Redaman Analysis

IOB - Indicator of Behavior (215)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en158
zh28
pl12
fr12
ru4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us104
cn40
ru20
pl20
ag18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Redaman18
Patchwork4
Polonium2
TrickBot2
PakistanChatMessenger1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined60
Operating System12
WordPress Plugin10
Web Server10
Content Management System8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined72
Microsoft12
Apache10
Cisco6
Adobe6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows10
WordPress6
PHP6
Apache HTTP Server6
Adobe Acrobat Reader6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.970.49183CVE-2016-6210
2FiberHome HG2201T downloadfile.cgi path traversal7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2019-17187
3Siemens LOGO 8 BM TCP Packet buffer overflow7.67.6$5k-$25k$5k-$25kNot DefinedNot Defined0.020.00885CVE-2022-36361
4VideoWhisper Live Streaming Integration plugin htmlchat.php cross site scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.040.01055CVE-2014-2297
5Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.970.29797CVE-2014-4078
6Apple iOS/iPadOS IOMobileFrameBuffer memory corruption7.87.2$25k-$100k$5k-$25kFunctionalOfficial Fix0.010.01843CVE-2022-22587
7Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
8PHPX auth.inc.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.04386CVE-2005-3968
9Select2 cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.050.00954CVE-2016-10744
10CherryPy sessions.py _get_file_path path traversal7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.03779CVE-2008-0252
11WordPress Thumbnail input validation7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.050.04571CVE-2018-1000773
12IBM HTTP Server memory corruption6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.05302CVE-2015-4947
13Fishcart upstnt.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.00000
14TablePress xml external entity reference5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2017-10889
15Salutation Responsive WordPress + BuddyPress Theme Stored cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2017-1000227
16PHP socket_connect memory corruption7.36.9$5k-$25k$0-$5kProof-of-ConceptNot Defined0.030.27992CVE-2011-1938
17Grafana race condition7.87.8$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2022-39328
18Linux Kernel lesspipe memory leak5.95.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.040.02172CVE-2014-9112
19WordPress Pingback server-side request forgery5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined1.210.00885CVE-2022-3590
20Elefant CMS cross-site request forgery5.04.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.00885CVE-2017-20062

IOC - Indicator of Compromise (74)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
135.216.85.217217.85.216.35.bc.googleusercontent.comRedamanverifiedMedium
235.216.185.203203.185.216.35.bc.googleusercontent.comRedamanverifiedMedium
354.151.91.200ec2-54-151-91-200.us-west-1.compute.amazonaws.comRedamanverifiedMedium
454.151.172.105ec2-54-151-172-105.ap-southeast-1.compute.amazonaws.comRedamanverifiedMedium
559.149.85.217059149085217.ctinets.comRedamanverifiedHigh
659.149.171.48059149171048.ctinets.comRedamanverifiedHigh
769.5.100.66dynamic-69-5-100-66.molalla.netRedamanverifiedHigh
869.5.172.104RedamanverifiedHigh
972.50.91.200adsl-72-50-91-200.prtc.netRedamanverifiedHigh
1072.50.185.234mca-e-72-50-185-234.resnet.wvu.eduRedamanverifiedHigh
1178.108.216.39mail.saity.infoRedamanverifiedHigh
1285.217.59.149adsl-85-217-59-149.kotinet.comRedamanverifiedHigh
1385.217.94.156RedamanverifiedHigh
1485.217.170.51RedamanverifiedHigh
1585.217.171.48RedamanverifiedHigh
16XX.XXX.XX.Xxx-xxx-xx-x.xxxxxxx.xxx.xxXxxxxxxverifiedHigh
17XX.XXX.XX.XXXXxxxxxxverifiedHigh
18XX.XXX.XXX.XXxx-xxxxxx.xxxxx.xxXxxxxxxverifiedHigh
19XX.XXX.XXX.XXXxxxxxx.xxXxxxxxxverifiedHigh
20XX.XXX.XXX.XXXxxxxxxxxxxxxxxxx.xxXxxxxxxverifiedHigh
21XX.XXX.XXX.XXXxxxx.xxxxxxxxxxxxxxx.xxxxXxxxxxxverifiedHigh
22XX.XXX.XXX.XXXxxxxxxverifiedHigh
23XX.XXX.XXX.XXXxxxxxx.xxxxxxxxx.xxXxxxxxxverifiedHigh
24XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxx.xxXxxxxxxverifiedHigh
25XX.XXX.XXX.XXXxxxxXxxxxxxverifiedHigh
26XX.XXX.XX.XXXXxxxxxxverifiedHigh
27XX.XXX.XXX.XXXxxxxxxverifiedHigh
28XXX.XX.XX.XXXXxxxxxxverifiedHigh
29XXX.XXX.XX.XXXXxxxxxxverifiedHigh
30XXX.XXX.XX.XXXXxxxxxxverifiedHigh
31XXX.XXX.XXX.XXXXxxxxxxverifiedHigh
32XXX.XXX.XX.XXXXxxxxxxverifiedHigh
33XXX.XXX.XX.XXXXxxxxxxverifiedHigh
34XXX.XXX.XXX.XXXXxxxxxxverifiedHigh
35XXX.XXX.XXX.XXXxxxxxxverifiedHigh
36XXX.XXX.XX.XXXXxxxxxxverifiedHigh
37XXX.XXX.XXX.XXXXxxxxxxverifiedHigh
38XXX.XX.XX.XXXXxxxxxxverifiedHigh
39XXX.XXX.XX.XXXXxxxxxxverifiedHigh
40XXX.XX.XXX.XXXXxxxxxxverifiedHigh
41XXX.XX.XX.XXXxxxx-xx-xx-xxx.xxx.xxxx.xx.xxxxx.xx.xxXxxxxxxverifiedHigh
42XXX.XX.XXX.XXxxxx-xx-xxx-xx.xxx.xxxx.xx.xxxxx.xx.xxXxxxxxxverifiedHigh
43XXX.XX.XX.XXXXxxxxxxverifiedHigh
44XXX.XX.XXX.XXXXxxxxxxverifiedHigh
45XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxx.xxxx.xx.xxXxxxxxxverifiedHigh
46XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxx.xxxx.xx.xxXxxxxxxverifiedHigh
47XXX.XXX.XXX.XXXxxxxxxxx.xxx.xxxxxx.xxXxxxxxxverifiedHigh
48XXX.XXX.XXX.XXXxxxxxxverifiedHigh
49XXX.XX.XX.XXXxxxxxxx.xxx-xx-xx.xxxxx.xxx.xxXxxxxxxverifiedHigh
50XXX.XX.XXX.XXXxxxxxxx.xxx-xx-xxx.xxxxxx.xxx.xxXxxxxxxverifiedHigh
51XXX.XX.XXX.XXXXxxxxxxverifiedHigh
52XXX.XXX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxxxverifiedHigh
53XXX.XXX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxxxverifiedHigh
54XXX.XXX.XX.Xxxx-xxx-xx-x.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxverifiedHigh
55XXX.XXX.XXX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxxxverifiedHigh
56XXX.XXX.XX.XXXXxxxxxxverifiedHigh
57XXX.XXX.XXX.XXXXxxxxxxverifiedHigh
58XXX.XXX.XXX.XXxxxxxx.xxx-xx.xxxXxxxxxxverifiedHigh
59XXX.XXX.XXX.XXXxxxxxxverifiedHigh
60XXX.XXX.XXX.XXxxxxxx.xxx-xx.xxxXxxxxxxverifiedHigh
61XXX.XXX.XXX.XXXxxxxxxverifiedHigh
62XXX.XXX.XXX.XXXxxxxxx.xxXxxxxxxverifiedHigh
63XXX.XXX.XXX.XXXxxxxx.xxxxxxxxx.xxxXxxxxxxverifiedHigh
64XXX.XXX.XXX.XXXxxxxx.xxxxxxxxx.xxxXxxxxxxverifiedHigh
65XXX.XXX.XX.XXxxxx.xxxxxxxxxxx.xxXxxxxxxverifiedHigh
66XXX.XXX.XXX.XXXXxxxxxxverifiedHigh
67XXX.XXX.XX.XXXXxxxxxxverifiedHigh
68XXX.XXX.XXX.XXxxxxxxxxx.xxxXxxxxxxverifiedHigh
69XXX.XX.XX.XXXxxxxxxverifiedHigh
70XXX.XX.XXX.XXXXxxxxxxverifiedHigh
71XXX.XX.XX.XXXXxxxxxxverifiedHigh
72XXX.XX.XXX.XXXxxxxxxverifiedHigh
73XXX.XX.XX.XXXXxxxxxxverifiedHigh
74XXX.XX.XXX.XXXxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22, CWE-425Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (98)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/edit.phppredictiveHigh
2File/debug/pprofpredictiveMedium
3File/sqfs/bin/sccdpredictiveHigh
4File/var/WEB-GUI/cgi-bin/downloadfile.cgipredictiveHigh
5File/wp-content/plugins/updraftplus/admin.phppredictiveHigh
6Fileadmin.phppredictiveMedium
7Fileadmin/google_search_console/class-gsc-table.phppredictiveHigh
8Fileajax.phppredictiveMedium
9Fileakocomments.phppredictiveHigh
10Fileauth.inc.phppredictiveMedium
11Filebgpd/bgp_aspath.cpredictiveHigh
12Filebrowser.phppredictiveMedium
13Filexxx-xxx/xxxxpredictiveMedium
14Filexxx.xxxpredictiveLow
15Filexxxxxx.xxxpredictiveMedium
16Filexxxx.xxxxxpredictiveMedium
17Filexxxxxxx.xxxpredictiveMedium
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxxxx.xxxxpredictiveMedium
20Filexxxxxx.xxxpredictiveMedium
21Filexxxx_xxxxxxxx_xxxxxxxxx.xpredictiveHigh
22Filexxx.xpredictiveLow
23Filexxxxxx-xxxxxxx-xxxxxxxx.xxxpredictiveHigh
24Filexxxxxxxxx.xxxpredictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexxxxxx/xxxxxx.xxxxpredictiveHigh
27Filexxx/xxxxx/xxxxx_xxxx_xxxxxxxxx.xxxpredictiveHigh
28Filexxxxx.xxxpredictiveMedium
29Filexxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxx/predictiveHigh
30FilexxxxxxxxpredictiveMedium
31Filexxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
32Filexx/xxxxxxxx.xxxpredictiveHigh
33Filexxxx.xxxpredictiveMedium
34Filexxxxxxxxxxx/xxxxxxxxx/xxxxxxxxx/xxxxxxx/xxxxxx.xxxpredictiveHigh
35Filexx.xxxxxxxxxx.xxxxpredictiveHigh
36Filexxx/xxxx/xxxxxxxxx/xx_xxx_xxxx_xxxxx_xxxx.xpredictiveHigh
37Filexxx/xxx/xxx.xpredictiveHigh
38Filexxxxxxx/xxxxx.xxxpredictiveHigh
39Filexxxx.xxxpredictiveMedium
40Filexxxxxxx_xxxx.xxxpredictiveHigh
41Filexxxxxx.xxxpredictiveMedium
42Filexxxxxxx_xxxxxx.xxxpredictiveHigh
43Filexxxxxx.xxxpredictiveMedium
44Filexxxx.xxxpredictiveMedium
45Filexxxxxxxxxxx%\xx\xx.xxxpredictiveHigh
46Filexxx.xxxpredictiveLow
47Filexxxxxxxxx.xxxpredictiveHigh
48Filexxxxxx.xxxpredictiveMedium
49Filexxxx.xxxxxxxxx.xxxpredictiveHigh
50Filexxxx/xxxx/xxxxx.xxxpredictiveHigh
51Filexxxxxxxxxxxx.xxxpredictiveHigh
52Filexxxxxxx.xxxpredictiveMedium
53Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
54Filexx-xxxxxxxxxxx.xxxpredictiveHigh
55Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxxx.xxxpredictiveHigh
56Libraryxxxxx/xxxxxxxxx/xxxx.xxxxxxxxx.xxxpredictiveHigh
57Libraryxxxx.xxxpredictiveMedium
58Libraryxxx/xxxxxxxx.xxpredictiveHigh
59Argument$_xxxxxxx['xxxx']predictiveHigh
60Argument-xpredictiveLow
61ArgumentxxxpredictiveLow
62Argumentxxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:predictiveHigh
63ArgumentxxxxxxxpredictiveLow
64ArgumentxxxxxxpredictiveLow
65ArgumentxxxpredictiveLow
66ArgumentxxxxxpredictiveLow
67ArgumentxxxxxxxxxxxxxpredictiveHigh
68ArgumentxxxxxpredictiveLow
69ArgumentxxxxxxxxpredictiveMedium
70ArgumentxxxxxxxxpredictiveMedium
71ArgumentxxpredictiveLow
72Argumentxxxx_xxpredictiveLow
73ArgumentxxxxpredictiveLow
74Argumentxxxx/xxx_xxxxxxxxxpredictiveHigh
75Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
76ArgumentxxxxpredictiveLow
77Argumentxxxx_xxxxpredictiveMedium
78ArgumentxxxxxxpredictiveLow
79Argumentxxxxxx_xxxx/xxxxxx_xxxxxpredictiveHigh
80ArgumentxxxxpredictiveLow
81ArgumentxxxxxxxxpredictiveMedium
82ArgumentxxxxxxxxpredictiveMedium
83ArgumentxxxpredictiveLow
84Argumentxxxx-xxxxxxxpredictiveMedium
85Argumentxxxxxxx_xxxxx_xxxxx_xxxxxxx=xxxxxpredictiveHigh
86ArgumentxxxxxxxxpredictiveMedium
87ArgumentxxxxxpredictiveLow
88ArgumentxxxpredictiveLow
89ArgumentxxxxxxxxpredictiveMedium
90ArgumentxxxxxxxxpredictiveMedium
91Input Value..predictiveLow
92Input Value/xxx/xxxxxxpredictiveMedium
93Input ValuexxxxxxpredictiveLow
94Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
95Input Valuexxxxxx_xxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
96Network Portxxx/xxxpredictiveLow
97Network Portxxx/xxxxpredictiveMedium
98Network Portxxx/xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!