Satori Analysis

IOB - Indicator of Behavior (182)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en164
es10
ru4
de2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us104
ru36
io6
es6
cn4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

RoundCube Webmail4
Microsoft IIS4
Apache HTTP Server4
Mozilla Firefox4
Mozilla Thunderbird4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.38CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
3Online Book Store admin_add.php unrestricted upload6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.035330.00CVE-2020-19113
4Campcodes Online Thesis Archiving System manage_user.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001640.07CVE-2023-2149
5GFI Kerio Control Login Page DOM-Based cross site scripting6.16.0$0-$5k$0-$5kFunctionalNot Defined0.002000.00CVE-2019-16414
6OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.21CVE-2016-6210
7Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.07CVE-2017-0055
8Progress MOVEit Automation Web Admin Application cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.004350.04CVE-2020-12677
9phpMyAdmin grab_globals.lib.php path traversal4.84.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.023340.04CVE-2005-3299
10Redis redis-cli memory corruption7.16.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.005840.05CVE-2018-12326
11Wazzum Wazzum Dating Software profile_view.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.00CVE-2009-0293
12LimeSurvey File Upload path traversal7.16.9$0-$5k$0-$5kNot DefinedOfficial Fix0.002830.00CVE-2018-1000659
13Apache HTTP Server ap_some_auth_required access control3.73.2$25k-$100k$0-$5kUnprovenOfficial Fix0.003680.04CVE-2015-3185
14Synacor Zimbra Collaboration xml external entity reference8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004410.00CVE-2016-9924
15Samba Shared Library is_known_pipename SambaCry code injection9.89.6$25k-$100k$0-$5kHighOfficial Fix0.972640.03CVE-2017-7494
16Apache HTTP Server mod_reqtimeout resource management5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.016960.17CVE-2007-6750
17SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.42CVE-2022-28959
18Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.49
19CodeAstro Vehicle Booking System User Registration usr-register.php cross site scripting4.94.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.00CVE-2024-0345
20MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.63CVE-2007-0354

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • CVE-2014-8361 / CVE 2017-17215

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (91)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/user/manage_user.phppredictiveHigh
2File/anony/mjpg.cgipredictiveHigh
3File/plainpredictiveLow
4File/public/login.htmpredictiveHigh
5File/spip.phppredictiveMedium
6File/uncpath/predictiveMedium
7File/wbms/classes/Master.php?f=delete_clientpredictiveHigh
8File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveHigh
9Fileadmin_add.phppredictiveHigh
10Fileawstats.plpredictiveMedium
11Filebooks.phppredictiveMedium
12Filex-xxxxxx/xxxxxxx.xpredictiveHigh
13Filexxxx/xxxxxx/xxxxxx/xxxxxxxxxxxxxx.xxxxpredictiveHigh
14Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
15Filexxxxx/xxxxxxxx.xxxpredictiveHigh
16Filexxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxx.xxxpredictiveMedium
19Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
20Filexxxxx_xxx_xxxxx.xxxpredictiveHigh
21Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
22Filexxx/xxxxxx.xxxpredictiveHigh
23Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
24Filexxxxxxxx/xxxxxxx.xxxpredictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexxxxx.xxx?xx=xxxxxxx&xxx=xxxpredictiveHigh
27Filexxxx_xxxx.xxxpredictiveHigh
28Filexxxxxx/xxxxxx/xxxx.xpredictiveHigh
29Filexxxxxxxxx/xxxxxxx.xpredictiveHigh
30Filexxxxxxxxx.xxxpredictiveHigh
31Filexxxxx/?xxxxxx=xxxxxxx&xxxxpredictiveHigh
32Filexxx_xxxxx_xxxxx.xpredictiveHigh
33Filexxxxxxxx.xxxxxpredictiveHigh
34Filexxxxxxx.xxxpredictiveMedium
35Filexxxxxxx.xxxpredictiveMedium
36Filexxxxxxxx.xxxpredictiveMedium
37Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
38Filexxxxxxx_xxxx.xxxpredictiveHigh
39Filexxxxx_xxxxxxx.xxxpredictiveHigh
40Filexxxxxxxxx.xxxxpredictiveHigh
41Filexxxxx.xxxpredictiveMedium
42Filexxxxx-xxxx.xxxpredictiveHigh
43Filexxxxxxxxx.xxxpredictiveHigh
44Filexxx/xxx-xxxxxxxx.xxxpredictiveHigh
45Filexxxxxxxx/xxxxxx.xxxxxxxxpredictiveHigh
46Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
47Filexx-xxxxx.xxxpredictiveMedium
48Filexxxxxxx.xxxpredictiveMedium
49Library/xxx/xxxxx/xxxxxxxxx.xxpredictiveHigh
50Libraryxxx.xxxpredictiveLow
51Libraryxxxxx/xxxxxx/xxx/xxxxx/xxxxx.xxxxx_xx.xxxpredictiveHigh
52Libraryxxx/xxx/xxxx/predictiveHigh
53Libraryxx-xxxxxxx/xxxxxxx/xxxxxx/xxx_xxxx.xxxpredictiveHigh
54Argument-xpredictiveLow
55Argument-xxxxxxxxxxxxxpredictiveHigh
56Argument-xpredictiveLow
57ArgumentxxxxxxxxpredictiveMedium
58ArgumentxxxxxxpredictiveLow
59ArgumentxxxpredictiveLow
60Argumentxxxx_xxpredictiveLow
61ArgumentxxxxxxxpredictiveLow
62ArgumentxxxxxxpredictiveLow
63ArgumentxxxxxxxxxxxpredictiveMedium
64Argumentxxxxxxxxx_xxxxxx_xxxxpredictiveHigh
65ArgumentxxxxpredictiveLow
66Argumentxxxx_xxxx/xxxx_xxxx/xxxxxxxpredictiveHigh
67ArgumentxxxxpredictiveLow
68ArgumentxxxxxxxxpredictiveMedium
69ArgumentxxpredictiveLow
70ArgumentxxxpredictiveLow
71ArgumentxxxxxxpredictiveLow
72ArgumentxxxxxxxpredictiveLow
73ArgumentxxxpredictiveLow
74ArgumentxxxxxxxxxpredictiveMedium
75ArgumentxxxxxpredictiveLow
76ArgumentxxxxpredictiveLow
77ArgumentxxxxxpredictiveLow
78ArgumentxxxxpredictiveLow
79ArgumentxxxxxxxxpredictiveMedium
80ArgumentxxxxxxxpredictiveLow
81ArgumentxxxpredictiveLow
82Argumentxxxxx_xxxx/xxxxx_xxxxxx/xxx_xxxx/xxx_xxxxxx/xxxxxxxxpredictiveHigh
83Argumentxxxx_xxpredictiveLow
84ArgumentxxxxxxpredictiveLow
85Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
86Input Value../predictiveLow
87Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveHigh
88Network Portxxx/xxxpredictiveLow
89Network Portxxx/xxxxpredictiveMedium
90Network Portxxx/xxx (xxx)predictiveHigh
91Network Portxxx xxxxxx xxxxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!