RedFoxtrot Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en138
zh49
it6
ja4
es3

Country

us102
cn83
gb2
id2
kr2

Actors

Activities

Interest

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
2WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.220.01034CVE-2022-21664
3Liferay Portal CE JSON Payload deserialization7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.030.04571CVE-2019-16891
4Cisco ASA Command Line Interface EpicBanana/JetPlow privileges management7.87.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.02115CVE-2016-6367
5Hikvision Product Message command injection5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.030.87785CVE-2021-36260
6VMware ESXi/Workstation/Fusion vmxnet3 Virtual Network Adapter out-of-bounds write4.44.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2020-3971
7Mail Masta Plugin csvexport.php sql injection8.58.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00954CVE-2017-6095
8Apple macOS out-of-bounds4.44.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01108CVE-2020-9944
9Apple tvOS out-of-bounds4.44.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01108CVE-2020-9943
10Apple iOS/iPadOS out-of-bounds4.44.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01108CVE-2020-9943
11Microsoft Windows PGM race condition6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.070.01410CVE-2015-6126
12DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.930.04187CVE-2010-0966
13phpMyAdmin sql injection7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.04358CVE-2009-3697
14Kerio MailServer input validation7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.040.02564CVE-2011-1506
15D-Link DIR-645 Authentication getcfg.php information disclosure8.68.2$5k-$25k$0-$5kHighOfficial Fix0.000.00000
16Intel CPU Ring-0 memory corruption7.87.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.03119CVE-2012-0217
17GeniXCMS register.php sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00954CVE-2017-5574
18Google Android Qualcomm msm_dba_register_client access control6.56.3$25k-$100k$0-$5kNot DefinedOfficial Fix0.060.00885CVE-2017-8277
19Coremail Document Attachment cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.030.01055CVE-2015-6942
20LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.410.00000

IOC - Indicator of Compromise (22)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Pathname TraversalpredictiveHigh
2T1040CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74InjectionpredictiveHigh
4T1059CWE-94Cross Site ScriptingpredictiveHigh
5TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
14TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictiveHigh
15TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (77)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/app/Http/Controllers/Admin/NEditorController.phppredictiveHigh
2File/forum/away.phppredictiveHigh
3File/getcfg.phppredictiveMedium
4File/inc/lists/csvexport.phppredictiveHigh
5File/server-statuspredictiveHigh
6File/system/user/resetPwdpredictiveHigh
7File/tos/index.php?editor/fileGetpredictiveHigh
8File/uncpath/predictiveMedium
9File/var/log/nginxpredictiveHigh
10Filexxxxxxxx.xxxpredictiveMedium
11Filexxxx-xxxx.xpredictiveMedium
12Filexxxxx.xxxpredictiveMedium
13Filexxx.xpredictiveLow
14Filexxxxx/xxxxxxx.xxxpredictiveHigh
15Filexxxxxxxxx.xxxpredictiveHigh
16Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxx/xx/xxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxx.xxxpredictiveMedium
19Filexxxxxx.xxxpredictiveMedium
20Filexxx/xxxxxx.xxxpredictiveHigh
21Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
22Filexxxxx.xxxpredictiveMedium
23Filexxxxxxxxxxxxx.xxxpredictiveHigh
24Filexxxxxx.xpredictiveMedium
25Filexxxxxx/xxxxx.xpredictiveHigh
26Filexxxxx.xxxpredictiveMedium
27Filexxxxx.xxxpredictiveMedium
28Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
29Filexxxxxxxx.xxxpredictiveMedium
30Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
31Filexxxxxxxxx/xxxxxxx/xxxx/xxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
32Filexx_xxxx.xxpredictiveMedium
33Filexxxxx.xxxpredictiveMedium
34Filexxxx-xxxxxx.xpredictiveHigh
35Filexxxx_xxxxxx_xxxxxx.xxxpredictiveHigh
36Filexxxxxx.xxxpredictiveMedium
37Filexxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxxpredictiveHigh
38Filexxxxxx/xxxxxxx/xx-xx/xxxx/xxxxx.xxxpredictiveHigh
39Filexxx.xxxpredictiveLow
40Filexxxxx/xxxxxxxx.xxxpredictiveHigh
41Filexxxxxxx.xxxpredictiveMedium
42Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
43Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
44Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxx.xxxpredictiveHigh
45Libraryxxxxxxxxx/xxx-xxxxxx/xxxxxxxx.xxxpredictiveHigh
46Libraryxxx xxxxxxxxxpredictiveHigh
47ArgumentxxxxxxxxxxpredictiveMedium
48ArgumentxxxpredictiveLow
49ArgumentxxxxxxxxxxxxxxpredictiveHigh
50ArgumentxxxxxxxxpredictiveMedium
51ArgumentxxxxxxpredictiveLow
52Argumentxxxxxxx_xxpredictiveMedium
53ArgumentxxxxxxpredictiveLow
54Argumentxxxx/xxxxpredictiveMedium
55ArgumentxxxxxxxxxxxxxpredictiveHigh
56ArgumentxxxxxpredictiveLow
57ArgumentxxxxpredictiveLow
58ArgumentxxxxxxxxpredictiveMedium
59ArgumentxxxxxxxxpredictiveMedium
60ArgumentxxpredictiveLow
61ArgumentxxxxxxxxxpredictiveMedium
62Argumentxxxx_xxpredictiveLow
63Argumentxxxxx[xxxxxxx]predictiveHigh
64ArgumentxxxxxxpredictiveLow
65Argumentxxxxxx_xxxxpredictiveMedium
66Argumentxxxxxx_xxpredictiveMedium
67ArgumentxxxxxxxxpredictiveMedium
68ArgumentxxxpredictiveLow
69ArgumentxxxxxxxxxxxpredictiveMedium
70ArgumentxxxpredictiveLow
71Argumentxxxx-xxxxxxxxpredictiveHigh
72Argumentxxxxxxxx/xxxxpredictiveHigh
73Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
74Input Value/xxxxxx/..%xxpredictiveHigh
75Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
76Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
77Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!