RedEnergy Analysisinfo

IOB - Indicator of Behavior (218)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en214
de4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

STOPzilla AntiMalware8
Mozilla Firefox6
Apache2Triad6
Microsoft Internet Explorer4
Adobe Acrobat Reader4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Apache2Triad session fixiation8.07.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.010070.00CVE-2017-12965
2Apache2Triad users.php cross site scripting5.25.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.001930.00CVE-2017-12971
3Ensim WEBppliance access control5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.004110.00CVE-2002-2344
4Apache2Triad users.php cross-site request forgery6.56.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.007730.00CVE-2017-12970
5Web2py information disclosure6.46.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.006260.00CVE-2016-4806
6Splunk Enterprise splunk-launch.conf access control7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.000420.03CVE-2017-18348
7Oracle Java SE Networking information disclosure5.95.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.006350.00CVE-2016-5597
8Microsoft IIS uncpath cross site scripting5.25.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.004830.28CVE-2017-0055
9IBM AIX WebSM denial of service5.35.0$5k-$25kCalculatingProof-of-ConceptNot Defined0.007670.00CVE-2007-2995
10Fleugel myu-s cross site scripting4.34.3$0-$5kCalculatingNot DefinedNot Defined0.002200.00CVE-2012-5186
11webpagetest index.php cross site scripting5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.000980.00CVE-2017-6538
12webpagetest viewtest.php cross site scripting5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.000980.00CVE-2017-6541
13BACnet Protocol Stack bacserv Daemon bacdcode.c out-of-bounds6.46.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.075570.03CVE-2019-12480
14Revive Adserver CSRF Protection redirect5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001810.05CVE-2020-8143
15Nagios MagpieRSS fetch access control8.58.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.262690.00CVE-2016-9565
16NGSEC StackDefender ZwProtectVirtualMemory denial of service5.34.6$0-$5k$0-$5kUnprovenOfficial Fix0.001320.00CVE-2004-0766
17Intel Graphics Driver Content Protection HECI Service type conversion6.56.2$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000740.00CVE-2017-5717
18Libssh2 packet.c integer overflow7.27.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004040.04CVE-2019-17498
19Apple Mac OS X CoreCapture null pointer dereference8.37.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.006340.00CVE-2016-1803
20IBM QRadar SIEM improper authentication7.77.7$5k-$25k$5k-$25kNot DefinedNot Defined0.000880.00CVE-2019-4210

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
151.68.11.192ftp.cluster003.hosting.ovh.netRedEnergy06/23/2023verifiedMedium

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (67)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File$SPLUNK_HOME/etc/splunk-launch.confpredictiveHigh
2File/employee.htmlpredictiveHigh
3File/phppath/phppredictiveMedium
4File/uncpath/predictiveMedium
5Fileadd_headers.phppredictiveHigh
6Fileadmin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=userpredictiveHigh
7Fileadmin/mcart_xls_import.phppredictiveHigh
8Filebacdcode.cpredictiveMedium
9Filexxxxxxxx_xxxx.xxxpredictiveHigh
10Filexxx.xpredictiveLow
11Filexxxxxxxx.xxxpredictiveMedium
12Filexxxxx/xxxxxxx.xxpredictiveHigh
13Filexxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxxxxx.xxxpredictiveMedium
15Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxx.xpredictiveLow
17Filexxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxx.xxxpredictiveMedium
19Filexxx/xxx/xxx.xpredictiveHigh
20Filexxxxxx.xpredictiveMedium
21Filexxxx/xxxxxxxxx.xxxpredictiveHigh
22Filexxxxxxxx/xxxxx.xxxpredictiveHigh
23Filexxxxx.xxxpredictiveMedium
24Filexxxxxx_xxxx.xxxpredictiveHigh
25Filexxxxxx/xxxxxxxx.xxxxpredictiveHigh
26Filexxxx.xxxpredictiveMedium
27Filexxxxxxx.xxpredictiveMedium
28Filexxx.xxxxxxxx.xxxpredictiveHigh
29Filexxxxxxxxxxx-xxxxxx/xxx/xxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
30Filexxxxxxxxxxx-xxxxxx/xxx/xxxxxxxxxx/xxxx.xxxpredictiveHigh
31Filexxxxxxxxxxx-xxxxxx/xxx/xxxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
32Filexxxxxxxxxxx-xxxxxx/xxx/xxxxxxxxxx/xxxxx.xxxpredictiveHigh
33Libraryxxxxxx.xxxpredictiveMedium
34Libraryxxxxxx.xxxpredictiveMedium
35Libraryxxxxxxxxxxxxxx_xx.xxxpredictiveHigh
36Libraryxxxxxxx.xxxpredictiveMedium
37Libraryxxxxxx.xxxpredictiveMedium
38Libraryxxx.xxxpredictiveLow
39Libraryxxxxxxxx.xxxpredictiveMedium
40ArgumentxxxxxxxpredictiveLow
41ArgumentxxxxxxxxxxxpredictiveMedium
42ArgumentxxxxxxxxxpredictiveMedium
43Argumentxxxxxxxxx/xxxxpredictiveHigh
44ArgumentxxxxxxpredictiveLow
45ArgumentxxxxxxxpredictiveLow
46ArgumentxxxxxxxxpredictiveMedium
47Argumentxxxxx_xxxxpredictiveMedium
48ArgumentxxxxpredictiveLow
49ArgumentxxxxxxxxpredictiveMedium
50Argumentxxxxx_xxpredictiveMedium
51ArgumentxxxxxxxxxpredictiveMedium
52ArgumentxxxxpredictiveLow
53ArgumentxxxxpredictiveLow
54ArgumentxxxxxxxxxpredictiveMedium
55ArgumentxxxpredictiveLow
56ArgumentxxxxpredictiveLow
57ArgumentxxxxxxxxxxpredictiveMedium
58ArgumentxxxxxxxxxxxxpredictiveMedium
59ArgumentxxxxxpredictiveLow
60Argumentxxx_xxxxxx_xxxxxxx_xx_xxxpredictiveHigh
61Input Value..predictiveLow
62Input Value<xxxxxxxx>.predictiveMedium
63Input Valuexxxx -xpredictiveLow
64Input Valuexxxxx ?????????????????? ? ?x ? ? ?predictiveHigh
65Pattern|xx xx|predictiveLow
66Network Portxxx/xx (xxxxxx)predictiveHigh
67Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!