Scarlet Mimic Analysis

IOB - Indicator of Behavior (101)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en100
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us80
cn16
gb4
in2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome6
Google Android2
Comcast DPC39392
NQ Contacts Backup 2
Restore2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1mcart.xls Module mcart_xls_import.php sql injection7.17.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00465CVE-2015-8356
2EasyCom PHP API memory corruption8.57.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.37042CVE-2017-5358
3DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.770.00943CVE-2010-0966
4PbootCMS SingleController.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00221CVE-2018-18450
5PoDoFo PDF File PdfXRefStreamParserObject.cpp ParseStream integer overflow5.45.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00075CVE-2018-5295
6Landing Pages Plugin injection8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.02034CVE-2015-5227
7Piwik Controller.php saveLayout code injection6.35.9$0-$5k$0-$5kFunctionalOfficial Fix0.020.00000
8Moxa AWK-3131A Web Application null pointer dereference7.27.2$0-$5kCalculatingNot DefinedNot Defined0.000.00176CVE-2016-8723
9Image Sharing Script postComment.php Stored cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00000
10Linux Kernel tmpfs System posix_acl.c simple_set_acl access control4.94.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00042CVE-2017-5551
11Netgear R8000 Password Recovery passwordrecovered.cgi information disclosure6.76.7$5k-$25k$0-$5kHighNot Defined0.020.97402CVE-2017-5521
12libtorrent GZIP Response puff.cpp construct input validation5.95.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00397CVE-2016-7164
13Tongda OA 2017 delete.php sql injection6.96.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.00063CVE-2024-1252
14Ecommerce Online Store Kit shop.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.03763CVE-2004-0300
15D-Link DIR-823G HNAP1 access control5.55.3$5k-$25k$5k-$25kNot DefinedNot Defined0.020.00321CVE-2021-43474
16Juniper ScreenOS SSH/Telnet improper authentication9.88.8$25k-$100k$0-$5kHighOfficial Fix0.050.97054CVE-2015-7755
17WarHound WarHound General Shopping Cart item.asp sql injection7.36.9$0-$5kCalculatingProof-of-ConceptNot Defined0.000.00463CVE-2006-6206
18Adobe Magento Customers Module improper authorization5.04.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00090CVE-2021-28567
19Google Android SimpleDecodingSource.cpp doRead privileges management9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00120CVE-2021-39623
20Royal TS Tunnel Authentication excessive authentication5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00735CVE-2020-13872

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Uyghurs

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Path TraversalpredictiveHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/ajax-files/postComment.phppredictiveHigh
3File/cgi-bin/passpredictiveHigh
4File/cgi-bin/wapopenpredictiveHigh
5File/general/attendance/manage/ask_duty/delete.phppredictiveHigh
6File/passwordrecovered.cgipredictiveHigh
7File/plugins/Dashboard/Controller.phppredictiveHigh
8Filexxxxx/xxxxx_xxx_xxxxxx.xxxpredictiveHigh
9Filexxxxx/xxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx/xxxxx.xxpredictiveHigh
10Filexxxx\xxxxx\xxxxxxxxxx\xxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictiveHigh
11Filexxxxxxxx.xxxpredictiveMedium
12Filexxxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxxxx\xxxxxxxxxx\xxxxx\xxxxxx.xxxpredictiveHigh
15Filexxxxxx/xxxx.xpredictiveHigh
16Filexxx.xxxxxxx.xxxpredictiveHigh
17Filexxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxx/xxxxxxxxxx/xxxxxx-xxx.xpredictiveHigh
20Filexxxxxxxxx/xxxxxxx/xxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
21Filexxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
22Filexx/xxxxx_xxx.xpredictiveHigh
23Filexxx/xxx.xxxpredictiveMedium
24Filexxx/xxxxxx.xxxpredictiveHigh
25Filexxxxxxx.xxxpredictiveMedium
26Filexxxx.xxxpredictiveMedium
27Filexxxxxxx.xxxpredictiveMedium
28Filexxxxx.xxxpredictiveMedium
29Filexxxxxxxxx.xxxpredictiveHigh
30Filexxxx_xxxxxxxxxx.xxxpredictiveHigh
31Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
32Filexxxx.xxxpredictiveMedium
33Filexxxx.xxxpredictiveMedium
34Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
35Filexxxxxx/xxxxxx_xxxxxxxxxxx.xxxpredictiveHigh
36Filexxxxxxxxxxxx.xxxpredictiveHigh
37Filexx-xxxxx/xxxx.xxxpredictiveHigh
38Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
39Argumentxxx_xxxx_xxpredictiveMedium
40ArgumentxxxxxxxxpredictiveMedium
41Argumentxxxxxxx xxxxpredictiveMedium
42Argumentxxxxxxxxx->xxxxxxxxxpredictiveHigh
43ArgumentxxxxxxxxxxpredictiveMedium
44ArgumentxxpredictiveLow
45Argumentxx/xxx/xxxxxpredictiveMedium
46ArgumentxxxxxxxxxxxpredictiveMedium
47ArgumentxxxxxpredictiveLow
48ArgumentxxxxxxpredictiveLow
49ArgumentxxxxxxxxpredictiveMedium
50Argumentxxxx_xxxxxpredictiveMedium
51ArgumentxxxxxxxxxxpredictiveMedium
52ArgumentxxxxpredictiveLow
53Argumentxxxxxxxxx/xxxxxxxpredictiveHigh
54ArgumentxxxpredictiveLow
55ArgumentxxxxxxxxpredictiveMedium
56Argumentxxx_xxxxxx_xxxxxxx_xx_xxxpredictiveHigh
57Input Value'xx x=xpredictiveLow
58Input Value../..predictiveLow
59Input ValuexxxxpredictiveLow
60Input Value<xxx xxx=x xxxxxxx=xxxxxx(x)>predictiveHigh
61Input Valuexxxxxxxx.+xxxpredictiveHigh
62Input Valuexxxxxxxxx/xxxxxxxxxpredictiveHigh
63Input Value{{ }}predictiveLow

References (5)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!