PyXie Analysis

IOB - Indicator of Behavior (48)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en46
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us36
cn4
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WP Statistics Plugin2
AsusWRT2
Juniper Web Device Manager2
Progress MOVEit Transfer2
Open Webmail2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Progress MOVEit Transfer sql injection7.37.0$0-$5kCalculatingNot DefinedOfficial Fix0.010.01055CVE-2021-38159
2Microsoft Windows IKE Protocol Extension Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.01601CVE-2022-34721
3Vmware Workspace ONE Access/Identity Manager Template injection9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.93243CVE-2022-22954
4phpMyAdmin grab_globals.lib.php path traversal4.84.4$5k-$25kCalculatingProof-of-ConceptOfficial Fix0.150.04482CVE-2005-3299
5Open Webmail information disclosure3.33.3$0-$5kCalculatingNot DefinedWorkaround0.000.00000
6Microsoft Windows SPNEGO Extended Negotiation Remote Code Execution7.97.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.150.02251CVE-2022-37958
7Nexxt Amp300 ARN02304U8 Web Service sysTools os command injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.21903CVE-2022-44149
8ZTE MF286R command injection5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.040.09029CVE-2022-39073
9NodeBB socket.io Message initialization8.88.7$0-$5k$0-$5kNot DefinedOfficial Fix0.150.09029CVE-2022-46164
10Centos Panel 7 HTTP Request index.php Remote Code Execution6.36.0$0-$5k$0-$5kHighOfficial Fix2.160.30745CVE-2022-44877
11Apache Tapestry deserialization8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00954CVE-2022-46366
12Atlassian Bitbucket Server and Data Center Environment Variable command injection7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.000.01440CVE-2022-43781
13Ametys CMS auto-completion Plugin en.xml information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.12965CVE-2022-26159
14Exim EHLO Command string.c string_vformat buffer overflow8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.040.10667CVE-2019-16928
15WP Statistics Plugin class-wp-statistics-hits.php sql injection8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00954CVE-2022-0651
16Stormshield Network Security ASQ memory corruption6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.010.01978CVE-2021-31617
17Microsoft Office Excel Remote Code Execution7.06.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.01789CVE-2021-28449
18Google Chrome V8 type confusion6.36.0$25k-$100k$5k-$25kHighOfficial Fix0.050.01136CVE-2022-1364
19Juniper Web Device Manager Authentication hard-coded credentials9.89.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000.00000
20TeamPass Access Restriction index.php access control7.37.0$0-$5kCalculatingNot DefinedOfficial Fix0.030.01213CVE-2014-3771

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
1104.200.67.173PyXieverifiedHigh
2XXX.XX.XXX.XXXxxxxxx.xxxxxxxxxx.xxxXxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3TXXXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/login/index.phppredictiveHigh
2File/wp-content/plugins/updraftplus/admin.phppredictiveHigh
3Filefm_backupspredictiveMedium
4Filexxxxx/xxxxx_xxxxx_xpredictiveHigh
5Filexxxxxx/xxxxxxxxpredictiveHigh
6Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
7Filexxxxx.xxxpredictiveMedium
8Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictiveHigh
9Filexxxxxxx/xxx/xxxxxxx/xxxxxx/xxxx-xxxxxxxxxx/<xxxxxx>/xx.xxxpredictiveHigh
10Filexxxxxx/xxxxx/xxx.xpredictiveHigh
11Filexxxxxx.xpredictiveMedium
12Filexxxxxxx.xxxxpredictiveMedium
13File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxx.xxxpredictiveHigh
14Libraryxxx/xxx/xxxx/predictiveHigh
15Argumentxxxxxxx_xxxx_xxxxpredictiveHigh
16ArgumentxxxxxpredictiveLow
17ArgumentxxxxxxxpredictiveLow
18ArgumentxxxxxxxxpredictiveMedium
19Argument_xxxxx_xxxxxxx_xxxxxxxxx_xxxxxxx-xxxpredictiveHigh
20Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!