RTM Analysisinfo

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en848
zh36
de30
ru28
ar14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows86
Google Android22
Linux Kernel18
WordPress18
Apache HTTP Server12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.11CVE-2020-12440
2Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.16CVE-2014-4078
3Exim SMTP Challenge stack-based overflow8.17.9$0-$5k$0-$5kNot DefinedNot Defined0.000650.00CVE-2023-42116
4Huawei ACXXXX/SXXXX SSH Packet input validation7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002460.05CVE-2014-8572
5Microsoft Windows WPAD access control8.07.9$25k-$100k$0-$5kHighOfficial Fix0.900770.03CVE-2016-3213
6Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.276610.04CVE-2021-34530
7Microsoft Windows Event Tracing Privilege Escalation7.36.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.00CVE-2021-34487
8Microsoft IIS uncpath cross site scripting5.25.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.004830.12CVE-2017-0055
9Bitrix24 user_options.php deserialization7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001060.03CVE-2023-1714
10Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.007840.04CVE-2022-27228
11Backdoor.Win32.Tiny.c Service Port 7778 backdoor7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.03
12Cisco Secure Email and Web Manager Web-based Management Interface improper authentication9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.004000.03CVE-2022-20798
13nginx Log File link following7.87.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000920.04CVE-2016-1247
14Apache HTTP Server mod_rewrite redirect6.76.7$5k-$25k$5k-$25kNot DefinedNot Defined0.002580.20CVE-2020-1927
15Microsoft .NET Core/Visual Studio denial of service6.45.5$5k-$25k$0-$5kUnprovenOfficial Fix0.001930.00CVE-2021-26423
16Microsoft Windows TCP/IP Stack Privilege Escalation9.98.6$100k and more$5k-$25kUnprovenOfficial Fix0.021830.03CVE-2021-26424
17Microsoft Windows Event Tracing Privilege Escalation8.37.3$100k and more$5k-$25kUnprovenOfficial Fix0.000460.00CVE-2021-26425
18Microsoft Windows Bluetooth Driver Privilege Escalation8.37.3$100k and more$5k-$25kUnprovenOfficial Fix0.000430.00CVE-2021-34537
19Microsoft Dynamics 365 Privilege Escalation8.57.4$25k-$100k$0-$5kUnprovenOfficial Fix0.006990.00CVE-2021-34524
20Microsoft Windows Storage Spaces Controller Local Privilege Escalation7.86.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.00CVE-2021-34536

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Buhtrap/Buran

IOC - Indicator of Compromise (45)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.45.71.239parkino.netRTMBuhtrap/Buran12/20/2020verifiedLow
25.154.190.167RTM12/20/2020verifiedLow
35.154.190.168RTM12/20/2020verifiedLow
45.154.190.189RTM12/20/2020verifiedLow
55.154.191.57RTM12/20/2020verifiedLow
65.154.191.154RTM12/20/2020verifiedLow
75.154.191.174RTM12/20/2020verifiedLow
85.154.191.225RTM12/20/2020verifiedLow
937.1.206.78RTM12/20/2020verifiedLow
10XX.X.XXX.XXXXxxXxxxxxx/xxxxx12/20/2020verifiedLow
11XX.XXX.XX.XXXXxxXxxxxxx/xxxxx12/20/2020verifiedLow
12XX.XXX.XX.XXXxxxxxxxxx.xxxxxxxx-xxxx.xxxXxx12/20/2020verifiedLow
13XX.XXX.X.XXXxx12/20/2020verifiedLow
14XX.XXX.XXX.XXxxxxxxxxxx.xxxXxx12/20/2020verifiedLow
15XX.XXX.XXX.XXXXxx12/20/2020verifiedLow
16XX.XXX.XXX.XXxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxx12/20/2020verifiedLow
17XX.XXX.XX.XXxx-xxx-xx-xx.xxxxxx.xxxx.xxXxxXxxxxxx/xxxxx12/20/2020verifiedLow
18XX.XXX.XX.XXXxxxxxx-xx.xxxxxxxx.xxXxx12/20/2020verifiedVery Low
19XX.XXX.XXX.XXXxxXxxxxxx/xxxxx12/20/2020verifiedLow
20XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxx12/20/2020verifiedVery Low
21XXX.XXX.XX.XXXXxx12/20/2020verifiedLow
22XXX.XX.XXX.XXXXxx12/20/2020verifiedLow
23XXX.XXX.XXX.XXXxxxxxx.xxx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxx12/20/2020verifiedLow
24XXX.XX.XXX.XXXXxx12/20/2020verifiedLow
25XXX.XXX.X.XXXXxx12/20/2020verifiedLow
26XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xx-xxxx.xxxxXxx12/20/2020verifiedLow
27XXX.XXX.XXX.XXXxxxxx.xxxxxxx.xxxXxxXxxxxxx/xxxxx12/20/2020verifiedLow
28XXX.XX.XXX.XXXxx12/20/2020verifiedLow
29XXX.XX.XXX.XXXxx12/20/2020verifiedLow
30XXX.XX.XXX.XXxxxxxxxxx.xxxxxxxxxx.xxxXxx12/20/2020verifiedLow
31XXX.XX.XXX.XXxxxxxxxxxx.x.xxxxx-xxxxxxxx.xxxXxx12/20/2020verifiedLow
32XXX.XXX.XX.XXXXxx12/20/2020verifiedLow
33XXX.XXX.XX.XXXXxx12/20/2020verifiedLow
34XXX.XXX.XX.XXXXxx12/20/2020verifiedLow
35XXX.XXX.XXX.XXXXxxXxxxxxx/xxxxx12/20/2020verifiedLow
36XXX.XXX.XXX.XXXXxxXxxxxxx/xxxxx12/20/2020verifiedLow
37XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxx.xxxXxx12/20/2020verifiedLow
38XXX.XXX.XXX.XXxxx-xx.xxxxxx.xxxxxxx.xxXxxXxxxxxx/xxxxx12/20/2020verifiedLow
39XXX.XXX.XX.XXXxxxxxx-xx-xxx-xxx-xx-xxx.xxxxxx.xx-xxxx.xxxXxx12/20/2020verifiedLow
40XXX.XX.XXX.XXxxxx.xxxxxxx.xxx.xxXxx12/20/2020verifiedLow
41XXX.XX.XXX.XXXxxxxxx.xxxxxx-xx.xxxXxx12/20/2020verifiedLow
42XXX.XX.XX.XXXxxxxxx-xx-xxx-xx-xx-xxx.xxxxxx.xx-xxxx.xxxXxx12/20/2020verifiedLow
43XXX.XXX.XX.XXXxxXxxxxxx/xxxxx12/20/2020verifiedLow
44XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxx.xxxxxx.xxXxx12/20/2020verifiedVery Low
45XXX.XX.X.XXxxxxxxxx.xxxxxxxxxxx.xxXxx12/20/2020verifiedLow

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23, CWE-24Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
12TXXXXCAPEC-1CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
13TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
18TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
20TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
21TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
22TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (291)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.travis.ymlpredictiveMedium
2File/.envpredictiveLow
3File/admin/app/product.phppredictiveHigh
4File/admin/subnets/ripe-query.phppredictiveHigh
5File/api/set-passwordpredictiveHigh
6File/apply.cgipredictiveMedium
7File/cgi-bin/cstecgi.cgipredictiveHigh
8File/classes/Users.phppredictiveHigh
9File/conf/app.confpredictiveHigh
10File/core/conditions/AbstractWrapper.javapredictiveHigh
11File/customer_support/index.phppredictiveHigh
12File/dashboard/updatelogo.phppredictiveHigh
13File/debug/pprofpredictiveMedium
14File/etc/openshift/server_priv.pempredictiveHigh
15File/exportpredictiveLow
16File/file?action=download&filepredictiveHigh
17File/goform/openSchedWifipredictiveHigh
18File/hardwarepredictiveMedium
19File/importexport.phppredictiveHigh
20File/index.phppredictiveMedium
21File/librarian/bookdetails.phppredictiveHigh
22File/medical/inventories.phppredictiveHigh
23File/mfsNotice/pagepredictiveHigh
24File/mkshop/Men/profile.phppredictiveHigh
25File/monitoringpredictiveMedium
26File/Noxen-master/users.phppredictiveHigh
27File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
28File/php/busyscreenshotpush.phppredictiveHigh
29File/plugin/LiveChat/getChat.json.phppredictiveHigh
30File/plugins/servlet/audit/resourcepredictiveHigh
31File/plugins/servlet/project-config/PROJECT/rolespredictiveHigh
32File/preview.phppredictiveMedium
33File/PreviewHandler.ashxpredictiveHigh
34File/xxxxxxxx/xxxxx.xxxpredictiveHigh
35File/xxxxxxxxxx/xxxxx.xxxpredictiveHigh
36File/xxxxxxxxxxxpredictiveMedium
37File/xxxxxxxpredictiveMedium
38File/xxxxxxx/xxxpredictiveMedium
39File/xxxxxx-xxxxxx.xxxpredictiveHigh
40File/xxxxxx_xxxxx.xxxpredictiveHigh
41File/xxxxxx-xxxxxxpredictiveHigh
42File/xxxx.xxxpredictiveMedium
43File/xxx/xxxxxx-xxxxxxxx-*predictiveHigh
44File/xxxxxxx/predictiveMedium
45File/xxxxxxpredictiveLow
46File/xxxx/xxxxxx.xxx?xxx=xpredictiveHigh
47File/xxx/xxx/xxxxxpredictiveHigh
48File/xxx/xxx/xxxxxxxx.xxxpredictiveHigh
49File/xxxxxx/xxxxxxxx/xxxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
50File/xxxx/xxx/xxxxxxx/xxx_xxxxxx.xxxpredictiveHigh
51File/xxxxxx/xxxxxx.xxxxpredictiveHigh
52File/xxxx_xxxxx.xxxpredictiveHigh
53File/xx-xxxx/xxxxxx/x.x/xxxxx?xxxpredictiveHigh
54Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
55Filexxxxxxx.xxxpredictiveMedium
56Filexxxxxxx.xxxpredictiveMedium
57Filexxx/xxxxxxxx/xxxxxxpredictiveHigh
58Filexxx/xxx/xxxx-xxxpredictiveHigh
59Filexxxxx.xxxpredictiveMedium
60Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
61Filexxxx/xxxxxxx/xxx/xxxxxx_xxxx.xpredictiveHigh
62Filexxxx/xxxxxxx.xxxpredictiveHigh
63Filexxxxxx/xxxxxxx/xxxx/xxxxxxx/xxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
64Filexxxxxx/xxxxxxxxxxpredictiveHigh
65Filex:\xxxxxxx xxxxx\xxxxxx xxxxx\xxx\xxxxxxx.xxxpredictiveHigh
66Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxpredictiveHigh
67Filexxx/xxxxxxx.xxpredictiveHigh
68Filexxxxx.xxxpredictiveMedium
69Filexxxxxxx/xxxx.xxxpredictiveHigh
70Filexxxxxx.xxxpredictiveMedium
71Filexxxxxx.xxxpredictiveMedium
72Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictiveHigh
73Filexxxxxx.xpredictiveMedium
74Filexxxxxx/xxxxxx.xxxpredictiveHigh
75Filexxxxxx/xxxxxxx/xxx_xxx.xpredictiveHigh
76Filex_xxxxxxpredictiveMedium
77Filexxxxxxx.xxxpredictiveMedium
78Filexx.xpredictiveLow
79Filexxxxxxx/xxxxx/xxxxxx.xpredictiveHigh
80Filexxxxxxx/xxx/xxxxxxx/xxxx.xpredictiveHigh
81Filexxxx_xxxxx.xxxpredictiveHigh
82Filexxxxxxx.xpredictiveMedium
83Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xpredictiveHigh
84Filexxxxxxxx.xpredictiveMedium
85Filexx/xxxxxxxxx.xpredictiveHigh
86Filexx/xxxxx/xxxxxxx.xpredictiveHigh
87Filexxxxx.xxxpredictiveMedium
88Filexxxx.xxxpredictiveMedium
89Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
90Filexxxxx-xxxxx.xpredictiveHigh
91Filexxxxx-xxxxxxxxxx.xpredictiveHigh
92Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
93Filexxxxx.xxxpredictiveMedium
94Filexxxxx.xpredictiveLow
95Filexxxxx:/xxxxxxxx/xxxxxxxxxxxx.xxxxpredictiveHigh
96Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
97Filexxxx_xxxxxx.xxpredictiveHigh
98Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
99Filexxxxxxxxxx/xxxx.xpredictiveHigh
100Filexxxxxxx/xx_xxx.xpredictiveHigh
101Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
102Filexxxxx.xxxpredictiveMedium
103Filexxxxx.xxxpredictiveMedium
104Filexxxxxxxxxx/xxx.xpredictiveHigh
105Filexxxx.xxxpredictiveMedium
106Filexxxxxx_xxxxx_xxxxxxx.xpredictiveHigh
107Filexxxxxxxxxxxxxxxx.xpredictiveHigh
108Filexxxxxxx/xxx/xxx_xxxxxxx.xpredictiveHigh
109Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveHigh
110Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveHigh
111Filexxxx.xxxpredictiveMedium
112Filexxx_xxxxxxx.xpredictiveHigh
113Filexxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
114Filexxxxx.xxxpredictiveMedium
115Filexxxxxxx.xxxpredictiveMedium
116Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
117Filexxx_xx.xpredictiveMedium
118Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
119Filexxxxxxxxx.xxx.xxxpredictiveHigh
120Filexxxxxxx.xxxpredictiveMedium
121Filexxxxxxxx.xxxxpredictiveHigh
122Filexxxxxxxxxxxxx.xxxxpredictiveHigh
123Filexxxxxx.xpredictiveMedium
124Filexxxxxxxx.xxxpredictiveMedium
125Filexxxxxxx_xxxx.xxxpredictiveHigh
126Filexxxxxxx.xxxpredictiveMedium
127Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
128Filexxxxxxxx.xxxpredictiveMedium
129Filexxxxx_xxxxxxx.xxxpredictiveHigh
130Filexxxxxxx.xxxpredictiveMedium
131Filexxxxxxx.xpredictiveMedium
132Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
133Filexxxx_xxx_xx.xpredictiveHigh
134Filexx_xxx.xpredictiveMedium
135Filexxxxxx.xpredictiveMedium
136Filexxxxx.xxxpredictiveMedium
137Filexxxx-xxxxxx.xpredictiveHigh
138Filexxxxxx/xxxxxxxxx/xxxx/xxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
139Filexxxxxxx.xpredictiveMedium
140Filexxx/xxx_xxxxx.xpredictiveHigh
141Filexxx/xxxx.xpredictiveMedium
142Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
143Filexxxxxxxxxxx.xxxpredictiveHigh
144Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictiveHigh
145Filexxxx-xxxxx.xxxpredictiveHigh
146Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxx.xxxpredictiveHigh
147Filexxx/xxx-xxxxxxxx.xxxpredictiveHigh
148Filexxxxxxxxx.xpredictiveMedium
149Filexxxx.xxxxxxxxx.xxxpredictiveHigh
150Filexxxxxxxxxx.xxxpredictiveHigh
151Filexxxx_xxxx.xxxpredictiveHigh
152Filexxx.xxxpredictiveLow
153Filexxxxx.xxxpredictiveMedium
154Filexxxxxx/xx/xxxx.xxxpredictiveHigh
155Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
156Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictiveHigh
157Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
158Filexx/xx/xxxxxpredictiveMedium
159Filexx_xxxxxxx.xpredictiveMedium
160File_xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
161File~/xxxx/xxx/xxxxxxx/xxxxxxxxxx/xxxxxx.xxxpredictiveHigh
162File~/xxxxxxxx/xxxxxxx/xxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
163Libraryxxxxx/xxxxxxxxx/xxxx.xxxxxxxxx.xxxpredictiveHigh
164Libraryxxxxxxxxxxxxx.xxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
165Libraryxxxxx.xxxpredictiveMedium
166Libraryxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
167Libraryxxxxxxxxxx/xxxxxxxx.xpredictiveHigh
168Libraryxxxxxxxx.xxxpredictiveMedium
169Libraryxxxxxxxxx.xxxpredictiveHigh
170Libraryxxxxxxxx.xxxpredictiveMedium
171Libraryxxxxxx.xxx.xxx.xxxpredictiveHigh
172Libraryxxxxxxxx.xxxpredictiveMedium
173Libraryxxxxxxxx.xxxpredictiveMedium
174Argumentxx_xxxxx_xxx_xxxxpredictiveHigh
175ArgumentxxxxpredictiveLow
176Argumentxxxxxx_xxxxpredictiveMedium
177ArgumentxxxpredictiveLow
178Argumentxxxxxxxx xxxx/xxxxxxxx xxxxxxxxxxxpredictiveHigh
179ArgumentxxxxxpredictiveLow
180Argumentxxx_xxpredictiveLow
181ArgumentxxxxxxpredictiveLow
182Argumentxxxxxx[xxxx]predictiveMedium
183Argumentxxxxxxx xxxxpredictiveMedium
184ArgumentxxxxxxxxxxpredictiveMedium
185ArgumentxxxxxxxpredictiveLow
186Argumentxxxxxx_xxxx_xxxxxxxxpredictiveHigh
187Argumentxxxx_xxxxxpredictiveMedium
188Argumentxxxxxxx_xxxx->xxx($xxxxxxxx)predictiveHigh
189Argumentxxx_xxxxxpredictiveMedium
190Argumentxxxxx/xxxxx/xxxxx/xxxxxxxxpredictiveHigh
191Argumentxxxxx xxxxxpredictiveMedium
192ArgumentxxxxxxxxxxxpredictiveMedium
193Argumentxxxxxx_xxxxpredictiveMedium
194Argumentxxxxx xxxx/xxxx xxxxpredictiveHigh
195Argumentxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxx/xxxxxxxpredictiveHigh
196Argumentxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxxxpredictiveHigh
197Argumentxxxx_xxxx/xxxx_xxxx/xxxxxxxpredictiveHigh
198ArgumentxxxxxxpredictiveLow
199ArgumentxxpredictiveLow
200ArgumentxxpredictiveLow
201ArgumentxxxxxpredictiveLow
202Argumentxxx_xxxxxxxxpredictiveMedium
203ArgumentxxxxxxxxxxxxxxpredictiveHigh
204ArgumentxxxxxxxxpredictiveMedium
205ArgumentxxxxxpredictiveLow
206ArgumentxxxxxxpredictiveLow
207ArgumentxxxxxxxpredictiveLow
208Argumentxxxxx[xxxxx][xx]predictiveHigh
209Argumentxxxxxxxx[xxxxxx]/xxxxxxxx[xxxxxxxxx]predictiveHigh
210Argumentxx/xx/xx/xx/xpredictiveHigh
211Argumentxxxx_xxxxxx_xxxxpredictiveHigh
212ArgumentxxxxxpredictiveLow
213Argumentxxxx x xxxxpredictiveMedium
214Argumentxxxxxxxxx/xxxxxxxxxpredictiveHigh
215ArgumentxxxxxxpredictiveLow
216Argumentxxx_xxpredictiveLow
217ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveHigh
218Argumentxxx_xxxpredictiveLow
219ArgumentxxpredictiveLow
220Argumentxxxxx/xxxxxxpredictiveMedium
221ArgumentxxxxpredictiveLow
222ArgumentxxxxxxxxpredictiveMedium
223ArgumentxxxxxxxxpredictiveMedium
224ArgumentxxxxpredictiveLow
225ArgumentxxxxxxxxpredictiveMedium
226ArgumentxxxxxpredictiveLow
227ArgumentxxxxxxxxxpredictiveMedium
228Argumentxxx_xxxpredictiveLow
229ArgumentxxxxxxpredictiveLow
230Argumentxxxxxxx_xxxxxpredictiveHigh
231Argumentxx_xxxxxxx_xxxxxxxpredictiveHigh
232ArgumentxxxxxxxxxxxxxpredictiveHigh
233ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
234ArgumentxxxxxpredictiveLow
235Argumentxxxxxx_xxxxpredictiveMedium
236ArgumentxxxxxpredictiveLow
237Argumentxxxxxxx_xxxpredictiveMedium
238ArgumentxxxxxxpredictiveLow
239Argumentxxxx_xxxxpredictiveMedium
240ArgumentxxxxpredictiveLow
241Argumentxxxxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
242ArgumentxxxxxxxpredictiveLow
243ArgumentxxxxxxpredictiveLow
244ArgumentxxxxxxxxpredictiveMedium
245Argumentxxxxxxxx_xxxxxpredictiveHigh
246Argumentxxxxxxxx/xxxxxxxxxpredictiveHigh
247ArgumentxxxxxxxxxxxxpredictiveMedium
248ArgumentxxxxxxpredictiveLow
249ArgumentxxxxxxxxxpredictiveMedium
250ArgumentxxxxxxpredictiveLow
251ArgumentxxxpredictiveLow
252ArgumentxxxxxxpredictiveLow
253ArgumentxxxpredictiveLow
254Argumentxxxxxxxx-xxxxxxxxpredictiveHigh
255ArgumentxxxxpredictiveLow
256ArgumentxxxpredictiveLow
257ArgumentxxxxpredictiveLow
258ArgumentxxxxxxxxxpredictiveMedium
259ArgumentxxxxxxxxpredictiveMedium
260ArgumentxxxxxxxxpredictiveMedium
261Argumentxxx_xxxxxx_xxpredictiveHigh
262ArgumentxxxxxxxpredictiveLow
263Argumentxxxxxx_xxxxxxxxpredictiveHigh
264Argumentxxx_xx_xxxxxxpredictiveHigh
265Argumentx-xxxxxxxxx-xxxpredictiveHigh
266Argumentxxxxx/xxxxxpredictiveMedium
267ArgumentxxxpredictiveLow
268Argument_xxx_xxxxxxx_xxxxxxx_xxxxxxxxxxxxx_xxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxpredictiveHigh
269Argument_xxx_xxxxxxxxxxx_predictiveHigh
270Input Value"><xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveHigh
271Input Value%xpredictiveLow
272Input Value'>[xxx]predictiveLow
273Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh
274Input Value.%xx.../.%xx.../predictiveHigh
275Input Valuexxx xxxxxxxxpredictiveMedium
276Input ValuexxxxxxxxpredictiveMedium
277Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveHigh
278Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
279Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
280Input ValuexxxxxpredictiveLow
281Input Valuexxxxxxx_xxxxx.xxxxxxx_xxxxxxxpredictiveHigh
282Input Value\..\..\..\..\xxxxxxxx\xxxxxx.xxxpredictiveHigh
283Input Value\xpredictiveLow
284Input Value….//predictiveLow
285Pattern() {predictiveLow
286Pattern|xx|predictiveLow
287Network PortxxxxxpredictiveLow
288Network Portxx xxxxxxx xxx.xx.xx.xxpredictiveHigh
289Network Portxxx/xx (xxxxxx)predictiveHigh
290Network Portxxx/xxxxpredictiveMedium
291Network Portxxx xxxxxx xxxxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!