Retefe Analysis

IOB - Indicator of Behavior (233)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en172
ru32
sv20
zh4
pt4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ru98
us82
me8
cn8
br4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache HTTP Server8
WordPress6
Apple iOS6
FreeBSD4
GitLab Enterprise Edition4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.200.00108CVE-2009-4935
3Htmly Blog Post cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00149CVE-2022-25022
4Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.200.00000
5WordPress Private Post information disclosure4.94.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00065CVE-2021-39203
6HP Router/Switch SNMP information disclosure3.73.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.00285CVE-2012-3268
7Esoftpro Online Guestbook Pro ogp_show.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.020.00209CVE-2009-2441
8nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.090.00241CVE-2020-12440
9Apache Struts ExceptionDelegator input validation8.88.4$5k-$25k$0-$5kHighOfficial Fix0.020.36440CVE-2012-0391
10Apache HTTP Server ap_get_basic_auth_pw improper authentication8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.01399CVE-2017-3167
11Schneider Electric Vijeo Designer path traversal5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00246CVE-2021-22704
12Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix2.810.00936CVE-2020-15906
13vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.150.00141CVE-2018-6200
14MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.590.01302CVE-2007-0354
15Hscripts PHP File Browser Script index.php path traversal5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00153CVE-2018-16549
16Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.030.00817CVE-2014-4078
17ISC BIND DS Record resume_dslookup assertion7.57.0$5k-$25k$0-$5kFunctionalOfficial Fix0.000.00097CVE-2022-0667
18Django Template Language information disclosure3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00127CVE-2021-45116
19Video Downloader for TikTok Plugin server-side request forgery5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00222CVE-2020-24142
20Microsoft Windows Win32k Privilege Escalation8.37.7$100k and more$0-$5kFunctionalOfficial Fix0.000.00148CVE-2021-40449

IOC - Indicator of Compromise (15)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (100)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/config.php?display=disa&view=formpredictiveHigh
2File/api/baskets/{name}predictiveHigh
3File/cgi-bin/wlogin.cgipredictiveHigh
4File/index.phppredictiveMedium
5File/members/view_member.phppredictiveHigh
6File/mhds/clinic/view_details.phppredictiveHigh
7File/owa/auth/logon.aspxpredictiveHigh
8File/product.phppredictiveMedium
9File/rest/api/latest/projectvalidate/keypredictiveHigh
10File/SSOPOST/metaAlias/%realm%/idpv2predictiveHigh
11File/uncpath/predictiveMedium
12Fileadclick.phppredictiveMedium
13Fileadmin.jcomments.phppredictiveHigh
14Filexxxxx/xxxxxxx/xxxxxx_xxxx/xxx_xxx.xxx?xxxxxxxxpredictiveHigh
15Filexxx/xxx.xxxpredictiveMedium
16Filexxxxxx/xxxxxxxxx/xxxxxxxx/xxxxxxxxxx/xxxxxx/xxxx/xxxx_xxxxxxxx/xxxxxx.xxpredictiveHigh
17Filexxxxxx.xxxpredictiveMedium
18Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxxpredictiveHigh
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
20Filexx.xxxpredictiveLow
21Filexxxxxxx/xxxxx/xxxxxxxx/xxxxxpredictiveHigh
22Filexxxxx.xxxpredictiveMedium
23Filexxxxxxx.xxxpredictiveMedium
24Filexxx/xxxx/xxxx.xpredictiveHigh
25Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
26Filexxxx.xxxpredictiveMedium
27Filexxxxxxx.xxxxxx.xxxpredictiveHigh
28Filexxxxx.xxxxpredictiveMedium
29Filexxx/xxxxxx.xxxpredictiveHigh
30Filexxxxx.xxxpredictiveMedium
31Filexxxxxxxx/xx/xxxx.xxpredictiveHigh
32Filexx.xxxpredictiveLow
33Filexxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxxpredictiveHigh
34Filexxxxxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxxxxxx.xxxpredictiveHigh
36Filexxxxxxxxxx_xxxxxxx.xxxpredictiveHigh
37Filexxx/xxxxxpredictiveMedium
38Filexxx_xxxx.xxxpredictiveMedium
39Filexxxxx_xxxxxxxx_xxxxx.xxxpredictiveHigh
40Filexxxxx_xxxx_xxxxxx.xxxpredictiveHigh
41Filexxxxxx_xxxxxxxxxx_xxxxx.xxxpredictiveHigh
42Filexxxxxxxx.xxxpredictiveMedium
43Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
44Filexxxx.xxxpredictiveMedium
45Filexxxxx.xxxpredictiveMedium
46Filexxxxxxxxxx.xxxpredictiveHigh
47Filexxxxxxxx.xxxpredictiveMedium
48Filexxxx-xxxxx.xxxpredictiveHigh
49Filexxx.xpredictiveLow
50Filexxxxxxxx/xxxxxxxxpredictiveHigh
51Filexx-xxxx.xxxpredictiveMedium
52Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
53Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
54Libraryxxxxxx/xxxxxxx/xxx/xxx/xxxxx/xxxxxx/xxxxxxxxx.xxxpredictiveHigh
55Libraryxxx/xxxxxx.xpredictiveMedium
56LibraryxxxxxxxxxpredictiveMedium
57Argumentxx/xxpredictiveLow
58Argumentxxxxxxx_xxxxxxpredictiveHigh
59Argumentxxx_xxxxpredictiveMedium
60ArgumentxxxxxxxxpredictiveMedium
61ArgumentxxxxxxxxxpredictiveMedium
62ArgumentxxxxxxxpredictiveLow
63ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
64ArgumentxxxxpredictiveLow
65ArgumentxxxxxxxpredictiveLow
66ArgumentxxxxxpredictiveLow
67ArgumentxxxxpredictiveLow
68Argumentxx_xxpredictiveLow
69ArgumentxxxxxxpredictiveLow
70ArgumentxxxxxxpredictiveLow
71ArgumentxxxxxxpredictiveLow
72ArgumentxxxxpredictiveLow
73ArgumentxxxxpredictiveLow
74ArgumentxxpredictiveLow
75ArgumentxxxxpredictiveLow
76ArgumentxxxpredictiveLow
77ArgumentxxxxpredictiveLow
78Argumentxxx-xx-xxxxxxxx-xxxxxpredictiveHigh
79ArgumentxxxxxxxpredictiveLow
80ArgumentxxxxxxxxpredictiveMedium
81ArgumentxxxxpredictiveLow
82ArgumentxxxxxxxpredictiveLow
83Argumentxxxxxxx_xxpredictiveMedium
84ArgumentxxxxxxpredictiveLow
85ArgumentxxxxxxxxxxxpredictiveMedium
86ArgumentxxxxxxpredictiveLow
87Argumentxxx:xxxpredictiveLow
88ArgumentxxxpredictiveLow
89Argumentxxxxx/xxxxxxxxxxxpredictiveHigh
90ArgumentxxxpredictiveLow
91ArgumentxxxpredictiveLow
92ArgumentxxxxxxxxpredictiveMedium
93Argumentxxxx_xxxxxxxxx/xxxx_xxxxxxxxpredictiveHigh
94ArgumentxxxxxpredictiveLow
95Argumentx-xxxxxxxxx-xxxxxxpredictiveHigh
96Input Value../predictiveLow
97Input Valuexxxxxxxxx--><xxxxxx%xx>xxxxx(xxxx)</xxxxxx><!--predictiveHigh
98Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
99Input Valuexxxxxxx xxxxx'"()&%<xxx><xxxxxx >xxxxx(xxxx)</xxxxxx>predictiveHigh
100Network Portxxx/xxx (xxxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!