Python Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (46)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en40
zh6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA10
PL: Poland2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Python4
FickerStealer1
Beapy1
Tsunami1
Emotet1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined16
Continuous Integration Software4
Database Software2
Operating System2
Programming Language Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined14
Oracle2
HTC2
Microsoft2
INEX2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Jenkins4
Unisoc T6104
Unisoc T6064
Unisoc T7604
Oracle MySQL Server2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot definedNot defined 0.002850.09CVE-2007-0529
2VMware vSphere Replication command injection6.76.4$5k-$25k$0-$5kNot definedOfficial fix 0.015970.00CVE-2021-21976
3Oracle MySQL Server InnoDB access control5.55.4$5k-$25k$0-$5kNot definedOfficial fix 0.001110.00CVE-2018-3185
4Jenkins Queue authorization5.55.5$0-$5k$0-$5kNot definedNot defined 0.027480.03CVE-2021-21670
5NAS4Free exec.php code injection6.36.3$0-$5k$0-$5kHighNot definedpossible0.568410.03CVE-2013-3631
6Acer Quick Access QAAdminAgent.exe untrusted search path6.56.5$0-$5k$0-$5kNot definedNot defined 0.001490.06CVE-2019-18670
7Advanced SystemCare Ultimate Driver Monitor_win7_x64.sys input validation7.27.2$0-$5k$0-$5kNot definedNot defined 0.000390.00CVE-2018-9006
8PeaZip Library dragdropfilesdll.dll uncontrolled search path6.16.1$0-$5k$0-$5kNot definedOfficial fix 0.000880.08CVE-2023-6891
9Microsoft Windows Pragmatic General Multicast Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial fix 0.021390.03CVE-2023-36397
10Vmware Spring for GraphQL information disclosure3.53.5$5k-$25k$0-$5kNot definedOfficial fix 0.004620.00CVE-2023-34047
11Jenkins Caption Parameter ExpandableDetailsNote cross site scripting4.44.4$0-$5k$0-$5kNot definedNot defined 0.032180.00CVE-2023-43495
12Jenkins Temporary Directory permission7.17.1$0-$5k$0-$5kNot definedNot defined 0.003830.00CVE-2023-43496
13Jenkins Stapler Web Framework permission6.86.8$0-$5k$0-$5kNot definedNot defined 0.001830.00CVE-2023-43497
14Jenkins MultipartFormDataParser permission6.86.7$0-$5k$0-$5kNot definedOfficial fix 0.001830.00CVE-2023-43498
15Jenkins Build Variable permission3.93.9$0-$5k$0-$5kNot definedNot defined 0.238070.05CVE-2023-43494
16SHIRASAGI path traversal7.57.4$0-$5k$0-$5kNot definedOfficial fix 0.047530.00CVE-2023-39448
17Artica Pandora FMS File Manager .htaccess unrestricted upload5.55.2$0-$5k$0-$5kProof-of-ConceptNot defined 0.002410.00CVE-2021-36697
18INEX IPX-Manager list.foil.php cross site scripting4.44.3$0-$5k$0-$5kNot definedOfficial fix 0.000940.07CVE-2022-4559
19OTFCC otfccdump+0x6c08a6 heap-based overflow6.06.0$0-$5k$0-$5kNot definedNot defined 0.001540.00CVE-2022-35043
20Unisoc S8000 Sensor Driver out-of-bounds write5.55.5$0-$5k$0-$5kNot definedNot defined 0.000200.00CVE-2022-39126

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
123.21.126.66ec2-23-21-126-66.compute-1.amazonaws.comPython07/24/2021verifiedVery Low
245.79.77.20li1176-20.members.linode.comPython04/13/2022verifiedMedium
354.221.253.252ec2-54-221-253-252.compute-1.amazonaws.comPython07/24/2021verifiedVery Low
454.225.66.103ec2-54-225-66-103.compute-1.amazonaws.comPython07/24/2021verifiedVery Low
554.225.220.115ec2-54-225-220-115.compute-1.amazonaws.comPython07/24/2021verifiedVery Low
6XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxx07/24/2021verifiedVery Low
7XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxx07/24/2021verifiedVery Low
8XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxx07/24/2021verifiedVery Low
9XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxx07/24/2021verifiedVery Low
10XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxx07/24/2021verifiedVery Low
11XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxx07/24/2021verifiedVery Low
12XX.XX.XXX.XXxx.xxXxxxxx04/13/2022verifiedMedium
13XXX.XX.X.XXXxxxxx04/13/2022verifiedMedium
14XXX.XXX.XXX.XXXXxxxxx07/24/2021verifiedLow
15XXX.XXX.XXX.XXXXxxxxx07/24/2021verifiedLow
16XXX.XXX.XXX.XXXXxxxxx07/24/2021verifiedLow
17XXX.XXX.XXX.XXXXxxxxx07/24/2021verifiedLow
18XXX.XXX.XXX.XXXXxxxxx07/24/2021verifiedLow
19XXX.XXX.XXX.XXXXxxxxx07/24/2021verifiedLow
20XXX.XXX.XXX.XXXXxxxxx07/24/2021verifiedLow
21XXX.XX.XXX.XXXxxxxx10/31/2022verifiedMedium
22XXX.XXX.XXX.Xxxx.xxxx.xxxXxxxxx10/31/2022verifiedMedium
23XXX.XXX.XXX.XXxxx.xxxx.xxxXxxxxx10/31/2022verifiedMedium
24XXX.XXX.XXX.XXxxx.xxxx.xxxXxxxxx10/31/2022verifiedMedium
25XXX.XXX.XXX.XXXxxx.xxxx.xxxXxxxxx10/31/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-XXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
11TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/api/v1/bait/setpredictiveHigh
3File/release-x64/otfccdump+0x6b0b2cpredictiveHigh
4File/xxxxxxx-xxx/xxxxxxxxx+xxxxxxxxpredictiveHigh
5Filexxxx.xxxpredictiveMedium
6Filexxxxx.xxxxpredictiveMedium
7Filexxxxxxxxxxxx.xxxpredictiveHigh
8Filexxxxxxx.xxpredictiveMedium
9Filexxxxxxxxx/xxxxx/xxxxxxxx/xxxx.xxxx.xxxpredictiveHigh
10Libraryxxxxxxxxxxxxxxxx.xxxpredictiveHigh
11Libraryxxxxx.xxxpredictiveMedium
12Libraryxxxxxxx_xxxx_xxx.xxxpredictiveHigh
13Libraryxxxxx.xxxpredictiveMedium
14ArgumentxxxxpredictiveLow
15ArgumentxxxxxxxpredictiveLow

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!