Sality Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (42)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en32
ru4
pl2
it2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA14
RU: Russia12
PT: Portugal8
DE: Germany2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Sality2
SmokeLoader1
StealthWorker1
Cobalt Strike1
RisePro1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined10
Document Reader Software6
Operating System6
Jenkins Plugin2
Mail Client Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Adobe6
Microsoft6
Not Defined4
Roundcube2
Pixel Motion2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Adobe Acrobat Reader6
Microsoft Windows4
TestLink Plugin2
Roundcube webmail2
Pixel Motion Blog2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1WordPress wp-trackback.php mb_convert_encoding cryptographic issues5.35.1$5k-$25k$0-$5kNot definedOfficial fix 0.094340.09CVE-2009-3622
2Dragon Path Bharti Airtel Routers Hardware BDT-121 Admin Page cross site scripting3.53.5$0-$5k$0-$5kNot definedNot defined 0.000610.08CVE-2022-28507
3woo-variation-swatches Plugin admin.php cross site scripting5.25.2$0-$5k$0-$5kNot definedNot defined 0.001900.04CVE-2019-14774
4Apple watchOS protection mechanism5.05.0$5k-$25k$0-$5kNot definedOfficial fix 0.001500.00CVE-2024-44296
5YaPiG view.php cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.016490.05CVE-2005-1886
6WordPress wp-register.php cross site scripting4.34.2$5k-$25k$0-$5kHighUnavailablepossible0.015750.00CVE-2007-5105
7MetInfo URL Redirector login.php redirect6.66.6$0-$5k$0-$5kNot definedNot defined 0.001990.00CVE-2017-11718
8phpRaid register.php privileges management5.35.3$0-$5k$0-$5kNot definedNot defined 0.000000.05
9vu Mass Mailer Login Page redir.asp sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptNot defined 0.004350.08CVE-2007-6138
10DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.07CVE-2010-0966
11Symantec Endpoint Protection Manager SAP XML Parser xml external entity reference7.36.6$5k-$25k$0-$5kHighOfficial fixexpected0.861960.00CVE-2013-5014
12Mozilla Firefox/Thunderbird/Firefox ESR NPAPI Plugin cross-site request forgery6.56.4$5k-$25k$0-$5kNot definedOfficial fix 0.005010.00CVE-2019-11712
13Linux Kernel oom_kill.c __oom_reap_task_mm use after free4.74.7$0-$5k$0-$5kNot definedOfficial fix 0.001090.00CVE-2017-18202
14Node.js HTTP Header resource consumption6.46.3$0-$5k$0-$5kNot definedOfficial fix 0.020440.00CVE-2018-12121
15TestLink Plugin summary.jelly cross site scripting4.44.4$0-$5k$0-$5kNot definedNot defined 0.000580.00CVE-2018-1000113
16Microsoft Windows Windows Media Player information disclosure2.52.4$5k-$25k$0-$5kNot definedOfficial fix 0.011230.00CVE-2017-11768
17W3C Jigsaw Host Header cross site scripting6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.010520.00CVE-2002-1053
18Microsoft Windows Subsystem for Linux access control6.45.8$25k-$100k$0-$5kProof-of-ConceptOfficial fix 0.078400.00CVE-2018-0743
19Microsoft Windows DirectX information disclosure5.14.9$25k-$100k$0-$5kNot definedOfficial fix 0.009780.00CVE-2019-0837
20WordPress wpdb->prepare sql injection8.58.4$5k-$25k$0-$5kNot definedOfficial fix 0.043810.00CVE-2017-16510

IOC - Indicator of Compromise (31)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.101.0.44Sality04/12/2022verifiedMedium
220.53.203.50Sality08/01/2022verifiedMedium
320.72.235.82Sality08/01/2022verifiedMedium
420.81.111.85Sality08/01/2022verifiedMedium
520.84.181.62Sality08/01/2022verifiedMedium
620.103.85.33Sality08/01/2022verifiedMedium
720.109.209.108Sality08/01/2022verifiedMedium
8XX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxx08/01/2022verifiedMedium
9XX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxx08/01/2022verifiedMedium
10XX.XXX.XXX.XXXxxxxx04/08/2022verifiedLow
11XX.XX.XXX.XXXxxxxxxxxxxx.xxxxxxx-xxxx.xxx.xxxXxxxxx04/12/2022verifiedMedium
12XX.XX.X.XXxxxxxxx.x.xxxxxxxxx.xxxXxxxxx04/12/2022verifiedMedium
13XX.XXX.XXX.XXXxxxxx04/08/2022verifiedLow
14XX.XX.XXX.XXXxxxxxxxxx.xxxxxxxxxxx.xxxXxxxxx04/08/2022verifiedVery Low
15XX.XXX.XXX.XXXXxxxxx04/12/2022verifiedMedium
16XX.XXX.XX.XXXxx-xxx-xx-xxx-xxxxxx.xxxxxxx.xxxXxxxxx10/29/2023verifiedHigh
17XX.XXX.XXX.XXxx-xxxxx.xx.xxxxxxxxxxxxx.xxXxxxxx04/12/2022verifiedLow
18XX.XX.XXX.XXXxx-xx-xxx-xxx.xxxxx.xxx.xxXxxxxx04/12/2022verifiedMedium
19XXX.XX.XX.XXxxxxxxxxxxx.x.xxxxxxxxx.xxxXxxxxx04/12/2022verifiedMedium
20XXX.XXX.XXX.XXXxx-xxx-xxx.xxxxx.xxxXxxxxx04/12/2022verifiedMedium
21XXX.XXX.XX.XXXxx-xxx-xxx-xx-xxx.xx.xxxxxxxxxxxx.xxxXxxxxx04/12/2022verifiedMedium
22XXX.X.XXX.XXXXxxxxx04/12/2022verifiedMedium
23XXX.XXX.XX.XXx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxx04/12/2022verifiedMedium
24XXX.XX.XXX.Xxx-xxxxx.xxx.xx.xxXxxxxx04/12/2022verifiedMedium
25XXX.XX.XX.XXXXxxxxx04/08/2022verifiedLow
26XXX.XX.XXX.XXXXxxxxx04/08/2022verifiedLow
27XXX.XX.XXX.XXXXxxxxx04/08/2022verifiedLow
28XXX.XXX.XX.XXXxxxx-x.xxxxxxxxxxxxXxxxxx04/08/2022verifiedLow
29XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxx.xxxx-xxxx.xxxXxxxxx04/08/2022verifiedLow
30XXX.XX.XX.XXxxxx.xxxxxxx.xxXxxxxx04/08/2022verifiedLow
31XXX.XX.XX.XXXxxx.xxxxxxx.xxXxxxxx04/12/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
2T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
5TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (37)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/getcfg.phppredictiveMedium
2File/settings/avatarpredictiveHigh
3Filebin/icingapredictiveMedium
4Fileinc/config.phppredictiveHigh
5Fileindex.phppredictiveMedium
6Filexxxxxx/xxxxx.xxxpredictiveHigh
7Filexxxxxx.xxpredictiveMedium
8Filexx/xxx_xxxx.xpredictiveHigh
9Filexxx.xxxpredictiveLow
10Filexxxxx.xxxpredictiveMedium
11Filexxxxxxxx.xxxpredictiveMedium
12Filexxxxxxxxxxxxxxxxxxx/xxxxxxx.xxxxxpredictiveHigh
13Filexxxxxxxxx.xxpredictiveMedium
14Filexxxx/xxxxxxxxxxxx.xpredictiveHigh
15Filexxxx.xxxpredictiveMedium
16Filexx-xxxxx/xxxxx.xxx?xxxx=xxx-xxxxxxxxx-xxxxxxxx-xxxxxxxxpredictiveHigh
17Filexx-xxxxxxxx.xxxpredictiveHigh
18Filexx-xxxxxxxxx.xxxpredictiveHigh
19ArgumentxxxxxxxxpredictiveMedium
20ArgumentxxxxxxxxxpredictiveMedium
21ArgumentxxxxxxxpredictiveLow
22ArgumentxxxxxxxxxxxpredictiveMedium
23ArgumentxxxxxpredictiveLow
24ArgumentxxpredictiveLow
25ArgumentxxxxxxpredictiveLow
26ArgumentxxxxxxxxpredictiveMedium
27ArgumentxxxxpredictiveLow
28Argumentxxxxxxx_xxxpredictiveMedium
29ArgumentxxxxxxxxpredictiveMedium
30ArgumentxxxpredictiveLow
31ArgumentxxxxxxxxxxxxxpredictiveHigh
32Argumentxxxx_xxxxxpredictiveMedium
33Argument_xxxxxxxpredictiveMedium
34Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
35Pattern|xx|xx|xx|predictiveMedium
36Network Portxxx/xxxx (xxxx) / xxx/xxxx (xxxxx)predictiveHigh
37Network Portxxx xxxxxx xxxxpredictiveHigh

References (6)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!