Scar Analysis

IOB - Indicator of Behavior (16)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en12
ru2
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel4
TP-LINK TL-WR841N2
Microsoft Windows2
Bitrix242
RARLAB WinRAR2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1nginx HTTP/2 resource consumption6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.083940.03CVE-2018-16843
2Microsoft Windows Runtime uninitialized pointer8.17.7$25k-$100k$5k-$25kHighOfficial Fix0.193100.05CVE-2022-21971
3Joomla Usergroup Table input validation4.64.6$5k-$25k$5k-$25kNot DefinedNot Defined0.001030.00CVE-2021-26036
4Bitrix24 Web Application Firewall cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001130.04CVE-2020-13483
5Linux Kernel Netfilter x_tables.c out-of-bounds write8.88.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.002130.05CVE-2021-22555
6Linux Kernel ptrace.c access control7.87.6$5k-$25k$0-$5kHighOfficial Fix0.000520.00CVE-2019-13272
7HelpSystems Cobalt Strike Server Screenshot readCountedBytes Hotcobalt denial of service3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002800.00CVE-2021-36798
8Cisco ASA/Firepower Threat Defense Network Address Translation security check5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.001130.00CVE-2021-34790
9systemd unit-name.c alloca allocation of resources6.55.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000440.05CVE-2021-33910
10Hikvision Product Message command injection5.55.5$0-$5k$0-$5kHighNot Defined0.974830.15CVE-2021-36260
11RARLAB WinRAR memory corruption10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.004690.00CVE-2008-7144
12TP-LINK TL-WR740N Firmware Local Privilege Escalation5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000000.05
13TP-LINK TL-WR841N Web Service buffer overflow8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.020050.04CVE-2019-17147
14Genymotion Desktop Clipboard information disclosure4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.005940.00CVE-2021-27549
15Oracle Database Server OJVM access control9.99.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.001650.07CVE-2017-10202

IOC - Indicator of Compromise (27)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
135.186.232.167167.232.186.35.bc.googleusercontent.comScar05/06/2022verifiedLow
252.85.151.4server-52-85-151-4.iad89.r.cloudfront.netScar07/17/2021verifiedLow
352.85.151.59server-52-85-151-59.iad89.r.cloudfront.netScar07/17/2021verifiedLow
464.186.131.47Scar04/12/2022verifiedMedium
567.228.31.225e1.1f.e443.ip4.static.sl-reverse.comScar04/12/2022verifiedMedium
672.21.81.240Scar05/05/2022verifiedMedium
7XX.XXX.XXX.XXxxxxxx.xx-xxx-xxx-xx.xxxxxxx.xxxx-xxxxxx.xxXxxx07/17/2021verifiedMedium
8XX.XXX.XXX.XXXXxxx07/17/2021verifiedMedium
9XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxxXxxx07/17/2021verifiedLow
10XX.XX.XXX.XXXxxxxxx-xx-xx-xxx-xxx.xxxxx.x.xxxxxxxxxx.xxxXxxx07/17/2021verifiedLow
11XXX.XXX.XX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxx05/05/2022verifiedMedium
12XXX.XXX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxx05/06/2022verifiedMedium
13XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxx05/06/2022verifiedMedium
14XXX.XXX.XXX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxx05/05/2022verifiedMedium
15XXX.XXX.XX.XXxx-xx-xxx.xxxxx.xxxXxxx05/06/2022verifiedMedium
16XXX.XXX.XX.XXXxx-xx-xxxx.xxxxx.xxxXxxx05/06/2022verifiedMedium
17XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxx05/06/2022verifiedMedium
18XXX.XXX.X.XXXxxx07/17/2021verifiedMedium
19XXX.XXX.X.XXxxxxxx.xxxxxxxxxxx.xxxXxxx07/17/2021verifiedMedium
20XXX.XXX.XXX.XXXXxxx04/12/2022verifiedMedium
21XXX.XX.XX.XXXxx-xx.xxxxxxxxxx.xxxXxxx05/06/2022verifiedMedium
22XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxx05/06/2022verifiedMedium
23XXX.XXX.XXX.XXxxxx.xxxxx.xxxXxxx05/05/2022verifiedMedium
24XXX.XXX.XXX.XXxxxx.xxxxx.xxxXxxx05/05/2022verifiedMedium
25XXX.XX.XXX.XXXxxx.xxxxx.xxx.xxXxxx05/05/2022verifiedMedium
26XXX.XX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxx05/06/2022verifiedMedium
27XXX.XX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxx05/06/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Filebasic/unit-name.cpredictiveHigh
2Filecomponents/bitrix/mobileapp.list/ajax.php/predictiveHigh
3Filexxxxxx/xxxxxx.xpredictiveHigh
4Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveHigh
5Argumentxxxxx[xxxxx][xx]predictiveHigh

References (5)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!