Scar Analysis

IOB - Indicator of Behavior (16)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en14
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us10
ru6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel4
nginx2
RARLAB WinRAR2
TP-LINK TL-WR740N2
TP-LINK TL-WR841N2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1nginx HTTP2 resource consumption6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01537CVE-2018-16843
2Microsoft Windows Runtime Remote Code Execution8.17.4$100k and more$5k-$25kUnprovenOfficial Fix0.000.12761CVE-2022-21971
3Joomla Usergroup Table input validation4.64.6$5k-$25k$5k-$25kNot DefinedNot Defined0.010.00885CVE-2021-26036
4Bitrix24 Web Application Firewall cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2020-13483
5Linux Kernel Netfilter x_tables.c out-of-bounds write8.88.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.010.16489CVE-2021-22555
6Linux Kernel ptrace.c access control7.87.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.02302CVE-2019-13272
7HelpSystems Cobalt Strike Server Screenshot readCountedBytes Hotcobalt denial of service3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.04499CVE-2021-36798
8Cisco ASA/Firepower Threat Defense Network Address Translation security check5.45.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.01055CVE-2021-34790
9systemd unit-name.c alloca allocation of resources6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.130.01547CVE-2021-33910
10Hikvision Product Message command injection5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.040.93002CVE-2021-36260
11RARLAB WinRAR memory corruption10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.01108CVE-2008-7144
12TP-LINK TL-WR740N Firmware Local Privilege Escalation5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00000
13TP-LINK TL-WR841N Web Service buffer overflow8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.010.18069CVE-2019-17147
14Genymotion Desktop Clipboard information disclosure4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.010.01108CVE-2021-27549
15Oracle Database Server OJVM access control9.99.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00890CVE-2017-10202

IOC - Indicator of Compromise (28)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
135.186.232.167167.232.186.35.bc.googleusercontent.comScarverifiedMedium
252.85.151.4server-52-85-151-4.iad89.r.cloudfront.netScarverifiedHigh
352.85.151.59server-52-85-151-59.iad89.r.cloudfront.netScarverifiedHigh
464.186.131.47ScarverifiedHigh
567.228.31.225e1.1f.e443.ip4.static.sl-reverse.comScarverifiedHigh
672.21.81.240ScarverifiedHigh
7XX.XXX.XXX.XXxxxxxx.xx-xxx-xxx-xx.xxxxxxx.xxxx-xxxxxx.xxXxxxverifiedHigh
8XX.XXX.XXX.XXXXxxxverifiedHigh
9XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxxXxxxverifiedHigh
10XX.XX.XXX.XXXxxxxxx-xx-xx-xxx-xxx.xxxxx.x.xxxxxxxxxx.xxxXxxxverifiedHigh
11XXX.XXX.XX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxverifiedHigh
12XXX.XXX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxxverifiedHigh
13XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxverifiedHigh
14XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxverifiedHigh
15XXX.XXX.XXX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxverifiedHigh
16XXX.XXX.XX.XXxx-xx-xxx.xxxxx.xxxXxxxverifiedHigh
17XXX.XXX.XX.XXXxx-xx-xxxx.xxxxx.xxxXxxxverifiedHigh
18XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxverifiedHigh
19XXX.XXX.X.XXXxxxverifiedHigh
20XXX.XXX.X.XXxxxxxx.xxxxxxxxxxx.xxxXxxxverifiedHigh
21XXX.XXX.XXX.XXXXxxxverifiedHigh
22XXX.XX.XX.XXXxx-xx.xxxxxxxxxx.xxxXxxxverifiedHigh
23XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxverifiedHigh
24XXX.XXX.XXX.XXxxxx.xxxxx.xxxXxxxverifiedHigh
25XXX.XXX.XXX.XXxxxx.xxxxx.xxxXxxxverifiedHigh
26XXX.XX.XXX.XXXxxx.xxxxx.xxx.xxXxxxverifiedHigh
27XXX.XX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxxverifiedHigh
28XXX.XX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79Cross Site ScriptingpredictiveHigh
2TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
3TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Filebasic/unit-name.cpredictiveHigh
2Filecomponents/bitrix/mobileapp.list/ajax.php/predictiveHigh
3Filexxxxxx/xxxxxx.xpredictiveHigh
4Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveHigh
5Argumentxxxxx[xxxxx][xx]predictiveHigh

References (5)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!