Redaman Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en136
zh12
pl9
fr6
de4

Country

us83
cn24
ru17
pl15
ag12

Actors

Redaman62
PakistanChatMessenger25
TA50521
APT2812
Patchwork10

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Product

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.62CVE-2016-6210
2FiberHome HG2201T downloadfile.cgi path traversal7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-17187
3Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.69CVE-2014-4078
4Apple iOS/iPadOS IOMobileFrameBuffer memory corruption7.87.2$25k-$100k$5k-$25kFunctionalOfficial Fix0.00CVE-2022-22587
5Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
6PHPX auth.inc.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.04CVE-2005-3968
7Select2 cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2016-10744
8CherryPy sessions.py _get_file_path path traversal7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2008-0252
9WordPress Thumbnail input validation7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.03CVE-2018-1000773
10IBM HTTP Server memory corruption6.36.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.03CVE-2015-4947
11Fishcart upstnt.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.03
12TablePress xml external entity reference5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2017-10889
13Salutation Responsive WordPress + BuddyPress Theme Stored cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2017-1000227
14PHP socket_connect memory corruption7.36.9$5k-$25k$0-$5kProof-of-ConceptNot Defined0.03CVE-2011-1938
15Oracle WebLogic Server Core Components Remote Code Execution9.89.4$100k and more$25k-$100kNot DefinedOfficial Fix0.03CVE-2021-2108
16Real Time Logic BarracudaDrive File Permission bd.exe privileges management8.38.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.03CVE-2020-23834
17Microsoft Exchange Server Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.07CVE-2022-23277
18D-Link Router alpha_auth_check access control9.88.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2013-6026
19GNU gzip path traversal5.44.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2005-1228
20SonicWALL Secure Remote Access cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-20028

IOC - Indicator of Compromise (74)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsConfidence
135.216.85.217217.85.216.35.bc.googleusercontent.comRedamanMedium
235.216.185.203203.185.216.35.bc.googleusercontent.comRedamanMedium
354.151.91.200ec2-54-151-91-200.us-west-1.compute.amazonaws.comRedamanMedium
454.151.172.105ec2-54-151-172-105.ap-southeast-1.compute.amazonaws.comRedamanMedium
559.149.85.217059149085217.ctinets.comRedamanHigh
659.149.171.48059149171048.ctinets.comRedamanHigh
769.5.100.66dynamic-69-5-100-66.molalla.netRedamanHigh
869.5.172.104RedamanHigh
972.50.91.200adsl-72-50-91-200.prtc.netRedamanHigh
1072.50.185.234mca-e-72-50-185-234.resnet.wvu.eduRedamanHigh
1178.108.216.39mail.saity.infoRedamanHigh
1285.217.59.149adsl-85-217-59-149.kotinet.comRedamanHigh
1385.217.94.156RedamanHigh
1485.217.170.51RedamanHigh
1585.217.171.48RedamanHigh
16XX.XXX.XX.Xxx-xxx-xx-x.xxxxxxx.xxx.xxXxxxxxxHigh
17XX.XXX.XX.XXXXxxxxxxHigh
18XX.XXX.XXX.XXxx-xxxxxx.xxxxx.xxXxxxxxxHigh
19XX.XXX.XXX.XXXxxxxxx.xxXxxxxxxHigh
20XX.XXX.XXX.XXXxxxxxxxxxxxxxxxx.xxXxxxxxxHigh
21XX.XXX.XXX.XXXxxxx.xxxxxxxxxxxxxxx.xxxxXxxxxxxHigh
22XX.XXX.XXX.XXXxxxxxxHigh
23XX.XXX.XXX.XXXxxxxxx.xxxxxxxxx.xxXxxxxxxHigh
24XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxx.xxXxxxxxxHigh
25XX.XXX.XXX.XXXxxxxXxxxxxxHigh
26XX.XXX.XX.XXXXxxxxxxHigh
27XX.XXX.XXX.XXXxxxxxxHigh
28XXX.XX.XX.XXXXxxxxxxHigh
29XXX.XXX.XX.XXXXxxxxxxHigh
30XXX.XXX.XX.XXXXxxxxxxHigh
31XXX.XXX.XXX.XXXXxxxxxxHigh
32XXX.XXX.XX.XXXXxxxxxxHigh
33XXX.XXX.XX.XXXXxxxxxxHigh
34XXX.XXX.XXX.XXXXxxxxxxHigh
35XXX.XXX.XXX.XXXxxxxxxHigh
36XXX.XXX.XX.XXXXxxxxxxHigh
37XXX.XXX.XXX.XXXXxxxxxxHigh
38XXX.XX.XX.XXXXxxxxxxHigh
39XXX.XXX.XX.XXXXxxxxxxHigh
40XXX.XX.XXX.XXXXxxxxxxHigh
41XXX.XX.XX.XXXxxxx-xx-xx-xxx.xxx.xxxx.xx.xxxxx.xx.xxXxxxxxxHigh
42XXX.XX.XXX.XXxxxx-xx-xxx-xx.xxx.xxxx.xx.xxxxx.xx.xxXxxxxxxHigh
43XXX.XX.XX.XXXXxxxxxxHigh
44XXX.XX.XXX.XXXXxxxxxxHigh
45XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxx.xxxx.xx.xxXxxxxxxHigh
46XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxx.xxxx.xx.xxXxxxxxxHigh
47XXX.XXX.XXX.XXXxxxxxxxx.xxx.xxxxxx.xxXxxxxxxHigh
48XXX.XXX.XXX.XXXxxxxxxHigh
49XXX.XX.XX.XXXxxxxxxx.xxx-xx-xx.xxxxx.xxx.xxXxxxxxxHigh
50XXX.XX.XXX.XXXxxxxxxx.xxx-xx-xxx.xxxxxx.xxx.xxXxxxxxxHigh
51XXX.XX.XXX.XXXXxxxxxxHigh
52XXX.XXX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxxxHigh
53XXX.XXX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxxxHigh
54XXX.XXX.XX.Xxxx-xxx-xx-x.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxHigh
55XXX.XXX.XXX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxxxxHigh
56XXX.XXX.XX.XXXXxxxxxxHigh
57XXX.XXX.XXX.XXXXxxxxxxHigh
58XXX.XXX.XXX.XXxxxxxx.xxx-xx.xxxXxxxxxxHigh
59XXX.XXX.XXX.XXXxxxxxxHigh
60XXX.XXX.XXX.XXxxxxxx.xxx-xx.xxxXxxxxxxHigh
61XXX.XXX.XXX.XXXxxxxxxHigh
62XXX.XXX.XXX.XXXxxxxxx.xxXxxxxxxHigh
63XXX.XXX.XXX.XXXxxxxx.xxxxxxxxx.xxxXxxxxxxHigh
64XXX.XXX.XXX.XXXxxxxx.xxxxxxxxx.xxxXxxxxxxHigh
65XXX.XXX.XX.XXxxxx.xxxxxxxxxxx.xxXxxxxxxHigh
66XXX.XXX.XXX.XXXXxxxxxxHigh
67XXX.XXX.XX.XXXXxxxxxxHigh
68XXX.XXX.XXX.XXxxxxxxxxx.xxxXxxxxxxHigh
69XXX.XX.XX.XXXxxxxxxHigh
70XXX.XX.XXX.XXXXxxxxxxHigh
71XXX.XX.XX.XXXXxxxxxxHigh
72XXX.XX.XXX.XXXxxxxxxHigh
73XXX.XX.XX.XXXXxxxxxxHigh
74XXX.XX.XXX.XXXxxxxxxHigh

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingHigh
2TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxHigh
3TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxHigh

IOA - Indicator of Attack (75)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/sqfs/bin/sccdHigh
2File/var/WEB-GUI/cgi-bin/downloadfile.cgiHigh
3File/wp-content/plugins/updraftplus/admin.phpHigh
4Fileadmin.phpMedium
5Fileadmin/google_search_console/class-gsc-table.phpHigh
6Fileajax.phpMedium
7Fileakocomments.phpHigh
8Fileauth.inc.phpMedium
9Filebgpd/bgp_aspath.cHigh
10Filecmd.phpLow
11Filexxxxxx.xxxMedium
12Filexxxx.xxxxxMedium
13Filexxxxxxx.xxxMedium
14Filexxxx/xxxxxxxxxxxxxxx.xxxHigh
15Filexxxxxxx.xxxxMedium
16Filexxxxxx.xxxMedium
17Filexxxx_xxxxxxxx_xxxxxxxxx.xHigh
18Filexxx.xLow
19Filexxxxxx-xxxxxxx-xxxxxxxx.xxxHigh
20Filexxxxxxxxx.xxxHigh
21Filexxx/xxxxx/xxxxx_xxxx_xxxxxxxxx.xxxHigh
22Filexxxxx.xxxMedium
23Filexxxx.xxxMedium
24Filexxxxxxxxxxx/xxxxxxxxx/xxxxxxxxx/xxxxxxx/xxxxxx.xxxHigh
25Filexx.xxxxxxxxxx.xxxxHigh
26Filexxx/xxxx/xxxxxxxxx/xx_xxx_xxxx_xxxxx_xxxx.xHigh
27Filexxx/xxx/xxx.xHigh
28Filexxxx.xxxMedium
29Filexxxxxxx_xxxx.xxxHigh
30Filexxxxxx.xxxMedium
31Filexxxxxxx_xxxxxx.xxxHigh
32Filexxxxxx.xxxMedium
33Filexxxx.xxxMedium
34Filexxxxxxxxxxx%\xx\xx.xxxHigh
35Filexxx.xxxLow
36Filexxxxxxxxx.xxxHigh
37Filexxxxxx.xxxMedium
38Filexxxx.xxxxxxxxx.xxxHigh
39Filexxxx/xxxx/xxxxx.xxxHigh
40Filexxxxxxxxxxxx.xxxHigh
41Filexxxxxxx.xxxMedium
42Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxHigh
43Filexx-xxxxxxxxxxx.xxxHigh
44Libraryxxxxx/xxxxxxxxx/xxxx.xxxxxxxxx.xxxHigh
45Libraryxxx/xxxxxxxx.xxHigh
46Argument$_xxxxxxx['xxxx']High
47Argument-xLow
48ArgumentxxxLow
49Argumentxxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:High
50ArgumentxxxxxxLow
51ArgumentxxxLow
52ArgumentxxxxxLow
53ArgumentxxxxxLow
54ArgumentxxxxxxxxMedium
55ArgumentxxLow
56Argumentxxxx_xxLow
57ArgumentxxxxLow
58Argumentxxxxxxxxx_xxxxxxxx_xxxxHigh
59ArgumentxxxxLow
60Argumentxxxx_xxxxMedium
61ArgumentxxxxxxLow
62Argumentxxxxxx_xxxx/xxxxxx_xxxxxHigh
63ArgumentxxxxxxxxMedium
64ArgumentxxxxxxxxMedium
65ArgumentxxxLow
66ArgumentxxxxxxxxMedium
67ArgumentxxxxxLow
68ArgumentxxxLow
69ArgumentxxxxxxxxMedium
70ArgumentxxxxxxxxMedium
71Input Value..Low
72Input ValuexxxxxxLow
73Input Valuexxxxxx_xxxxxxxxxxxxxxxxxxxxxxxHigh
74Network Portxxx/xxxxMedium
75Network Portxxx/xxxxxMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!