Quantum Analysis

IOB - Indicator of Behavior (77)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en70
de2
ar2
fr2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us60
cn12
ru4
ar2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Moxa EDR-8108
GNU C Library8
GNU binutils4
RealNetworks RealServer2
libxml22

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1libxslt EXSLT Math.random Prediction random values5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2015-9019
2GNU C Library fnmatch_loop.c fnmatch out-of-bounds5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01108CVE-2015-8984
3GNU C Library strxfrm integer overflow9.18.6$0-$5kCalculatingNot DefinedOfficial Fix0.000.02714CVE-2015-8982
4TablePress xml external entity reference5.35.1$0-$5kCalculatingNot DefinedOfficial Fix0.010.00885CVE-2017-10889
5Salutation Responsive WordPress + BuddyPress Theme Stored cross site scripting4.44.4$0-$5kCalculatingNot DefinedNot Defined0.000.00885CVE-2017-1000227
6libxml2 Recover Mode null pointer dereference4.03.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01319CVE-2017-5969
7elfutils elf_getdata.c _libelf_set_rawdata_wrlock memory corruption5.45.3$0-$5kCalculatingNot DefinedOfficial Fix0.080.01319CVE-2016-10255
8elfutils ELF File common.h allocate_elf memory corruption5.45.3$0-$5kCalculatingNot DefinedOfficial Fix0.000.01213CVE-2016-10254
9GNU C Library wstrops.c IO_wstr_overflow integer overflow7.77.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.02464CVE-2015-8983
10Iomega/LenovoEMC NAS API access control7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2019-6160
11Alienvault OSSIM/USM gauge.php sql injection9.89.4$0-$5k$0-$5kHighOfficial Fix0.030.79620CVE-2016-8582
12Apache HTTP Server MPM Event Worker access control6.56.2$5k-$25k$0-$5kProof-of-ConceptNot Defined0.090.82178CVE-2019-0211
13Apache HTTP Server mod_mime memory corruption8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.05242CVE-2017-7679
14Nagios XI Switch Wizard os command injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01156CVE-2021-37344
15Huawei SXXXX XML Parser input validation3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2017-15346
16Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k and more$0-$5kProof-of-ConceptOfficial Fix0.030.02288CVE-2022-26923
17Microsoft Windows Windows Print Workflow Service privileges management7.06.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.040.01150CVE-2020-1366
18VMware Spring Cloud Gateway Actuator Endpoint code injection9.89.4$5k-$25k$5k-$25kNot DefinedOfficial Fix0.050.95613CVE-2022-22947
19QNAP NAS Surveillance Station stack-based overflow7.67.3$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01086CVE-2020-2501
20Microsoft Windows IIS memory corruption7.97.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.030.01140CVE-2019-1365

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
1138.68.42.130prod-sfo2-1.qencode-master-cf283c7cc10911ecb9daa269211215a9QuantumverifiedHigh
2XXX.XXX.XXX.XXXxxxxxxverifiedHigh
3XXX.XXX.XXX.XXXXxxxxxxverifiedHigh
4XXX.XXX.XXX.XXXxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059CWE-94Cross Site ScriptingpredictiveHigh
2T1059.007CWE-79Cross Site ScriptingpredictiveHigh
3T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
4TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (38)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/etc/shadowpredictiveMedium
2File/goform/net\_Web\_get_valuepredictiveHigh
3File/goform/net_WebCSRGenpredictiveHigh
4File/goform/WebRSAKEYGenpredictiveHigh
5File/uncpath/predictiveMedium
6File/wp-content/plugins/updraftplus/admin.phppredictiveHigh
7Filexxxxx/xxxxxx_xxxxxx_xxxxxxx/xxxxx-xxx-xxxxx.xxxpredictiveHigh
8Filexxx/xxxxxxx.xpredictiveHigh
9Filexxxxxx.xpredictiveMedium
10Filexxxxx.xpredictiveLow
11Filexxxxxx.xpredictiveMedium
12Filexxx.xpredictiveLow
13Filexxx_xxxxxxx.xpredictiveHigh
14Filexxx/xxxxx/xxxxx.xpredictiveHigh
15Filexxxxxx-xxxxxxx-xxxxxxxx.xxxpredictiveHigh
16Filexxxxxxx_xxxx.xpredictiveHigh
17Filexxxxxxxxx.xxxpredictiveHigh
18Filexxxxx.xxxpredictiveMedium
19Filexxxx.xpredictiveLow
20Filexxxx.xpredictiveLow
21Filexxx/xxxxx/xxxxx_xxxx_xxxxxxxxx.xxxpredictiveHigh
22Filexxxx_xxxx.xxxpredictiveHigh
23Filexxxxxx/xxxxxx/xxxx.xpredictiveHigh
24Filexxxxx/xxxxxxx.xpredictiveHigh
25Filexxxxxxxxxxx.xxxpredictiveHigh
26Filexxxxxxx.xxxpredictiveMedium
27Filexxxxxxxx.xxxpredictiveMedium
28Filexxxx-xxxxxx.xpredictiveHigh
29ArgumentxxpredictiveLow
30Argumentxxxx_xxpredictiveLow
31Argumentxx_xxxxxxx_xxxxpredictiveHigh
32ArgumentxxxxpredictiveLow
33ArgumentxxxpredictiveLow
34Argumentxxxxxxxxxxxxxx_xxxpredictiveHigh
35Argumentxxxxxx_xxxx/xxxxxx_xxxxxpredictiveHigh
36ArgumentxxxxxxxxxxxxxxpredictiveHigh
37ArgumentxxxxxxxxxxxxxxpredictiveHigh
38Argumentxxxxxx\_xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!