Sauron Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en140
zh122
ru90
pl88
sv86

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

RU: Russia90
PL: Poland88
SV: El Salvador86
CN: China78
PT: Portugal76

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Storm-05581
Clop1
Rhadamanthys1
RedLine Stealer1
Stealc1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined86
WordPress Plugin44
E-Commerce Management Software6
Connectivity Software4
Web Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined74
Tenda16
Microsoft8
ISC4
Kashipara4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

MailCleaner6
Tenda W15E6
Kashipara Online Furniture Shopping Ecommerce Webs ...4
OpenSSH4
Tenda i214

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Apryse WebViewer PDF Document cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.10CVE-2024-4327
2MailCleaner Email os command injection9.89.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.15CVE-2024-3191
3osCommerce all-products cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000650.15CVE-2024-4348
4MailCleaner Admin Interface cross site scripting5.85.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.05CVE-2024-3192
5SourceCodester Pisay Online E-Learning System controller.php unrestricted upload7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.05CVE-2024-4349
6MailCleaner Admin Endpoints os command injection8.88.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.20CVE-2024-3193
7BloomPixel Max Addons Pro for Bricks Plugin authorization6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.08CVE-2024-32951
8Extend Themes Teluro Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.05CVE-2024-33688
9Elementor ImageBox Plugin cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-3074
10Apache HTTP Server mod_lua Multipart Parser r:parsebody out-of-bounds write8.58.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.088080.00CVE-2021-44790
11Dell Wyse Proprietary OS Telemetry Dashboard information disclosure4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-28963
12Apache Parquet Parquet-MR denial of service3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000860.00CVE-2021-41561
13Foliovision FV Flowplayer Video Player Plugin server-side request forgery5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.03CVE-2024-32955
14Dell Repository Manager API Module improper authorization8.38.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.03CVE-2024-28976
15Jegstudio Financio Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.03CVE-2024-33690
16ThemeNcode Fan Page Widget by Plugin cross site scripting4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33695
17Pavex Embed Google Photos Album Plugin server-side request forgery5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-32775
18AnnounceKit Plugin cross site scripting2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-3023
19Repute Infosystems ARMember Plugin authorization7.87.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.05CVE-2024-32948
20Dell Repository Manager Logger Module improper authorization3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-28977

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
137.252.125.88Sauron12/23/2020verifiedLow
266.228.52.133li294-133.members.linode.comSauron12/23/2020verifiedLow
3XX.XXX.XXX.XXxxxx-xxxxxxx-xxxxx-xx-xxx-xxx-xx.xxxxxx.xxxXxxxxx12/23/2020verifiedLow
4XX.XXX.XX.XXXXxxxxx12/23/2020verifiedLow
5XXX.X.XXX.XXXxxxxxx.xxx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx12/23/2020verifiedLow
6XXX.XXX.XX.XXX.Xxxxxx12/23/2020verifiedLow
7XXX.XX.XX.XXXxxxxxxx-xx-xx-xxx.xxxxxx.xxxxxxx.xxXxxxxx12/23/2020verifiedLow
8XXX.XXX.XX.XXxxxxxxx.xxxXxxxxx12/23/2020verifiedLow
9XXX.XXX.XXX.XXXXxxxxx12/23/2020verifiedLow
10XXX.XXX.XXX.XXXxxxxxxxxxxxxx.xxxxxxxxxx.xxxxXxxxxx12/23/2020verifiedLow

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-37CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (90)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/building/backmgr/urlpage/mobileurl/configfile/jx2_config.inipredictiveHigh
2File/catalog/all-productspredictiveHigh
3File/changePasswordpredictiveHigh
4File/forum/away.phppredictiveHigh
5File/goform/addIpMacBindpredictiveHigh
6File/goform/DelDhcpRulepredictiveHigh
7File/goform/delIpMacBindpredictiveHigh
8File/goform/DelPortMappingpredictiveHigh
9File/goform/modifyDhcpRulepredictiveHigh
10File/goform/modifyIpMacBindpredictiveHigh
11File/goform/setBlackRulepredictiveHigh
12File/xxxxxx/xxxxxxxxxxpredictiveHigh
13File/xxxxxx/xxxxxxxxxpredictiveHigh
14File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
15File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
16File/xxxxxx/xxxxxxxxxxxxxpredictiveHigh
17File/xxxxxx/xxxxxxxxxxxpredictiveHigh
18File/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
19File/xxxxxxxxxxx.xxx/xxxxxxxxpredictiveHigh
20File/xxxxxx_xx.xxxpredictiveHigh
21File/xxx.xxxpredictiveMedium
22File/xxxxx.xxxx.xxxpredictiveHigh
23File/xxxxxxxx.xxxpredictiveHigh
24File/xxx/xxxxxxx/xxxpredictiveHigh
25File/xxxxxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
26File/xxxx/xxxxxxx xxxxxx/xxx/xxx_xxxx_xxxxxx.xxxpredictiveHigh
27File/xxxx/xxxxxx_xxx.xxxpredictiveHigh
28Filexxxxxxx.xxpredictiveMedium
29Filexxxxx/xxxxxxx/xxxxxxxxxxxxx.xxpredictiveHigh
30Filexxxxx.xxxpredictiveMedium
31Filexxxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
33Filexxxxxxx.xxxpredictiveMedium
34Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
35Filexx.xxxpredictiveLow
36Filexx/xxxxxx/xxxxxxxxxxpredictiveHigh
37Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
38Filexxxxx.xxxpredictiveMedium
39Filexxxxxxxx.xxxpredictiveMedium
40Filexxxxx.xxxx.xxxpredictiveHigh
41Filexxx.xxpredictiveLow
42Filexxxxxxxx.xxxpredictiveMedium
43Filexxxxxxxx.xxxpredictiveMedium
44Filexxxxxxxx_xx.xxxpredictiveHigh
45Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
46Filexxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
47Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
48Filexxxx-xxxxx.xxxpredictiveHigh
49Filexxxx-xxxxxxxx.xxxpredictiveHigh
50Filexxxxxxxxx/xx_xxxxxxxxx.xxxpredictiveHigh
51Argumentxxxxx_xxxxxpredictiveMedium
52ArgumentxxxxxxxxxxxxxpredictiveHigh
53ArgumentxxxpredictiveLow
54ArgumentxxxxxxxxxpredictiveMedium
55ArgumentxxxxxpredictiveLow
56ArgumentxxxxxxxxxxxxpredictiveMedium
57ArgumentxxxxxxxxxxpredictiveMedium
58ArgumentxxxxxxxpredictiveLow
59ArgumentxxpredictiveLow
60ArgumentxxxxxxxxpredictiveMedium
61ArgumentxxxxpredictiveLow
62ArgumentxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
63Argumentxx/xxxxpredictiveLow
64ArgumentxxxxxxxpredictiveLow
65ArgumentxxpredictiveLow
66ArgumentxxpredictiveLow
67ArgumentxxxxxxxxxxxxxxpredictiveHigh
68ArgumentxxxxxxxxxxxxxpredictiveHigh
69Argumentxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
70ArgumentxxxxxxxxxxpredictiveMedium
71ArgumentxxxxxxxxxxxxpredictiveMedium
72Argumentxx_xxxxxx_xxxxxxxxxxxxpredictiveHigh
73Argumentxx_xxxxxpredictiveMedium
74ArgumentxxxxpredictiveLow
75Argumentxxxx/xxxxxx/xxxxxxxpredictiveHigh
76ArgumentxxxxxxxxxxxpredictiveMedium
77ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
78Argumentxxxxxxx_xxxxxxx_xxxxx_xxxxx_xxxxxpredictiveHigh
79ArgumentxxxxxxpredictiveLow
80ArgumentxxxxxxxxpredictiveMedium
81ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
82ArgumentxxxxxxxxxpredictiveMedium
83Argumentxxxxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxpredictiveHigh
84ArgumentxxxpredictiveLow
85ArgumentxxxxxxxxxpredictiveMedium
86ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
87ArgumentxxxxpredictiveLow
88ArgumentxxxxxxxxxxpredictiveMedium
89Argumentxxx_xxxpredictiveLow
90Argumentxxxx/xxxxx/xxx/xxxx/xxxxxx/xxxxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!