ScanBox Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (102)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en72
zh22
jp4
de2
ja2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China52
US: USA40
CA: Canada6
TH: Thailand4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

ScanBox10
UAC-00101
Emotet1
PhotoLoader1
Shuckworm1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined36
Content Management System16
Operating System14
Firewall Software4
Project Management Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined40
Linux6
Apple6
Cisco4
Joomla4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel6
Apple Mac OS X Server4
Joomla CMS4
DeDeCMS4
Project Worlds Car Rental Management System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1October CMS fromData race condition6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.004180.04CVE-2022-24800
2DeDeCMS recommend.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.058100.00CVE-2017-17731
3Fabrice Bellard QEMU bits_per_pixel access control5.75.0$5k-$25kCalculatingUnprovenOfficial Fix0.864030.00CVE-2014-7815
4PrestaShop isCleanHTML cross site scripting5.65.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.05CVE-2023-39527
5OpenSSL ASN.1 X509_get1_ocsp out-of-bounds5.55.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.003520.05CVE-2021-3712
6PbootCMS cross site scripting3.63.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.00CVE-2024-1018
7Docker Swarm Plugin Dashboard View cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000900.07CVE-2023-40350
8Fortinet FortiOS/FortiPAM/FortiProxy HTTP Request out-of-bounds write9.89.6$25k-$100k$25k-$100kNot DefinedOfficial Fix0.000910.08CVE-2023-42789
9Oracle Identity Management Suite Apache Log4j deserialization9.89.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.873840.00CVE-2017-5645
10VMware Cloud Director Privilege Escalation7.26.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.002520.02CVE-2022-22966
11Google Android Lockscreen KeyguardServiceWrapper.java race condition2.01.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2022-20006
12Boa Webserver GET wapopen path traversal6.46.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.735400.05CVE-2017-9833
13Microsoft ASP.NET Forms Authentication path traversal9.89.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.939760.03CVE-2004-0847
14Oracle MySQL Enterprise Monitor Monitoring path traversal9.18.9$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001270.04CVE-2022-37865
15SpringBlade sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001710.04CVE-2022-27360
16Cuppa CMS File Manager copy access control5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.002050.04CVE-2022-25401
17JCK Editor links.php sql injection8.58.3$0-$5k$0-$5kHighNot Defined0.816230.04CVE-2018-17254
18Yii Yii2 path traversal7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000910.05CVE-2015-5467
19Umbraco FeedProxy.aspx.cs Page_Load server-side request forgery7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005110.00CVE-2015-8813
20WPS Hide Login Plugin Secret Login Page options.php access control6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.040980.00CVE-2021-24917

IOC - Indicator of Compromise (26)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
11.9.5.38ScanBox12/24/2020verifiedLow
245.77.237.24345.77.237.243.vultrusercontent.comScanBox02/16/2024verifiedHigh
350.2.24.211ScanBox12/24/2020verifiedLow
466.197.231.62ScanBox01/01/2021verifiedLow
569.197.146.80ScanBox01/01/2021verifiedLow
669.197.183.142us-mci1-16.renders.prerender.ioScanBox01/01/2021verifiedLow
7XX.XXX.XXX.XXXXxxxxxx01/01/2021verifiedLow
8XX.XXX.XXX.XXXXxxxxxx01/01/2021verifiedLow
9XX.XXX.XXX.XXXxx-xxxx-xx.xxxxxxx.xxxxxxxxx.xxXxxxxxx01/01/2021verifiedLow
10XX.XX.XXX.XXXxxxxxxxxxxxxxxxxxxxxxxxxx.xxxXxxxxxx12/24/2020verifiedLow
11XXX.XX.XXX.XXXXxxxxxx12/24/2020verifiedLow
12XXX.XXX.XXX.XXXXxxxxxx12/24/2020verifiedLow
13XXX.XX.XX.XXXXxxxxxx12/24/2020verifiedLow
14XXX.XX.XX.XXXXxxxxxx01/01/2021verifiedLow
15XXX.XX.XX.XXXXxxxxxx02/16/2024verifiedVery High
16XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx02/16/2024verifiedHigh
17XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxx02/16/2024verifiedHigh
18XXX.XXX.XXX.XXxx.xx.xxxx.xxxxxx.xxxxxxxxx.xxxXxxxxxx12/24/2020verifiedLow
19XXX.XX.XX.XXXxxxxxxx.xxxxxxxxxxxxxx.xx.xxXxxxxxx01/01/2021verifiedLow
20XXX.XX.XXX.XXXxxx-xx-xxx-x.xx.xxx.xxxxx-xxxxx.xxxxxxxxxx.xxxXxxxxxx01/01/2021verifiedLow
21XXX.XX.XX.Xxxx-xx-xx-x.xx.xxxxxx.xxxxx-xxxxxx.xxxxxxxxxx.xxxXxxxxxx01/01/2021verifiedLow
22XXX.XX.XXX.XXXxxx-xx-xxx-x.xx.xxxxxx.xxxxx-xxxxx.xxxxxxxxxx.xxxXxxxxxx01/01/2021verifiedLow
23XXX.XXX.XX.XXx.x.xxxxx.xxXxxxxxx01/01/2021verifiedVery Low
24XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx02/16/2024verifiedHigh
25XXX.X.XXX.XXXxxxxxx01/01/2021verifiedLow
26XXX.X.XXX.XXXxxxxxx01/01/2021verifiedLow

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
12TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (85)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin.php?p=/Area/index#tab=t2predictiveHigh
2File/cgi-bin/wapopenpredictiveHigh
3File/proc/self/setgroupspredictiveHigh
4File/secure/QueryComponent!Default.jspapredictiveHigh
5File/userRpm/PingIframeRpm.htmpredictiveHigh
6File/webman/info.cgipredictiveHigh
7File/wp-admin/options.phppredictiveHigh
8Fileadclick.phppredictiveMedium
9Fileaddentry.phppredictiveMedium
10Fileand/orpredictiveLow
11Filexxxxxx.xxxxxx.xxxpredictiveHigh
12Filexxx.xxxpredictiveLow
13Filexxxxxx.xpredictiveMedium
14Filexxx-xxx/xxxxxxpredictiveHigh
15Filexxxxxx.xxx.xxxpredictiveHigh
16Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxx-xxxxx.xxxpredictiveHigh
18Filexxxxxxxxx.xxx.xxxpredictiveHigh
19Filexxxxxxx.xxxpredictiveMedium
20Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
21Filexxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
22Filexxx/xxxxxx.xxxpredictiveHigh
23Filexxxxx.xxxpredictiveMedium
24Filexxxx_xxxx.xxxpredictiveHigh
25Filexxx.xxxxpredictiveMedium
26Filexxxxxxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
27Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
28Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
29Filexxxxxx.xxxpredictiveMedium
30Filexxx/xxxxxxxxx.xxpredictiveHigh
31Filexxxxxx.xxxpredictiveMedium
32Filexxx/xxx/xx_xxx.xpredictiveHigh
33Filexxx/xxxxxxxxx/xxx_xxxxxxxxx.xpredictiveHigh
34Filexxxxxxx.xxxpredictiveMedium
35Filexxxxxxxxxx.xxxpredictiveHigh
36Filexxxx/xxxxxxxxx.xxxpredictiveHigh
37Filexxxxx.xxxpredictiveMedium
38Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
39Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
40Filexxxxxxxx.xxxpredictiveMedium
41Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
42Filex/xxxxx.xxxpredictiveMedium
43Filexxx_xxxx_xxxxxx.xxxpredictiveHigh
44Filexxxxxxx.xxx/xxxxxxx.xxxxxxxxxxxx/xxxxxxx/xxxxxxxxx/xxxxxxxxx.xxxx.xxpredictiveHigh
45Filexxxx-xxxxxxx.xxxpredictiveHigh
46Filexxxx.xxxxx.xxxxxxpredictiveHigh
47Filexx-xxxxx.xxxpredictiveMedium
48Libraryxxx/xxxxxxxxx.xxpredictiveHigh
49Libraryxxxx.xxxxxpredictiveMedium
50Argument$_xxxxxpredictiveLow
51Argumentxxxxx_xxxxpredictiveMedium
52ArgumentxxxxxxxxpredictiveMedium
53ArgumentxxxxxxxxpredictiveMedium
54ArgumentxxxxxxxxxxpredictiveMedium
55ArgumentxxxxxpredictiveLow
56Argumentxxxx_xxpredictiveLow
57ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
58Argumentx_xxpredictiveLow
59ArgumentxxxxxxxxxxpredictiveMedium
60ArgumentxxxxxxxxpredictiveMedium
61ArgumentxxxxpredictiveLow
62Argumentxxxx/xxxxxx/xxxpredictiveHigh
63ArgumentxxpredictiveLow
64ArgumentxxxxxxxxpredictiveMedium
65Argumentxxx_xxxxxxx_xxxpredictiveHigh
66ArgumentxxxxpredictiveLow
67Argumentxxxx/xxxxxxxx/xxx/xxx/xxxxxxxx/xxxxxxxpredictiveHigh
68ArgumentxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
69ArgumentxxxxxxpredictiveLow
70ArgumentxxxxpredictiveLow
71ArgumentxxxxxxxxpredictiveMedium
72ArgumentxxxxxxpredictiveLow
73Argumentxxxx_xxxxxpredictiveMedium
74Argumentxxxxxxxxxx_xxxxpredictiveHigh
75ArgumentxxxxxxxxxxxpredictiveMedium
76ArgumentxxxxpredictiveLow
77ArgumentxxxxxxpredictiveLow
78Argumentxxxxxxxxx: xpredictiveMedium
79ArgumentxxxpredictiveLow
80ArgumentxxxxxxpredictiveLow
81ArgumentxxxxxxxxpredictiveMedium
82Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
83ArgumentxxxxpredictiveLow
84Input Value../..predictiveLow
85Network Portxxx/xxxxpredictiveMedium

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!