Shiz Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en48
de35
zh3
fr1

Country

de35
us20
cn3
fr1
tr1

Actors

Activities

Interest

Product

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Dnsmasq Pending Request security check for standard4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-25686
2Cisco Email Security Appliance DANE Email Verification resource management7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2022-20653
3VMware Spring Cloud Function SpEL Expression code injection9.89.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2022-22963
4Xiaomi AX3600 Interface librsa.so getwifipwdurl buffer overflow5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-14124
5Docker Desktop Login log file2.12.1$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-45449
6Microsoft Windows Print Spooler resource management5.95.5$25k-$100k$0-$5kFunctionalOfficial Fix0.04CVE-2006-6296
7pug Template injection6.36.1$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2021-21353
8GitLab Webhook server-side request forgery6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-22175
9Technicolor TD5336 Web Interface mnt_ping.cgi os command injection9.89.6$0-$5k$0-$5kNot DefinedWorkaround0.00CVE-2017-14127
10Cisco Webex Meetings Desktop App information disclosure4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-1372
11Elasticsearch Audit Logging log file4.24.0$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-7021
121Password SCIM Bridge Log File insufficiently protected credentials6.05.7$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-26905
13CASAP Automated Enrollment System users.php cross site scripting4.44.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.04CVE-2021-3294
14SquaredUp Dashboard cross-site request forgery3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-9388
15SquaredUp Login timing discrepancy2.62.5$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-9389
16SquaredUp Dashboard cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-9390
17JetBrains YouTrack Project information disclosure3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-25771
18Realtek RTL8195A WPA2 Handshake DecWPA2KeyData stack-based overflow6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-25856
19Nextcloud Server Markdown cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-8294
20NetApp Clustered Data ONTAP information disclosure3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-8588

IOC - Indicator of Compromise (34)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
113.107.21.200ShizverifiedHigh
213.107.22.200ShizverifiedHigh
323.56.9.181a23-56-9-181.deploy.static.akamaitechnologies.comShizverifiedHigh
423.253.126.58ShizverifiedHigh
527.86.106.68mx01.au.comShizverifiedHigh
635.229.93.4646.93.229.35.bc.googleusercontent.comShizverifiedMedium
735.231.151.77.151.231.35.bc.googleusercontent.comShizverifiedMedium
8XX.XX.X.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxverifiedHigh
9XX.XX.XX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxverifiedHigh
10XX.XX.XX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxverifiedHigh
11XX.XX.XX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxverifiedHigh
12XX.XX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxverifiedHigh
13XX.XX.XX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxverifiedHigh
14XX.XX.XXX.XXXxxxxxxxxx.xxxxxxxx.xxXxxxverifiedHigh
15XX.XX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxverifiedHigh
16XX.XX.XXX.XXXxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxverifiedHigh
17XX.XX.XXX.XXxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxverifiedHigh
18XX.XXX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxverifiedHigh
19XXX.XXX.XXX.XXxxxx-xxx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxverifiedHigh
20XXX.XXX.XXX.XXXXxxxverifiedHigh
21XXX.XXX.XX.XXXx-xxxx.xx-xxxxxx.xxxXxxxverifiedHigh
22XXX.XX.XX.XXXxxxverifiedHigh
23XXX.XX.XX.XXXxxxverifiedHigh
24XXX.XXX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxverifiedHigh
25XXX.XXX.XXX.XXXXxxxverifiedHigh
26XXX.X.XXX.XXxxxxxx.xx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxverifiedHigh
27XXX.XX.XXX.XXXxxxverifiedHigh
28XXX.XX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxverifiedHigh
29XXX.XXX.XX.XXXXxxxverifiedHigh
30XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxverifiedHigh
31XXX.XX.XXX.XXXXxxxverifiedHigh
32XXX.XX.XXX.XXXxxxverifiedHigh
33XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxverifiedHigh
34XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79Cross Site ScriptingpredictiveHigh
2T1068CWE-264Execution with Unnecessary PrivilegespredictiveHigh
3TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
4TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxx Xx XxxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (49)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/.htpasswdpredictiveMedium
2File/cgi-bin/nasset.cgipredictiveHigh
3File/index.php/weblinks-categoriespredictiveHigh
4File/MIME/INBOX-MM-1/predictiveHigh
5File/uncpath/predictiveMedium
6File/wp-admin/options-general.phppredictiveHigh
7Filexxxx/xxx/xx.xpredictiveHigh
8Filex:\xxxxxxxx.xxxpredictiveHigh
9Filexxx.xpredictiveLow
10Filexxxxx.xxxpredictiveMedium
11Filexxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxxxxxxx.xxxpredictiveHigh
13Filexx_xxxxxxx.xxxpredictiveHigh
14Filexxxxxxxxxx.xxxxx.xxxpredictiveHigh
15Filexxxxx.xxx?x=xxxxxxxxpredictiveHigh
16Filexxxxxx.xxpredictiveMedium
17Filexxx_xxxx.xxxpredictiveMedium
18Filexxxxxx_xxxxxxx.xxxpredictiveHigh
19Filexxxxxxx.xpredictiveMedium
20Filexxxx/xxx/xxx_xxxx.xpredictiveHigh
21Filexxxxxxx_xxxxxxxxxxxxx.xxxpredictiveHigh
22Filexxxx_xxxx.xxxpredictiveHigh
23Filexxxxxx_xxxx.xxxpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxxxxx.xxxpredictiveMedium
26Filexxxx.xxpredictiveLow
27Libraryxxx/xxxxxxxx.xxxpredictiveHigh
28Libraryxxxxx.xxxpredictiveMedium
29Argument$_xxxxxx['xxxxx_xxxxxx']predictiveHigh
30ArgumentxxxxxxxxxxpredictiveMedium
31Argumentxxxx_xxpredictiveLow
32Argumentxxxx_xxxxxxx_xxxxpredictiveHigh
33ArgumentxxxxxxxxpredictiveMedium
34ArgumentxxxxxxpredictiveLow
35ArgumentxxpredictiveLow
36ArgumentxxxxxxxpredictiveLow
37Argumentxxxxxxxxxxxxxxxxxx:xxxxxxxxxxxxxxxxpredictiveHigh
38ArgumentxxxxxxxxpredictiveMedium
39ArgumentxxxxpredictiveLow
40ArgumentxxxxxxxxpredictiveMedium
41Argumentxxxxxxxx-xxxx-xxpredictiveHigh
42Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
43Input Value-xpredictiveLow
44Input Valuex%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xxpredictiveHigh
45Input ValuexxxxxxpredictiveLow
46Input Valuexxxxxxxxxx:xxxxxxxxxpredictiveHigh
47Pattern|xx|predictiveLow
48Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh
49Network Portxxx xxxxxx xxxxpredictiveHigh

References (5)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!