Sandworm Team Analysis

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en596
zh338
ru24
de14
ja6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn432
es220
us144
la48
ru28

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel42
Google Android30
Microsoft Windows20
QEMU18
Google Chrome10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Apple iOS/iPadOS Kernel out-of-bounds write7.87.6$25k-$100k$5k-$25kHighOfficial Fix0.000.01363CVE-2022-32894
2Google Android ActivityRecord.java setOptions Local Privilege Escalation6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01036CVE-2022-20419
3Apple Safari WebKit out-of-bounds write7.57.4$25k-$100k$5k-$25kHighOfficial Fix0.000.02806CVE-2022-32893
4IBM CICS TX Standard/CICS TX Advanced injection5.05.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01136CVE-2022-34160
5Eclipse Jetty SslConnection resource control6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2022-2191
6DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.140.04187CVE-2010-0966
7Snipe-IT People Menu unrestricted upload5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.010.01338CVE-2022-32061
8Snipe-IT Update Branding Settings unrestricted upload5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.010.01773CVE-2022-32060
9WP Championship Plugin cross-site request forgery5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2022-1967
10Digital Guardian Agent access control4.74.6$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2022-35412
11PortSwigger Burp Suite Repeater/Intruder redirect3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2022-35406
12Known cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.010.00950CVE-2022-31290
13IBM CICS TX Standard/CICS TX Advanced Web UI cross site scripting4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00890CVE-2022-34166
14Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined1.210.00000
15Linux Kernel pxa3xx-gcu.c pxa3xx_gcu_write integer overflow6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.01034CVE-2022-39842
16Known SVG File isSVG cross site scripting5.85.8$0-$5k$0-$5kNot DefinedNot Defined0.020.00954CVE-2022-32115
17IBM CICS TX Standard/CICS TX Advanced HTTP Header injection5.45.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00890CVE-2022-34306
18IBM Security Verify Access Web UI cross site scripting4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2022-22370
19HPE FlexNetwork/FlexFabric cross site scripting4.14.1$0-$5k$5k-$25kNot DefinedNot Defined0.000.00885CVE-2022-28624
20Illumina Local Run Manager path traversal9.09.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2022-1518

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (38)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.9.32.230static.230.32.9.5.clients.your-server.deSandworm TeamBlackEnergyverifiedHigh
25.61.38.31Sandworm TeamBlackEnergyverifiedHigh
35.79.80.166Sandworm TeamBlackEnergyverifiedHigh
45.133.8.46d8046.artnet.gda.plSandworm TeamverifiedHigh
55.149.254.114mail1.auditoriavanzada.infoSandworm TeamBlackEnergyverifiedHigh
65.255.87.39Sandworm TeamBlackEnergyverifiedHigh
731.210.111.154.Sandworm TeamBlackEnergyverifiedHigh
837.220.34.56Sandworm TeamBlackEnergyverifiedHigh
9XX.X.XX.XXXxxxxxx.xxx.xx.x.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxx XxxxXxxxxxxxxxxverifiedHigh
10XX.XXX.XXX.XXxxxxxxx XxxxXxxxxxxxxxxverifiedHigh
11XX.XXX.XXX.XXxxxx.xxxxxx-xxxxx.xxxXxxxxxxx XxxxXxxxxxxxxxxverifiedHigh
12XX.XX.XXX.XXXxxx-xx-xx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxx XxxxverifiedMedium
13XX.XX.XX.XXXxxxxxx.xxx.xx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxx XxxxXxxxxxxxxxxverifiedHigh
14XX.XXX.XXX.XXXxxxxxxxxxxx.xxxXxxxxxxx XxxxverifiedHigh
15XX.XXX.XXX.XXXxxxxxxx XxxxverifiedHigh
16XX.XXX.XXX.XXxxxxxxxxx.xxXxxxxxxx XxxxverifiedHigh
17XX.XX.XXX.XXXx-xx.xx.xxx.xxx.xxxxxx.xxXxxxxxxx XxxxXxxxxxxxxxxverifiedHigh
18XX.XX.XX.XXXXxxxxxxx XxxxXxxxxxxxxxxverifiedHigh
19XX.XXX.XX.XXxxxxx.xxxxxxxxxxxx.xxXxxxxxxx XxxxXxxxxxxxxxxverifiedHigh
20XX.XXX.XXX.XXXXxxxxxxx XxxxXxxxxxxverifiedHigh
21XX.XXX.XXX.XXXxxx.xxxx-xxxxx.xxXxxxxxxx XxxxXxxxxxxxxxxverifiedHigh
22XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxxxxx XxxxverifiedHigh
23XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xxxx.xxxxxxxxxx.xxxXxxxxxxx XxxxXxxxxxxxxxxverifiedHigh
24XX.XXX.XX.Xxxxxxx-x.xx.xxx.xx.xxxxxx.xxxXxxxxxxx XxxxverifiedHigh
25XX.XXX.XXX.XXXxxxxxx-xxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxxxxxx XxxxXxxxxxxxxxxverifiedHigh
26XX.XXX.XXX.XXXxxxxxxx XxxxXxxxxxxxxxxverifiedHigh
27XX.XXX.XX.XXXxxxxx.xxxxxxx.xxXxxxxxxx XxxxverifiedHigh
28XXX.XX.XXX.XXxxxxxxx XxxxverifiedHigh
29XXX.XXX.XXX.XXxxxxxxx.xxxxx.xxXxxxxxxx XxxxXxxxxxxxxxxverifiedHigh
30XXX.XXX.XXX.XXXXxxxxxxx XxxxverifiedHigh
31XXX.X.XX.XXxxxxxxx XxxxXxxxxxxxxxxverifiedHigh
32XXX.XX.XXX.XXXxxxxxxxx.xx-xxx-xx-xxx.xxXxxxxxxx XxxxverifiedHigh
33XXX.XX.X.XXxxxxxx.xx.x.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxx XxxxXxxxxxxxxxxverifiedHigh
34XXX.XXX.XXX.XXxxxxx.xxx.xxXxxxxxxx XxxxXxxxxxxxxxxverifiedHigh
35XXX.XXX.XXX.XXxxxxxx.xxxxxxxxxxxxxxx.xx.xxXxxxxxxx XxxxXxxxxxxxxxxverifiedHigh
36XXX.XX.XXX.XXxxxxx.xx.xxxxxxxxxxx.xxXxxxxxxx XxxxXxxxxxxxxxxverifiedHigh
37XXX.XXX.XX.XXXxxxxxxx XxxxXxxxxxxverifiedHigh
38XXX.XXX.XXX.XXXxxxxxxx XxxxXxxxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (24)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22, CWE-23, CWE-28Pathname TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74InjectionpredictiveHigh
4T1059CWE-88, CWE-94Cross Site ScriptingpredictiveHigh
5T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
14TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
17TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
19TXXXX.XXXCWE-XXXXxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx XxxxxxxxpredictiveHigh
20TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
21TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
22TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
23TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh
24TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (272)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/about.phppredictiveMedium
2File/admin/submit-articlespredictiveHigh
3File/ad_js.phppredictiveMedium
4File/api/v2/cli/commandspredictiveHigh
5File/app/options.pypredictiveHigh
6File/attachmentspredictiveMedium
7File/bsms/?page=manage_accountpredictiveHigh
8File/cgi-bin/login.cgipredictiveHigh
9File/cgi-bin/luci/api/wirelesspredictiveHigh
10File/ci_hms/massage_room/edit/1predictiveHigh
11File/context/%2e/WEB-INF/web.xmlpredictiveHigh
12File/dashboard/reports/logs/viewpredictiveHigh
13File/dcim/sites/add/predictiveHigh
14File/debian/patches/load_ppp_generic_if_neededpredictiveHigh
15File/debug/pprofpredictiveMedium
16File/etc/hostspredictiveMedium
17File/forum/away.phppredictiveHigh
18File/goform/delAdpredictiveHigh
19File/goform/setmacpredictiveHigh
20File/goform/wizard_endpredictiveHigh
21File/hprms/admin/doctors/manage_doctor.phppredictiveHigh
22File/index/jobfairol/show/predictiveHigh
23File/librarian/bookdetails.phppredictiveHigh
24File/manage-apartment.phppredictiveHigh
25File/modules/caddyhttp/rewrite/rewrite.gopredictiveHigh
26File/out.phppredictiveMedium
27File/pages/apply_vacancy.phppredictiveHigh
28File/pet_shop/admin/?page=maintenance/manage_categorypredictiveHigh
29File/print.phppredictiveMedium
30File/proc/<PID>/mempredictiveHigh
31File/proxypredictiveLow
32File/xxxxxx/xxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
33File/xxxx.xxxpredictiveMedium
34File/xxxpredictiveLow
35File/xxxxxxx/predictiveMedium
36File/xxxxxxpredictiveLow
37File/xxx/xxx/xxxxxxpredictiveHigh
38File/xxxxxx/xxxxx/xxx_xxxxxxx.xxxpredictiveHigh
39File/xxxx/xxx/xxx.xxxxpredictiveHigh
40File/xxxxxxxxxxxx/xxxxxxxxxxx/predictiveHigh
41File/xx/xxxxx.xxxpredictiveHigh
42Filexxxxxxxxxxxxxx.xxxxpredictiveHigh
43Filexxxxxxx.xxxpredictiveMedium
44Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
45Filexxxxx.xxxpredictiveMedium
46Filexxxxx.xxxxpredictiveMedium
47Filexxxxx/xxxx_xxxxxxxx.xxxpredictiveHigh
48Filexxxxx/xxxxxxxxxxxx_xxxx.xxxpredictiveHigh
49Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
50Filexxx/xxpredictiveLow
51Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
52Filexxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
53Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
54Filexxx.xxxpredictiveLow
55Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
56Filexxxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
57Filexxxxxxxxxx.xxxxpredictiveHigh
58Filexxxxxx.xxxpredictiveMedium
59Filexxxxxxx.xxxpredictiveMedium
60Filexx_xxx.xxpredictiveMedium
61Filexxxxx.xxxpredictiveMedium
62Filexxxxxxx_xxxxx.xxxpredictiveHigh
63Filexxxxxxxx/xxxxxxxx/xxxxxxxxxx_xxxxx.xxxpredictiveHigh
64Filexxxx_xxxx.xxxpredictiveHigh
65Filexxxx/xxxxxxxx.xpredictiveHigh
66Filexxxxx.xpredictiveLow
67Filexxxxxxxx.xpredictiveMedium
68Filexxxxxxxxxxxx.xxxpredictiveHigh
69Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
70Filexxx_xxxx.xxxpredictiveMedium
71Filexxx_xxxpredictiveLow
72Filexxxxxxx/xxxxxx/xxx/xxx-xxx.xpredictiveHigh
73Filexxxxxxx/xxxxx/xxxxxxxx/xxxxxpredictiveHigh
74Filexxxxxxx/xxxxx/xxxxxxxx/xxxxx/xxxxx-xxx.xpredictiveHigh
75Filexxxxxxx/xxx/xxxxxxxx/xxxxxxxx/xxxxx/xxxxx_xxx.xpredictiveHigh
76Filexxxxxxx/xxx/xxxxxxxx/xxxxx.xpredictiveHigh
77Filexxxxxxx/xxx/xxxxxxxxx/xxx.xpredictiveHigh
78Filexxxxxxx/xxx/xxx/xxx.xpredictiveHigh
79Filexxxxxxx/xxxxx/xxxxxx_xxxxx_xxx.xpredictiveHigh
80Filexxxxxxx/xxx/xxxx/xxxxx.xpredictiveHigh
81Filexxxxxxx/xxx/xxxxxx/xxx/xxx-xxxxxx.xpredictiveHigh
82Filexxxxxxx/xxxxx/xxxxx/xxxxxx-xxx.xpredictiveHigh
83Filexxxxxxxx.xxxpredictiveMedium
84Filexxxxx.xxxpredictiveMedium
85Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
86Filexxxx.xxxpredictiveMedium
87Filexxx/xxxx/xxxx_xxxxxx.xpredictiveHigh
88Filexx/xxxxx/xxxxxx-xxxx.xpredictiveHigh
89Filexx/xx_xxxxx.xpredictiveHigh
90Filexx/xxxxxx/xxxxx.xpredictiveHigh
91Filexxxxxxx/xxxxx.xxxpredictiveHigh
92Filexxxx.xxxpredictiveMedium
93Filexxxxxxx.xxxxxx.xxxpredictiveHigh
94Filexxxxxxx/xxxxxx.xxxpredictiveHigh
95Filexxx-xxxxx.xpredictiveMedium
96Filexxxxxxxxxxxx.xxpredictiveHigh
97Filexxxxx.xpredictiveLow
98Filexx/xxxx/xx.xpredictiveMedium
99Filexx/xxx/xxxx.xpredictiveHigh
100Filexxxx.xpredictiveLow
101Filexxx/xxxxxx.xxxpredictiveHigh
102Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
103Filexxxxxxx/xxx-xxxxxxx/xxx.xpredictiveHigh
104Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveHigh
105Filexxxxx.xxxxpredictiveMedium
106Filexxxxx.xxxpredictiveMedium
107Filexxxxxxx.xpredictiveMedium
108Filexxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxxpredictiveHigh
109Filexx.xxxpredictiveLow
110Filexx_xxxxx.xpredictiveMedium
111Filexxxxx/xxxxxxxxxxxx/xxxxxpredictiveHigh
112Filexxxx.xpredictiveLow
113Filexxxxxxxx.xxxpredictiveMedium
114Filexxx/xxxxxx-xxxxxx.xpredictiveHigh
115Filexxxxxx/xxxxx/xxxx.xpredictiveHigh
116Filexxxxxxxxxxx/xxxxxxxxxxx.xpredictiveHigh
117Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
118Filexxxxxxx/xxx_xxxxxxxx.xpredictiveHigh
119Filexxxxxxx.xxxpredictiveMedium
120Filexxxxx-xxxxxx-xxxxxx.xxxxpredictiveHigh
121Filexxxxx.xxxpredictiveMedium
122Filexxxxx.xxxpredictiveMedium
123Filexx/xxxx.xpredictiveMedium
124Filexxx_xxxxx.xpredictiveMedium
125Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveHigh
126Filexxx/xxxx/xxxx.xpredictiveHigh
127Filexxx/xxxx/xxxxxx_xxx_xxxx.xpredictiveHigh
128Filexxx/xxx.xpredictiveMedium
129Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveHigh
130Filexxx/xxxxxpredictiveMedium
131Filexxx/xxx_xxxxx/xx_xxxxx.xpredictiveHigh
132Filexxxxxxxxxxxxxx.xxxxpredictiveHigh
133Filexxx_xxxxxxxx.xpredictiveHigh
134Filexxxxxxxx.xxxpredictiveMedium
135Filexxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
136Filexxx.xpredictiveLow
137Filexxxxxx.xxxxpredictiveMedium
138Filexxxxxx.xxpredictiveMedium
139Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHigh
140Filexxxxxxx/xxx/xxxxxxx/xxxxxx/xxxx-xxxxxxxxxx/<xxxxxx>/xx.xxxpredictiveHigh
141Filexxxxxxxx.xpredictiveMedium
142Filexxxx.xxxpredictiveMedium
143Filexxxxxx.xxxpredictiveMedium
144Filexxxxxxxx.xxpredictiveMedium
145Filexxx.xxxxx.xxxpredictiveHigh
146Filexxxx-xxxxxx-xxxxxx.xpredictiveHigh
147Filexxx/xxxxxxxx-xxxxx.xpredictiveHigh
148Filexxxxxxx.xpredictiveMedium
149Filexxxxxxxx.xxxpredictiveMedium
150Filexxxxxxxxxx.xxxpredictiveHigh
151Filexxxxxxxx.xxxpredictiveMedium
152Filexxxxxx.xxpredictiveMedium
153Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
154Filexxxxxx/xxxxxxx.xpredictiveHigh
155Filexxxxx.xxxpredictiveMedium
156Filexxxx.xpredictiveLow
157Filexxxxx/xxxxxx.xpredictiveHigh
158Filexxxxx.xxxxpredictiveMedium
159Filexxxxxxx:xxxxxxxxxxxxxpredictiveHigh
160Filexxxx_xxxxx.xxxxpredictiveHigh
161Filexxx/xxxxxx.xpredictiveMedium
162Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
163Filexxxxxx_xxx.xxpredictiveHigh
164Filexxxx.xxxxpredictiveMedium
165Filexxxxxx/predictiveLow
166Filexxxx-xxxxx.xxxpredictiveHigh
167Filexxxxxxxxxxxxx.xxxpredictiveHigh
168FilexxxxxxpredictiveLow
169Filexxxxxx/xxxxxx/xxxxxxxxxx/xxxxxxx/xxxx.xxxpredictiveHigh
170Filexxxxxxx-xxxxx.xxxpredictiveHigh
171Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
172Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
173Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
174Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
175Filexx/xx/xxxxxpredictiveMedium
176Filexxxxxxxx.xpredictiveMedium
177File~/.xxxxxpredictiveMedium
178File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
179File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxx.xxxpredictiveHigh
180File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xx.xxxpredictiveHigh
181File~/xxxxxx.xxxpredictiveMedium
182Library/xxx/xxxx/xxxxx.x/xx-xxxx-xxxxxxx.xxxxxpredictiveHigh
183Library/xxxxxxxxx/xxxxxxxxxxxxxx.xxxpredictiveHigh
184Libraryx:/xxxxxxx xxxxx/xxxxx/xxxxxxx.xxxpredictiveHigh
185Libraryxxxxxxxxx.xxxpredictiveHigh
186Libraryxxxxxxxxx/xxx-xxxxxx/xxxxxxxx.xxxpredictiveHigh
187Libraryxxxxxx.xxxpredictiveMedium
188Libraryxxxxxx.xxxpredictiveMedium
189Libraryxxxx.xxxpredictiveMedium
190Argument--xxpredictiveLow
191ArgumentxxxxxxpredictiveLow
192Argumentxxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:predictiveHigh
193ArgumentxxxxxpredictiveLow
194Argumentxxxxxxxxx xxxxxxpredictiveHigh
195ArgumentxxxxxxxxpredictiveMedium
196Argumentxxxxx_xxxxpredictiveMedium
197ArgumentxxxxxxxxxpredictiveMedium
198Argumentxxxxxxx_xxxxxxx_xxxxpredictiveHigh
199ArgumentxxxxxxxxxxpredictiveMedium
200Argumentxxx_xxpredictiveLow
201Argumentxxxxxx_xxpredictiveMedium
202Argumentxxxxxxxxxxxxx-xxxxxpredictiveHigh
203ArgumentxxxxxpredictiveLow
204Argumentxxxxxxx_xxxx_xxxxpredictiveHigh
205Argumentxxxxx/xxxxxxxpredictiveHigh
206Argumentxxxx_xxxpredictiveMedium
207ArgumentxxxpredictiveLow
208Argumentxxxxxx xx xxxx xxxpredictiveHigh
209Argumentxxxxxxxxx_xxxxxxpredictiveHigh
210ArgumentxxxxxxxxxpredictiveMedium
211Argumentxx_xxxxxxpredictiveMedium
212ArgumentxxxxpredictiveLow
213ArgumentxxxxxxxxpredictiveMedium
214Argumentxxxxxxx[xxxxxxx]predictiveHigh
215ArgumentxxxxpredictiveLow
216ArgumentxxxxpredictiveLow
217ArgumentxxxxxxxxpredictiveMedium
218ArgumentxxpredictiveLow
219ArgumentxxpredictiveLow
220ArgumentxxxxxpredictiveLow
221ArgumentxxxxxxxxpredictiveMedium
222ArgumentxxpredictiveLow
223ArgumentxxxxpredictiveLow
224Argumentxxxx/xxx_xxxxxxxxxpredictiveHigh
225ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
226Argumentxxx_xxpredictiveLow
227ArgumentxxxpredictiveLow
228Argumentxxxxxxxx_xxxxxxxpredictiveHigh
229Argumentx_xx/xxxxpredictiveMedium
230ArgumentxxxxpredictiveLow
231ArgumentxxxxxxxxxxxxxxxpredictiveHigh
232Argumentxxxxxx xxxxxxpredictiveHigh
233ArgumentxxpredictiveLow
234ArgumentxxxxxxxpredictiveLow
235ArgumentxxxxpredictiveLow
236ArgumentxxxxxxxxpredictiveMedium
237Argumentxxxxxx_xxxxxxpredictiveHigh
238Argumentxxxx_xxpredictiveLow
239ArgumentxxxxxpredictiveLow
240ArgumentxxxxxxxpredictiveLow
241ArgumentxxxpredictiveLow
242Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
243ArgumentxxxxxxxxxpredictiveMedium
244ArgumentxxxxxxpredictiveLow
245ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
246Argumentxxxxxxxxxxxxx/xxxxxpredictiveHigh
247ArgumentxxxxpredictiveLow
248Argumentxxxx/xxxxxx/xxxxxxx/xxxxxxxxxxpredictiveHigh
249ArgumentxxxxxxxpredictiveLow
250ArgumentxxxxxxpredictiveLow
251ArgumentxxxxxxxxxpredictiveMedium
252ArgumentxxxxxpredictiveLow
253ArgumentxxxxxpredictiveLow
254ArgumentxxpredictiveLow
255Argumentxxxxxxxx-xxxxxxxxpredictiveHigh
256ArgumentxxxpredictiveLow
257ArgumentxxxxxxxxpredictiveMedium
258Argumentxxxxxxxx/xxxx xxxxpredictiveHigh
259Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
260Argumentxxxx_xxxxpredictiveMedium
261ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
262Argumentx-xxxxxxxxx-xxxpredictiveHigh
263Argumentxxxx xxxxpredictiveMedium
264Input Value"><xxxxxx>xxxxx("xxx")</xxxxxx>predictiveHigh
265Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh
266Input Value'xx''='predictiveLow
267Input Value../predictiveLow
268Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
269Patternxxxxxxxxxxxxx|xx| xxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
270Pattern|xx|predictiveLow
271Network Portxxx/xxxpredictiveLow
272Network Portxxx xxxxxx xxxxpredictiveHigh

References (9)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!