Retefe Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (245)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en162
ru44
sv20
zh6
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

RU: Russia106
US: USA78
CN: China16
ME: Montenegro8
CA: Canada4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Retefe7
RedLine Stealer4
TrickBot4
Locky2
United States of America2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined74
Content Management System26
Firewall Software12
Programming Language Software6
Smartphone Operating System6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined84
SourceCodester8
Apache8
VMware6
Microsoft6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress10
Bitrix246
SourceCodester Online Computer and Laptop Store4
Apache HTTP Server4
Apple iOS4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
2Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.003300.16CVE-2009-4935
3Htmly Blog Post cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.003340.00CVE-2022-25022
4nginx request smuggling6.96.9$0-$5k$0-$5kNot definedNot defined 0.000001.22CVE-2020-12440
5Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot definedNot defined 0.000000.24
6WordPress Private Post information disclosure4.94.9$5k-$25k$0-$5kNot definedOfficial fix 0.007240.00CVE-2021-39203
7HP Router/Switch SNMP information disclosure3.73.4$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.013440.04CVE-2012-3268
8Esoftpro Online Guestbook Pro ogp_show.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable 0.013460.08CVE-2009-2441
9Apache Struts ExceptionDelegator input validation8.88.4$5k-$25k$0-$5kHighOfficial fixverified0.910120.00CVE-2012-0391
10Apache HTTP Server ap_get_basic_auth_pw improper authentication8.58.4$5k-$25k$0-$5kNot definedOfficial fix 0.090490.08CVE-2017-3167
11Schneider Electric Vijeo Designer path traversal5.55.3$0-$5k$0-$5kNot definedOfficial fix 0.006010.02CVE-2021-22704
12Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot definedOfficial fixexpected0.869682.44CVE-2020-15906
13vBulletin redirector.php6.66.6$0-$5k$0-$5kNot definedNot defined 0.055600.02CVE-2018-6200
14MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailablepossible0.016860.16CVE-2007-0354
15Hscripts PHP File Browser Script index.php path traversal5.95.9$0-$5k$0-$5kNot definedNot defined 0.007380.00CVE-2018-16549
16Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial fix 0.096100.24CVE-2014-4078
17ISC BIND DS Record resume_dslookup assertion7.57.0$5k-$25k$0-$5kFunctionalOfficial fix 0.001170.00CVE-2022-0667
18Django Template Language information disclosure3.53.4$0-$5k$0-$5kNot definedOfficial fix 0.002400.00CVE-2021-45116
19Video Downloader for TikTok Plugin server-side request forgery5.55.3$0-$5k$0-$5kNot definedNot defined 0.007060.01CVE-2020-24142
20Microsoft Windows Win32k use after free8.17.8$25k-$100k$0-$5kHighOfficial fixverified0.823300.04CVE-2021-40449

IOC - Indicator of Compromise (15)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.45.68.98Retefe11/09/2021verifiedLow
25.45.70.63Retefe11/09/2021verifiedLow
35.196.200.228a228.porelune.comRetefe11/09/2021verifiedLow
4X.XXX.XXX.XXXxxxx.xxxxxxxx.xxxXxxxxx11/09/2021verifiedLow
5XX.X.XXX.XXxxxxxx.xxxxxxx.xxxXxxxxx11/09/2021verifiedLow
6XX.XXX.XXX.XXxxxxxxxxx.xxxxXxxxxx11/09/2021verifiedLow
7XX.XXX.XXX.XXXXxxxxx11/09/2021verifiedLow
8XXX.XXX.XX.XXXxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxx11/09/2021verifiedVery Low
9XXX.XXX.XX.XXxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxx11/09/2021verifiedVery Low
10XXX.X.XXX.XXXxxxxx11/09/2021verifiedLow
11XXX.XX.XX.XXxxxxxxxxx.xxXxxxxx11/09/2021verifiedLow
12XXX.XX.XX.XXXxxxxxxxx.xxxxxxx.xxXxxxxx11/09/2021verifiedLow
13XXX.XX.XX.XXXxxxxx-xxxxxxx.xxxXxxxxx11/09/2021verifiedLow
14XXX.XX.XX.XXXxxxx.xxXxxxxx11/09/2021verifiedLow
15XXX.XX.XX.XXXxxx-xxxxxx.xxxxxx-xx-xxxxx.xxxXxxxxx11/09/2021verifiedVery Low

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94, CWE-1321Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
12TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
17TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (104)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/config.php?display=disa&view=formpredictiveHigh
2File/api/baskets/{name}predictiveHigh
3File/cgi-bin/wlogin.cgipredictiveHigh
4File/index.phppredictiveMedium
5File/members/view_member.phppredictiveHigh
6File/mhds/clinic/view_details.phppredictiveHigh
7File/owa/auth/logon.aspxpredictiveHigh
8File/product.phppredictiveMedium
9File/rest/api/latest/projectvalidate/keypredictiveHigh
10File/SSOPOST/metaAlias/%realm%/idpv2predictiveHigh
11File/uncpath/predictiveMedium
12Fileadclick.phppredictiveMedium
13Fileadmin.jcomments.phppredictiveHigh
14Filexxxxx/xxxxxxx/xxxxxx_xxxx/xxx_xxx.xxx?xxxxxxxxpredictiveHigh
15Filexxx/xxx.xxxpredictiveMedium
16Filexxxxxx/xxxxxxx/xxxx/xxxxxxx/xxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
17Filexxxxxx/xxxxxxx/xxxx/xxxxx.xxxpredictiveHigh
18Filexxxxxx/xxxxxxxxx/xxxxxxxx/xxxxxxxxxx/xxxxxx/xxxx/xxxx_xxxxxxxx/xxxxxx.xxpredictiveHigh
19Filexxxxxx.xxxpredictiveMedium
20Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxxpredictiveHigh
21Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
22Filexx.xxxpredictiveLow
23Filexxxxxxx/xxxxx/xxxxxxxx/xxxxxpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxxxxxx.xxxpredictiveMedium
26Filexxx/xxxx/xxxx.xpredictiveHigh
27Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
28Filexxxx.xxxpredictiveMedium
29Filexxxxxxx.xxxxxx.xxxpredictiveHigh
30Filexxxxx.xxxxpredictiveMedium
31Filexxx/xxxxxx.xxxpredictiveHigh
32Filexxxxx.xxxpredictiveMedium
33Filexxxxxxxx/xx/xxxx.xxpredictiveHigh
34Filexx.xxxpredictiveLow
35Filexxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxxpredictiveHigh
36Filexxxxxxxxxxxx.xxxpredictiveHigh
37Filexxxxxxxxxxx.xxxpredictiveHigh
38Filexxxxxxxxxx_xxxxxxx.xxxpredictiveHigh
39Filexxx/xxxxxpredictiveMedium
40Filexxx_xxxx.xxxpredictiveMedium
41Filexxxxx_xxxxxxxx_xxxxx.xxxpredictiveHigh
42Filexxxxx_xxxx_xxxxxx.xxxpredictiveHigh
43Filexxxxxx_xxxxxxxxxx_xxxxx.xxxpredictiveHigh
44Filexxxxxxxx.xxxpredictiveMedium
45Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
46Filexxxx.xxxpredictiveMedium
47Filexxxxx.xxxpredictiveMedium
48Filexxxxxxxxxx.xxxpredictiveHigh
49Filexxxxxxxx.xxxpredictiveMedium
50Filexxxx-xxx/xxxxxxxx.xxx?xxxx=xxx_xxxxx.xxxpredictiveHigh
51Filexxxx-xxxxx.xxxpredictiveHigh
52Filexxx.xpredictiveLow
53Filexxxxxxxx/xxxxxxxxpredictiveHigh
54Filexx-xxxx.xxxpredictiveMedium
55Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
56Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
57Libraryxxxxxx/xxxxxxx/xxx/xxx/xxxxx/xxxxxx/xxxxxxxxx.xxxpredictiveHigh
58Libraryxxx/xxxxxx.xpredictiveMedium
59LibraryxxxxxxxxxpredictiveMedium
60Argumentxx/xxpredictiveLow
61Argumentxxxxxxx_xxxxxxpredictiveHigh
62Argumentxxx_xxxxpredictiveMedium
63ArgumentxxxxxxxxpredictiveMedium
64ArgumentxxxxxxxxxpredictiveMedium
65ArgumentxxxxxxxpredictiveLow
66ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
67ArgumentxxxxpredictiveLow
68ArgumentxxxxxxxpredictiveLow
69ArgumentxxxxxpredictiveLow
70ArgumentxxxxpredictiveLow
71Argumentxx_xxpredictiveLow
72ArgumentxxxxxxpredictiveLow
73ArgumentxxxxxxpredictiveLow
74ArgumentxxxxxxpredictiveLow
75ArgumentxxxxpredictiveLow
76ArgumentxxxxpredictiveLow
77ArgumentxxpredictiveLow
78ArgumentxxxxpredictiveLow
79ArgumentxxxpredictiveLow
80ArgumentxxxxpredictiveLow
81Argumentxxx-xx-xxxxxxxx-xxxxxpredictiveHigh
82ArgumentxxxxxxxpredictiveLow
83ArgumentxxxxxxxxpredictiveMedium
84ArgumentxxxxpredictiveLow
85ArgumentxxxxxxxpredictiveLow
86Argumentxxxxxxx_xxpredictiveMedium
87ArgumentxxxxxxpredictiveLow
88ArgumentxxxxxxxxxxxpredictiveMedium
89ArgumentxxxxxxpredictiveLow
90Argumentxxx:xxxpredictiveLow
91ArgumentxxxpredictiveLow
92Argumentxxxxx/xxxxxxxxxxxpredictiveHigh
93ArgumentxxxpredictiveLow
94ArgumentxxxpredictiveLow
95ArgumentxxxxxxxxpredictiveMedium
96Argumentxxxx_xxxxxxxxx/xxxx_xxxxxxxxpredictiveHigh
97ArgumentxxxxxpredictiveLow
98ArgumentxxxxxxxxxxxpredictiveMedium
99Argumentx-xxxxxxxxx-xxxxxxpredictiveHigh
100Input Value../predictiveLow
101Input Valuexxxxxxxxx--><xxxxxx%xx>xxxxx(xxxx)</xxxxxx><!--predictiveHigh
102Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
103Input Valuexxxxxxx xxxxx'"()&%<xxx><xxxxxx >xxxxx(xxxx)</xxxxxx>predictiveHigh
104Network Portxxx/xxx (xxxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!