SessionManager Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (21)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

zh12
en6
ja2
pt2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn18
jp2
ir2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Gelsemium2
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined14
Content Management System2
Programming Language Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined10
NVIDIA2
Huawei2
Jfinal2
prototypejs2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

ThinkPHP2
NVIDIA GeForce Experience2
Huawei SXXXX2
OpenLiteSpeed2
Jfinal CMS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1ZCMS ThinkPHP sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.050.00172CVE-2020-19705
2sentry-sdk Session information exposure5.65.6$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00058CVE-2023-28117
3Huawei SXXXX XML Parser input validation3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.030.00055CVE-2017-15346
4prototypejs Prototype JavaScript framework Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00340CVE-2008-7220
5NVIDIA GeForce Experience nvcontainer.exe access control7.06.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2020-5978
6Microsoft Windows Runtime Remote Code Execution8.17.4$100k and more$5k-$25kUnprovenOfficial Fix0.030.59379CVE-2022-21971
7Parallels Plesk Panel index.htm cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00112CVE-2019-18793
8Discuz! admin.php cross site scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.280.00054CVE-2018-19464
9ZCMS sql injection8.58.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00386CVE-2015-7346
10ZCMS cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00058CVE-2019-9078
11Microsoft Windows Print Spooler Local Privilege Escalation7.56.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.030.95984CVE-2021-1675
12Jfinal CMS FileManagerController.java FileManager.rename access control6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000.00195CVE-2020-19155
13Redis BIT Command out-of-bounds7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.01012CVE-2021-32761
14OpenLiteSpeed WebAdmin Console input validation9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00244CVE-2020-5519
15FileZilla Server PORT confused deputy4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00050CVE-2015-10003
16ThinkPHP index.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00173CVE-2018-10225
17Hikvision NVR DS-77xxxNI-E4 PSIA memory corruption6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00100CVE-2015-4407
18FUSE fusermount access control6.56.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.00134CVE-2018-10906

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1202.182.123.185202.182.123.185.vultrusercontent.comSessionManager07/05/2022verifiedHigh
2XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxxxxx07/05/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79Cross Site ScriptingpredictiveHigh
2TXXXXCWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx XxxxxxxpredictiveHigh
3TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (10)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileadmin.phppredictiveMedium
2Fileindex.phppredictiveMedium
3Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHigh
4Filexxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
5Filexxxxxxxxxxx.xxxpredictiveHigh
6Filexxxxxx/xxxxxxx/xx-xx/xxxx/xxxxx.xxxpredictiveHigh
7Filexxxx/xxx.xxx?xx=xxxxxxpredictiveHigh
8ArgumentxxxxxxxxpredictiveMedium
9ArgumentxxxxxxxxpredictiveMedium
10Input ValuexxxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!