Pykspa Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (541)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

es422
en120

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

es486
us34
ce6
cn6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Pykspa1
Ramnit1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined150
Operating System34
Smartphone Operating System30
Web Server18
Groupware Software12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined126
Microsoft36
Apple28
Samsung22
Qualcomm8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows22
Samsung Smart Phone14
Apple iOS12
Microsoft Exchange Server10
Apple macOS10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Keycloak Login ldap injection5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.03CVE-2022-2232
2Boa Terminal input validation5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.023950.02CVE-2009-4496
3polkit pkexec access control8.88.1$0-$5k$0-$5kProof-of-ConceptWorkaround0.000460.04CVE-2021-4034
4SnakeYAML YAML File Parser stack-based overflow5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.003450.05CVE-2022-38752
5Facebook WhatsApp/WhatsApp Business/WhatsApp Desktop Call heap-based overflow7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000970.02CVE-2021-24042
6HPE Arcsight Logger Stored cross site scripting5.05.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000590.00CVE-2019-3485
7Technicolor TC7200.TH2v2 Credentials credentials management7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.004060.07CVE-2018-20393
8Facebook WhatsApp/WhatsApp Business Video Call use after free7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.003100.00CVE-2020-1909
9EmbedThis HTTP Library/Appweb httpLib.c authCondition improper authentication7.77.5$0-$5k$0-$5kHighOfficial Fix0.009270.04CVE-2018-8715
10Zeus Zeus Web Server memory corruption10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.158870.02CVE-2010-0359
11SnakeYAML Constructor deserialization8.18.1$0-$5k$0-$5kNot DefinedNot Defined0.008110.02CVE-2022-1471
12Velneo vClient certificate validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001210.00CVE-2021-45035
13Zyxel USG/ZyWALL improper authentication9.89.8$5k-$25k$5k-$25kNot DefinedNot Defined0.080150.02CVE-2022-0342
14Microsoft Exchange Server Remote Code Execution7.36.8$25k-$100k$0-$5kFunctionalOfficial Fix0.764770.00CVE-2021-26857
15Meta WhatsApp/WhatsApp Business Image Blurring heap-based overflow8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.002010.00CVE-2021-24041
16Acme Mini HTTPd Terminal input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003030.04CVE-2009-4490
17OpenSSL Stitched Ciphersuite d1_pkt.c SSL_shutdown information disclosure5.75.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.008050.00CVE-2019-1559
18Zeus Zeus Web Server Admin Server cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001010.03CVE-2010-0363
19Keycloak Account Lockout denial of service3.63.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000430.00CVE-2024-1722
20Fortinet FortiOS SSL-VPN out-of-bounds write9.89.6$25k-$100k$5k-$25kHighOfficial Fix0.018420.09CVE-2024-21762

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
140.255.0.62Pykspa06/13/2021verifiedHigh
2XX.XX.XXX.XXxxxxxx.xxxx-xxxxxx.xxXxxxxx06/13/2021verifiedHigh
3XXX.XX.XX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxx06/13/2021verifiedHigh
4XXX.XX.XXX.XXxxxxxxx.xxxxxxxxxx.xxx.xxXxxxxx06/13/2021verifiedHigh
5XXX.XXX.XXX.XXXxxxxx06/13/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (24)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CWE-94, CWE-1321Argument InjectionpredictiveHigh
5T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxx-xxx Xxxx Xxxxxxx XxxxpredictiveHigh
10TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
12TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
14TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
15TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
17TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
18TXXXXCWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
19TXXXX.XXXCWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
20TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
21TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
22TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
23TXXXX.XXXCWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
24TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (122)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/.ssh/authorized_keyspredictiveHigh
2File//etc/RT2870STA.datpredictiveHigh
3File/cgi-bin/luci;stok=/localepredictiveHigh
4File/cgi-bin/wapopenpredictiveHigh
5File/classes/Users.php?f=savepredictiveHigh
6File/HNAP1predictiveLow
7File/index.phppredictiveMedium
8File/mgmt/tm/util/bashpredictiveHigh
9File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
10File/setSystemAdminpredictiveHigh
11File/sp/ListSp.phppredictiveHigh
12File/updown/upload.cgipredictiveHigh
13File/usr/bin/pkexecpredictiveHigh
14File?x=xxxxxxxxx/xxxxxxxx/xxxxxxxxpredictiveHigh
15Filexxx.xpredictiveLow
16Filexxxxx.xpredictiveLow
17Filexxx/xxxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxx/xxxxxxxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
19Filexxx/xxxxxxxxx/xxxxxxx/xxxxxx-xxxxxx.xxxpredictiveHigh
20Filexxx/xxxxx/xxxxxxxxx.xxxpredictiveHigh
21Filexxx/xxxxxxxx/xxxxxxx_xxxxxx_xxxxxxx.xxpredictiveHigh
22Filexxx_xxxxxxxxx.xxxpredictiveHigh
23Filexxxx-xxxx.xpredictiveMedium
24Filexxxx.xxxpredictiveMedium
25Filexxxxxxxx/xx.xpredictiveHigh
26Filexxxxx_xxxxxxxx.xpredictiveHigh
27FilexxxxxpredictiveLow
28Filexxx-xxx/xx_xxxxxx_xxxxxx.xxxpredictiveHigh
29Filexxxxxxxxxx.xxxpredictiveHigh
30Filexxx/xxxxxxx/xx/xxxx/xxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
31Filexxxxxx.xxxpredictiveMedium
32Filex_xxxxxxpredictiveMedium
33Filexxxxxx_x_x.xxxpredictiveHigh
34Filexxxxx.xpredictiveLow
35Filexxxx_xxx_xxxx.xxxpredictiveHigh
36Filexxxxxxxx.xxxpredictiveMedium
37Filexxxxxxxxxx.xxxpredictiveHigh
38Filexxx_xxxxxx.xxxpredictiveHigh
39Filexxx/xxxxx.xpredictiveMedium
40Filexxxx.xpredictiveLow
41Filexxxx/xxxpredictiveMedium
42Filexxxx/xxxxxxx.xxxxpredictiveHigh
43Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
44Filexxxxx.xxxpredictiveMedium
45Filexxxxx.xxx/xxxxxxxxxx/xxx_xxxxxxxxpredictiveHigh
46Filexxxxxxx.xpredictiveMedium
47Filexxxxxxxxxx/xxxx.xpredictiveHigh
48Filexxxx.xxxxpredictiveMedium
49Filexxxxxxx.xxxpredictiveMedium
50Filexx_xxxxxxxxxxxxxx.xpredictiveHigh
51Filexxxxxxx/xxxx-xxxx/xxxxx/xxxxxxxxxx.xxpredictiveHigh
52Filexxxxxxx.xpredictiveMedium
53Filexxxxxx.xxpredictiveMedium
54Filexxxxxxxxxxxxx.xxxpredictiveHigh
55Filexxxxxxx/xxxxxxxx/xxxxxx-xxxxxx.xpredictiveHigh
56Filexxxxx.xpredictiveLow
57Filexxxxxxxxxxxx.xxxpredictiveHigh
58Filexxxxxx.xpredictiveMedium
59Filexxxx_xxx_xx.xpredictiveHigh
60Filexxx.xpredictiveLow
61Filexxxxxx.xpredictiveMedium
62Filexxxx-xxxxxx.xpredictiveHigh
63Filexxxxxxxxxxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
64Filexxx/xx_xxx.xpredictiveMedium
65Filexxxxxxxxxxxxxxxx.xxxxpredictiveHigh
66Filexxxx.xxxpredictiveMedium
67Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
68Filexxxx.xxxpredictiveMedium
69Filexxxxxxx.xxxpredictiveMedium
70Filexxxxxxxx.xxxpredictiveMedium
71Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
72Filexxxx/xxxx_xxxxxx.xpredictiveHigh
73Library/xxxxxxx/xxxxxxx.xxxpredictiveHigh
74Libraryxxxx/xxxxxxx.xpredictiveHigh
75LibraryxxxxxxxxxpredictiveMedium
76Libraryxxxxxxxx.xxxpredictiveMedium
77Libraryxxxxx.xxxpredictiveMedium
78Libraryxxxxxxx.xxxpredictiveMedium
79Argument-xxpredictiveLow
80ArgumentxxxxxxxpredictiveLow
81ArgumentxxxxxxxpredictiveLow
82ArgumentxxxxxxpredictiveLow
83ArgumentxxxxxxxpredictiveLow
84ArgumentxxxxxxxpredictiveLow
85ArgumentxxxxxxxxxxpredictiveMedium
86Argumentxxxx_xxxpredictiveMedium
87ArgumentxxxxxxxxxxxpredictiveMedium
88ArgumentxxxxxxxxxxxpredictiveMedium
89ArgumentxxxxxxxpredictiveLow
90Argumentxxxxxx_xxxxxxxxpredictiveHigh
91Argumentxxxxxxxxxxx xxxx/xxxxxxxxxxx xxxx/xxxxxxxxxxx xxxx/xxxxxxx/xxxxxxx/xxxxxxx/xxxxxxx/xxxxxx/xxxxxx/xxxxx xx/xxxxxxxxxx x xxx x xxxxxx xxxxxxxx/xxxxxxxxxx xxx xx xxxxxx xxxxxxxx/xxxxxxxxxx xxx+ xx xxxxxx xxxxxxxxpredictiveHigh
92ArgumentxxxxxxxxxxpredictiveMedium
93ArgumentxxpredictiveLow
94ArgumentxxpredictiveLow
95Argumentxxx_xxxxpredictiveMedium
96ArgumentxxxxxpredictiveLow
97Argumentxxxxxxx_xxx_xxxxxx/xxxxxxxxxx_xxxxxxxxxxpredictiveHigh
98ArgumentxxxxxxxxpredictiveMedium
99ArgumentxxxxxxxxxxxxpredictiveMedium
100Argumentxxxxxx_xxxxpredictiveMedium
101Argumentxxxxxxx_xxxxpredictiveMedium
102Argumentxxxxxx_xxxx_xxxxpredictiveHigh
103ArgumentxxxxxxxxxpredictiveMedium
104ArgumentxxxxpredictiveLow
105ArgumentxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
106Argumentxxxx_xxxxxxpredictiveMedium
107ArgumentxxxxxxxxpredictiveMedium
108Argumentxxxx_xxxxxx_xxxxpredictiveHigh
109ArgumentxxxxxxxxpredictiveMedium
110Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
111ArgumentxxxxxxxxxxxxpredictiveMedium
112ArgumentxxxxpredictiveLow
113ArgumentxxxxxxxxxxxxxpredictiveHigh
114ArgumentxxxxxpredictiveLow
115Argumentx-xxxxxxxxx-xxxpredictiveHigh
116Argumentx-xxxx-xxxxxpredictiveMedium
117Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
118Input Value../..predictiveLow
119Input Valuexxxx%xx%xxxxx%xx(xxxxxx%xxxxxx%xxxxxx%xx(xxxxxx(xxxxx(x)))xxxx)%xxxxx%xx%xxxxxx%xx=%xxxxxxpredictiveHigh
120Network Portxxx/xxxxpredictiveMedium
121Network Portxxx/xxxxpredictiveMedium
122Network Portxxx/xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!