Pykspa Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (570)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

es446
en112
de4
fr4
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ES: Spain508
US: USA42
CE: Chechnya10
CN: China8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Pykspa1
Ramnit1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined166
SCADA Software22
Smartphone Operating System22
Web Server20
Operating System20

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined116
Microsoft34
Schneider Electric14
Samsung14
Google12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows14
Samsung Smart Phone12
Microsoft Exchange Server12
Facebook WhatsApp10
Schneider Electric Modicon M5808

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Keycloak Login ldap injection5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.11CVE-2022-2232
2Boa Terminal input validation5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.023950.09CVE-2009-4496
3polkit pkexec access control8.38.2$0-$5k$0-$5kHighWorkaround0.001220.04CVE-2021-4034
4SnakeYAML YAML File Parser stack-based overflow5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.003450.03CVE-2022-38752
5Facebook WhatsApp/WhatsApp Business/WhatsApp Desktop Call heap-based overflow7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000970.05CVE-2021-24042
6HPE Arcsight Logger Stored cross site scripting5.05.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000590.00CVE-2019-3485
7Technicolor TC7200.TH2v2 Credentials credentials management7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.004570.04CVE-2018-20393
8Vmware Spring Framework URL Parser UriComponentsBuilder redirect6.26.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-22262
9Facebook WhatsApp/WhatsApp Business Video Call use after free7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.003100.00CVE-2020-1909
10EmbedThis HTTP Library/Appweb httpLib.c authCondition improper authentication7.77.5$0-$5k$0-$5kHighOfficial Fix0.009270.05CVE-2018-8715
11Zeus Zeus Web Server memory corruption10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.358690.00CVE-2010-0359
12RabbitMQ Java Client Message Size denial of service5.05.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002080.00CVE-2023-46120
13SnakeYAML Constructor deserialization8.18.1$0-$5k$0-$5kNot DefinedNot Defined0.025720.04CVE-2022-1471
14Velneo vClient certificate validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001210.04CVE-2021-45035
15Zyxel USG/ZyWALL improper authentication9.89.8$5k-$25k$5k-$25kNot DefinedNot Defined0.080150.00CVE-2022-0342
16Microsoft Exchange Server Remote Code Execution7.37.0$5k-$25k$0-$5kHighOfficial Fix0.615620.04CVE-2021-26857
17Meta WhatsApp/WhatsApp Business Image Blurring heap-based overflow8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.002010.00CVE-2021-24041
18Acme Mini HTTPd Terminal input validation5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.003250.00CVE-2009-4490
19OpenSSL Stitched Ciphersuite d1_pkt.c SSL_shutdown information disclosure5.75.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.010230.04CVE-2019-1559
20Zeus Zeus Web Server Admin Server cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001090.09CVE-2010-0363

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
140.255.0.62Pykspa06/13/2021verifiedLow
2XX.XX.XXX.XXxxxxxx.xxxx-xxxxxx.xxXxxxxx06/13/2021verifiedLow
3XXX.XX.XX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxx06/13/2021verifiedLow
4XXX.XX.XXX.XXxxxxxxx.xxxxxxxxxx.xxx.xxXxxxxx06/13/2021verifiedLow
5XXX.XXX.XXX.XXXxxxxx06/13/2021verifiedLow

TTP - Tactics, Techniques, Procedures (25)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294, CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94, CWE-1321Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-CWE-XXXXxx-xxx Xxxx Xxxxxxx XxxxpredictiveHigh
10TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
12TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
13TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-492CWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
16TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-466CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
20TXXXX.XXXCAPEC-459CWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
21TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
22TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
23TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
24TXXXX.XXXCAPEC-112CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
25TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (128)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/.ssh/authorized_keyspredictiveHigh
2File//etc/RT2870STA.datpredictiveHigh
3File/cgi-bin/luci;stok=/localepredictiveHigh
4File/cgi-bin/wapopenpredictiveHigh
5File/classes/Users.php?f=savepredictiveHigh
6File/HNAP1predictiveLow
7File/index.phppredictiveMedium
8File/mgmt/tm/util/bashpredictiveHigh
9File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
10File/setSystemAdminpredictiveHigh
11File/sp/ListSp.phppredictiveHigh
12File/updown/upload.cgipredictiveHigh
13File/usr/bin/pkexecpredictiveHigh
14File?r=dashboard/database/optimizepredictiveHigh
15Filexxx.xpredictiveLow
16Filexxxxx.xpredictiveLow
17Filexxx/xxxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxx/xxxxxxxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
19Filexxx/xxxxxxxxx/xxxxxxx/xxxxxx-xxxxxx.xxxpredictiveHigh
20Filexxx/xxxxx/xxxxxxxxx.xxxpredictiveHigh
21Filexxx/xxxxxxxx/xxxxxxx_xxxxxx_xxxxxxx.xxpredictiveHigh
22Filexxx_xxxxxxxxx.xxxpredictiveHigh
23Filexxxx-xxxx.xpredictiveMedium
24Filexxxx.xxxpredictiveMedium
25Filexxxxxxxx/xx.xpredictiveHigh
26Filexxxxx_xxxxxxxx.xpredictiveHigh
27FilexxxxxpredictiveLow
28Filexxx-xxx/xx_xxxxxx_xxxxxx.xxxpredictiveHigh
29Filexxxxxxxxxx.xxxpredictiveHigh
30Filexxx/xxxxxxx/xx/xxxx/xxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
31Filexxxxxx.xxxpredictiveMedium
32Filex_xxxxxxpredictiveMedium
33Filexxxxxx_x_x.xxxpredictiveHigh
34Filexxxxx.xpredictiveLow
35Filexxxx_xxx_xxxx.xxxpredictiveHigh
36Filexxxxxxxx.xpredictiveMedium
37Filexxxxxxxx.xxxpredictiveMedium
38Filexxxxxxxxxx.xxxpredictiveHigh
39Filexxx_xxxxxx.xxxpredictiveHigh
40Filexxx/xxxxx.xpredictiveMedium
41Filexxxx.xpredictiveLow
42Filexxxx/xxxpredictiveMedium
43Filexxxx/xxxxxxx.xxxxpredictiveHigh
44Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
45Filexxxxx.xxpredictiveMedium
46Filexxxxx.xxxpredictiveMedium
47Filexxxxx.xxx/xxxxxxxxxx/xxx_xxxxxxxxpredictiveHigh
48Filexxxxxxx.xpredictiveMedium
49Filexxxxxxxxxx/xxxx.xpredictiveHigh
50Filexxxx.xxxxpredictiveMedium
51Filexxxxxxx.xxxpredictiveMedium
52Filexx_xxxxxxxxxxxxxx.xpredictiveHigh
53Filexxxxxxx/xxxx-xxxx/xxxxx/xxxxxxxxxx.xxpredictiveHigh
54Filexxxxxxx.xpredictiveMedium
55Filexxxxxx.xxpredictiveMedium
56Filexxxxxxxxxxxxx.xxxpredictiveHigh
57Filexxxxxxx/xxxxxxxx/xxxxxx-xxxxxx.xpredictiveHigh
58Filexxxxx.xpredictiveLow
59Filexxxxxxxxxxxx.xxxpredictiveHigh
60Filexxxxxx.xpredictiveMedium
61Filexxxx_xxx_xx.xpredictiveHigh
62Filexxx.xpredictiveLow
63Filexxxxxx.xpredictiveMedium
64Filexxxx-xxxxxx.xpredictiveHigh
65Filexxxxxxxxxxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
66Filexxx/xx_xxx.xpredictiveMedium
67Filexxxxxxxxxxxxxxxx.xxxxpredictiveHigh
68Filexxxx.xxxpredictiveMedium
69Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
70Filexxxx.xxxpredictiveMedium
71Filexxxxxxx.xxxpredictiveMedium
72Filexxxxxxxx.xxxpredictiveMedium
73Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
74Filexxxx/xxxx_xxxxxx.xpredictiveHigh
75File_xxxxxxxxxx.xpredictiveHigh
76Library/xxxxxxx/xxxxxxx.xxxpredictiveHigh
77Libraryxxxx/xxxxxxx.xpredictiveHigh
78Libraryxxx/xxxxx.xxpredictiveMedium
79LibraryxxxxxxxxxpredictiveMedium
80Libraryxxxxxxxx.xxxpredictiveMedium
81Libraryxxxxx.xxxpredictiveMedium
82Libraryxxxxxxx.xxxpredictiveMedium
83Argument-xxpredictiveLow
84ArgumentxxxxxxxpredictiveLow
85ArgumentxxxxxxxpredictiveLow
86ArgumentxxxxxxpredictiveLow
87ArgumentxxxxxxxpredictiveLow
88ArgumentxxxxxxxpredictiveLow
89ArgumentxxxxxxxxxxpredictiveMedium
90Argumentxxxx_xxxpredictiveMedium
91ArgumentxxxxxxxxxxxpredictiveMedium
92ArgumentxxxxxxxxxxxpredictiveMedium
93ArgumentxxxxxxxpredictiveLow
94Argumentxxxxxx_xxxxxxxxpredictiveHigh
95Argumentxxxxxxxxxxx xxxx/xxxxxxxxxxx xxxx/xxxxxxxxxxx xxxx/xxxxxxx/xxxxxxx/xxxxxxx/xxxxxxx/xxxxxx/xxxxxx/xxxxx xx/xxxxxxxxxx x xxx x xxxxxx xxxxxxxx/xxxxxxxxxx xxx xx xxxxxx xxxxxxxx/xxxxxxxxxx xxx+ xx xxxxxx xxxxxxxxpredictiveHigh
96ArgumentxxxxxxxxxxpredictiveMedium
97ArgumentxxpredictiveLow
98ArgumentxxpredictiveLow
99ArgumentxxxxxxxxpredictiveMedium
100Argumentxxx_xxxxpredictiveMedium
101ArgumentxxxxxpredictiveLow
102Argumentxxxxxxx_xxx_xxxxxx/xxxxxxxxxx_xxxxxxxxxxpredictiveHigh
103ArgumentxxxxxxxxpredictiveMedium
104ArgumentxxxxxxxxxxxxpredictiveMedium
105Argumentxxxxxx_xxxxpredictiveMedium
106Argumentxxxxxxx_xxxxpredictiveMedium
107Argumentxxxxxx_xxxx_xxxxpredictiveHigh
108ArgumentxxxxxxxxxpredictiveMedium
109ArgumentxxxxpredictiveLow
110ArgumentxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
111Argumentxxxx_xxxxxxpredictiveMedium
112ArgumentxxxxxxxxpredictiveMedium
113Argumentxxxx_xxxxx_predictiveMedium
114Argumentxxxx_xxxxxx_xxxxpredictiveHigh
115ArgumentxxxxxxxxpredictiveMedium
116Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
117ArgumentxxxxxxxxxxxxpredictiveMedium
118ArgumentxxxxpredictiveLow
119ArgumentxxxxxxxxxxxxxpredictiveHigh
120ArgumentxxxxxpredictiveLow
121Argumentx-xxxxxxxxx-xxxpredictiveHigh
122Argumentx-xxxx-xxxxxpredictiveMedium
123Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
124Input Value../..predictiveLow
125Input Valuexxxx%xx%xxxxx%xx(xxxxxx%xxxxxx%xxxxxx%xx(xxxxxx(xxxxx(x)))xxxx)%xxxxx%xx%xxxxxx%xx=%xxxxxxpredictiveHigh
126Network Portxxx/xxxxpredictiveMedium
127Network Portxxx/xxxxpredictiveMedium
128Network Portxxx/xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!