Royal Road Analysis

IOB - Indicator of Behavior (175)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en146
es8
fr8
it6
zh4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us102
ru10
gb10
fr8
cz6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows8
Apache HTTP Server8
WordPress4
OpenSSL2
Mihalism Multi Host2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.29CVE-2020-12440
2MidiCart PHP Shopping Cart item_show.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
3WordPress Private Post access control5.04.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.002720.05CVE-2020-11028
4Apache HTTP Server mod_rewrite redirect6.76.7$5k-$25k$5k-$25kNot DefinedNot Defined0.002580.15CVE-2020-1927
5ProFTPD mod_copy access control8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.944620.04CVE-2019-12815
6Microsoft Exchange Server Privilege Escalation8.57.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.035630.00CVE-2021-26412
7Gempar Script Toko Online shop_display_products.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.07CVE-2009-0296
8Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
9Mihalism Multi Host users.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.001520.00CVE-2008-0714
10Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.15CVE-2017-0055
11Mailman input validation6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001600.00CVE-2018-13796
12WordPress Thumbnail input validation7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.009900.03CVE-2018-1000773
13XenForo privileges management8.67.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.04
14DCP-Portal forums.php sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
15Ideal BB.NET forums.aspx cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
16logwatch logwatch.pl input validation9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.064610.00CVE-2011-1018
17OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.39CVE-2016-6210
18Apache Shiro API path traversal8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000710.07CVE-2023-34478
19Subversion svn+ssh:/ URL input validation8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.128510.07CVE-2017-9800
20Apache Subversion mod_authz_svn authenticated information disclosure5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.003800.03CVE-2015-3184

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Royal Road

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1138.68.133.211share.sawblade.org.ukRoyal RoadRoyal Road12/22/2020verifiedMedium
2XXX.XXX.XX.XXXxxxx XxxxXxxxx Xxxx12/22/2020verifiedMedium
3XXX.XXX.XX.XXxxxx XxxxXxxxx Xxxx12/22/2020verifiedMedium
4XXX.XX.X.XXXxxx.xx.x.xxx.xxxxx.xxxXxxxx XxxxXxxxx Xxxx12/22/2020verifiedMedium

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (92)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/bin/shpredictiveLow
2File/oauth/authorizepredictiveHigh
3File/see_more_details.phppredictiveHigh
4File/uncpath/predictiveMedium
5File/webmail/predictiveMedium
6File/_nextpredictiveLow
7Fileadmin/index.phppredictiveHigh
8Fileanonymous/authenticatedpredictiveHigh
9Fileassets/add/registrar.phppredictiveHigh
10Filebooking.phppredictiveMedium
11Filebooks.phppredictiveMedium
12Filexxxx.xxxpredictiveMedium
13Filexxxxxxxxx.xxxxpredictiveHigh
14Filexxx-xxxx.xxxpredictiveMedium
15Filexxx-xxxpredictiveLow
16Filexxx-xxx/xxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxx/xxx/x_xxxxxxxx_xxxxxxxx.xpredictiveHigh
18Filexxxxxxxx_xxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxxx.xxx?xxx=xxxx&xxxxxx=xxxxxxxxxpredictiveHigh
21Filexxxxxx.xxxxpredictiveMedium
22Filexxxxxx.xxxpredictiveMedium
23Filexxxx.xpredictiveLow
24Filexxxx.xxxpredictiveMedium
25Filexxxxx.xxxpredictiveMedium
26Filexxxx_xxxx.xxxpredictiveHigh
27Filexxxxx.xxxpredictiveMedium
28Filexxxxxxxx.xxpredictiveMedium
29Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictiveHigh
30Filexxx/xxxxx.xxxxpredictiveHigh
31Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
32Filexxxxxxxxx.xxxxpredictiveHigh
33Filexxxx.xxxpredictiveMedium
34Filexxxxxxxx.xxxpredictiveMedium
35Filexxxxxxxxx/xxxxxx.xpredictiveHigh
36Filexxx.xpredictiveLow
37Filexxxxxxxx/xxxxx/xxxxxxx.xxpredictiveHigh
38Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
39Filexxxxxxxx.xxxpredictiveMedium
40Filexxxxxx/xxxxxxx/xxxxxxx/xxxxxx.xxxpredictiveHigh
41Filexxxx-xxxxx_xxxxxxx.xxxpredictiveHigh
42Filexxxxx.xxxpredictiveMedium
43Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
44Filexxxxxx.xxxpredictiveMedium
45Filexxxxxx/xx/xxxx.xxxpredictiveHigh
46Filexxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxxpredictiveHigh
47Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
48Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxxxx-xxxx&xxpredictiveHigh
49Filexx-xxxxx/xxxxx.xxx?xxxx=xxx-xxxxx&xxxxxx=xxxx-xxxxxpredictiveHigh
50Filexx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveHigh
51Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictiveHigh
52Libraryxxxxxxxx.xxxpredictiveMedium
53Argument--xxxpredictiveLow
54Argumentxxx_xxxxpredictiveMedium
55ArgumentxxxxxpredictiveLow
56ArgumentxxxxxxpredictiveLow
57ArgumentxxxpredictiveLow
58ArgumentxxxxxpredictiveLow
59Argumentxxx_xxpredictiveLow
60ArgumentxxxpredictiveLow
61Argumentxxxx_xxpredictiveLow
62Argumentxxxx/xxxxpredictiveMedium
63ArgumentxxxxxxxpredictiveLow
64ArgumentxxpredictiveLow
65Argumentxxxx_xxxxxxxpredictiveMedium
66ArgumentxxpredictiveLow
67ArgumentxxxxpredictiveLow
68ArgumentxxxxpredictiveLow
69ArgumentxxpredictiveLow
70ArgumentxxxxxxpredictiveLow
71ArgumentxxxxpredictiveLow
72ArgumentxxxxxpredictiveLow
73ArgumentxxpredictiveLow
74ArgumentxxxxxxxxpredictiveMedium
75ArgumentxxxxxxxxpredictiveMedium
76Argumentxxxx_xxpredictiveLow
77Argumentxxxxxxxx_xxxx/xxxxxx_xx/xxxxxxxx_xxxpredictiveHigh
78Argumentxxxxxx/xxxxxpredictiveMedium
79ArgumentxxxxxxpredictiveLow
80ArgumentxxxxxxpredictiveLow
81ArgumentxxxxxpredictiveLow
82Argumentxxxxxxxxxx[xxxx]predictiveHigh
83Argumentxxxxxxxxxxx_xxpredictiveHigh
84ArgumentxxxpredictiveLow
85ArgumentxxxpredictiveLow
86ArgumentxxxxxxxxpredictiveMedium
87Argumentxxxx->xxxxxxxpredictiveHigh
88Input Value.%xx.../.%xx.../predictiveHigh
89Input Valuexxx.xxx[xxxxx]predictiveHigh
90Input Value…/.predictiveLow
91PatternxxxxxxxxpredictiveMedium
92Pattern|xx xx xx xx|predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!