RedFoxtrot Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (712)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en620
zh66
it8
ja6
de6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us128
cn112
gb4
id2
tr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

RedFoxtrot18
Cobalt Strike5
IcedID2
Havoc1
Tropic Trooper1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined116
Operating System110
Web Browser74
Multimedia Player Software38
Content Management System30

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined120
Microsoft116
Apple78
IBM44
Google32

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows46
Google Chrome26
Microsoft Internet Explorer20
Apple iOS18
Mozilla Firefox18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.01847CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.390.00954CVE-2010-0966
3WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.070.00653CVE-2022-21664
4TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix10.000.00922CVE-2006-6168
5SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00096CVE-2023-2090
6LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable1.040.00000
7Drupal Database Connection Error Message information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00000
8Sun Java fontmanager.dll UIManager.getSystemLookAndFeelClassName memory corruption7.87.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.030.00000
9Citrix XenServer Web Self Service Management Interface Privilege Escalation6.36.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.00000
10WP Statistics Plugin class-wp-statistics-hits.php sql injection8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.070.00703CVE-2022-25149
11xrdp sesman Server integer underflow7.87.6$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00042CVE-2022-23613
12Liferay Portal CE JSON Payload deserialization7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.050.01289CVE-2019-16891
13Cisco ASA Command Line Interface EpicBanana/JetPlow privileges management7.87.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.080.97507CVE-2016-6367
14Hikvision Product Message command injection5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.030.97514CVE-2021-36260
15VMware ESXi/Workstation/Fusion vmxnet3 Virtual Network Adapter out-of-bounds write4.44.2$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00044CVE-2020-3971
16Mail Masta Plugin csvexport.php sql injection8.58.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00597CVE-2017-6095
17Apple macOS out-of-bounds4.44.2$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00077CVE-2020-9944
18Apple tvOS out-of-bounds4.44.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00077CVE-2020-9943
19Apple iOS/iPadOS out-of-bounds4.44.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.00077CVE-2020-9943
20Microsoft Windows PGM race condition6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00053CVE-2015-6126

IOC - Indicator of Compromise (22)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.32.22.22045.32.22.220.vultrusercontent.comRedFoxtrot10/12/2022verifiedHigh
245.32.146.17445.32.146.174.vultrusercontent.comRedFoxtrot10/12/2022verifiedHigh
345.76.216.6245.76.216.62.vultrusercontent.comRedFoxtrot10/12/2022verifiedHigh
445.77.178.76thematrix.devRedFoxtrot10/12/2022verifiedHigh
566.42.33.21466.42.33.214.vultrusercontent.comRedFoxtrot10/12/2022verifiedHigh
6XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx10/12/2022verifiedHigh
7XXX.XX.XXX.XXxxxxxxx-xxxx.xxxxxxxxxxxxxxxxXxxxxxxxxx10/12/2022verifiedHigh
8XXX.XXX.XXX.XXXXxxxxxxxxx10/12/2022verifiedHigh
9XXX.XXX.XXX.XXXxxxxxxxxx10/12/2022verifiedHigh
10XXX.XXX.XXX.XXXxx-xxxxxxx-xxxxxx-xxxxxxxx.xxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxxxx10/12/2022verifiedHigh
11XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx10/12/2022verifiedHigh
12XXX.XX.XXX.XXXXxxxxxxxxx10/12/2022verifiedHigh
13XXX.XXX.XXX.XXxxxxxxxxx10/12/2022verifiedHigh
14XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxx10/12/2022verifiedHigh
15XXX.XXX.XXX.XXXXxxxxxxxxx10/12/2022verifiedHigh
16XXX.XXX.XXX.XXXXxxxxxxxxx10/12/2022verifiedHigh
17XXX.XXX.XXX.XXXxxxxxxxxx10/12/2022verifiedHigh
18XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx10/12/2022verifiedHigh
19XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx10/12/2022verifiedHigh
20XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx10/12/2022verifiedHigh
21XXX.XXX.XXX.XXXXxxxxxxxxx10/12/2022verifiedHigh
22XXX.XXX.XXX.XXXxxxxxxxxxxxxxx.xxxxxXxxxxxxxxx10/12/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22, CWE-24Pathname TraversalpredictiveHigh
2T1040CWE-294, CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74InjectionpredictiveHigh
4T1059CWE-94Cross Site ScriptingpredictiveHigh
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx XxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
14TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictiveHigh
15TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
18TXXXXCWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
19TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh
20TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (184)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/maintenance/view_designation.phppredictiveHigh
2File/admin/sys_sql_query.phppredictiveHigh
3File/app/Http/Controllers/Admin/NEditorController.phppredictiveHigh
4File/cgi-bin/luci/api/wirelesspredictiveHigh
5File/forum/away.phppredictiveHigh
6File/getcfg.phppredictiveMedium
7File/group1/uploapredictiveHigh
8File/inc/lists/csvexport.phppredictiveHigh
9File/server-statuspredictiveHigh
10File/sgmi/predictiveLow
11File/system/user/resetPwdpredictiveHigh
12File/tos/index.php?editor/fileGetpredictiveHigh
13File/uncpath/predictiveMedium
14File/user/updatePwdpredictiveHigh
15File/var/log/nginxpredictiveHigh
16Fileaddentry.phppredictiveMedium
17Fileadmin-ajax.php?action=get_wdtable order[0][dir]predictiveHigh
18Fileadmin/plib/api-rpc/Agent.phppredictiveHigh
19Fileapplications/core/modules/front/system/content.phppredictiveHigh
20Fileauth-gss2.cpredictiveMedium
21FilebcbadmSettings.jsppredictiveHigh
22Filexxxxx.xxxpredictiveMedium
23Filexxx.xpredictiveLow
24Filexxxxx/xxxxxxx.xxxpredictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexxxxxxxx.xpredictiveMedium
27Filexxxxxxxxx.xxxpredictiveHigh
28Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexx.xxxpredictiveLow
30Filexxxxxxxx.xxxpredictiveMedium
31Filexxxx.xxxpredictiveMedium
32Filexx_xxxxxx.xxxpredictiveHigh
33Filexxxx/xx/xxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
34Filexxxxx.xxxpredictiveMedium
35Filexxx/xxxxxx/xxxxxx.xpredictiveHigh
36Filexxxx.xxxpredictiveMedium
37Filexxxxxxxx.xxxpredictiveMedium
38Filexxxxxxxx.xxxpredictiveMedium
39Filexx/xxxx/xxxxxxx.xpredictiveHigh
40Filexx/xxx/xxx_xxxxxxxx.xpredictiveHigh
41Filexxxxxx.xxxpredictiveMedium
42Filexxxxxxxxxx.xxxpredictiveHigh
43Filexx_xxx.xxxpredictiveMedium
44Filexxx/xxxxxx.xxxpredictiveHigh
45Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
46Filexxxxx.xxxpredictiveMedium
47Filexxxxxxxxxxxxx.xxxpredictiveHigh
48Filexx/xxx/xxxxx.xxxpredictiveHigh
49Filexxxxxx.xpredictiveMedium
50Filexxxxxx/xxxxx.xpredictiveHigh
51Filexxxxxxxxxx.xxxpredictiveHigh
52Filexxxxx.xxxpredictiveMedium
53Filexxxxx.xxxpredictiveMedium
54Filexxxxxxxxxx/xxxxxxx.xpredictiveHigh
55Filexxxx-xxxxxx.xpredictiveHigh
56Filexxxxxxxx.xxxpredictiveMedium
57Filexxx/xxxxxx.xpredictiveMedium
58Filexxx.xxxpredictiveLow
59Filexxxxxx.xpredictiveMedium
60Filexxxxxxxx.xxxpredictiveMedium
61Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
62Filexxxxxxxx.xxxpredictiveMedium
63Filexxxxxxxx.xxxpredictiveMedium
64Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
65Filexxxxxxxxx/xxxxxxx/xxxx/xxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
66Filexx_xxxx.xxpredictiveMedium
67Filexxxxxxxx.xxxpredictiveMedium
68Filexxxxxxx.xxxpredictiveMedium
69Filexxxxx.xxxpredictiveMedium
70Filexxxx-xxxxxx.xpredictiveHigh
71Filexxxx_xxxxxx_xxxxxx.xxxpredictiveHigh
72Filexxxxxx.xxpredictiveMedium
73Filexxx/xxxxxxxx/xxxx_xxxxxx.xpredictiveHigh
74Filexxxxxx.xxxpredictiveMedium
75Filexxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxxpredictiveHigh
76Filexxxxxx/xxxxxxx/xx-xx/xxxx/xxxxx.xxxpredictiveHigh
77Filexxxxxx/xxxxxxxxx/xxxxxxx.xpredictiveHigh
78Filexxxx-xxxxx.xxxpredictiveHigh
79Filexxxx-xxxxxxxx.xxxpredictiveHigh
80Filexxxxxxxx.xxxpredictiveMedium
81Filexxx.xxxpredictiveLow
82Filexxxxx/xxxxxxxx.xxxpredictiveHigh
83Filexxxxxxx.xxxpredictiveMedium
84Filexxxxxxx.xxxpredictiveMedium
85Filexxxxxx.xxxpredictiveMedium
86Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
87Filexx-xxxxx/xxxxx.xxxpredictiveHigh
88Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
89Filexx-xxxxxxxx/xxxxx.xxxpredictiveHigh
90File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxx.xxxpredictiveHigh
91Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxx.xxxpredictiveHigh
92Libraryxxxxxxxxxxx.xxxpredictiveHigh
93Libraryxxxxxxxxx/xxx-xxxxxx/xxxxxxxx.xxxpredictiveHigh
94Libraryxxxxxxxx.xxxpredictiveMedium
95Libraryxxxxxxxxxxx.xxxpredictiveHigh
96Libraryxxxxx.xxxpredictiveMedium
97Libraryxxxxxxxxxxxxxxxx.xxxpredictiveHigh
98Libraryxxx.xxxpredictiveLow
99Libraryxxxxxxx.xxxpredictiveMedium
100Libraryxxxxxxx.xxxpredictiveMedium
101Libraryxxxxxx.xxxpredictiveMedium
102Libraryxxx xxxxxxxxxpredictiveHigh
103Libraryxxxxxx/x/xxxxxxxxpredictiveHigh
104Argument$_xxx['xxxx']predictiveHigh
105Argument-xpredictiveLow
106ArgumentxxxxxxxxxxpredictiveMedium
107ArgumentxxxpredictiveLow
108ArgumentxxxxxxxxxxxxxxpredictiveHigh
109ArgumentxxxxxxxxpredictiveMedium
110ArgumentxxxxxxpredictiveLow
111Argumentxxxxxxx_xxpredictiveMedium
112ArgumentxxxxxxxxxxpredictiveMedium
113Argumentxxxxxxx_xxxxxpredictiveHigh
114ArgumentxxxxxxxxxxxpredictiveMedium
115ArgumentxxxxxxpredictiveLow
116Argumentxxxx/xxxxpredictiveMedium
117ArgumentxxxxxxxxxxxxxpredictiveHigh
118ArgumentxxxxxpredictiveLow
119ArgumentxxxxpredictiveLow
120ArgumentxxxxxxxxpredictiveMedium
121ArgumentxxxxxxxxpredictiveMedium
122Argumentxxxx:predictiveLow
123ArgumentxxpredictiveLow
124ArgumentxxpredictiveLow
125ArgumentxxxxxxxxxpredictiveMedium
126ArgumentxxpredictiveLow
127Argumentxxxx_xxpredictiveLow
128Argumentxxxxx[xxxxxxx]predictiveHigh
129ArgumentxxxxpredictiveLow
130ArgumentxxxxxxxxxxxpredictiveMedium
131ArgumentxxxpredictiveLow
132Argumentxxxxx/xxxxpredictiveMedium
133Argumentxxxxxxx/xxxxxpredictiveHigh
134ArgumentxxxxxxpredictiveLow
135Argumentxxxx_xxxpredictiveMedium
136Argumentxxxxxx_xxxxpredictiveMedium
137Argumentxxxxxxx xxxxxxpredictiveHigh
138Argumentxxx_xxpredictiveLow
139Argumentxxxx_xxxxpredictiveMedium
140ArgumentxxxxxxxxxxpredictiveMedium
141ArgumentxxxxxxpredictiveLow
142ArgumentxxxxxxxxxxpredictiveMedium
143Argumentxxxxxx_xxpredictiveMedium
144ArgumentxxxxxxxxpredictiveMedium
145ArgumentxxxpredictiveLow
146ArgumentxxxxxxxxxxpredictiveMedium
147ArgumentxxxpredictiveLow
148ArgumentxxxxxxxxxxpredictiveMedium
149ArgumentxxxxxxxxxxxpredictiveMedium
150Argumentxxxxxx xxxxxxpredictiveHigh
151ArgumentxxxpredictiveLow
152ArgumentxxxpredictiveLow
153Argumentxxxx-xxxxxxxxpredictiveHigh
154Argumentxxxxxxxx/xxxxpredictiveHigh
155ArgumentxxxxpredictiveLow
156Argumentxxxxx/xxxxx/xxxxx/xxxx/xxxxxxpredictiveHigh
157Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
158Input Value../../predictiveLow
159Input Value/xxxxxx/..%xxpredictiveHigh
160Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
161Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
162Input ValuexxxxxxpredictiveLow
163Pattern+|xx xx xx xx xx xx xx|predictiveHigh
164Pattern/xxxxx/xxxxxxx.xxxpredictiveHigh
165Pattern/xxxxxxxxxx/predictiveMedium
166Patternxxxx|xx|predictiveMedium
167PatternxxxxpredictiveLow
168PatternxxxpredictiveLow
169PatternxxxxxxxxxxxpredictiveMedium
170Patternxxxxxxx|xx xx xx xx xx|predictiveHigh
171PatternxxxxpredictiveLow
172PatternxxxxpredictiveLow
173Patternxxxxxxxxx|xx|predictiveHigh
174PatternxxxxpredictiveLow
175Patternx|xx|x|xx|_|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|predictiveHigh
176Patternxxxxxx.xxxxxxpredictiveHigh
177Patternxxxxx/xxxxxxxxxpredictiveHigh
178Pattern|xx xx xx xx|predictiveHigh
179Pattern|xx xx|predictiveLow
180Pattern|xx xx xx xx|<|xx xx xx|xxxxpredictiveHigh
181Pattern|xx|x|xx xx|predictiveMedium
182Network Portxxx/xxpredictiveLow
183Network Portxxx/xxxx (xxx)predictiveHigh
184Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!