SessionManager Analysisinfo

IOB - Indicator of Behavior (25)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en14
zh10
ja2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

FUSE2
Google Chrome2
Redis2
sentry-sdk2
OpenLiteSpeed2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1ZCMS ThinkPHP index.php sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.001980.00CVE-2020-19705
2sentry-sdk Session information exposure5.65.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000900.00CVE-2023-28117
3IBM CTSS Text Editor Password information disclosure3.33.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.03
4Permalink Manager Lite Plugin cross site scripting4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2024-2738
5Michael Leithold DSGVO All in One for WP Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-27967
6Google Chrome V8 Remote Code Execution8.07.9$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000560.04CVE-2024-2625
7Huawei SXXXX XML Parser input validation3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000630.05CVE-2017-15346
8prototypejs Prototype JavaScript framework Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.004060.05CVE-2008-7220
9NVIDIA GeForce Experience nvcontainer.exe access control7.06.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2020-5978
10Microsoft Windows Runtime uninitialized pointer8.17.7$25k-$100k$5k-$25kHighOfficial Fix0.205370.04CVE-2022-21971
11Parallels Plesk Panel index.htm cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001120.00CVE-2019-18793
12Discuz! admin.php cross site scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000540.03CVE-2018-19464
13ZCMS sql injection8.58.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.003860.00CVE-2015-7346
14ZCMS ask.php cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2019-9078
15Microsoft Windows Print Spooler Local Privilege Escalation7.77.3$25k-$100k$0-$5kHighOfficial Fix0.966400.04CVE-2021-1675
16Jfinal CMS FileManagerController.java FileManager.rename access control6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.002020.00CVE-2020-19155
17Redis BIT Command out-of-bounds7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.017130.00CVE-2021-32761
18OpenLiteSpeed WebAdmin Console input validation9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.002440.04CVE-2020-5519
19FileZilla Server PORT confused deputy4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.18CVE-2015-10003
20ThinkPHP index.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001730.04CVE-2018-10225

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1202.182.123.185202.182.123.185.vultrusercontent.comSessionManager07/05/2022verifiedLow
2XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxxxxx07/05/2022verifiedLow

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (10)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileadmin.phppredictiveMedium
2Fileindex.phppredictiveMedium
3Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHigh
4Filexxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
5Filexxxxxxxxxxx.xxxpredictiveHigh
6Filexxxxxx/xxxxxxx/xx-xx/xxxx/xxxxx.xxxpredictiveHigh
7Filexxxx/xxx.xxx?xx=xxxxxxpredictiveHigh
8ArgumentxxxxxxxxpredictiveMedium
9ArgumentxxxxxxxxpredictiveMedium
10Input ValuexxxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!