg2000dec.c get_siz memory corruption5.34.6$0-$5k$0-$5kUnprovenOfficial Fix0.040.00885CVE-2014-125003
19FFmpeg dnxhdenc.c dnxhd_init_rc memory corruption5.34.6$0-$5kCalculatingUnprovenOfficial Fix0.000.00885CVE-2014-125002
20FFmpeg takdec.c tak_decode_frame input validation5.34.6$0-$5kCalculatingUnprovenOfficial Fix0.020.01055CVE-2014-2097

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
180.209.252.708ogp6xm.leadtechrevolution.comPowerShell EmpireverifiedHigh
2XXX.XXX.XX.XXXxxxxxxxxx XxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (34)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/communitymanagement.phppredictiveHigh
2File/debug/pprofpredictiveMedium
3File/movie.phppredictiveMedium
4File/var/log/salt/minionpredictiveHigh
5Filexxxx/xxxxxxxxxx/xxxxxx-xxxx.xpredictiveHigh
6Filexxxx/xxxxxxxxxx/xxxxxx-xxxpredictiveHigh
7Filexxxx.xpredictiveLow
8Filexxxxxxxxxx/xxxxxxxx.xpredictiveHigh
9Filexxxxxxxxxx/xxxx.xpredictiveHigh
10Filexxxxxxxxxx/xxxxxxxx_xxxxxxxx.xpredictiveHigh
11Filexxxxxxxxxx/xxxxxxxxxxx.xpredictiveHigh
12Filexxxxxxxxxx/xxxxxxxxxxxxx.xpredictiveHigh
13Filexxxxxxxxxx/xxxxxx.xpredictiveHigh
14Filexxxxxxxxxx/xxxx.xpredictiveHigh
15Filexxxxxxxxxxx/xxxxxxxxxxxxxx.xpredictiveHigh
16Filexxxxxx-xxx.xxpredictiveHigh
17Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxxxxx.xxxpredictiveMedium
19Filexxxx.xpredictiveLow
20Filexxxxx.xxxpredictiveMedium
21Filexxxx.xxx.xxxxxxxxxxpredictiveHigh
22Filexxxxxxx/xxxx.xpredictiveHigh
23Filexxxxxxxxxxxxxx.xpredictiveHigh
24Libraryxxxxxxxx.xxxpredictiveMedium
25LibraryxxxxxxpredictiveLow
26Libraryxxxxxx.xxxpredictiveMedium
27ArgumentxxxpredictiveLow
28Argumentxxxxxxxx_xxxpredictiveMedium
29Argumentxxxxxxxx/xxxxxxxxxpredictiveHigh
30Argumentxxx/xxxxpredictiveMedium
31ArgumentxxxxxxxpredictiveLow
32Input Value<xxx xxx=x xxxxxxx=xxxxxx(x)>predictiveHigh
33Input Valuexxxxxx xxxxxxxxx xxxxxpredictiveHigh
34Patternxxxxxxxxxxx/xxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!