Scarlet Mimic Analysis

IOB - Indicator of Behavior (98)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en96
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us82
cn10
gb4
in2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android6
Kaspersky Anti-Virus4
Google Chrome2
Thomas R. Pasawicz HyperBook Guestbook2
Discuz!ML2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1mcart.xls Module mcart_xls_import.php sql injection7.17.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.01564CVE-2015-8356
2EasyCom PHP API memory corruption8.57.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.12131CVE-2017-5358
3DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.780.04187CVE-2010-0966
4PbootCMS SingleController.php sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2018-18450
5PoDoFo PDF File PdfXRefStreamParserObject.cpp ParseStream integer overflow5.45.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01055CVE-2018-5295
6Landing Pages Plugin injection8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01850CVE-2015-5227
7Piwik Controller.php saveLayout code injection6.35.9$0-$5k$0-$5kFunctionalOfficial Fix0.030.00000
8Moxa AWK-3131A Web Application null pointer dereference7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2016-8723
9Image Sharing Script postComment.php Stored cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00000
10Linux Kernel tmpfs System posix_acl.c simple_set_acl access control4.94.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01104CVE-2017-5551
11Netgear R8000 Password Recovery passwordrecovered.cgi information disclosure6.76.7$5k-$25k$0-$5kHighNot Defined0.040.89853CVE-2017-5521
12libtorrent GZIP Response puff.cpp construct input validation5.95.9$0-$5k$0-$5kNot DefinedOfficial Fix0.040.01018CVE-2016-7164
13Juniper ScreenOS SSH/Telnet improper authentication9.88.8$25k-$100k$0-$5kHighOfficial Fix0.030.88933CVE-2015-7755
14WarHound WarHound General Shopping Cart item.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.01319CVE-2006-6206
15Adobe Magento Customers Module improper authorization5.04.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2021-28567
16Google Android SimpleDecodingSource.cpp doRead privileges management9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.010.01156CVE-2021-39623
17Royal TS Tunnel Authentication excessive authentication5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00954CVE-2020-13872
18Netgear Nighthawk M1 Web Interface os command injection8.07.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.070.00885CVE-2019-14527
19Strapi index.js Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2020-27664
20libnbd NBD Protocol nbd_pread input validation7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.010.01440CVE-2019-14842

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Uyghurs

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (59)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/ajax-files/postComment.phppredictiveHigh
3File/cgi-bin/passpredictiveHigh
4File/cgi-bin/wapopenpredictiveHigh
5File/passwordrecovered.cgipredictiveHigh
6File/plugins/Dashboard/Controller.phppredictiveHigh
7Fileadmin/mcart_xls_import.phppredictiveHigh
8Filexxxxx/xxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx/xxxxx.xxpredictiveHigh
9Filexxxx\xxxxx\xxxxxxxxxx\xxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictiveHigh
10Filexxxxxxxx.xxxpredictiveMedium
11Filexxxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxx\xxxxxxxxxx\xxxxx\xxxxxx.xxxpredictiveHigh
14Filexxxxxx/xxxx.xpredictiveHigh
15Filexxx.xxxxxxx.xxxpredictiveHigh
16Filexxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
17Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxx/xxxxxxxxxx/xxxxxx-xxx.xpredictiveHigh
19Filexxxxxxxxx/xxxxxxx/xxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
20Filexxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
21Filexx/xxxxx_xxx.xpredictiveHigh
22Filexxx/xxx.xxxpredictiveMedium
23Filexxx/xxxxxx.xxxpredictiveHigh
24Filexxxxxxx.xxxpredictiveMedium
25Filexxxx.xxxpredictiveMedium
26Filexxxxxxx.xxxpredictiveMedium
27Filexxxxx.xxxpredictiveMedium
28Filexxxxxxxxx.xxxpredictiveHigh
29Filexxxx_xxxxxxxxxx.xxxpredictiveHigh
30Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
31Filexxxx.xxxpredictiveMedium
32Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
33Filexxxxxx/xxxxxx_xxxxxxxxxxx.xxxpredictiveHigh
34Filexxxxxxxxxxxx.xxxpredictiveHigh
35Filexx-xxxxx/xxxx.xxxpredictiveHigh
36Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
37ArgumentxxxxxxxxpredictiveMedium
38Argumentxxxxxxx xxxxpredictiveMedium
39Argumentxxxxxxxxx->xxxxxxxxxpredictiveHigh
40ArgumentxxxxxxxxxxpredictiveMedium
41Argumentxx/xxx/xxxxxpredictiveMedium
42ArgumentxxxxxxxxxxxpredictiveMedium
43ArgumentxxxxxpredictiveLow
44ArgumentxxxxxxpredictiveLow
45ArgumentxxxxxxxxpredictiveMedium
46Argumentxxxx_xxxxxpredictiveMedium
47ArgumentxxxxxxxxxxpredictiveMedium
48ArgumentxxxxpredictiveLow
49Argumentxxxxxxxxx/xxxxxxxpredictiveHigh
50ArgumentxxxpredictiveLow
51ArgumentxxxxxxxxpredictiveMedium
52Argumentxxx_xxxxxx_xxxxxxx_xx_xxxpredictiveHigh
53Input Value'xx x=xpredictiveLow
54Input Value../..predictiveLow
55Input ValuexxxxpredictiveLow
56Input Value<xxx xxx=x xxxxxxx=xxxxxx(x)>predictiveHigh
57Input Valuexxxxxxxx.+xxxpredictiveHigh
58Input Valuexxxxxxxxx/xxxxxxxxxpredictiveHigh
59Input Value{{ }}predictiveLow

References (5)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!