Satori Analysis

IOB - Indicator of Behavior (162)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en144
es16
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us92
ru36
es10
io6
nl4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Cisco Registered Envelope Service6
AnyDesk4
phpMyAdmin4
Mozilla Firefox4
Google Chrome4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.400.04187CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
3GFI Kerio Control Login Page DOM-Based cross site scripting6.16.0$0-$5k$0-$5kFunctionalNot Defined0.010.01018CVE-2019-16414
4OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.460.49183CVE-2016-6210
5Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.490.25090CVE-2017-0055
6Progress MOVEit Automation Web Admin Application cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.030.02762CVE-2020-12677
7phpMyAdmin grab_globals.lib.php path traversal4.84.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.090.04482CVE-2005-3299
8Redis redis-cli memory corruption7.16.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.04285CVE-2018-12326
9Wazzum Wazzum Dating Software profile_view.php sql injection7.36.9$0-$5kCalculatingProof-of-ConceptNot Defined0.030.00986CVE-2009-0293
10LimeSurvey File Upload path traversal7.16.5$0-$5k$0-$5kNot DefinedNot Defined0.020.01424CVE-2018-1000659
11Apache HTTP Server ap_some_auth_required access control3.73.2$25k-$100k$0-$5kUnprovenOfficial Fix0.040.07344CVE-2015-3185
12Synacor Zimbra Collaboration xml external entity reference8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01055CVE-2016-9924
13Samba Shared Library is_known_pipename SambaCry code injection9.89.4$100k and more$0-$5kHighOfficial Fix0.070.95647CVE-2017-7494
14Apple iOS WebKit out-of-bounds write6.36.0$100k and more$25k-$100kHighOfficial Fix0.030.02806CVE-2022-32893
15Veeam Backup and Replication access control5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.030.01440CVE-2022-26501
16Oracle Web Services Manager Web Services Security unknown vulnerability8.17.9$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.00885CVE-2022-21497
17Amministrazione Aperta Plugin path traversal6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2022-1560
18Abode iota All-In-One Security Kit XCMD stack-based overflow9.99.8$0-$5k$0-$5kNot DefinedNot Defined0.020.01156CVE-2022-32454
19gVectors wpDiscuz Plugin wpdLoadMoreComments sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.010.15351CVE-2020-13640
20Cisco Redundancy Configuration Manager Debug Remote Code Execution8.17.7$100k and more$5k-$25kNot DefinedOfficial Fix0.030.00000CVE-2022-20649

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • CVE-2014-8361 / CVE 2017-17215

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (81)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/anony/mjpg.cgipredictiveHigh
2File/plainpredictiveLow
3File/public/login.htmpredictiveHigh
4File/uncpath/predictiveMedium
5File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveHigh
6Fileawstats.plpredictiveMedium
7Filebooks.phppredictiveMedium
8Filec-client/imap4r1.cpredictiveHigh
9Filecore/webapi/upload/FileUploadData.javapredictiveHigh
10Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
11Filexxxxx/xxxxxxxx.xxxpredictiveHigh
12Filexxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
15Filexxxxx_xxx_xxxxx.xxxpredictiveHigh
16Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
17Filexxx/xxxxxx.xxxpredictiveHigh
18Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
19Filexxxxxxxx/xxxxxxx.xxxpredictiveHigh
20Filexxxxx.xxx?xx=xxxxxxx&xxx=xxxpredictiveHigh
21Filexxxx_xxxx.xxxpredictiveHigh
22Filexxxxxx/xxxxxx/xxxx.xpredictiveHigh
23Filexxxxxxxxx/xxxxxxx.xpredictiveHigh
24Filexxxxxxxxx.xxxpredictiveHigh
25Filexxxxx/?xxxxxx=xxxxxxx&xxxxpredictiveHigh
26Filexxx_xxxxx_xxxxx.xpredictiveHigh
27Filexxxxxxxx.xxxxxpredictiveHigh
28Filexxxxxxx.xxxpredictiveMedium
29Filexxxxxxx.xxxpredictiveMedium
30Filexxxxxxxx.xxxpredictiveMedium
31Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
32Filexxxxxxx_xxxx.xxxpredictiveHigh
33Filexxxxx_xxxxxxx.xxxpredictiveHigh
34Filexxxxxxxxx.xxxxpredictiveHigh
35Filexxxxx.xxxpredictiveMedium
36Filexxxxx-xxxx.xxxpredictiveHigh
37Filexxxxxxxxx.xxxpredictiveHigh
38Filexxxxxxxx/xxxxxx.xxxxxxxxpredictiveHigh
39Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
40Filexx-xxxxx.xxxpredictiveMedium
41Filexxxxxxx.xxxpredictiveMedium
42Library/xxx/xxxxx/xxxxxxxxx.xxpredictiveHigh
43Libraryxxx.xxxpredictiveLow
44Libraryxxxxx/xxxxxx/xxx/xxxxx/xxxxx.xxxxx_xx.xxxpredictiveHigh
45Libraryxxx/xxx/xxxx/predictiveHigh
46Libraryxx-xxxxxxx/xxxxxxx/xxxxxx/xxx_xxxx.xxxpredictiveHigh
47Argument-xpredictiveLow
48Argument-xxxxxxxxxxxxxpredictiveHigh
49Argument-xpredictiveLow
50ArgumentxxxxxxxxpredictiveMedium
51ArgumentxxxxxxpredictiveLow
52ArgumentxxxpredictiveLow
53Argumentxxxx_xxpredictiveLow
54ArgumentxxxxxxpredictiveLow
55ArgumentxxxxxxxxxxxpredictiveMedium
56Argumentxxxxxxxxx_xxxxxx_xxxxpredictiveHigh
57ArgumentxxxxpredictiveLow
58ArgumentxxxxpredictiveLow
59ArgumentxxxxxxxxpredictiveMedium
60ArgumentxxpredictiveLow
61ArgumentxxxpredictiveLow
62ArgumentxxxxxxpredictiveLow
63ArgumentxxxxxxxpredictiveLow
64ArgumentxxxpredictiveLow
65ArgumentxxxxxxxxxpredictiveMedium
66ArgumentxxxxxpredictiveLow
67ArgumentxxxxpredictiveLow
68ArgumentxxxxxpredictiveLow
69ArgumentxxxxpredictiveLow
70ArgumentxxxxxxxxpredictiveMedium
71ArgumentxxxxxxxpredictiveLow
72ArgumentxxxpredictiveLow
73Argumentxxxxx_xxxx/xxxxx_xxxxxx/xxx_xxxx/xxx_xxxxxx/xxxxxxxxpredictiveHigh
74Argumentxxxx_xxpredictiveLow
75ArgumentxxxxxxpredictiveLow
76Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
77Input Value../predictiveLow
78Network Portxxx/xxxpredictiveLow
79Network Portxxx/xxxxpredictiveMedium
80Network Portxxx/xxx (xxx)predictiveHigh
81Network Portxxx xxxxxx xxxxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!