Ryuk Analysis

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en750
zh98
ru34
ja28
es26

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us350
cn124
ru48
br12
ir12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Qualcomm Snapdragon Auto28
Qualcomm Snapdragon Industrial IOT26
Qualcomm Snapdragon Compute22
Qualcomm Snapdragon Connectivity22
Qualcomm Snapdragon Consumer IOT22

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.140.04187CVE-2010-0966
2nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined8.300.00000CVE-2020-12440
3Huawei ACXXXX/SXXXX SSH Packet input validation7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01055CVE-2014-8572
4MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable2.770.02800CVE-2007-0354
5Apple Mac OS X Server Wiki Server cross site scripting4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.010.01319CVE-2009-2814
6MantisBT cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01408CVE-2014-9571
7jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.050.04499CVE-2019-7550
8DM Guestbook admin.guestbook.php path traversal7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.07197CVE-2007-5821
9vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.180.00885CVE-2018-6200
10Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.970.00000
11DM Guestbook ch_lng.php path traversal7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.07197CVE-2007-5821
12DevExpress.XtraReports.UI deserialization5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.020.03804CVE-2021-36483
13Bill Kendrick GBook.cgi privileges management7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01136CVE-2000-1131
14MRCGIGUY Guestbook gb.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.070.01213CVE-2010-4358
15Francisco Burzi PHP-Nuke Downloads Module viewsdownload sql injection5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000.01055CVE-2005-0996
16Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.04187CVE-2011-0643
17Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix1.090.29797CVE-2014-4078
18Hancom Office 2010 SE memory corruption7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.060.07584CVE-2013-7420
19Gameloft Library X.509 Certificate cryptographic issues6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.010.00954CVE-2014-5529
20Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.780.25090CVE-2017-0055

IOC - Indicator of Compromise (117)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
13.137.182.114ec2-3-137-182-114.us-east-2.compute.amazonaws.comRyukverifiedMedium
25.2.64.113RyukverifiedHigh
35.2.64.133RyukverifiedHigh
45.2.64.135mail.chelseaf1oors.comRyukverifiedHigh
55.2.64.144RyukverifiedHigh
65.2.64.149RyukverifiedHigh
75.2.64.167RyukverifiedHigh
85.2.64.172RyukverifiedHigh
95.2.64.174liteserver.netnik.euRyukverifiedHigh
105.2.64.182mx.egmose.netRyukverifiedHigh
115.2.70.149RyukverifiedHigh
125.2.72.200RyukverifiedHigh
135.2.72.202vps2020nvme.pieterb.comRyukverifiedHigh
145.2.79.10RyukverifiedHigh
155.2.79.12mail.suspicious-login-managepaypal.comRyukverifiedHigh
165.182.210.145RyukverifiedHigh
1734.222.33.48ec2-34-222-33-48.us-west-2.compute.amazonaws.comRyukverifiedMedium
1845.34.6.225unassigned.psychz.netRyukverifiedHigh
1945.34.6.226unassigned.psychz.netRyukverifiedHigh
2045.138.172.95RyukverifiedHigh
2145.141.84.120RyukverifiedHigh
2245.147.228.77RyukverifiedHigh
2345.147.229.52RyukverifiedHigh
2445.147.229.68RyukverifiedHigh
25XX.XXX.XXX.XXXxxxverifiedHigh
26XX.XXX.XXX.XXXXxxxverifiedHigh
27XX.XXX.XXX.XXXxxxverifiedHigh
28XX.XXX.XXX.XXXXxxxverifiedHigh
29XX.XXX.XXX.XXXXxxxverifiedHigh
30XX.XXX.XXX.XXXXxxxverifiedHigh
31XX.XXX.XXX.XXXXxxxverifiedHigh
32XX.XXX.XXX.XXXXxxxverifiedHigh
33XX.XXX.XXX.XXXXxxxverifiedHigh
34XX.XXX.XXX.XXXXxxxverifiedHigh
35XX.XXX.XXX.XXXXxxxverifiedHigh
36XX.XXX.XXX.XXXXxxxverifiedHigh
37XX.XXX.XXX.XXXXxxxverifiedHigh
38XX.XXX.XXX.XXXXxxxverifiedHigh
39XX.XXX.XXX.XXXXxxxverifiedHigh
40XX.XXX.XXX.XXXXxxxverifiedHigh
41XX.XXX.XXX.XXXXxxxverifiedHigh
42XX.XXX.XXX.XXXXxxxverifiedHigh
43XX.XXX.XXX.XXXXxxxverifiedHigh
44XX.XXX.XXX.XXxxxverifiedHigh
45XX.XXX.XXX.XXXXxxxverifiedHigh
46XX.XXX.XXX.XXXXxxxverifiedHigh
47XX.XXX.XXX.XXXXxxxverifiedHigh
48XX.XX.XX.XXXxxx-xx-xx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxverifiedMedium
49XX.XX.XXX.XXxxx-xx-xx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxxXxxxverifiedMedium
50XX.XX.XX.XXXxxx-xx-xx-xx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxverifiedMedium
51XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxverifiedMedium
52XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxverifiedMedium
53XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxverifiedMedium
54XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxverifiedMedium
55XX.XX.XX.XXXxxxxxx.xxxxxxxxx.xxxXxxxverifiedHigh
56XX.XX.XX.XXXxxxxxx.xxxxxxxxx.xxxXxxxverifiedHigh
57XX.XXX.XXX.XXXXxxxverifiedHigh
58XX.XXX.XXX.XXXXxxxverifiedHigh
59XX.XXX.XXX.XXXXxxxverifiedHigh
60XX.XXX.XXX.XXXXxxxverifiedHigh
61XX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
62XX.XXX.XXX.XXxx-xxx-xxx-xx.xxxxxxx.xxxXxxxverifiedHigh
63XX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
64XX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
65XX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
66XX.XXX.XXX.XXxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
67XX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
68XX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
69XX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
70XX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
71XX.XXX.XXX.XXxxxx-xxxxxxx-xxxxx.xxxXxxxverifiedHigh
72XX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
73XX.XXX.XXX.XXXxxxx.xxxx-xxx.xxxXxxxverifiedHigh
74XX.XXX.XXX.XXXxxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
75XX.XXX.XXX.XXXxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
76XX.XXX.XXX.XXXxxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
77XX.XXX.XXX.XXXxxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
78XX.XXX.XXX.XXXxxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
79XX.XXX.XXX.XXXxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
80XX.XXX.XXX.XXXxxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
81XX.XXX.XXX.XXXxxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
82XX.XXX.XXX.XXXxxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
83XX.XXX.XXX.XXXxxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
84XX.XXX.XXX.XXXxxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
85XX.XXX.XXX.XXXxxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
86XX.X.XXX.XXXXxxxverifiedHigh
87XX.X.XXX.XXXXxxxverifiedHigh
88XX.X.XXX.XXXXxxxverifiedHigh
89XX.X.XXX.XXXXxxxverifiedHigh
90XX.X.XXX.XXXxxxxx.xxxxxx-xxxxxxxxxxxxx.xxXxxxverifiedHigh
91XXX.XXX.XX.XXXxxxverifiedHigh
92XXX.XXX.XX.XXXxxx-xx-xxx-xxx.xxxxxxx-xxxXxxxverifiedHigh
93XXX.XXX.XX.XXXxxx-xx-xxx-xxx.xxxxxxx-xxxXxxxverifiedHigh
94XXX.XXX.XX.XXXxxx-xx-xxx-xxx.xxxxxxx-xxxXxxxverifiedHigh
95XXX.XXX.XX.XXXxxx-xx-xxx-xxx.xxxxxxx-xxxXxxxverifiedHigh
96XXX.XXX.XX.XXXxxx-xx-xxx-xxx.xxxxxxx-xxxXxxxverifiedHigh
97XXX.XX.XX.XXxxxxxx.xxxxxxxxxx.xxxXxxxverifiedHigh
98XXX.XX.XX.XXXXxxxverifiedHigh
99XXX.XX.XX.XXXXxxxverifiedHigh
100XXX.XX.XX.XXXXxxxverifiedHigh
101XXX.XX.XX.XXXXxxxverifiedHigh
102XXX.XX.XX.XXXXxxxverifiedHigh
103XXX.XXX.XXX.XXXxxxverifiedHigh
104XXX.XX.XXX.XXXXxxxverifiedHigh
105XXX.XXX.XXX.XXXXxxxverifiedHigh
106XXX.XXX.XX.XXXxxxverifiedHigh
107XXX.XXX.XX.XXXxxxverifiedHigh
108XXX.XXX.XX.XXXxxxverifiedHigh
109XXX.XXX.XXX.XXXxxxxxxxx.xxxxxxxxxxxx.xxxXxxxverifiedHigh
110XXX.XXX.XXX.XXxxxx.xxXxxxverifiedHigh
111XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxverifiedHigh
112XXX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
113XXX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
114XXX.XXX.XXX.XXXxxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
115XXX.XXX.XXX.XXXxxxxx.xxxxxxxx.xxXxxxverifiedHigh
116XXX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh
117XXX.XXX.XXX.XXXxxxxx-xxxxx.xxxxxxx.xxxxXxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (25)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22, CWE-23, CWE-24Pathname TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74InjectionpredictiveHigh
4T1059CWE-94Cross Site ScriptingpredictiveHigh
5T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
13TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
15TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
16TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXXCWE-XXXXxxxxxxx Xxxxxxxxx Xx X Xxxxxxxxxxx'x Xxxxx Xx XxxxxpredictiveHigh
18TXXXX.XXXCWE-XXXXxxxxxxxxx XxxxxxxxxpredictiveHigh
19TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictiveHigh
20TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
21TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
22TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
23TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
24TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
25TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (387)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File//proc/kcorepredictiveMedium
3File/admin.php/Admin/adminadd.htmlpredictiveHigh
4File/Admin/add-student.phppredictiveHigh
5File/admin/settings/save.phppredictiveHigh
6File/ajax/networking/get_netcfg.phppredictiveHigh
7File/app/options.pypredictiveHigh
8File/bin/httpdpredictiveMedium
9File/cgi-bin/wapopenpredictiveHigh
10File/ci_spms/admin/categorypredictiveHigh
11File/ci_spms/admin/search/searching/predictiveHigh
12File/classes/Master.php?f=delete_appointmentpredictiveHigh
13File/classes/Master.php?f=delete_trainpredictiveHigh
14File/cms/print.phppredictiveHigh
15File/concat?/%2557EB-INF/web.xmlpredictiveHigh
16File/Content/Template/root/reverse-shell.aspxpredictiveHigh
17File/ctcprotocol/ProtocolpredictiveHigh
18File/dashboard/menu-list.phppredictiveHigh
19File/data/removepredictiveMedium
20File/debug/pprofpredictiveMedium
21File/ffos/classes/Master.php?f=save_categorypredictiveHigh
22File/forum/away.phppredictiveHigh
23File/goform/addUserNamepredictiveHigh
24File/goform/delAdpredictiveHigh
25File/goform/wifiSSIDsetpredictiveHigh
26File/goforms/rlminfopredictiveHigh
27File/gpac/src/bifs/unquantize.cpredictiveHigh
28File/index.asppredictiveMedium
29File/index.phppredictiveMedium
30File/Items/*/RemoteImages/DownloadpredictiveHigh
31File/jfinal_cms/system/role/listpredictiveHigh
32File/members/view_member.phppredictiveHigh
33File/menu.htmlpredictiveMedium
34File/navigate/navigate_download.phppredictiveHigh
35File/ocwbs/admin/?page=user/manage_userpredictiveHigh
36File/ofrs/admin/?page=user/manage_userpredictiveHigh
37File/out.phppredictiveMedium
38File/owa/auth/logon.aspxpredictiveHigh
39File/password.htmlpredictiveHigh
40File/php-sms/admin/quotes/manage_remark.phppredictiveHigh
41File/php_action/fetchSelectedUser.phppredictiveHigh
42File/property-list/property_view.phppredictiveHigh
43File/ptms/classes/Users.phppredictiveHigh
44File/resources//../predictiveHigh
45File/rest/api/2/searchpredictiveHigh
46File/s/predictiveLow
47File/xxxxxxx/xxxx_xxxxxxpredictiveHigh
48File/xxxxxx/xxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
49File/xxxxxx/xxxxxxxxxxxxxx!xxxxxxx.xxxxpredictiveHigh
50File/xxxx.xxxpredictiveMedium
51File/xxxxxxx/xxxxxxxxx/%xxxxx%/xxxxxpredictiveHigh
52File/xxxpredictiveLow
53File/xxxxxxx/predictiveMedium
54File/xxxxxxxx_xxxxx/?x=xxxx_xxxxxxxpredictiveHigh
55File/xxxxxx/xxxx.xxxpredictiveHigh
56File/xxxxxxxxx/xxxxpredictiveHigh
57File/xxxx/?xxxx=xx_xxxxxxxxpredictiveHigh
58File/xx-xxxxpredictiveMedium
59File/xx-xxxx/xxxxxx/x.x/xxxxx?xxxpredictiveHigh
60Filex.xxx.xxx\xxxx\xxxxxxxx.xxxpredictiveHigh
61Filexxxxxxx.xxxpredictiveMedium
62Filexxx.xxxpredictiveLow
63Filexxxxxxxx.xxxpredictiveMedium
64Filexxxxxxxx.xxxpredictiveMedium
65Filexxx_xxxxxxx.xxxpredictiveHigh
66Filexxxxx/?xxxx=xxxxxxxpredictiveHigh
67Filexxxxx/xxxxx.xxxxxxxxx.xxxpredictiveHigh
68Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
69Filexxxxx/xx_xxxxxxxx.xxxpredictiveHigh
70Filexxxxx/xxxx-xxxxx.xxxpredictiveHigh
71Filexxxxx/xxxxxxxx.xxxxpredictiveHigh
72Filexxxx/xxxxxxx-xxxxxxx-xxxxxx.xxxpredictiveHigh
73Filexxxx_xxxxxxx.xxxpredictiveHigh
74Filexxx_xxx.xxxpredictiveMedium
75Filexxx/xxx/xxxxxpredictiveHigh
76Filexxx/xxxxxxxxxxx/xxxx/xxxxxxxx_xxxxxxxxxx.xxpredictiveHigh
77Filexxxxxxxxxxxx/xxxxxxxxx/xxx/xxxxx.xxxpredictiveHigh
78Filexxxxxx/xxxxxxxxx.xxpredictiveHigh
79Filexxxxxxxx.xxxpredictiveMedium
80Filexxxx.xxx_xxxxx_xxxx_xxxx-xxxx.xxxpredictiveHigh
81Filexxxx/xxxxxpredictiveMedium
82Filexxxx/xx_xxx.xxxpredictiveHigh
83Filexxxx/xxxx_xxx.xxxpredictiveHigh
84Filexxxxxxx.xxpredictiveMedium
85Filex/xxxxxx/xxxxx.xxxpredictiveHigh
86Filexxxxxxx-xxx.xpredictiveHigh
87Filexxxxxx/xxxxxx.xxxpredictiveHigh
88Filexxx/xxx.xxxpredictiveMedium
89Filexxxxxx.xxxxpredictiveMedium
90Filexxxxxxxx.xxxpredictiveMedium
91Filex:\xxxxxxxxpredictiveMedium
92Filexx_xxxxxxxxx.xxpredictiveHigh
93Filexx_xxxxx.xpredictiveMedium
94Filexxxxxxxxx.xxxpredictiveHigh
95Filexxx.xxxxpredictiveMedium
96Filexx.xxxxxx.xxxx.xxxx.xxxxxxx.xxxxpredictiveHigh
97Filexxxxxx/xxx.xpredictiveMedium
98Filexxxxxxxxxxxx.xxxpredictiveHigh
99Filexxxx_xxxx.xxxpredictiveHigh
100Filexxxxxxx.xxxxxxxx.xxxpredictiveHigh
101Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxxpredictiveHigh
102Filexxxx/xxxxxxx/xxxxxxxxxx_xxx_xxxx_xx.xxpredictiveHigh
103Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
104Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
105Filexx.xxxpredictiveLow
106Filexxxxxxxxxxxx.xxxpredictiveHigh
107Filexxxx_xxxx.xxxpredictiveHigh
108Filexxxxxxxx-xxx.xxxpredictiveHigh
109Filexxxxxxx.xxxpredictiveMedium
110Filex-xxxxx_xxxx.xxpredictiveHigh
111Filexxxxxxxx.xxxpredictiveMedium
112Filexxxxx.xxxpredictiveMedium
113Filexxxxxxx.xxxpredictiveMedium
114Filexxxx-xxxxx.xpredictiveMedium
115Filexxxx.xpredictiveLow
116Filexxxx.xxxpredictiveMedium
117Filexxx/xxxx/xxxx.xpredictiveHigh
118Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
119Filexxxxx/xxxxxx.xxxpredictiveHigh
120Filexxxxxxxxx.xxx.xxxpredictiveHigh
121Filexxxxxxxx.xxxpredictiveMedium
122Filexxxxxxxxxx.xxxpredictiveHigh
123Filexx.xxxpredictiveLow
124Filexx.xxxpredictiveLow
125Filexxxxx.xxxpredictiveMedium
126Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
127Filexxxx.xxxpredictiveMedium
128Filexxxxxxxx/xxxx_xxxxpredictiveHigh
129Filexxxxxxxxx.xxxpredictiveHigh
130Filexxxxxxxxx.xxpredictiveMedium
131Filexxxxxxxxxxxx.xxxpredictiveHigh
132Filexxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
133Filexxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
134Filexxxx.xpredictiveLow
135Filexxx/xxx.xpredictiveMedium
136Filexxxxxxx.xpredictiveMedium
137Filexxx/xxxxxx.xxxpredictiveHigh
138Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
139Filexxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
140Filexxxxxxxx/xxxxx.xxx.xxxpredictiveHigh
141Filexxxxx.xxxxpredictiveMedium
142Filexxxxx.xxpredictiveMedium
143Filexxxxx.xxxpredictiveMedium
144Filexxxxx_xxxxxx_xxxxxxxxxx.xxxpredictiveHigh
145Filexxxxxxx.xpredictiveMedium
146Filexxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxxpredictiveHigh
147Filexxx.xpredictiveLow
148Filexxxx.xxxpredictiveMedium
149Filexxx_xxxxxx_xxxxxx.xxpredictiveHigh
150Filexx/xxxxxx.xxxxxxxxxxx.xxpredictiveHigh
151Filexxxxxx/xxxxxx/xxxxxx-xx.xpredictiveHigh
152Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
153Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveHigh
154Filexxxx/xxxxxxxx/xxxxxx_xxxxxxxx.xpredictiveHigh
155Filexxxxx.xxxpredictiveMedium
156Filexxxx.xpredictiveLow
157Filexxxxxx.xxxpredictiveMedium
158Filexxxxxxx-xx/xxxxxx/xxx.xxpredictiveHigh
159Filexxxxxxx.xxxpredictiveMedium
160Filexxxxxxx/xxxx/xxxx_xxxx.xxpredictiveHigh
161Filexxx_xxxxx.xpredictiveMedium
162Filexxxxxx/xxxxxx.xxxpredictiveHigh
163Filexxxxxxxx.xxpredictiveMedium
164Filexxxxxxxxxxxxxxx_xxxxxxxx.xxxpredictiveHigh
165Filexxx_xx/xxx_xx_xxxxxx.xpredictiveHigh
166Filexxx/xxxxxxxxx/xxx_xxxxx.xpredictiveHigh
167Filexxx/xxxxxpredictiveMedium
168Filexxx/xxxx/xxxx_xxxx.xpredictiveHigh
169Filexxxx_xxxx.xxxpredictiveHigh
170Filexxx_xxxxxx.xxpredictiveHigh
171Filexxxxxxxxx.xxx.xxxpredictiveHigh
172Filexxxxxxxx.xxxpredictiveMedium
173Filexxxxxx/xxxxx_xxxxxxxx/xxxxxxx.xxxxpredictiveHigh
174Filexxxxxxxxxxxx/xxx.xxx/xxxxx/xxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxx.xxpredictiveHigh
175Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
176Filexxxxxxxx.xxxpredictiveMedium
177Filex_xx_xxx.xxxpredictiveMedium
178Filexxxxxxxxxxxxxx.xxxpredictiveHigh
179Filexxxxx-xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
180Filexxxx.xxxpredictiveMedium
181Filexxxxx.xxxpredictiveMedium
182Filexxxxxxxxxx.xxxpredictiveHigh
183Filexxxxxxxx.xxxpredictiveMedium
184Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
185Filexxxxxx_xxx_xxxxxx.xxxpredictiveHigh
186Filexxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
187Filexxxxxxxxxxxxxx.xxxpredictiveHigh
188Filexxxxxxx.xxxpredictiveMedium
189Filexxx/xxxxxxx/xxx_xxxx.xpredictiveHigh
190Filexxx/xxxx-xxxxxxxx.xpredictiveHigh
191Filexx_xxxx/xxxx_xxxx.xpredictiveHigh
192Filexx_xxxx/xxxxxxxxxxxxxxxx.xpredictiveHigh
193Filexxx_xxxxx.xpredictiveMedium
194Filexxxxxxx.xxxpredictiveMedium
195Filexxxxxx.xxxpredictiveMedium
196Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
197Filexxxxxx-xxxx/xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx.xxxxpredictiveHigh
198Filexxxxxx/predictiveLow
199Filexxxx-xxxxxxxx.xxxpredictiveHigh
200Filexxxxx/xxxx_xxxxx.xpredictiveHigh
201Filexxx.xpredictiveLow
202Filexxxxxxxxx.xxxpredictiveHigh
203Filexxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
204Filexxxxxxx_xxxxx.xxxpredictiveHigh
205Filexxxx.xxxxpredictiveMedium
206Filexxxxx.xxxpredictiveMedium
207Filexxxx/xxxxxx.xxxxpredictiveHigh
208Filexxxxx.xpredictiveLow
209Filexxxxxxxxx.xpredictiveMedium
210Filexxxxxx.xxxpredictiveMedium
211Filexxxx-xxxxx-xxxxxxx.xxxpredictiveHigh
212Filexxxxxxx.xxxpredictiveMedium
213Filexxx-xxxxx.xxxpredictiveHigh
214Filexxx/xxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
215Filexxxxxxx-xxxx.xxxpredictiveHigh
216Filexxxxx-xxxx/xxx/xxxx/xxxx/xxx/xxxxx/xxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxx.xxxxpredictiveHigh
217Filexxxxxx.xxx/xxxxxx.xxxpredictiveHigh
218Filexxxxxxxxxx.xxxpredictiveHigh
219Filexxxxxx.xxxxpredictiveMedium
220File\xxxxx\xxxxxxxxxx\xxxxxxxx.xxxpredictiveHigh
221File~/xxxxxxxx-xxxxxxxx.xxxpredictiveHigh
222File~/xxxxxxxx/xxxxx/xxxxx-xx-xxxxxx-xxxxx-xxxx-xxxx.xxxpredictiveHigh
223File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxx.xxxpredictiveHigh
224File~/xxxxxx-xxxxx-xxxxxxx.xxxpredictiveHigh
225Library/xxx/xxx.xpredictiveMedium
226Libraryxxxxx.xx/xxxxx.xxxpredictiveHigh
227Libraryxxxxx_xxxxxxxx.xxxpredictiveHigh
228Libraryxxxxxx.xxxpredictiveMedium
229Libraryxxxxx.xxxpredictiveMedium
230Libraryxxxx.xxxpredictiveMedium
231Libraryxxxxxxxxxx.xxxpredictiveHigh
232Libraryxxxxxxx/xxxxxxxx.xxxpredictiveHigh
233Libraryxxx/xxx/xxx/xxxxxx/xxxxx/xxxxxxxxx.xxxxx.xxxpredictiveHigh
234Argument?xxxxxxpredictiveLow
235ArgumentxxxxxxxpredictiveLow
236ArgumentxxxxxxxxpredictiveMedium
237Argumentxxxxx_xxxxxxxxpredictiveHigh
238Argumentxxxxxxxx_xxx_xxx/xxxxxxxx_xxxxxxxx_xxxpredictiveHigh
239ArgumentxxxxxxxxpredictiveMedium
240ArgumentxxxxxpredictiveLow
241ArgumentxxxpredictiveLow
242Argumentxxxx(xxxx_xxxx)predictiveHigh
243ArgumentxxxxxpredictiveLow
244Argumentxxxxxx_xxxxpredictiveMedium
245ArgumentxxxxxxxxpredictiveMedium
246ArgumentxxxxxxpredictiveLow
247ArgumentxxxxxxxpredictiveLow
248Argumentxxxxxxx-xxxxxxpredictiveHigh
249Argumentxxxxxxx-xxxxxxxx-xxxxxxpredictiveHigh
250ArgumentxxxxxxxpredictiveLow
251Argumentxxxxxxx_xxxx_xxxxpredictiveHigh
252Argumentxxxxxx_xxpredictiveMedium
253ArgumentxxxxpredictiveLow
254Argumentxxxx_xxxxpredictiveMedium
255ArgumentxxxpredictiveLow
256ArgumentxxpredictiveLow
257ArgumentxxxxpredictiveLow
258ArgumentxxxxxxxpredictiveLow
259Argumentxxxx_xxxxxx=xxxxpredictiveHigh
260Argumentxxx_xxxxpredictiveMedium
261ArgumentxxxxxxxpredictiveLow
262ArgumentxxxxxpredictiveLow
263ArgumentxxxxxxxxxxxpredictiveMedium
264ArgumentxxxxxxpredictiveLow
265ArgumentxxxxpredictiveLow
266ArgumentxxxxxxxxxxpredictiveMedium
267ArgumentxxxxxxxxpredictiveMedium
268ArgumentxxxxxxxxxxxxxxxpredictiveHigh
269Argumentxxxx_xxxxxxpredictiveMedium
270ArgumentxxxxxpredictiveLow
271Argumentxxxxxxxxx/xxxxxxxxpredictiveHigh
272Argumentxxxxxxxxx/xxxxxxxxpredictiveHigh
273Argumentxx_xxpredictiveLow
274ArgumentxxxxpredictiveLow
275Argumentxxxx xxxx/xxxxx/xxxxxxxx/xxxxxxxxpredictiveHigh
276Argumentxxxxxxxx_xxxxxxxpredictiveHigh
277ArgumentxxxxxxxpredictiveLow
278Argumentx_xxxxxxxpredictiveMedium
279ArgumentxxxxpredictiveLow
280Argumentxxxx/xxxxxx/xxxpredictiveHigh
281ArgumentxxxxxxxxxxxxxxpredictiveHigh
282ArgumentxxpredictiveLow
283Argumentxx/xxxxxpredictiveMedium
284Argumentxx_xxxxpredictiveLow
285ArgumentxxxxxpredictiveLow
286ArgumentxxxxxxxxpredictiveMedium
287ArgumentxxxxpredictiveLow
288ArgumentxxxxxxpredictiveLow
289ArgumentxxxxpredictiveLow
290Argumentxxxx/xxx_xxxxxxxxxpredictiveHigh
291ArgumentxxxxpredictiveLow
292ArgumentxxxxxxxxxxpredictiveMedium
293ArgumentxxxxxxxpredictiveLow
294ArgumentxxxxxxxxpredictiveMedium
295ArgumentxxxpredictiveLow
296ArgumentxxxxxxxpredictiveLow
297ArgumentxxxpredictiveLow
298ArgumentxxxxpredictiveLow
299Argumentxxxx/xxxxxxxxxxxpredictiveHigh
300Argumentxxxx/xxxxxxxx_xxxxxpredictiveHigh
301ArgumentxxxxxxxxpredictiveMedium
302ArgumentxxxpredictiveLow
303Argumentxxxxxx xxxxxxpredictiveHigh
304ArgumentxxxxxxpredictiveLow
305ArgumentxxxxxxxxxxpredictiveMedium
306Argumentxxxx_xxpredictiveLow
307ArgumentxxxxpredictiveLow
308ArgumentxxxxxxpredictiveLow
309ArgumentxxxxxxpredictiveLow
310Argumentxxxxxxxx/xxxxxxpredictiveHigh
311ArgumentxxxxxxxxxxxxxxxpredictiveHigh
312ArgumentxxxxxxxxpredictiveMedium
313ArgumentxxxxxxxxpredictiveMedium
314ArgumentxxxxpredictiveLow
315Argumentxxxx_xxxxxxpredictiveMedium
316ArgumentxxxxxxxxxpredictiveMedium
317Argumentxxx_xxxpredictiveLow
318Argumentxxx_xxxxxx_xxxxpredictiveHigh
319ArgumentxxxxxpredictiveLow
320ArgumentxxxxxxpredictiveLow
321Argumentxxxxx-xxxxxxxxxxxxxpredictiveHigh
322Argumentxxxxx_xxxxxxpredictiveMedium
323Argumentxxxxxxxx[xx]predictiveMedium
324Argumentxxxxxx_xxxpredictiveMedium
325ArgumentxxxxxxxpredictiveLow
326Argumentxxxxxx_xxxxpredictiveMedium
327ArgumentxxxxxxxxxxpredictiveMedium
328ArgumentxxxxxxxxpredictiveMedium
329ArgumentxxxxxxpredictiveLow
330ArgumentxxxxxxxxxxxpredictiveMedium
331ArgumentxxxxxxxpredictiveLow
332Argumentxxxxxx/xxxxxx/xxxpredictiveHigh
333ArgumentxxxxxxpredictiveLow
334ArgumentxxxxxxxxxxpredictiveMedium
335Argumentxxxxxx xxxxpredictiveMedium
336Argumentxxxxxx_xxxxxxpredictiveHigh
337Argumentxxxxxx_xxxx_xxxxpredictiveHigh
338ArgumentxxxxxxxxxxpredictiveMedium
339Argumentxxxxxxxx[xxxx xxxxxxx][xxxxxxxxxxxxxxxxxx]predictiveHigh
340Argumentxxxx_xxxxxpredictiveMedium
341ArgumentxxxxxxxpredictiveLow
342ArgumentxxxxxxxxxxpredictiveMedium
343ArgumentxxxxxpredictiveLow
344ArgumentxxxxxxxpredictiveLow
345ArgumentxxxxxxxxpredictiveMedium
346ArgumentxxxxxxxxxpredictiveMedium
347ArgumentxxxpredictiveLow
348ArgumentxxxxxxxxpredictiveMedium
349ArgumentxxxpredictiveLow
350ArgumentxxxpredictiveLow
351Argumentxxxxxx/xxxxxxxx/xxxx/xxxpredictiveHigh
352ArgumentxxxxxxxxxpredictiveMedium
353Argumentxxxx_xxpredictiveLow
354ArgumentxxxpredictiveLow
355ArgumentxxxpredictiveLow
356ArgumentxxxpredictiveLow
357ArgumentxxxxxxpredictiveLow
358ArgumentxxxxxxxxpredictiveMedium
359Argumentxxxxxxxx/xxxxpredictiveHigh
360Argumentxxxxxxx_xxxxpredictiveMedium
361Argumentxxxxxxx xxxxxxpredictiveHigh
362ArgumentxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
363Argumentxx_xxxxxpredictiveMedium
364Argumentxxxxxx_xxxxxxpredictiveHigh
365ArgumentxxxxxxxxpredictiveMedium
366Argumentx-xxxxxxxxx-xxxpredictiveHigh
367Argumentx-xxxxxxxxx-xxxxxxpredictiveHigh
368Argumentx_xxxxxxxxpredictiveMedium
369Argument_xxxxxxpredictiveLow
370Argument__xxxxxxxxxxxxxpredictiveHigh
371Input Value"><xxxxxx>xxxxx("xxx")</xxxxxx>predictiveHigh
372Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
373Input Value'"><xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveHigh
374Input Value../predictiveLow
375Input Value../..predictiveLow
376Input Value/..predictiveLow
377Input Valuexxx' xxx xxxxx(x) xxx 'xxxx'='xxxxpredictiveHigh
378Input Value<!-- xxxx -->predictiveHigh
379Input Value<xxxxxxxx>\xpredictiveMedium
380Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
381Input Valuex=xpredictiveLow
382Pattern() {predictiveLow
383Pattern|xx xx xx|predictiveMedium
384Network PortxxxxxpredictiveLow
385Network Portxxx/xxxxpredictiveMedium
386Network Portxxx/xxxxpredictiveMedium
387Network Portxxx/xxx (xxx)predictiveHigh

References (7)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!