Sality Analysis

IOB - Indicator of Behavior (40)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en30
de8
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
Adobe Acrobat Reader4
DZCP deV!L`z Clanportal2
W3C Jigsaw2
vu Mass Mailer2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1WordPress wp-trackback.php mb_convert_encoding cryptographic issues5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.03779CVE-2009-3622
2Dragon Path Bharti Airtel Routers Hardware BDT-121 Admin Page cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.680.00885CVE-2022-28507
3YaPiG view.php cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.02945CVE-2005-1886
4WordPress wp-register.php cross site scripting4.34.2$5k-$25k$0-$5kHighUnavailable0.100.02945CVE-2007-5105
5MetInfo URL Redirector login.php redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.050.00885CVE-2017-11718
6phpRaid register.php privileges management5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.060.00000
7vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.160.01139CVE-2007-6138
8DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.090.04187CVE-2010-0966
9Symantec Endpoint Protection Manager SAP XML Parser xml external entity reference7.36.6$5k-$25k$0-$5kHighOfficial Fix0.000.01213CVE-2013-5014
10Mozilla Firefox/Thunderbird/Firefox ESR NPAPI Plugin cross-site request forgery6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.02686CVE-2019-11712
11Linux Kernel oom_kill.c __oom_reap_task_mm use after free4.74.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00950CVE-2017-18202
12Node.js HTTP Header resource consumption6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01108CVE-2018-12121
13TestLink Plugin summary.jelly cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2018-1000113
14Microsoft Windows Windows Media Player information disclosure2.52.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.11348CVE-2017-11768
15W3C Jigsaw Host Header cross site scripting6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.01213CVE-2002-1053
16Microsoft Windows Subsystem for Linux access control6.45.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.020.02342CVE-2018-0743
17Microsoft Windows DirectX information disclosure5.14.9$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.01376CVE-2019-0837
18WordPress wpdb->prepare sql injection8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.01183CVE-2017-16510
19Microsoft Lync/Skype for Business Security Feature 7pk security7.06.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.05708CVE-2018-8238
20Iptanus File Upload Plugin Shortcode cross site scripting6.05.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010.07308CVE-2018-9172

IOC - Indicator of Compromise (30)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059CWE-94Cross Site ScriptingpredictiveHigh
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
5TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (35)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/getcfg.phppredictiveMedium
2File/settings/avatarpredictiveHigh
3Filebin/icingapredictiveMedium
4Fileinc/config.phppredictiveHigh
5Fileindex.phppredictiveMedium
6Filexxxxxx/xxxxx.xxxpredictiveHigh
7Filexxxxxx.xxpredictiveMedium
8Filexx/xxx_xxxx.xpredictiveHigh
9Filexxx.xxxpredictiveLow
10Filexxxxx.xxxpredictiveMedium
11Filexxxxxxxx.xxxpredictiveMedium
12Filexxxxxxxxxxxxxxxxxxx/xxxxxxx.xxxxxpredictiveHigh
13Filexxxxxxxxx.xxpredictiveMedium
14Filexxxx/xxxxxxxxxxxx.xpredictiveHigh
15Filexxxx.xxxpredictiveMedium
16Filexx-xxxxxxxx.xxxpredictiveHigh
17Filexx-xxxxxxxxx.xxxpredictiveHigh
18ArgumentxxxxxxxxpredictiveMedium
19ArgumentxxxxxxxxxpredictiveMedium
20ArgumentxxxxxxxpredictiveLow
21ArgumentxxxxxxxxxxxpredictiveMedium
22ArgumentxxxxxpredictiveLow
23ArgumentxxpredictiveLow
24ArgumentxxxxxxpredictiveLow
25ArgumentxxxxxxxxpredictiveMedium
26ArgumentxxxxpredictiveLow
27Argumentxxxxxxx_xxxpredictiveMedium
28ArgumentxxxxxxxxpredictiveMedium
29ArgumentxxxxxxxxxxxxxpredictiveHigh
30Argumentxxxx_xxxxxpredictiveMedium
31Argument_xxxxxxxpredictiveMedium
32Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
33Pattern|xx|xx|xx|predictiveMedium
34Network Portxxx/xxxx (xxxx) / xxx/xxxx (xxxxx)predictiveHigh
35Network Portxxx xxxxxx xxxxpredictiveHigh

References (5)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!