Rakos Analysis

IOB - Indicator of Behavior (290)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en244
ru18
zh10
de6
fr6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us140
ru58
cn18
pl14
tv6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache HTTP Server8
Microsoft Windows8
Apache Tomcat8
WordPress6
PHPMailer4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.410.04187CVE-2010-0966
3nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined1.360.00000CVE-2020-12440
4Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.090.25090CVE-2017-0055
5DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.06790CVE-2007-1167
6Laravel Framework Token Encrypter.php decrypt deserialization6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.020.23850CVE-2018-15133
7Linux Kernel fbcon vt.c KD_FONT_OP_COPY out-of-bounds5.04.8$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01034CVE-2020-28974
8Devilz Clanportal File Upload unknown vulnerability5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010.06790CVE-2006-6338
9Devilz Clanportal index.php sql injection7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.030.01139CVE-2006-3347
10Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.080.29797CVE-2014-4078
11WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.01974CVE-2017-5611
12Veeam Backup and Replication API unrestricted upload6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.01978CVE-2022-26500
13WP-Polls Plugin HTTP Header authorization6.36.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.00885CVE-2022-1581
14profanity weak prng5.05.0$0-$5k$0-$5kNot DefinedNot Defined0.020.00954CVE-2022-40769
15Laravel Image Upload ValidatesAttributes.php unrestricted upload5.55.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.29468CVE-2021-43617
16Devilz Clanportal sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.020.01139CVE-2006-6339
17WordPress URL kses.php wp_kses_bad_protocol_once cross site scripting5.45.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01183CVE-2019-16222
18WordPress pluggable.php wp_validate_redirect6.66.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.01183CVE-2019-16220
19Oracle JavaFX Remote Code Execution9.89.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.040.01319CVE-2013-1477
20Mavili Guestbook access control5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.030.01213CVE-2012-5298

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (149)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/addWhiteListDomain.imsspredictiveHigh
2File/anony/mjpg.cgipredictiveHigh
3File/include/makecvs.phppredictiveHigh
4File/index.phppredictiveMedium
5File/login/index.phppredictiveHigh
6File/requests.phppredictiveHigh
7File/uncpath/predictiveMedium
8File/wp-admin/admin.php?page=wp_file_manager_propertiespredictiveHigh
9Fileadd.phppredictiveLow
10Fileadm_config_report.phppredictiveHigh
11Fileampie.swfpredictiveMedium
12Fileauth-gss2.cpredictiveMedium
13Filecat.asppredictiveLow
14Fileclass.phpmailer.phppredictiveHigh
15Fileclickstats.phppredictiveHigh
16FileCodeMeter.exepredictiveHigh
17Filecomponents/bitrix/mobileapp.list/ajax.php/predictiveHigh
18Filexxxx:x.x/xx:x/xx:x/xx:x/xx:x/x:x/x:x/x:x/x:xpredictiveHigh
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxxxxx.xxxpredictiveMedium
21Filexxxxxx.xxxpredictiveMedium
22Filexxxxxxx/xxx/xxxxxxxx/xx.xpredictiveHigh
23Filexxxxxxx/xxx/xx/xx.xpredictiveHigh
24Filexxxx.xxxpredictiveMedium
25Filexxxxx.xxxpredictiveMedium
26Filexxxxxxxx_xxx_xxx_xxxx.xxxpredictiveHigh
27Filexxxxxx.xxxpredictiveMedium
28Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexxxxxxxxxxxx.xxxpredictiveHigh
30Filexxxxxxxxxx.xxxpredictiveHigh
31Filexxxxxxxxx.xxxpredictiveHigh
32Filexxxx.xxxpredictiveMedium
33Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
34Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
36Filexxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
37Filexxxxxxxxxx.xx/xxx-xxxxx.xxxpredictiveHigh
38Filexxx/xxxxxx.xxxpredictiveHigh
39Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
40Filexxxxx.xxxpredictiveMedium
41Filexx.xxxpredictiveLow
42Filexxxxxx.xpredictiveMedium
43Filexxxx.xxxpredictiveMedium
44Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
45Filexxxxxx.xxxpredictiveMedium
46Filexxxxxxxxxxxxx.xxxpredictiveHigh
47Filexxxxxxxx_xxxxxxx.xxxpredictiveHigh
48Filexxxx.xxxpredictiveMedium
49Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictiveHigh
50Filexxxxxx\xxxx_xxx\xxxxx\xxxxxxxxx.xxxpredictiveHigh
51Filexxxxxx\xxxx_xxx\xxxxx\xxxxxxxx.xxxpredictiveHigh
52Filexxxxxxxxxx_xxxxxxx.xxxpredictiveHigh
53Filexxxxxxx-xxxxx.xxpredictiveHigh
54Filexxxxx_xxxxxxxx.xxxpredictiveHigh
55Filexxxxxxx.xxxpredictiveMedium
56Filexxxxxx.xxx/xxxx_xxxx_xxxx.xxxpredictiveHigh
57Filexxxxxxxx/xxxxxx-xxxxx/xxxxxxxxxxx/xxxx.xxpredictiveHigh
58Filexxxx.xxxpredictiveMedium
59Filexxxxxxx/xxxxxx.xxxxxxx/xxxxxxxxxxxxxx.xxxpredictiveHigh
60Filexxxxx-xxxx.xxxpredictiveHigh
61Filexxxxx.xxxpredictiveMedium
62Filexxxxxxxx.xxxpredictiveMedium
63Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
64Filexxxx.xxpredictiveLow
65Filexxxxxxxx.xx?xxxxxxxxxxxx=xxxxxxxx&xxxx=x-xxxx&xxxxxxxx=xxxxxxxxxx&xxpredictiveHigh
66Filexxxxxxxxxxxxxxxx.xxpredictiveHigh
67Filexxx/xxxxxx_xxx.xxxpredictiveHigh
68Filexxxxxxxxxxxx.xxxpredictiveHigh
69Filexxxxx.xpredictiveLow
70Filexxxxxxxx/xxxxxxxxpredictiveHigh
71Filexxxxxxxx.xxxpredictiveMedium
72Filexxxxxxx.xxxpredictiveMedium
73Filexx_xxxxxxxx.xxxpredictiveHigh
74Filexxxxx.xxxpredictiveMedium
75Filexxxxxxxx.xxxpredictiveMedium
76Filexx-xxxxx/xxxxxxx.xxxpredictiveHigh
77Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
78Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
79Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
80Filexx-xxxxxxxx.xxxpredictiveHigh
81Libraryxxxxxxx.xxxpredictiveMedium
82Libraryxxxxxxxxxxxx.xxxpredictiveHigh
83Libraryxxxx.xxx.xxxpredictiveMedium
84Libraryxxxxxx.xxxpredictiveMedium
85Libraryxxxxxxxxxxx.xxxpredictiveHigh
86Libraryxxxxxxxxx/xxxxxx_xxxxxxxxxx.xxx.xxxpredictiveHigh
87Libraryxxxxxxx/xxx/xxxxxxxxx/xxxxx_xxxxxxx.xxxpredictiveHigh
88Libraryxxx/xx_xxx.xpredictiveMedium
89Libraryxxxxxxxx.xpredictiveMedium
90Argumentxx_xxxxx_xxx_xxxxpredictiveHigh
91ArgumentxxxxxxpredictiveLow
92ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
93ArgumentxxxxxxxxpredictiveMedium
94ArgumentxxxpredictiveLow
95Argumentxxxx/xxxxx/xxxxx_xxxxxxxxxxxpredictiveHigh
96Argumentxxxxxx[xxxx]predictiveMedium
97ArgumentxxxxxxpredictiveLow
98ArgumentxxxxxpredictiveLow
99ArgumentxxxxpredictiveLow
100ArgumentxxxxxxxxpredictiveMedium
101Argumentxxxxxx_xxxxxx_xxpredictiveHigh
102ArgumentxxxxxxxxxxxxpredictiveMedium
103Argumentxxxxxxxxxxxxxx($xxx)predictiveHigh
104Argumentxxxxx_xxpredictiveMedium
105Argumentxxx_xxxxpredictiveMedium
106Argumentxxxx_xxxxpredictiveMedium
107ArgumentxxxxpredictiveLow
108ArgumentxxxxpredictiveLow
109ArgumentxxpredictiveLow
110ArgumentxxpredictiveLow
111ArgumentxxxxpredictiveLow
112ArgumentxxxxxxpredictiveLow
113ArgumentxxxxpredictiveLow
114ArgumentxxxxxxpredictiveLow
115Argumentxxxxx[xxxxx][xx]predictiveHigh
116ArgumentxxxxxpredictiveLow
117ArgumentxxxxpredictiveLow
118ArgumentxxxxxxxxpredictiveMedium
119Argumentxxxx_xxxxpredictiveMedium
120ArgumentxxxxxxpredictiveLow
121ArgumentxxxxpredictiveLow
122Argumentxxxx_xxxxpredictiveMedium
123ArgumentxxxxxxxxpredictiveMedium
124ArgumentxxxxpredictiveLow
125Argumentxxxxxxx_xxpredictiveMedium
126ArgumentxxxpredictiveLow
127Argumentxxx=xxxxpredictiveMedium
128Argumentxxxxxx_xxxxpredictiveMedium
129ArgumentxxxxxxxxxxpredictiveMedium
130ArgumentxxxxxxpredictiveLow
131Argumentxxxxxxxx_xxxxpredictiveHigh
132ArgumentxxxpredictiveLow
133ArgumentxxxpredictiveLow
134Argumentxxxx-xxxxxpredictiveMedium
135Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
136Argumentxxxxxxxx:xxxxxxxxpredictiveHigh
137Argumentxxxx_xxxxxpredictiveMedium
138Argumentx-xxxx-xxxxxpredictiveMedium
139Argumentxxxxx_xxxxxxxxxx_xxxxxpredictiveHigh
140Input Value../predictiveLow
141Input Valuexxxx.xxx"><xxxxxx>xxxxx(xxxxxxxx.xxxxxx);</xxxxxx>)predictiveHigh
142Input ValuexxxxxxxpredictiveLow
143Input Valuexxxxxxxxx:xxxxxxxxpredictiveHigh
144Pattern|xx xx xx|predictiveMedium
145Network PortxxxpredictiveLow
146Network Portxxx/xx (xxxxxx)predictiveHigh
147Network Portxxx/xxxxxpredictiveMedium
148Network Portxxx/xxxxxpredictiveMedium
149Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!