Redaman Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (157)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en102
zh34
ru18
fr2
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China72
US: USA68
RU: Russia6
DE: Germany4
PW: Palau4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Redaman14
Cobalt Strike6
Sliver5
TrickBot4
Havoc3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined58
Content Management System10
Router Operating System8
Web Server8
SCADA Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined52
Apache10
Siemens8
Microsoft6
Kentico4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache HTTP Server8
phpMyAdmin4
PHP4
Kentico CMS4
WordPress4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1OpenSSL bn_wexpand input validation10.09.0$25k-$100k$0-$5kProof-of-ConceptOfficial fix 0.195540.04CVE-2009-3245
2Siemens SIMATIC HMI United Comfort Panel authentication bypass7.57.5$5k-$25k$5k-$25kNot definedNot defined 0.004220.00CVE-2020-15787
3MikroTik RouterOS RADVD out-of-bounds write7.57.3$0-$5k$0-$5kNot definedNot defined 0.013250.02CVE-2023-32154
4Siemens LOGO 8 BM TCP Packet buffer overflow8.48.4$5k-$25k$5k-$25kNot definedNot defined 0.003340.00CVE-2022-36361
5TOTOLINK AC1200 T8 shadow.sample hard-coded password8.17.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.007800.02CVE-2024-8580
6SourceCodester Online Bank Management System Feedback mfeedback.php cross site scripting4.14.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.001050.02CVE-2024-8583
7Xi'an Daxi Information Technology OfficeWeb365 Pic Indexes Interface path traversal5.95.7$0-$5k$0-$5kProof-of-ConceptNot defined 0.001290.00CVE-2024-37728
8Apache HTTP Server AddType source code5.75.6$5k-$25k$0-$5kNot definedOfficial fix 0.001140.06CVE-2024-39884
9Emerson Dixell XWEB-500 logo_extra_upload.cgi access control8.08.0$0-$5k$0-$5kNot definedNot definedpossible0.776650.04CVE-2021-45420
10Tridium Niagara AX/Niagra 4 path traversal6.76.7$0-$5k$0-$5kNot definedNot defined 0.177140.09CVE-2017-16744
11RoundCube Webmail rcube_plugin_api.php path traversal8.58.2$0-$5k$0-$5kNot definedOfficial fix 0.226590.02CVE-2020-12640
12Monsta FTP external reference8.58.5$0-$5k$0-$5kNot definedNot defined 0.030740.00CVE-2020-14057
13Checkbox Survey CheckboxWeb.dll deserialization9.08.9$0-$5k$0-$5kAttackedOfficial fixverified0.214640.04CVE-2021-27852
14RoundCube sql injection8.68.5$0-$5k$0-$5kAttackedOfficial fixverified0.714970.00CVE-2021-44026
15Jeedom API information disclosure4.34.2$0-$5k$0-$5kNot definedNot defined 0.005070.00CVE-2021-42557
16Ultraedit FTP Password uedit32.ini information disclosure5.95.3$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.000720.00CVE-2001-0983
17Vmware Spring Framework WebMvc.fn/WebFlux.fn path traversal6.46.3$5k-$25k$0-$5kNot definedOfficial fixpossible0.644450.34CVE-2024-38819
18WordPress sql injection6.86.7$5k-$25k$0-$5kNot definedOfficial fix 0.075700.02CVE-2022-21664
19Prosody libexpat xml entity expansion6.56.4$0-$5k$0-$5kNot definedOfficial fix 0.000590.07CVE-2022-0217
20WordPress Object injection5.35.2$5k-$25k$0-$5kNot definedOfficial fix 0.007410.00CVE-2022-21663

IOC - Indicator of Compromise (78)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
135.216.85.217217.85.216.35.bc.googleusercontent.comRedaman02/10/2022verifiedLow
235.216.185.203203.185.216.35.bc.googleusercontent.comRedaman02/10/2022verifiedLow
354.151.91.200ec2-54-151-91-200.us-west-1.compute.amazonaws.comRedaman02/10/2022verifiedVery Low
454.151.172.105ec2-54-151-172-105.ap-southeast-1.compute.amazonaws.comRedaman02/10/2022verifiedVery Low
559.149.85.217059149085217.ctinets.comRedaman02/10/2022verifiedLow
659.149.171.48059149171048.ctinets.comRedaman02/10/2022verifiedLow
769.5.100.66dynamic-69-5-100-66.molalla.netRedaman02/10/2022verifiedVery Low
869.5.172.104Redaman02/10/2022verifiedLow
972.50.91.200adsl-72-50-91-200.prtc.netRedaman02/10/2022verifiedVery Low
1072.50.185.234mca-e-72-50-185-234.resnet.wvu.eduRedaman02/10/2022verifiedVery Low
1178.108.216.39mail.saity.infoRedaman02/10/2022verifiedLow
1285.217.59.149adsl-85-217-59-149.kotinet.comRedaman02/10/2022verifiedVery Low
1385.217.94.156Redaman02/10/2022verifiedLow
1485.217.170.51Redaman02/10/2022verifiedLow
1585.217.171.48Redaman02/10/2022verifiedLow
1691.200.69.591-200-69-5.partnet.com.plRedaman02/10/2022verifiedLow
17XX.XXX.XX.XXXXxxxxxx02/10/2022verifiedLow
18XX.XXX.XXX.XXxx-xxxxxx.xxxxx.xxXxxxxxx02/10/2022verifiedLow
19XX.XXX.XXX.XXXxxxxxx.xxXxxxxxx02/10/2022verifiedLow
20XX.XXX.XXX.XXXxxxxxxxxxxxxxxxx.xxXxxxxxx02/10/2022verifiedLow
21XX.XXX.XXX.XXXxxxx.xxxxxxxxxxxxxxx.xxxxXxxxxxx02/10/2022verifiedLow
22XX.XXX.XXX.XXXxxxxxx02/10/2022verifiedLow
23XX.XXX.XXX.XXXxxxxxx.xxxxxxxxx.xxXxxxxxx02/10/2022verifiedLow
24XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxx.xxXxxxxxx02/10/2022verifiedLow
25XX.XXX.XXX.XXXxxxxXxxxxxx02/10/2022verifiedLow
26XX.XXX.XX.XXXXxxxxxx02/10/2022verifiedLow
27XX.XXX.XXX.XXXxxxxxx02/10/2022verifiedLow
28XX.XXX.XXX.XXxxxxxx.xxx.xxXxxxxxx10/11/2018verifiedVery Low
29XXX.XX.XX.XXXXxxxxxx02/10/2022verifiedLow
30XXX.XXX.XX.XXXXxxxxxx02/10/2022verifiedLow
31XXX.XXX.XX.XXXXxxxxxx02/10/2022verifiedLow
32XXX.XXX.XXX.XXXXxxxxxx02/10/2022verifiedLow
33XXX.XXX.XX.XXXXxxxxxx02/10/2022verifiedLow
34XXX.XXX.XX.XXXXxxxxxx02/10/2022verifiedLow
35XXX.XXX.XXX.XXXXxxxxxx02/10/2022verifiedLow
36XXX.XXX.XXX.XXXxxxxxx02/10/2022verifiedLow
37XXX.XXX.XX.XXXXxxxxxx02/10/2022verifiedLow
38XXX.XXX.XXX.XXXXxxxxxx02/10/2022verifiedLow
39XXX.XX.XX.XXXXxxxxxx02/10/2022verifiedLow
40XXX.XXX.XX.XXXXxxxxxx02/10/2022verifiedLow
41XXX.XX.XX.XXXxxxxxx10/11/2018verifiedLow
42XXX.XX.XXX.XXXXxxxxxx02/10/2022verifiedLow
43XXX.XX.XX.XXXxxxx-xx-xx-xxx.xxx.xxxx.xx.xxxxx.xx.xxXxxxxxx02/10/2022verifiedLow
44XXX.XX.XXX.XXxxxx-xx-xxx-xx.xxx.xxxx.xx.xxxxx.xx.xxXxxxxxx02/10/2022verifiedLow
45XXX.XX.XX.XXXXxxxxxx02/10/2022verifiedLow
46XXX.XX.XXX.XXXXxxxxxx02/10/2022verifiedLow
47XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxx.xxxx.xx.xxXxxxxxx02/10/2022verifiedVery Low
48XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxx.xxxx.xx.xxXxxxxxx02/10/2022verifiedVery Low
49XXX.XXX.XXX.XXXxxxxxxxx.xxx.xxxxxx.xxXxxxxxx02/10/2022verifiedLow
50XXX.XXX.XXX.XXXxxxxxx02/10/2022verifiedLow
51XXX.XX.XX.XXXxxxxxxx.xxx-xx-xx.xxxxx.xxx.xxXxxxxxx02/10/2022verifiedLow
52XXX.XX.XXX.XXXxxxxxxx.xxx-xx-xxx.xxxxxx.xxx.xxXxxxxxx02/10/2022verifiedLow
53XXX.XX.XXX.XXXXxxxxxx02/10/2022verifiedLow
54XXX.XXX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxxx02/10/2022verifiedLow
55XXX.XXX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxxx02/10/2022verifiedLow
56XXX.XXX.XX.Xxxx-xxx-xx-x.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxx02/10/2022verifiedLow
57XXX.XXX.XXX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxxx02/10/2022verifiedLow
58XXX.XXX.XX.XXXXxxxxxx02/10/2022verifiedLow
59XXX.XXX.XXX.XXXXxxxxxx02/10/2022verifiedLow
60XXX.XXX.XXX.XXxxxxxx.xxx-xx.xxxXxxxxxx02/10/2022verifiedVery Low
61XXX.XXX.XXX.XXXxxxxxx02/10/2022verifiedLow
62XXX.XXX.XXX.XXxxxxxx.xxx-xx.xxxXxxxxxx02/10/2022verifiedVery Low
63XXX.XXX.XXX.XXXxxxxxx02/10/2022verifiedLow
64XXX.XXX.XXX.XXXxxxxxx.xxXxxxxxx02/10/2022verifiedLow
65XXX.XXX.XXX.XXXxxxxx.xxxxxxxxx.xxxXxxxxxx02/10/2022verifiedLow
66XXX.XXX.XXX.XXXxxxxx.xxxxxxxxx.xxxXxxxxxx02/10/2022verifiedLow
67XXX.XXX.XX.XXxxxx.xxxxxxxxxxx.xxXxxxxxx02/10/2022verifiedLow
68XXX.XXX.XXX.XXXXxxxxxx02/10/2022verifiedLow
69XXX.XX.XXX.XXXxx.xxxxxxxxx.xxXxxxxxx10/11/2018verifiedLow
70XXX.XXX.XX.XXXXxxxxxx02/10/2022verifiedLow
71XXX.XXX.XXX.XXXxxxxxx10/11/2018verifiedLow
72XXX.XXX.XXX.XXxxxxxxxxx.xxxXxxxxxx02/10/2022verifiedLow
73XXX.XX.XX.XXXxxxxxx02/10/2022verifiedLow
74XXX.XX.XXX.XXXXxxxxxx02/10/2022verifiedLow
75XXX.XX.XX.XXXXxxxxxx02/10/2022verifiedLow
76XXX.XX.XXX.XXXxxxxxx02/10/2022verifiedLow
77XXX.XX.XX.XXXXxxxxxx02/10/2022verifiedLow
78XXX.XX.XXX.XXXxxxxxx02/10/2022verifiedLow

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
16TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (64)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/edit.phppredictiveHigh
2File/admin/index.phppredictiveHigh
3File/api/index.phppredictiveHigh
4File/bin/goaheadpredictiveMedium
5File/cgi-bin-sdb/predictiveHigh
6File/cgi-bin/cstecgi.cgipredictiveHigh
7File/cgi-bin/logo_extra_upload.cgipredictiveHigh
8File/debug/pprofpredictiveMedium
9File/xxxxxxxxxxxx.xxxpredictiveHigh
10File/xxxxxxxx/xxxxxx-xxxxxxx.xxxpredictiveHigh
11File/xxx/xxxxxxpredictiveMedium
12File/xxx/xxxxxx.xxxxxxpredictiveHigh
13File/xxxx/xxxxxxx/xxxxx-xxxxx.xxxpredictiveHigh
14File/xxxxx.xxxpredictiveMedium
15File/xxxxx.xxx?xxxx=xxxxxxxpredictiveHigh
16File/xxxxxxxxx.xxxpredictiveHigh
17File/xxxxxxxxxx/xxxxxxxx/xxxxxpredictiveHigh
18File/xx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
19Filexxxxx.xxx?xxxxxx=xxxx&xxxx=xxxxxxxx&xxxx=../../x.xxxpredictiveHigh
20Filexxxxxxx.xxxpredictiveMedium
21Filex:/xxxxxxx xxxxx (xxx)/xxxxx xxxxxxxxxxx/xxxxxx xxxxxx xxxxx xxxxxxxx/xxxx/xxxxx-xxxxxx.xxxpredictiveHigh
22Filexxxxx/xxx/xxxxx.xxxpredictiveHigh
23Filexxxxxxx/xxxx/xxxxxx/xxx.xpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxxxx.xxxpredictiveMedium
26FilexxxxxxxxpredictiveMedium
27Filexxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
28Filexxxxxxxxx/xxxxx/xxxxxxxx/xxxxxxx/xxxx/xxxx_xxxxxx.xxpredictiveHigh
29Filexxxxxxxxxxxx.xxxpredictiveHigh
30Filexxxxxxx/xxxxxxxxx/xxx.xxxpredictiveHigh
31Filexxxxx_xxxxxx_xxx.xxxpredictiveHigh
32Filexxx/xxx.xxxxxxx/xxxxxxxx.xxxpredictiveHigh
33Filexxxx.xxxpredictiveMedium
34Filexxxxxxx.xxxpredictiveMedium
35Libraryxxxxxxxxxxx.xxxpredictiveHigh
36Libraryxxxxxx.xxxpredictiveMedium
37Libraryxxx/xx/xxx.xxpredictiveHigh
38Libraryxxx/xxx/xxxx/predictiveHigh
39Argumentxxxxxx/xxxxxxxxpredictiveHigh
40ArgumentxxxxxxxpredictiveLow
41ArgumentxxxxxxxxpredictiveMedium
42ArgumentxxxxpredictiveLow
43Argumentxxxx/xxxx/xxxxx/xxxxxpredictiveHigh
44ArgumentxxxxxxxxxxxpredictiveMedium
45ArgumentxxxxpredictiveLow
46ArgumentxxxxxxxxpredictiveMedium
47ArgumentxxxxxxxxpredictiveMedium
48ArgumentxxxxpredictiveLow
49ArgumentxxpredictiveLow
50Argumentxxxx/xxx_xxxxxxxxxpredictiveHigh
51Argumentxxxx xxxx/xxxxx xxxx/xxxxxx xxxxpredictiveHigh
52ArgumentxxxxxpredictiveLow
53ArgumentxxxxpredictiveLow
54Argumentxxxx-xxxxxxxpredictiveMedium
55ArgumentxxxxxxxxpredictiveMedium
56Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
57Argumentxxxxxxxxxx_xxxxxpredictiveHigh
58ArgumentxxxxxxxpredictiveLow
59ArgumentxxxxxpredictiveLow
60ArgumentxxxxxxxxpredictiveMedium
61Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
62Input ValuexxxxxxpredictiveLow
63Network Portxxxx/xxxxxpredictiveMedium
64Network Portxxx/xxxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!