Regin Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (113)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en112
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

GB: Great Britain52
US: USA48
RU: Russia4
CN: China2
BG: Bulgaria2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Mozi2
United States of America1
Mirai1
Regin1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined42
Operating System12
Programming Language Software10
Web Server6
Application Server Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined40
IBM10
Apache8
Microsoft6
Oracle4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

PHP8
Apache HTTP Server6
IBM AIX4
Microsoft Windows4
IBM SPSS SamplePower2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Host Discard Service privileges management7.37.1$0-$5k$0-$5kHighWorkaroundpossible0.004670.06CVE-1999-0636
2PHP Filename DirectoryIterator null termination5.55.4$5k-$25k$0-$5kNot definedOfficial fixpossible0.405950.06CVE-2019-11045
3nginx request smuggling6.96.9$0-$5k$0-$5kNot definedNot defined 0.000000.39CVE-2020-12440
4Sonatype Nexus Repository Manager injection4.94.9$0-$5k$0-$5kNot definedNot defined 0.005660.05CVE-2021-43961
5HP Enterprise LaserJet buffer overflow7.67.6$5k-$25k$5k-$25kNot definedNot defined 0.162050.00CVE-2021-39238
6CKeditor Dialogs Plugin incorrect regex6.46.1$0-$5k$0-$5kNot definedOfficial fix 0.006390.04CVE-2021-26271
7TYPO3 User Session cleartext storage5.65.4$5k-$25k$0-$5kNot definedOfficial fix 0.001320.00CVE-2021-21339
8VMware vCenter Server Heartbeat Message input validation5.34.6$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.054540.00CVE-2015-1047
9PAM unix_chkpwd information disclosure5.35.0$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.000850.00CVE-2005-2977
10st Module passwd path traversal6.46.1$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.328890.03CVE-2014-3744
11Vastal phpVID browse_videos.php cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.062620.09CVE-2013-5312
12GitHub Actions Runner os command injection8.38.2$0-$5k$0-$5kNot definedOfficial fix 0.003000.00CVE-2022-39321
13Oracle Database Server RDBMS Security/SQL*Plus information disclosure2.62.5$5k-$25k$0-$5kNot definedOfficial fix 0.003560.00CVE-2016-3562
14Oracle Solaris Common Desktop Environment format string8.37.9$5k-$25k$0-$5kProof-of-ConceptNot defined 0.000410.07CVE-2022-43752
15Dragon Path Bharti Airtel Routers Hardware BDT-121 Admin Page cross site scripting3.53.5$0-$5k$0-$5kNot definedNot defined 0.000610.08CVE-2022-28507
16HMS Ewon eCatcher permission5.55.3$0-$5k$0-$5kNot definedOfficial fix 0.001260.00CVE-2021-33214
17Wamp Wamp64 access control7.57.4$0-$5k$0-$5kNot definedNot defined 0.001180.06CVE-2022-36565
18NVIDIA CUDA Toolkit SDK cuobjdump buffer overflow6.66.5$0-$5k$0-$5kNot definedOfficial fix 0.003060.02CVE-2022-21821
19Siemens SIMATIC S7-400 Session Cookie httponly information disclosure5.35.3$5k-$25k$0-$5kNot definedNot defined 0.002320.00CVE-2016-8672
20Cisco Small Business Switches hard-coded credentials8.48.4$5k-$25k$5k-$25kNot definedNot defined 0.012550.05CVE-2018-15439

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
117.3.40.93Regin01/01/2021verifiedLow
218.159.0.1ec2-18-159-0-1.eu-central-1.compute.amazonaws.comRegin01/01/2021verifiedVery Low
3XX.X.X.Xx.x.x.xx.xxx.xxxx.xxxXxxxx01/01/2021verifiedLow
4XX.XX.XXX.XXXxxxx01/01/2021verifiedLow
5XXX.XXX.XXX.XXXxxxxxxx.xxxxxx.xxXxxxx01/01/2021verifiedLow
6XXX.XX.XXX.XXXxxxx.xxxxxxxx.xxxxxxxxxxxxx.xxxXxxxx06/08/2021verifiedLow
7XXX.XXX.XX.XXxxxx.xxxxxxxxxx.xxxXxxxx06/08/2021verifiedLow

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (57)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/etc/passwdpredictiveMedium
2File/etc/sudoerspredictiveMedium
3File/exponent_constants.phppredictiveHigh
4Fileactions.phppredictiveMedium
5Fileadclick.phppredictiveMedium
6Fileadd_comment.phppredictiveHigh
7Fileadminer.phppredictiveMedium
8Filexxxxxxx.xxx/xxxxxxxxxxxx.xxxpredictiveHigh
9Filexxxxxx_xxxxxx.xxxpredictiveHigh
10Filexxxxxxx.xxxpredictiveMedium
11Filex:\xxxxxxpredictiveMedium
12Filexxxxxx.xxxpredictiveMedium
13Filexxxxxx/xxx/x_xxx_xxx_xxxx_xxxx.xpredictiveHigh
14Filexxxxxxxxxx.xpredictiveMedium
15Filexxx/xxxx/xxx_xxxx.xpredictiveHigh
16Filexxx/xxxx/xxxx.xpredictiveHigh
17Filexxxxx.xxxpredictiveMedium
18Filexxxxxxxxx.xxxxxxxx.xxxxx.xxx.xxxpredictiveHigh
19Filexx_xxx_xx.xpredictiveMedium
20Filexxxxx.xxxpredictiveMedium
21Filexxxxx.xxxpredictiveMedium
22Filexxxxxxx.xxxpredictiveMedium
23Filexxx_xxx_xxxxxx.xpredictiveHigh
24Filexxx/xxxx/xxxxxx.xpredictiveHigh
25Filexxx_xxx.xpredictiveMedium
26Filexxxx/xxx/xxx_xxxx.xpredictiveHigh
27Filexxxx-xxxxxx.xpredictiveHigh
28Filexxxxx/xxxx/xxxxxxxx.xxxpredictiveHigh
29Filexxxx_xxxxxxpredictiveMedium
30Filexx-xxxxxxx/xxxxxxxpredictiveHigh
31File_xxxxxx.xxxpredictiveMedium
32Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
33Argument$_xxxxxx['xxxxx_xxxxxx']predictiveHigh
34Argumentxxx_xxxxpredictiveMedium
35Argumentxxxx_xxxpredictiveMedium
36ArgumentxxxpredictiveLow
37Argumentxxxx_xxxpredictiveMedium
38ArgumentxxxxpredictiveLow
39ArgumentxxxxxpredictiveLow
40ArgumentxxxxpredictiveLow
41ArgumentxxpredictiveLow
42ArgumentxxxxxxxpredictiveLow
43Argumentxxx_xxxxxxxpredictiveMedium
44ArgumentxxxxxxxxxxxxxpredictiveHigh
45ArgumentxxxxxxxpredictiveLow
46Argumentx_xx_x_xpredictiveMedium
47Argumentxxxxxxx_xx_xxxxxxxpredictiveHigh
48ArgumentxxxxpredictiveLow
49Argumentxx_xxxx_xxxxxx_xxxxxxxxxxpredictiveHigh
50Input Value%xx%xxpredictiveLow
51Input Value%x/%xpredictiveLow
52Input Value-xpredictiveLow
53Input Value/../predictiveLow
54Input Valuexxxxxxxx/xxxxxxxx/xxxxxxxxxpredictiveHigh
55Input ValuexxxxxxpredictiveLow
56Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh
57Network Portxxx/xxxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!