RedLine Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en	532
de	18
es	5
sv	3
fr	3

Country

us	182
cn	51
fr	10
ru	8
pm	4

Actors

RedLine	303
Kinsing	5
WatchDog	4

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Product

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	CVE
1	Squid Proxy FTP Proxy privileges management	7.3	7.3	$5k-$25k	$0-$5k	Not Defined	Workaround	0.04	CVE-2002-0714
2	Facebook Proxygen SPDY2 Codec access control	7.4	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	CVE-2015-7263
3	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.05	CVE-2007-1192
4	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.90	CVE-2010-0966
5	WoltLab Burning Book addentry.php sql injection	7.3	6.8	$0-$5k	$0-$5k	Functional	Unavailable	0.04	CVE-2006-5509
6	OpenSSH Authentication Username information disclosure	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.19	CVE-2016-6210
7	Oracle MySQL Server InnoDB access control	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.07	CVE-2018-3185
8	Mozilla Firefox IPv6 Proxy XMLHttpRequest Object information disclosure	6.5	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.06	CVE-2011-3670
9	ISC BIND named resolver.c input validation	8.6	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.06	CVE-2016-1286
10	Mirabilis ICQ Web Front Server URL guestbook.cgi denial of service	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	CVE-2000-1078
11	BlueMind Contact Application data processing	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05	CVE-2019-9563
12	Microsoft IIS IP/Domain Restriction access control	6.5	5.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.52	CVE-2014-4078
13	ONLYOFFICE Document Server WebSocket API sql injection	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	CVE-2020-11537
14	nginx ngx_http_mp4_module information disclosure	4.7	4.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	CVE-2018-16845
15	GitLab cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	CVE-2020-13345
16	PHP extractTo path traversal	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.07	CVE-2008-5658
17	Nextcloud Server Access Control download access control	5.4	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.07	CVE-2020-8139
18	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.86	CVE-2017-0055
19	hcbserver URL path traversal	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	CVE-2017-16171
20	PHP extractTo path traversal	7.1	6.2	$5k-$25k	$0-$5k	Unproven	Official Fix	0.05	CVE-2014-9767

IOC - Indicator of Compromise (112)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Confidence
1	8.249.227.254		RedLine	High
2	8.249.241.254		RedLine	High
3	8.253.45.248		RedLine	High
4	8.253.132.120		RedLine	High
5	13.52.79.131	ec2-13-52-79-131.us-west-1.compute.amazonaws.com	RedLine	Medium
6	23.21.205.229	ec2-23-21-205-229.compute-1.amazonaws.com	RedLine	Medium
7	23.21.224.49	ec2-23-21-224-49.compute-1.amazonaws.com	RedLine	Medium
8	23.23.104.250	ec2-23-23-104-250.compute-1.amazonaws.com	RedLine	Medium
9	23.46.238.194	a23-46-238-194.deploy.static.akamaitechnologies.com	RedLine	High
10	34.76.8.115	115.8.76.34.bc.googleusercontent.com	RedLine	Medium
11	37.46.150.90		RedLine	High
12	45.9.20.101		RedLine	High
13	45.33.89.196	li1035-196.members.linode.com	RedLine	High
14	45.66.9.155	vm3163203.24ssd.had.wf	RedLine	High
15	45.67.228.119	vm231525.pq.hosting	RedLine	High
16	45.67.228.152	smail.fun	RedLine	High
17	45.67.231.50	licher.lone.example.com	RedLine	High
18	45.84.0.108	pangeransosmed.vip	RedLine	High
19	45.84.0.200	1c.capricorn.md	RedLine	High
20	45.87.3.177	vm3114026.43ssd.had.wf	RedLine	High
21	45.128.150.68	dok.com	RedLine	High
22	45.130.147.55		RedLine	High
23	45.132.104.3	city-boots.ru	RedLine	High
24	XX.XXX.XXX.XXX	xxxxxxxxx.xx	Xxxxxxx	High
25	XX.XXX.XXX.XXX	xxxxxx.xxx	Xxxxxxx	High
26	XX.XXX.XXX.XXX	xxxxxxxxx.xxxxxxxx.xx	Xxxxxxx	High
27	XX.XXX.XXX.XX	xxxxxxxx.xx.xxxxxxx	Xxxxxxx	High
28	XX.XXX.XXX.XXX		Xxxxxxx	High
29	XX.XXX.XXX.XXX	xxxxx.xxxxxxxx.xxxx	Xxxxxxx	High
30	XX.XXX.XX.XX	xxxxxxxxx.xx.xx	Xxxxxxx	High
31	XX.XX.XXX.XX	xxxxxxx.xxx.xxxxx	Xxxxxxx	High
32	XX.XXX.XXX.XX	xxx.xxx.xxxxx.xxx	Xxxxxxx	High
33	XX.XX.XXX.XXX	xxx-xx-xx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxxx	Medium
34	XX.XX.XX.XXX	xxx-xx-xx-xx-xxx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxxx	Medium
35	XX.XX.XXX.XXX	xxxxxxxx.xx	Xxxxxxx	High
36	XX.XXX.XX.XX		Xxxxxxx	High
37	XX.XXX.XX.XX		Xxxxxxx	High
38	XX.XXX.XX.XXX	xxx-xx-xxx-xx-xxx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxxx	Medium
39	XX.XXX.XXX.XX	xxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxxx	Medium
40	XX.XXX.XXX.XXX	xxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxxx	Medium
41	XX.XXX.XXX.X	xxxxxxx.xxxxxx-xx-xxxxxx.xx	Xxxxxxx	High
42	XX.XX.XXX.XX	xxxx.xxxxxxxxx.xxx	Xxxxxxx	High
43	XX.XXX.XXX.XX		Xxxxxxx	High
44	XX.XXX.XXX.XX		Xxxxxxx	High
45	XX.XXX.XXX.XXX	xxx.xxx.xxx.xx.xxxx.xxxxxx.xxxxxxx.xxx	Xxxxxxx	High
46	XX.XXX.XX.XXX	xxxx-xx-xxx-xx-xxx.xxxxxxx.xxxx	Xxxxxxx	High
47	XX.XXX.XX.XX	xxxx-xx-xxx-xx-xx.xxxxxxx.xxxx	Xxxxxxx	High
48	XX.XXX.XXX.XX	xxxxxxxxxx.xxxxxxxxxxxxxx.xxxx	Xxxxxxx	High
49	XX.XX.XX.XX	xx-xx-xx-xx.xxxxxx-xx-xxxxxxxxxxx.xxx	Xxxxxxx	High
50	XX.XX.XXX.XXX	xxxxxxxxx.xxxxx.xxx.xx	Xxxxxxx	High
51	XX.XX.XXX.XXX	xxxx-x.xxx	Xxxxxxx	High
52	XX.XX.XXX.XXX		Xxxxxxx	High
53	XX.XXX.XXX.XX	xx-xxxxxxx-xxx.xxxxx	Xxxxxxx	High
54	XX.XXX.XXX.XXX		Xxxxxxx	High
55	XX.XXX.XXX.XXX		Xxxxxxx	High
56	XX.XXX.XX.XX		Xxxxxxx	High
57	XX.XXX.XX.XXX		Xxxxxxx	High
58	XX.XXX.XX.XX		Xxxxxxx	High
59	XX.XXX.XX.XX	xxxxxxxx.xxxxxx-xx-xxxxxx.xx	Xxxxxxx	High
60	XX.XXX.XXX.XX		Xxxxxxx	High
61	XX.XXX.XXX.XX		Xxxxxxx	High
62	XX.XXX.XXX.XX		Xxxxxxx	High
63	XX.XXX.XXX.XXX		Xxxxxxx	High
64	XX.XXX.XXX.XX		Xxxxxxx	High
65	XX.XXX.XXX.XX		Xxxxxxx	High
66	XX.XXX.XXX.XX	xxxxxxx.xx.xxx.xx	Xxxxxxx	High
67	XX.XXX.XX.XX	xxxx-xxxxxxxxx.xxxxxx.xxxx.xx	Xxxxxxx	High
68	XX.XXX.XXX.XX	xxxxxx.xx.xxx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxx	High
69	XX.XXX.XX.XX	xxxxxx.xx.xx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxx	High
70	XXX.XX.XX.XX		Xxxxxxx	High
71	XXX.XX.XX.XX		Xxxxxxx	High
72	XXX.XXX.XXX.XXX	xxxx.xx	Xxxxxxx	High
73	XXX.XXX.XX.XXX	xxxxxxx.xxxxxx-xx-xxxxxx.xx	Xxxxxxx	High
74	XXX.XXX.XX.XXX	xxxx.xxxxxxx.xxx	Xxxxxxx	High
75	XXX.XXX.XX.XX	xxxx.xx-xxx-xxx-xx.xx	Xxxxxxx	High
76	XXX.XXX.XXX.X	xxxxxx.x.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxx	High
77	XXX.XXX.XXX.XXX	xxx.xxxx	Xxxxxxx	High
78	XXX.XXX.XXX.XXX		Xxxxxxx	High
79	XXX.XXX.X.XX		Xxxxxxx	High
80	XXX.XX.XX.XXX	xxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxx	High
81	XXX.XX.XX.XXX		Xxxxxxx	High
82	XXX.XXX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxxxxx	High
83	XXX.XXX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxxxxx	High
84	XXX.XXX.XXX.XX	xx-xx-xxx.xxxxx.xxx	Xxxxxxx	High
85	XXX.XXX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxxxxx	High
86	XXX.XXX.XXX.XX	xx-xx-xxx.xxxxx.xxx	Xxxxxxx	High
87	XXX.XXX.XXX.XX	xx-xx-xxx.xxxxx.xxx	Xxxxxxx	High
88	XXX.XXX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxxxxx	High
89	XXX.XXX.XXX.XXX		Xxxxxxx	High
90	XXX.XXX.XX.XX		Xxxxxxx	High
91	XXX.XX.XX.XX	xxxxxxx.xxxxxx-xx-xxxxxx.xx	Xxxxxxx	High
92	XXX.XX.XXX.XXX	xxxxxxxxx.xxxxx.xxx.xx	Xxxxxxx	High
93	XXX.XXX.XX.XXX	xxxx.xxxx-xxxxxxx.xxxx	Xxxxxxx	High
94	XXX.XXX.XX.XX	xxx.xxxxxxxxxxxxxxx.xx	Xxxxxxx	High
95	XXX.XXX.XX.XXX	xxxx-xxx-xxx-xx-xxx.xxxxxx-xx-xxxxxx.xx	Xxxxxxx	High
96	XXX.XXX.XXX.XX		Xxxxxxx	High
97	XXX.XXX.XXX.XX		Xxxxxxx	High
98	XXX.XXX.XXX.XX		Xxxxxxx	High
99	XXX.XXX.XXX.XXX	xxx.xx	Xxxxxxx	High
100	XXX.X.XX.XX	xxxxx.xxxx.xxx	Xxxxxxx	High
101	XXX.XX.XXX.XX	xxxx.xxxxxxxxxxx.xxx	Xxxxxxx	High
102	XXX.XX.XX.XXX	xxxxxxxx.xx.xxxxxxx	Xxxxxxx	High
103	XXX.XX.XX.XXX	xxxxxx-xxx.xxxxxxxxxx.xxx	Xxxxxxx	High
104	XXX.XXX.XXX.XXX		Xxxxxxx	High
105	XXX.XXX.XX.XXX	xxxxxxxx.xxxx	Xxxxxxx	High
106	XXX.X.XX.XX	xxxxx.xxxx.xxx	Xxxxxxx	High
107	XXX.XX.X.XX	xxxxx.xxxx.xxx	Xxxxxxx	High
108	XXX.XXX.X.XX	xxxxx.xxxx.xxx	Xxxxxxx	High
109	XXX.XX.XXX.XX	xx-xx-xxx.xxxxx.xxx	Xxxxxxx	High
110	XXX.XX.XXX.XX	xx-xx-xxx.xxxxx.xxx	Xxxxxxx	High
111	XXX.XX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxxxxx	High
112	XXX.XXX.XXX.XXX	xxxxx.xxxxxxxx.xxx	Xxxxxxx	High

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Confidence
1	T1059.007	CWE-79	Cross Site Scripting	High
2	T1068	CWE-264, CWE-284	Execution with Unnecessary Privileges	High
3	TXXXX.XXX	CWE-XXX, CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx Xxxxxxxx	High
4	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	High
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	High
6	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	High

IOA - Indicator of Attack (97)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Confidence
1	File	/.env	Low
2	File	/category.php	High
3	File	/cgi-bin/delete_CA	High
4	File	/Config/SaveUploadedHotspotLogoFile	High
5	File	/download	Medium
6	File	/get_getnetworkconf.cgi	High
7	File	/GponForm/device_Form?script/	High
8	File	/includes/rrdtool.inc.php	High
9	File	/Main_AdmStatus_Content.asp	High
10	File	/NAGErrors	Medium
11	File	/sgms/TreeControl	High
12	File	/xxx	Low
13	File	/xxxxxxx/	Medium
14	File	/xxxxxx/xxxxxx.xxx	High
15	File	/xxx/xxx/xxxxx	High
16	File	/xx/xxxxx.xxx	High
17	File	xxxxxxx.xxx	Medium
18	File	xxxxxxxx.xxx	Medium
19	File	xxxxx/xxxxxxx.xxx	High
20	File	xxxxx/xxxx.xxxxxxx.xxx	High
21	File	xxxxx/xxxx.xxxx.xxx	High
22	File	xxxxx\xxxxxxxxxx\xxxxxxxxxx.xxx	High
23	File	xxxxxxx/xxxxxxx/xxxxxxx.xxxx?xxxx	High
24	File	xxx_xxxxxxxx.xxx	High
25	File	xxxx/xxxxxxxxxxxxxxx.xxx	High
26	File	xx.x/xxxxxxxx.x	High
27	File	xxxxxxxxxxxxxxxx.xxx	High
28	File	xxxxx.xxx	Medium
29	File	xxxxxxx.xxxx	Medium
30	File	xxxxxxxx/xxxx_xxxx	High
31	File	xxxxxxxxx.xxx	High
32	File	xxxx_xxxx.x	Medium
33	File	xxx/xxxxxx.xxx	High
34	File	xxxxxxx/xxxxxxxxx_xxxxxxxx.xxx.xxx	High
35	File	xxxxx.xxx	Medium
36	File	xxxxxxxxx/xxxxxx.xxx.xxx	High
37	File	xxxxxxxx.xxx	Medium
38	File	xxx_xxxx.xxx	Medium
39	File	xxxxxxx.xxx	Medium
40	File	xxx_xxxxxxxxx.x	High
41	File	xxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxx	High
42	File	xxxxxxxx.xx	Medium
43	File	xxxxx.x	Low
44	File	xxxxxxx.xx	Medium
45	File	xxxxxxxx-x.xx	High
46	File	xxxxxxxx.xxx	Medium
47	File	xxxxxx_xxxxxxx.xxx	High
48	File	xxxxxxxxxxxxxxxxxxxxxxxxxx.xx/xxxxxxxxxx.xx/xxxxxxxxxxx.xx	High
49	File	xxxxxxxxxxx.x	High
50	File	xxx/xx_xxx.x	Medium
51	File	xx.xxx	Low
52	File	xxxx/xxxxxxxx/xxxxxxxx.xxxx	High
53	File	xxxxxxx.xxx	Medium
54	File	xxxxxxx.xxx	Medium
55	File	xxx_xxxxx.xxx?xxxx=xxxxxxxx	High
56	File	xxxxxxx.xxx	Medium
57	File	xx-xxxxx.xxx	Medium
58	Library	xxxxxxxxx	Medium
59	Argument	--xxxxxx/--xxxxxxxx	High
60	Argument	xxxxxxxxxx xxx xxxxxxx	High
61	Argument	xxxxxxxx	Medium
62	Argument	xxx	Low
63	Argument	xxxxxxxx	Medium
64	Argument	xxxx	Low
65	Argument	xxxx_xxxxxx=xxxx	High
66	Argument	xxxxxxx	Low
67	Argument	xxxxx	Low
68	Argument	xxxxxxxx	Medium
69	Argument	xx	Low
70	Argument	xxxx	Low
71	Argument	xxxx_xxxxxxx	Medium
72	Argument	xx	Low
73	Argument	xxxxxxxxxx	Medium
74	Argument	xxxx	Low
75	Argument	xxxxx	Low
76	Argument	xxxx	Low
77	Argument	xxxxxxxx	Medium
78	Argument	xxxxxxx/xxxx	Medium
79	Argument	xxxxxxxx	Medium
80	Argument	xxxxxxxx	Medium
81	Argument	xxxx	Low
82	Argument	xxxxxxx	Low
83	Argument	xxxxxxxxxxx	Medium
84	Argument	xxxxxx_xxxx	Medium
85	Argument	xxxxxxxxxxx[xx]	High
86	Argument	xxx	Low
87	Argument	x_xx	Low
88	Argument	xxxx	Low
89	Argument	xxx	Low
90	Argument	xxxxxxxx/xxxxxxxx	High
91	Argument	x-xxxxxxxxx-xxx	High
92	Input Value	%xxxxxx+-x+x+xx.x.xx.xxx%xx%xx	High
93	Input Value	-x+xxxxx+xxxxxx+x,x,xxxxxxx()	High
94	Input Value	../	Low
95	Pattern	\|xx\|xx\|xx\|	Medium
96	Network Port	xxx/xxxx	Medium
97	Network Port	xxx/xxxx (xx-xxx)	High

References (8)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!