Rock Phish Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (20)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en8
it6
pl4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us20

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Rock Phish1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined6
Anti-Malware Software2
Project Management Software2
Router Operating System2
Multimedia Player Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined4
Russcom Network2
SonicWALL2
DZCP2
Dragon Path2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Tiki2
Russcom Network Loginphp2
SonicWALL AntiSpam 2
SonicWALL EMail Security Appliance2
zephyrproject-rtos2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.850.00954CVE-2010-0966
2Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined1.080.00000
3Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix4.010.00786CVE-2020-15906
4Dragon Path Bharti Airtel Routers Hardware BDT-121 Admin Page cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.070.00051CVE-2022-28507
5Adobe Acrobat Reader use after free6.35.5$25k-$100k$0-$5kUnprovenOfficial Fix0.040.13369CVE-2014-9159
6Apple QuickTime memory corruption10.09.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.040.06113CVE-2011-3249
7zephyrproject-rtos RNDIS USB Device heap-based overflow7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.040.00081CVE-2021-3861
8Lenze cabinet c520/cabinet c550/cabinet c750 Password Verification missing critical step in authentication9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00244CVE-2022-2302
9SonicWALL AntiSpam / EMail Security Appliance MTA Queue Report Module reports_mta_queue_status.html cross site scripting8.07.6$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00000
10Magic Photo Storage Website register.php privileges management5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00000
11Russcom Network Loginphp register.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.080.00677CVE-2006-2160
12Linux Kernel FXSAVE x87 Register cryptographic issues4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.00101CVE-2006-1056
13WordPress wp-register.php cross site scripting4.34.2$5k-$25k$0-$5kHighUnavailable0.040.00329CVE-2007-5105

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
181.16.131.40Rock Phish06/19/2022verifiedHigh
2XXX.XX.XXX.XXXxxx Xxxxx06/19/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059CWE-94Cross Site ScriptingpredictiveHigh
2TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
3TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx XxxxxxxpredictiveHigh
4TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Filecloud.phppredictiveMedium
2Fileinc/config.phppredictiveHigh
3Filexxxxxxxx.xxxpredictiveMedium
4Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
5Filexxxx-xxxxx.xxxpredictiveHigh
6Filexxxx/xxxxxxxx.xxxpredictiveHigh
7Filexx-xxxxxxxx.xxxpredictiveHigh
8ArgumentxxxxxxxxpredictiveMedium
9ArgumentxxxxxxxxxxpredictiveMedium
10ArgumentxxxxxxxxpredictiveMedium
11ArgumentxxxxxpredictiveLow
12Argumentxxxx_xxxxxpredictiveMedium
13Argument_xxxxxx[xxxx_xxxx]predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!