RedEcho Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en596
zh382
ja6
ko4
sv4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

HK: Hong Kong950
CN: China28
US: USA18
CF: Central African Republic2
KR: South Korea2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

RedEcho9
Indexsinas1
Sanyo1
Kimsuky1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined308
Web Browser68
Operating System46
Firewall Software34
Router Operating System28

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined216
Microsoft70
Google58
Apache52
Oracle30

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome56
Microsoft Windows36
Tuxera ntfs-3g20
Apple iOS16
Apache HTTP Server14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.01CVE-2020-12440
2Apple iOS/iPadOS IOSurfaceAccelerator out-of-bounds write8.28.0$25k-$100k$5k-$25kHighOfficial Fix0.003770.04CVE-2023-28206
3D-Link DIR-645 Interface Wireless command injection9.39.1$5k-$25k$0-$5kHighOfficial Fix0.971880.00CVE-2015-2051
4Symantec Gateway ipchange.php exec access control8.88.4$5k-$25k$0-$5kHighOfficial Fix0.972690.05CVE-2012-0297
5Fortinet FortiOS/FortiProxy Administrative Interface authentication bypass9.89.7$25k-$100k$5k-$25kHighOfficial Fix0.973920.03CVE-2022-40684
6Palo Alto PAN-OS GlobalProtect Portal stack-based overflow9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.002420.05CVE-2021-3064
7NVIDIA Omniverse Kit Create/Audio2Face/Isaac Sim/View/Code/Machinima injection8.38.3$0-$5k$0-$5kNot DefinedNot Defined0.000770.05CVE-2022-42268
8Oracle Banking Digital Experience Framework Remote Code Execution8.38.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.013160.00CVE-2021-2351
9Moment Module Regular Expression resource consumption6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002380.05CVE-2017-18214
10Apache HTTP Server mod_proxy input validation7.36.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.964970.05CVE-2014-0117
11Fortinet FortiOS sslvpnd heap-based overflow9.89.7$0-$5k$0-$5kHighOfficial Fix0.321170.03CVE-2022-42475
12Apache Ambari pathname traversal6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001410.04CVE-2020-13924
13OpenSSL AES OCB Mode missing encryption4.54.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.003660.07CVE-2022-2097
14Cisco ASA/Firepower Threat Defense DNS Inspection resource consumption8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.001370.05CVE-2022-20760
15Apple iOS/iPadOS Kernel out-of-bounds write7.87.5$25k-$100k$5k-$25kHighOfficial Fix0.000620.04CVE-2022-32917
16Microsoft Windows Support Diagnostic Tool Follina external reference7.47.3$25k-$100k$0-$5kHighWorkaround0.960790.04CVE-2022-30190
17Apache Log4j Incomplete Fix CVE-2021-44228 deserialization7.17.0$5k-$25k$0-$5kHighOfficial Fix0.974060.07CVE-2021-45046
18Google Chrome Profiles use after free7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.002360.04CVE-2023-5472
19IEEE 802.11 Packet Routing authentication spoofing5.04.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.000660.05CVE-2022-47522
20PHP IMAP mb_send_mail unknown vulnerability5.45.1$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000860.05CVE-2006-1014

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • India Power Grid

IOC - Indicator of Compromise (39)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
114.43.108.22RedEchoIndia Power Grid04/29/2022verifiedMedium
227.255.92.83RedEcho05/31/2021verifiedLow
327.255.94.21RedEcho05/31/2021verifiedLow
427.255.94.29RedEcho05/31/2021verifiedLow
559.10.140.47RedEchoIndia Power Grid04/29/2022verifiedMedium
659.127.10.13259-127-10-132.hinet-ip.hinet.netRedEchoIndia Power Grid04/29/2022verifiedMedium
761.74.255.16RedEchoIndia Power Grid04/29/2022verifiedMedium
8101.78.177.227RedEcho05/31/2021verifiedLow
9XXX.XX.XXX.XXXXxxxxxx05/31/2021verifiedLow
10XXX.XX.XXX.XXXXxxxxxx05/31/2021verifiedLow
11XXX.XXX.XXX.XXXxxxxxxXxxxx Xxxxx Xxxx04/29/2022verifiedMedium
12XXX.XX.XX.XXxxx-xx-xx-xx.xxxxx-xx.xxxxx.xxxXxxxxxxXxxxx Xxxxx Xxxx04/29/2022verifiedMedium
13XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxx-xx.xxxxx.xxxXxxxxxxXxxxx Xxxxx Xxxx04/29/2022verifiedMedium
14XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxx-xx.xxxxx.xxxXxxxxxxXxxxx Xxxxx Xxxx04/29/2022verifiedMedium
15XXX.XXX.XXX.XXXXxxxxxxXxxxx Xxxxx Xxxx04/29/2022verifiedMedium
16XXX.XXX.XXX.XXXXxxxxxxXxxxx Xxxxx Xxxx04/29/2022verifiedMedium
17XXX.XXX.XXX.XXXXxxxxxxXxxxx Xxxxx Xxxx04/29/2022verifiedMedium
18XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxx-xx.xxxxx.xxxXxxxxxxXxxxx Xxxxx Xxxx04/29/2022verifiedMedium
19XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxx-xx.xxxxx.xxxXxxxxxxXxxxx Xxxxx Xxxx04/29/2022verifiedMedium
20XXX.XXX.XXX.XXXxxxxxxXxxxx Xxxxx Xxxx04/29/2022verifiedMedium
21XXX.XXX.XXX.XXXXxxxxxxXxxxx Xxxxx Xxxx04/29/2022verifiedMedium
22XXX.XXX.XXX.XXXXxxxxxxXxxxx Xxxxx Xxxx04/29/2022verifiedMedium
23XXX.XXX.XXX.XXXXxxxxxxXxxxx Xxxxx Xxxx04/29/2022verifiedMedium
24XXX.XXX.XXX.XXXXxxxxxx05/31/2021verifiedLow
25XXX.XXX.XXX.XXXXxxxxxxXxxxx Xxxxx Xxxx04/29/2022verifiedMedium
26XXX.XX.XX.XXXXxxxxxx05/31/2021verifiedLow
27XXX.XXX.XXX.XXXXxxxxxxXxxxx Xxxxx Xxxx04/29/2022verifiedMedium
28XXX.XXX.XXX.XXXXxxxxxxXxxxx Xxxxx Xxxx04/29/2022verifiedMedium
29XXX.XXX.XX.XXxxxxxx.xxxxxxx.xxx.xxx.xxXxxxxxx05/31/2021verifiedLow
30XXX.XXX.XX.XXxxxxxx.xxxxxxx.xxx.xxx.xxXxxxxxx05/31/2021verifiedLow
31XXX.XXX.XX.XXxxxxxx.xxxxxxx.xxx.xxx.xxXxxxxxx05/31/2021verifiedLow
32XXX.XXX.XX.XXxxxxxx.xxxxxxx.xxx.xxx.xxXxxxxxx05/31/2021verifiedLow
33XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxx-xx.xxxxx.xxxXxxxxxxXxxxx Xxxxx Xxxx04/29/2022verifiedMedium
34XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxx-xx.xxxxx.xxxXxxxxxxXxxxx Xxxxx Xxxx04/29/2022verifiedMedium
35XXX.XXX.XXX.XXXxxxxxx05/31/2021verifiedLow
36XXX.XXX.XXX.XXXxxxxxx05/31/2021verifiedLow
37XXX.XXX.XXX.XXXXxxxxxx05/31/2021verifiedLow
38XXX.XXX.XXX.XXXXxxxxxx05/31/2021verifiedLow
39XXX.XXX.XXX.XXXXxxxxxx05/31/2021verifiedLow

TTP - Tactics, Techniques, Procedures (26)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23, CWE-24, CWE-425Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6T1068CAPEC-104CWE-250, CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
7TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
12TXXXXCAPEC-CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
13TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
14TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-466CWE-XXX, CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-220CWE-XXXXxxxxxxxx XxxxxxxxxpredictiveHigh
20TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
21TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
22TXXXX.XXXCAPEC-459CWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
23TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
24TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
25TXXXX.XXXCAPEC-CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
26TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (221)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/?g=net_pro_keyword_import_savepredictiveHigh
2File/admin-panel1.phppredictiveHigh
3File/admin/academic/studenview_left.phppredictiveHigh
4File/admin/ajax.phppredictiveHigh
5File/admin/ajax.php?action=confirm_orderpredictiveHigh
6File/admin/controller/JobLogController.javapredictiveHigh
7File/admin/login.phppredictiveHigh
8File/ad_js.phppredictiveMedium
9File/alerts/alertConfigField.phppredictiveHigh
10File/api/blade-log/api/listpredictiveHigh
11File/api/v1/terminal/sessions/?limit=1predictiveHigh
12File/cgi-bin/nas_sharing.cgipredictiveHigh
13File/config/myfield/test.phppredictiveHigh
14File/context/%2e/WEB-INF/web.xmlpredictiveHigh
15File/core/conditions/AbstractWrapper.javapredictiveHigh
16File/data/removepredictiveMedium
17File/debug/pprofpredictiveMedium
18File/etc/passwdpredictiveMedium
19File/face-recognition-php/facepay-master/camera.phppredictiveHigh
20File/forms/doLoginpredictiveHigh
21File/fuel/index.php/fuel/logs/itemspredictiveHigh
22File/fuel/index.php/fuel/pages/itemspredictiveHigh
23File/goform/aspFormpredictiveHigh
24File/image_zoom.phppredictiveHigh
25File/include/config.cache.phppredictiveHigh
26File/index.phppredictiveMedium
27File/mkshop/Men/profile.phppredictiveHigh
28File/param.file.tgzpredictiveHigh
29File/xxx/xxxxxxxxxxxx.xxxpredictiveHigh
30File/xxxxxxxpredictiveMedium
31File/xxxxx/predictiveLow
32File/xxxxxx/xxxxxxx/predictiveHigh
33File/xxxx/xxx/x/xxxxxxpredictiveHigh
34File/xxxx/xxx/xxxxxx/xxxxxxxxxxxxxxx/xxxpredictiveHigh
35File/xxxxxxx/xxxxxxxx.xxxpredictiveHigh
36File/xxxpredictiveLow
37File/xxxxxxx/predictiveMedium
38File/xxxxxxpredictiveLow
39File/xxx/xxx/xxxxxxpredictiveHigh
40File/xxxxx/xxxxxxxxxxxxxxpredictiveHigh
41File/xx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
42File/xxx-xxx-xxxxx/xxxxxxxpredictiveHigh
43Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
44Filexxxxxx/xxxx/xxxxxx.xxxxpredictiveHigh
45Filexxxxx.xxxpredictiveMedium
46Filexxxxx/xxxxxx/xxx/xxxxxxxx.xxpredictiveHigh
47Filexxx_xxxxxx_xxxxxx.xxxpredictiveHigh
48Filexxxx/xxxxxxxxx.xxxpredictiveHigh
49Filexxx_xxxxxxx.xxxpredictiveHigh
50Filexxxxxx.xxxpredictiveMedium
51Filexxx_xxxxxxx_xxxxxxxxxxxx/.xxxx-xxxxx/xxxx-xxxxxxxxxpredictiveHigh
52Filexxxxxxxxxxxxxx.xxxpredictiveHigh
53Filexxxxxx.xpredictiveMedium
54Filexxxx_xxxx_xx.xxpredictiveHigh
55Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
56Filexxx_xxxx_xxxx.xpredictiveHigh
57Filexxx_xxxxxxxxxxx_xxx.xxxpredictiveHigh
58Filexxx.xxxpredictiveLow
59Filexxxxxxxx/xxxx_xxxx.xpredictiveHigh
60Filexxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
61Filexxxxxxx.xxxpredictiveMedium
62Filexxxxxxx_xxxx.xxxpredictiveHigh
63Filexxxx/xxxxx.xxxxxxxxpredictiveHigh
64Filexxxxxx.xxxpredictiveMedium
65Filexxxxxxxxx.xxxxxxx.xxxpredictiveHigh
66Filexxxxxxx/predictiveMedium
67Filexxxxxxxxxx/xxxx.xxxpredictiveHigh
68Filexxxxxx/xx/xx_xxxxx.xpredictiveHigh
69Filexxxxxx/xxxx/xxxxxxxx.xpredictiveHigh
70Filexxxxxx/xxxxxxx/xxx_xxx.xpredictiveHigh
71Filexxxxxxxxxx.xpredictiveMedium
72Filexxxxxxx.xxxxx.xxxpredictiveHigh
73Filexxxxxxx/xxxx/xxxxx/xxxxx_xxxx.xpredictiveHigh
74Filexxxxxxx/xxx/xxx/xxx/xxxx_xxx.xpredictiveHigh
75Filexxxxxxx/xxxxx/xxxxx/xxxxxxx.xpredictiveHigh
76Filexx/xxxxx/xxxxxxx.xpredictiveHigh
77Filexxxx/xxxxxxx/xxxx/xxxxxxxxxxx/xxxxx.xxxpredictiveHigh
78Filexxxxx/xxxxx.xxpredictiveHigh
79Filexxxx.xpredictiveLow
80Filexxxxx.xxxpredictiveMedium
81Filexxxxx.xxx/xxxxxxx/xxxxx/xxxxxpredictiveHigh
82Filexxxxx.xxx/xxxxxxx/xxxxx/xxxxxxxxxpredictiveHigh
83Filexxxxx.xxx/xxxxxxx/xxxx/xxxxxxxxxxxpredictiveHigh
84Filexxxxx.xxx/xxxxxxx/xxxx/xxxxxpredictiveHigh
85Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHigh
86Filexxxxx.xxx?x=/xxxx/xxxxxxxxxxxx/xxxxxxxpredictiveHigh
87Filexxxxx.xxx?x=/xxxx/xxxxxxxxxxxx/xxxxxxxxpredictiveHigh
88Filexxxxxxx.xpredictiveMedium
89Filexxxxxx.xpredictiveMedium
90Filexxxxxxxxxxxxxx.xxxpredictiveHigh
91Filexxxxxxx/xxx_xxx.xpredictiveHigh
92Filexxxxx.xxxpredictiveMedium
93Filexxx-xxxxxxxx/xxxx.xxxpredictiveHigh
94Filexxxxxxxxxxx.xxxpredictiveHigh
95Filexxxxxxxx_xxxx.xxxpredictiveHigh
96Filexxxxxxx/xxxxx/xx_xxxxxx.xpredictiveHigh
97Filexxx_xxxxx.xpredictiveMedium
98Filexxx/xxxx/xxxxxx.xpredictiveHigh
99Filexxx_xxxxxxxx.xpredictiveHigh
100Filexxx_xxxx.xpredictiveMedium
101Filexxx.xpredictiveLow
102Filexx/xxxxpredictiveLow
103Filexx_xxx.xpredictiveMedium
104Filexxxxxxxx/xxxxxx-xxxxx/xxxxxxxxxxx/xxxx.xxpredictiveHigh
105Filexxxxxxxxxx.xxpredictiveHigh
106Filexxxxxxx.xxxpredictiveMedium
107Filexxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
108Filexxxxx/xxxxxxx.xpredictiveHigh
109Filexxxxxxxxxx.xxxpredictiveHigh
110Filexxxx\xxxxxxx\xxxxxxx\xxxxxxxx_xxxxxx.xxxpredictiveHigh
111Filexxxxxxxxxx.xxpredictiveHigh
112Filexxxxxxxx-xxx-xxxxxx.xpredictiveHigh
113Filexxxx_xxx_xx.xpredictiveHigh
114Filexxxx-xxx/xxxxxxxx.xxxpredictiveHigh
115Filexxxxxxxxxx_xxxxpredictiveHigh
116Filexxxxxx.xxpredictiveMedium
117Filexxxxx.xxxpredictiveMedium
118Filexxxx/xxxxxx.xxxpredictiveHigh
119Filexxx_xxxx.xpredictiveMedium
120Filexxx_xxxx.xpredictiveMedium
121Filexx/xxx.xpredictiveMedium
122Filexxxxxx.xxxpredictiveMedium
123Filexxxxxx-xxxx.xxxpredictiveHigh
124Filexxxxxxxx/xxxxxxxxpredictiveHigh
125Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
126Filexxxxxxxx/predictiveMedium
127Filexxxxxx-xxxxx.xxxpredictiveHigh
128Filexxx.xxxxpredictiveMedium
129Filexxxxxxx/xxxx/xxx/xxxx.xxxpredictiveHigh
130Filexxxxxx.xxxpredictiveMedium
131Filexxxxx/xxxxxxxxpredictiveHigh
132Filexxxxxxxx.xpredictiveMedium
133File~/xxxxx-xxxxx.xxxpredictiveHigh
134File~/xxxxxx-xxxx.xxxpredictiveHigh
135File~/xxxxx-xxxxxxxx.xxxpredictiveHigh
136File~/xxxxxx-xxxxx.xxxpredictiveHigh
137File~/xxxxxxxxxxxxx-xxxxxxxxxxxxxx.xxxpredictiveHigh
138File~/xxx/xxxxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
139File~/xxxxxxx-xxxxxxx-xxxxxx.xxxpredictiveHigh
140File~/xxxx-xxxxxxxxxx-xxxxx.xxxpredictiveHigh
141File~/xxxx/xxxxxxxxxx.xxxpredictiveHigh
142File~/xxxxx/xxxxxxxxxxxxx.xxxx.xxxpredictiveHigh
143Libraryxxxxxxx.xxxpredictiveMedium
144Libraryxxxxx.xxxpredictiveMedium
145Libraryxxxxxx.xxxpredictiveMedium
146Libraryxxx/xxxxxxx/xxxxxxxxx.xxxpredictiveHigh
147Libraryxxx/xxxx/xxxxxxxxxx.xxpredictiveHigh
148Libraryxxxxxxxxxxx.xpredictiveHigh
149Libraryxxxxxx.xxxpredictiveMedium
150Libraryxxxxxxxx.xxxpredictiveMedium
151Argument$_xxxxxx["xxx_xxxx"]predictiveHigh
152ArgumentxxxxxxpredictiveLow
153Argumentxxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:predictiveHigh
154Argumentxxx/xxxxpredictiveMedium
155Argumentxxx_xxxxx_xxxxpredictiveHigh
156ArgumentxxxxxxpredictiveLow
157ArgumentxxxxxxxxxxxxxpredictiveHigh
158Argumentxxxx_xxxxxpredictiveMedium
159Argumentxxx_xxx[]predictiveMedium
160Argumentxxxxxxxx_xxxxpredictiveHigh
161ArgumentxxxpredictiveLow
162ArgumentxxxxxxpredictiveLow
163Argumentxxxxxxxxx xxxxpredictiveHigh
164Argumentxxxxxxx-xxxxxxpredictiveHigh
165ArgumentxxxxxxxxxxpredictiveMedium
166ArgumentxxxxxpredictiveLow
167ArgumentxxxxxxxxpredictiveMedium
168ArgumentxxxxxxxxxpredictiveMedium
169Argumentxx_xxxxx_xxpredictiveMedium
170Argumentxxxxxxxx/xxxxxxx/xxxxxpredictiveHigh
171ArgumentxxxxxxxxxxxxpredictiveMedium
172ArgumentxxxxxxxxxxxxxxxxxxxpredictiveHigh
173ArgumentxxxxxxxxpredictiveMedium
174ArgumentxxpredictiveLow
175ArgumentxxxpredictiveLow
176Argumentxx_xxxxxxx_xxxxpredictiveHigh
177Argumentxxxx_xxxxxxpredictiveMedium
178Argumentxx_xxxxxxpredictiveMedium
179ArgumentxxxxpredictiveLow
180Argumentxxxxxxx[xxxxxx_xxxxx]predictiveHigh
181ArgumentxxxxxxxpredictiveLow
182ArgumentxxxxxxxpredictiveLow
183ArgumentxxxxxxxxpredictiveMedium
184Argumentxxxx_xxpredictiveLow
185Argumentxxx_xx_xxxx/xxx_xx_xxxxxxxxpredictiveHigh
186Argumentxxxxxxx_xx/xxxx_xxpredictiveHigh
187ArgumentxxxpredictiveLow
188Argumentxxxxx_xxxxxxpredictiveMedium
189ArgumentxxxxxpredictiveLow
190ArgumentxxxxxxxxxxxpredictiveMedium
191ArgumentxxxxxxxpredictiveLow
192Argumentxxxxxxxx_xxxxpredictiveHigh
193ArgumentxxxxxxxxxxpredictiveMedium
194ArgumentxxxxxxxxxxxxpredictiveMedium
195ArgumentxxxxxxxxxpredictiveMedium
196ArgumentxxxxxxpredictiveLow
197ArgumentxxxxxxxxxpredictiveMedium
198ArgumentxxxpredictiveLow
199ArgumentxxxpredictiveLow
200ArgumentxxxxxxxxpredictiveMedium
201Argumentxxxxxxxx-xxxxxxxxpredictiveHigh
202Argumentxxx-xxxpredictiveLow
203ArgumentxxxpredictiveLow
204ArgumentxxxxxxpredictiveLow
205Argumentxxxx_xxxxxxxxxpredictiveHigh
206Argumentxxxxx_xxxxxxxxxx_xxxxxpredictiveHigh
207Argument_xxxxxxxxpredictiveMedium
208Input Value%xx%xxpredictiveLow
209Input Value..predictiveLow
210Input Value../predictiveLow
211Input Valuex:\xxxxx\xxxx\xxx\xxx\xxxxxxxxxx.xxxpredictiveHigh
212Input Valuex=xpredictiveLow
213Input Value[]xxxxxx{}/x["xxx"]predictiveHigh
214Input Value\xxxxxpredictiveLow
215Input Value\xxx\xxx\xxx\xxxpredictiveHigh
216PatternxxxxpredictiveLow
217Network Portxxxx/xxxxxpredictiveMedium
218Network Portxxx/xx (xxxxxx)predictiveHigh
219Network Portxxx/xxxxpredictiveMedium
220Network Portxxx/xxx (xxxx)predictiveHigh
221Network Portxxx/xxxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!