RedLine Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en532
de18
es5
sv3
fr3

Country

us182
cn51
fr10
ru8
pm4

Actors

RedLine303
Kinsing5
WatchDog4

Activities

Interest

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Squid Proxy FTP Proxy privileges management7.37.3$5k-$25k$0-$5kNot DefinedWorkaround0.04CVE-2002-0714
2Facebook Proxygen SPDY2 Codec access control7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2015-7263
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
4DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.90CVE-2010-0966
5WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.04CVE-2006-5509
6OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.19CVE-2016-6210
7Oracle MySQL Server InnoDB access control5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2018-3185
8Mozilla Firefox IPv6 Proxy XMLHttpRequest Object information disclosure6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2011-3670
9ISC BIND named resolver.c input validation8.68.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2016-1286
10Mirabilis ICQ Web Front Server URL guestbook.cgi denial of service5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.00CVE-2000-1078
11BlueMind Contact Application data processing7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2019-9563
12Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.52CVE-2014-4078
13ONLYOFFICE Document Server WebSocket API sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-11537
14nginx ngx_http_mp4_module information disclosure4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-16845
15GitLab cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-13345
16PHP extractTo path traversal7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2008-5658
17Nextcloud Server Access Control download access control5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-8139
18Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.86CVE-2017-0055
19hcbserver URL path traversal7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2017-16171
20PHP extractTo path traversal7.16.2$5k-$25k$0-$5kUnprovenOfficial Fix0.05CVE-2014-9767

IOC - Indicator of Compromise (112)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsConfidence
18.249.227.254RedLineHigh
28.249.241.254RedLineHigh
38.253.45.248RedLineHigh
48.253.132.120RedLineHigh
513.52.79.131ec2-13-52-79-131.us-west-1.compute.amazonaws.comRedLineMedium
623.21.205.229ec2-23-21-205-229.compute-1.amazonaws.comRedLineMedium
723.21.224.49ec2-23-21-224-49.compute-1.amazonaws.comRedLineMedium
823.23.104.250ec2-23-23-104-250.compute-1.amazonaws.comRedLineMedium
923.46.238.194a23-46-238-194.deploy.static.akamaitechnologies.comRedLineHigh
1034.76.8.115115.8.76.34.bc.googleusercontent.comRedLineMedium
1137.46.150.90RedLineHigh
1245.9.20.101RedLineHigh
1345.33.89.196li1035-196.members.linode.comRedLineHigh
1445.66.9.155vm3163203.24ssd.had.wfRedLineHigh
1545.67.228.119vm231525.pq.hostingRedLineHigh
1645.67.228.152smail.funRedLineHigh
1745.67.231.50licher.lone.example.comRedLineHigh
1845.84.0.108pangeransosmed.vipRedLineHigh
1945.84.0.2001c.capricorn.mdRedLineHigh
2045.87.3.177vm3114026.43ssd.had.wfRedLineHigh
2145.128.150.68dok.comRedLineHigh
2245.130.147.55RedLineHigh
2345.132.104.3city-boots.ruRedLineHigh
24XX.XXX.XXX.XXXxxxxxxxxx.xxXxxxxxxHigh
25XX.XXX.XXX.XXXxxxxxx.xxxXxxxxxxHigh
26XX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxx.xxXxxxxxxHigh
27XX.XXX.XXX.XXxxxxxxxx.xx.xxxxxxxXxxxxxxHigh
28XX.XXX.XXX.XXXXxxxxxxHigh
29XX.XXX.XXX.XXXxxxxx.xxxxxxxx.xxxxXxxxxxxHigh
30XX.XXX.XX.XXxxxxxxxxx.xx.xxXxxxxxxHigh
31XX.XX.XXX.XXxxxxxxx.xxx.xxxxxXxxxxxxHigh
32XX.XXX.XXX.XXxxx.xxx.xxxxx.xxxXxxxxxxHigh
33XX.XX.XXX.XXXxxx-xx-xx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxMedium
34XX.XX.XX.XXXxxx-xx-xx-xx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxMedium
35XX.XX.XXX.XXXxxxxxxxx.xxXxxxxxxHigh
36XX.XXX.XX.XXXxxxxxxHigh
37XX.XXX.XX.XXXxxxxxxHigh
38XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxMedium
39XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxMedium
40XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxMedium
41XX.XXX.XXX.Xxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxxxHigh
42XX.XX.XXX.XXxxxx.xxxxxxxxx.xxxXxxxxxxHigh
43XX.XXX.XXX.XXXxxxxxxHigh
44XX.XXX.XXX.XXXxxxxxxHigh
45XX.XXX.XXX.XXXxxx.xxx.xxx.xx.xxxx.xxxxxx.xxxxxxx.xxxXxxxxxxHigh
46XX.XXX.XX.XXXxxxx-xx-xxx-xx-xxx.xxxxxxx.xxxxXxxxxxxHigh
47XX.XXX.XX.XXxxxx-xx-xxx-xx-xx.xxxxxxx.xxxxXxxxxxxHigh
48XX.XXX.XXX.XXxxxxxxxxxx.xxxxxxxxxxxxxx.xxxxXxxxxxxHigh
49XX.XX.XX.XXxx-xx-xx-xx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxxxxHigh
50XX.XX.XXX.XXXxxxxxxxxx.xxxxx.xxx.xxXxxxxxxHigh
51XX.XX.XXX.XXXxxxx-x.xxxXxxxxxxHigh
52XX.XX.XXX.XXXXxxxxxxHigh
53XX.XXX.XXX.XXxx-xxxxxxx-xxx.xxxxxXxxxxxxHigh
54XX.XXX.XXX.XXXXxxxxxxHigh
55XX.XXX.XXX.XXXXxxxxxxHigh
56XX.XXX.XX.XXXxxxxxxHigh
57XX.XXX.XX.XXXXxxxxxxHigh
58XX.XXX.XX.XXXxxxxxxHigh
59XX.XXX.XX.XXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxxxHigh
60XX.XXX.XXX.XXXxxxxxxHigh
61XX.XXX.XXX.XXXxxxxxxHigh
62XX.XXX.XXX.XXXxxxxxxHigh
63XX.XXX.XXX.XXXXxxxxxxHigh
64XX.XXX.XXX.XXXxxxxxxHigh
65XX.XXX.XXX.XXXxxxxxxHigh
66XX.XXX.XXX.XXxxxxxxx.xx.xxx.xxXxxxxxxHigh
67XX.XXX.XX.XXxxxx-xxxxxxxxx.xxxxxx.xxxx.xxXxxxxxxHigh
68XX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxHigh
69XX.XXX.XX.XXxxxxxx.xx.xx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxHigh
70XXX.XX.XX.XXXxxxxxxHigh
71XXX.XX.XX.XXXxxxxxxHigh
72XXX.XXX.XXX.XXXxxxx.xxXxxxxxxHigh
73XXX.XXX.XX.XXXxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxxxHigh
74XXX.XXX.XX.XXXxxxx.xxxxxxx.xxxXxxxxxxHigh
75XXX.XXX.XX.XXxxxx.xx-xxx-xxx-xx.xxXxxxxxxHigh
76XXX.XXX.XXX.Xxxxxxx.x.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxHigh
77XXX.XXX.XXX.XXXxxx.xxxxXxxxxxxHigh
78XXX.XXX.XXX.XXXXxxxxxxHigh
79XXX.XXX.X.XXXxxxxxxHigh
80XXX.XX.XX.XXXxxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxHigh
81XXX.XX.XX.XXXXxxxxxxHigh
82XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxxxHigh
83XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxxxHigh
84XXX.XXX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxxxxxHigh
85XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxxxHigh
86XXX.XXX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxxxxxHigh
87XXX.XXX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxxxxxHigh
88XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxxxHigh
89XXX.XXX.XXX.XXXXxxxxxxHigh
90XXX.XXX.XX.XXXxxxxxxHigh
91XXX.XX.XX.XXxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxxxHigh
92XXX.XX.XXX.XXXxxxxxxxxx.xxxxx.xxx.xxXxxxxxxHigh
93XXX.XXX.XX.XXXxxxx.xxxx-xxxxxxx.xxxxXxxxxxxHigh
94XXX.XXX.XX.XXxxx.xxxxxxxxxxxxxxx.xxXxxxxxxHigh
95XXX.XXX.XX.XXXxxxx-xxx-xxx-xx-xxx.xxxxxx-xx-xxxxxx.xxXxxxxxxHigh
96XXX.XXX.XXX.XXXxxxxxxHigh
97XXX.XXX.XXX.XXXxxxxxxHigh
98XXX.XXX.XXX.XXXxxxxxxHigh
99XXX.XXX.XXX.XXXxxx.xxXxxxxxxHigh
100XXX.X.XX.XXxxxxx.xxxx.xxxXxxxxxxHigh
101XXX.XX.XXX.XXxxxx.xxxxxxxxxxx.xxxXxxxxxxHigh
102XXX.XX.XX.XXXxxxxxxxx.xx.xxxxxxxXxxxxxxHigh
103XXX.XX.XX.XXXxxxxxx-xxx.xxxxxxxxxx.xxxXxxxxxxHigh
104XXX.XXX.XXX.XXXXxxxxxxHigh
105XXX.XXX.XX.XXXxxxxxxxx.xxxxXxxxxxxHigh
106XXX.X.XX.XXxxxxx.xxxx.xxxXxxxxxxHigh
107XXX.XX.X.XXxxxxx.xxxx.xxxXxxxxxxHigh
108XXX.XXX.X.XXxxxxx.xxxx.xxxXxxxxxxHigh
109XXX.XX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxxxxxHigh
110XXX.XX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxxxxxHigh
111XXX.XX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxxxHigh
112XXX.XXX.XXX.XXXxxxxx.xxxxxxxx.xxxXxxxxxxHigh

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (97)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/.envLow
2File/category.phpHigh
3File/cgi-bin/delete_CAHigh
4File/Config/SaveUploadedHotspotLogoFileHigh
5File/downloadMedium
6File/get_getnetworkconf.cgiHigh
7File/GponForm/device_Form?script/High
8File/includes/rrdtool.inc.phpHigh
9File/Main_AdmStatus_Content.aspHigh
10File/NAGErrorsMedium
11File/sgms/TreeControlHigh
12File/xxxLow
13File/xxxxxxx/Medium
14File/xxxxxx/xxxxxx.xxxHigh
15File/xxx/xxx/xxxxxHigh
16File/xx/xxxxx.xxxHigh
17Filexxxxxxx.xxxMedium
18Filexxxxxxxx.xxxMedium
19Filexxxxx/xxxxxxx.xxxHigh
20Filexxxxx/xxxx.xxxxxxx.xxxHigh
21Filexxxxx/xxxx.xxxx.xxxHigh
22Filexxxxx\xxxxxxxxxx\xxxxxxxxxx.xxxHigh
23Filexxxxxxx/xxxxxxx/xxxxxxx.xxxx?xxxxHigh
24Filexxx_xxxxxxxx.xxxHigh
25Filexxxx/xxxxxxxxxxxxxxx.xxxHigh
26Filexx.x/xxxxxxxx.xHigh
27Filexxxxxxxxxxxxxxxx.xxxHigh
28Filexxxxx.xxxMedium
29Filexxxxxxx.xxxxMedium
30Filexxxxxxxx/xxxx_xxxxHigh
31Filexxxxxxxxx.xxxHigh
32Filexxxx_xxxx.xMedium
33Filexxx/xxxxxx.xxxHigh
34Filexxxxxxx/xxxxxxxxx_xxxxxxxx.xxx.xxxHigh
35Filexxxxx.xxxMedium
36Filexxxxxxxxx/xxxxxx.xxx.xxxHigh
37Filexxxxxxxx.xxxMedium
38Filexxx_xxxx.xxxMedium
39Filexxxxxxx.xxxMedium
40Filexxx_xxxxxxxxx.xHigh
41Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxHigh
42Filexxxxxxxx.xxMedium
43Filexxxxx.xLow
44Filexxxxxxx.xxMedium
45Filexxxxxxxx-x.xxHigh
46Filexxxxxxxx.xxxMedium
47Filexxxxxx_xxxxxxx.xxxHigh
48Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xx/xxxxxxxxxx.xx/xxxxxxxxxxx.xxHigh
49Filexxxxxxxxxxx.xHigh
50Filexxx/xx_xxx.xMedium
51Filexx.xxxLow
52Filexxxx/xxxxxxxx/xxxxxxxx.xxxxHigh
53Filexxxxxxx.xxxMedium
54Filexxxxxxx.xxxMedium
55Filexxx_xxxxx.xxx?xxxx=xxxxxxxxHigh
56Filexxxxxxx.xxxMedium
57Filexx-xxxxx.xxxMedium
58LibraryxxxxxxxxxMedium
59Argument--xxxxxx/--xxxxxxxxHigh
60Argumentxxxxxxxxxx xxx xxxxxxxHigh
61ArgumentxxxxxxxxMedium
62ArgumentxxxLow
63ArgumentxxxxxxxxMedium
64ArgumentxxxxLow
65Argumentxxxx_xxxxxx=xxxxHigh
66ArgumentxxxxxxxLow
67ArgumentxxxxxLow
68ArgumentxxxxxxxxMedium
69ArgumentxxLow
70ArgumentxxxxLow
71Argumentxxxx_xxxxxxxMedium
72ArgumentxxLow
73ArgumentxxxxxxxxxxMedium
74ArgumentxxxxLow
75ArgumentxxxxxLow
76ArgumentxxxxLow
77ArgumentxxxxxxxxMedium
78Argumentxxxxxxx/xxxxMedium
79ArgumentxxxxxxxxMedium
80ArgumentxxxxxxxxMedium
81ArgumentxxxxLow
82ArgumentxxxxxxxLow
83ArgumentxxxxxxxxxxxMedium
84Argumentxxxxxx_xxxxMedium
85Argumentxxxxxxxxxxx[xx]High
86ArgumentxxxLow
87Argumentx_xxLow
88ArgumentxxxxLow
89ArgumentxxxLow
90Argumentxxxxxxxx/xxxxxxxxHigh
91Argumentx-xxxxxxxxx-xxxHigh
92Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxHigh
93Input Value-x+xxxxx+xxxxxx+x,x,xxxxxxx()High
94Input Value../Low
95Pattern|xx|xx|xx|Medium
96Network Portxxx/xxxxMedium
97Network Portxxx/xxxx (xx-xxx)High

References (8)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!