RudeBird Analysisinfo

IOB - Indicator of Behavior (177)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en164
pt4
de2
sv2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
Google Android4
Siemens SiNVR 3 Central Control Server4
Siemens SiNVR 3 Video Server4
WordPress4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002410.38CVE-2020-12440
2WordPress User Search REST Endpoint information disclosure4.44.3$5k-$25k$0-$5kNot DefinedNot Defined0.058830.04CVE-2023-5561
3Storytlr cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001590.07CVE-2014-100037
4Synology DiskStation Manager Change Password password recovery7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000630.04CVE-2018-8916
5Matrix libolm AES timing discrepancy3.93.9$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2024-45191
6OpenText Vertica permission assignment3.93.9$0-$5k$0-$5kNot DefinedNot Defined0.000430.02CVE-2024-6360
7Cisco Data Center Network Manager information disclosure4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.06CVE-2024-20490
8GutenGeek Free Gutenberg Blocks Plugin SVG File Upload cross site scripting5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2024-9073
9Red Hat Build of Keycloak Redirect URI redirect5.15.1$5k-$25k$5k-$25kNot DefinedNot Defined0.002440.03CVE-2024-8883
10TOTOLINK A720R exportOvpn os command injection6.06.0$0-$5k$0-$5kNot DefinedNot Defined0.000890.02CVE-2024-8869
11Microsoft Edge exposure of private personal information to an unauthorized actor4.34.1$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000630.04CVE-2024-30056
12Samsung Devices IMS Service FCM implicit intent4.34.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-20897
13Smush Plugin Resmush List authorization4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2023-3352
14AdminLTE index2.html path traversal8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.003130.02CVE-2021-36471
15IBM i Service Tools Server information exposure5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000460.03CVE-2024-31878
16Fortinet FortiWebManager HTTP Request Handler/CLI improper authorization8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000500.05CVE-2024-23667
17Kashipara College Management System submit_enroll_student.php cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.010250.09CVE-2024-5371
18SuSE WebYaST access control8.48.4$5k-$25k$5k-$25kNot DefinedNot Defined0.000460.05CVE-2013-3709
19Campcodes Online College Library System HTTP POST Request category_row.php sql injection6.15.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.003210.02CVE-2023-7179
20Apache HTTP Server HTTP/2 resource consumption5.65.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.001120.02CVE-2023-45802

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.90.58.103vds-671568.hosted-by-itldc.comRudeBird10/29/2023verifiedMedium
2XXX.XXX.XXX.XXXXxxxxxxx10/29/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-XXXCWE-XXXXxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxxxxxxxxx Xx Xx Xxxxxxxxxxxx XxxxxpredictiveHigh
18TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
20TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (68)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/booking-bwdates-reports-details.phppredictiveHigh
2File/admin/category_row.phppredictiveHigh
3File/admin/index2.htmlpredictiveHigh
4File/bin/boapredictiveMedium
5File1.user.phppredictiveMedium
6Fileadmin.cgi?action=config_restorepredictiveHigh
7Fileadmin.cgi?action=upgradepredictiveHigh
8Fileadmin/books/deweydecimal.phppredictiveHigh
9Filexxxxx/xxxx_xxxxx.xxxpredictiveHigh
10Filexxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
11Filexxxxx.xxxpredictiveMedium
12Filexxx_xxx.xxpredictiveMedium
13FilexxxpredictiveLow
14Filexxxxx-xx-xxxxxx-xxxxx.xxxpredictiveHigh
15Filexxxxxx.xpredictiveMedium
16Filexxxxxxx/xxx/xxxxxxxx/xxx/xxxxx/xxx_xxx.xpredictiveHigh
17Filexx_xxxxxxx.xpredictiveMedium
18Filexxxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxxxx/xxxxxxx/xxxxx/xxxxxx.xxxpredictiveHigh
20Filexxx_xxx.xxxpredictiveMedium
21Filexxxxxxxxx.xxxpredictiveHigh
22Filexxxxx.xxxpredictiveMedium
23Filexxxxx.xxxpredictiveMedium
24Filexxxxxxxx.xxxpredictiveMedium
25Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
26Filexxxx.xxxpredictiveMedium
27Filexxxxxxxxx.xxxpredictiveHigh
28Filexxxx-xxxxx-xxxxx.xxxpredictiveHigh
29Filexxxxxx.xpredictiveMedium
30Filexxxxxxxx.xxxpredictiveMedium
31Filexxxxxxxx.xxxpredictiveMedium
32Filexxxxxx.xxxpredictiveMedium
33Filexxx_xxxxx.xpredictiveMedium
34Filexxxxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
35Filexxxxxxxx.xpredictiveMedium
36Filexxxx-xxxxxxxx.xxxpredictiveHigh
37Filexxxxx/xxxxx.xxpredictiveHigh
38Libraryxxxx.xxxpredictiveMedium
39Libraryxxxxxxxxxxxx.xxxpredictiveHigh
40Libraryxxxxxxx.xxxpredictiveMedium
41Argumentxxxxx_xxpredictiveMedium
42Argumentxxx_xxxxxx.xxxpredictiveHigh
43ArgumentxxxxxxpredictiveLow
44ArgumentxxxxxxxxpredictiveMedium
45Argumentxxxxx_xxxxpredictiveMedium
46Argumentxxx_xxxxpredictiveMedium
47ArgumentxxxxxpredictiveLow
48ArgumentxxxxpredictiveLow
49ArgumentxxxxxxxxpredictiveMedium
50Argumentxxx-xxxxpredictiveMedium
51ArgumentxxxxpredictiveLow
52ArgumentxxpredictiveLow
53ArgumentxxxxxxpredictiveLow
54Argumentxxxx_xxxxpredictiveMedium
55Argumentxxxxxxxxxx_xxxxxxxx_xxxxxpredictiveHigh
56Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
57Argumentxxxx/xxxxxxxpredictiveMedium
58ArgumentxxxxpredictiveLow
59ArgumentxxxxxxpredictiveLow
60ArgumentxxxxxxpredictiveLow
61ArgumentxxpredictiveLow
62Argumentxxx xxx_xx/xxxxxx/xxx/xxx/xxxxxxxxxx/xxxxxxxxxxpredictiveHigh
63Argumentxxxx_xxpredictiveLow
64Argumentxx_xxpredictiveLow
65Network PortxxxxpredictiveLow
66Network PortxxxxxpredictiveLow
67Network Portxxx xxxxxpredictiveMedium
68Network Portxxx/xx (xxxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!