Shiz Analysis

IOB - Indicator of Behavior (95)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en46
de42
zh4
fr2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

de42
us20
cn4
fr2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

TeslaCrypt6
Shiz3
Xpiro3
Chthonic2
Noon1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined48
Router Operating System6
Domain Name Software4
Smartphone Operating System4
WordPress Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined32
Google4
Cisco4
Open Design Alliance4
Samsung4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Dnsmasq4
Google Android4
Open Design Alliance Drawings SDK4
Samsung SmartThings Hub STH-ETH-2504
I-O DATA WN-AX1167GR2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Dnsmasq Pending Request security check4.74.5$0-$5kCalculatingNot DefinedOfficial Fix0.040.14862CVE-2020-25686
2Mikrotik RouterOS Hotspot Process out-of-bounds7.67.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.01086CVE-2022-45313
3ThingsBoard IoT Platform Audit Log cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2022-31861
4centreon Contact Groups Form formContactGroup.php sql injection6.35.8$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00954CVE-2022-3827
5Oracle Java SE Libraries unknown vulnerability3.13.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.030.03932CVE-2016-5542
6HP Network Switch access control6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2015-6859
7Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.110.29797CVE-2014-4078
8uTorrent Web HTTP RPC Server privileges management6.35.9$0-$5k$0-$5kFunctionalOfficial Fix0.000.00954CVE-2018-25040
9Google Android Media Framework access control7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.050.01765CVE-2017-0715
10Cisco Email Security Appliance DANE Email Verification resource management7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.090.01055CVE-2022-20653
11VMware Spring Cloud Function SpEL Expression code injection9.89.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.94581CVE-2022-22963
12Xiaomi AX3600 Interface librsa.so getwifipwdurl buffer overflow5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01086CVE-2020-14124
13Docker Desktop Login log file2.12.1$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2021-45449
14Microsoft Windows Print Spooler resource management5.95.5$25k-$100k$0-$5kFunctionalOfficial Fix0.030.40848CVE-2006-6296
15pug Template injection6.36.1$0-$5k$0-$5kNot DefinedOfficial Fix0.070.06729CVE-2021-21353
16GitLab Webhook server-side request forgery6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.010.00954CVE-2021-22175
17Technicolor TD5336 Web Interface mnt_ping.cgi os command injection9.89.6$0-$5k$0-$5kNot DefinedWorkaround0.000.01055CVE-2017-14127
18Cisco Webex Meetings Desktop App information disclosure4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2021-1372
19Elasticsearch Audit Logging log file4.24.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2020-7021
201Password SCIM Bridge Log File insufficiently protected credentials6.05.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2021-26905

IOC - Indicator of Compromise (35)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
113.107.21.200ShizverifiedHigh
213.107.22.200ShizverifiedHigh
323.56.9.181a23-56-9-181.deploy.static.akamaitechnologies.comShizverifiedHigh
423.253.126.58ShizverifiedHigh
527.86.106.68mx01.au.comShizverifiedHigh
635.229.93.4646.93.229.35.bc.googleusercontent.comShizverifiedMedium
735.231.151.77.151.231.35.bc.googleusercontent.comShizverifiedMedium
8XX.XX.X.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxverifiedHigh
9XX.XX.XX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxverifiedHigh
10XX.XX.XX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxverifiedHigh
11XX.XX.XX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxverifiedHigh
12XX.XX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxverifiedHigh
13XX.XX.XX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxverifiedHigh
14XX.XX.XXX.XXXxxxxxxxxx.xxxxxxxx.xxXxxxverifiedHigh
15XX.XX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxverifiedHigh
16XX.XX.XXX.XXXxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxverifiedHigh
17XX.XX.XXX.XXxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxverifiedHigh
18XX.XX.XXX.XXXXxxxverifiedHigh
19XX.XXX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxverifiedHigh
20XXX.XXX.XXX.XXxxxx-xxx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxverifiedHigh
21XXX.XXX.XXX.XXXXxxxverifiedHigh
22XXX.XXX.XX.XXXx-xxxx.xx-xxxxxx.xxxXxxxverifiedHigh
23XXX.XX.XX.XXXxxxverifiedHigh
24XXX.XX.XX.XXXxxxverifiedHigh
25XXX.XXX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxverifiedHigh
26XXX.XXX.XXX.XXXXxxxverifiedHigh
27XXX.X.XXX.XXxxxxxx.xx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxverifiedHigh
28XXX.XX.XXX.XXXxxxverifiedHigh
29XXX.XX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxverifiedHigh
30XXX.XXX.XX.XXXXxxxverifiedHigh
31XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxverifiedHigh
32XXX.XX.XXX.XXXXxxxverifiedHigh
33XXX.XX.XXX.XXXxxxverifiedHigh
34XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxverifiedHigh
35XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
11TXXXXCWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
15TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (52)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/.htpasswdpredictiveMedium
2File/cgi-bin/nasset.cgipredictiveHigh
3File/index.php/weblinks-categoriespredictiveHigh
4File/MIME/INBOX-MM-1/predictiveHigh
5File/uncpath/predictiveMedium
6File/wp-admin/options-general.phppredictiveHigh
7Filexxxx/xxx/xx.xpredictiveHigh
8Filex:\xxxxxxxx.xxxpredictiveHigh
9Filexxx.xpredictiveLow
10Filexxxxx.xxxpredictiveMedium
11Filexxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxxxxxxx.xxxpredictiveHigh
13Filexx_xxxxxxx.xxxpredictiveHigh
14Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
15Filexxxxxxxxxx.xxxxx.xxxpredictiveHigh
16Filexxxxx.xxx?x=xxxxxxxxpredictiveHigh
17Filexxxxxx.xxpredictiveMedium
18Filexxx_xxxx.xxxpredictiveMedium
19Filexxxxxx_xxxxxxx.xxxpredictiveHigh
20Filexxxxxxx.xpredictiveMedium
21Filexxxx/xxx/xxx_xxxx.xpredictiveHigh
22Filexxxxxxx_xxxxxxxxxxxxx.xxxpredictiveHigh
23Filexxxx_xxxx.xxxpredictiveHigh
24Filexxxxxx_xxxx.xxxpredictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexxxxxx.xxxpredictiveMedium
27Filexxxx.xxpredictiveLow
28Libraryxxx/xxxxxxxx.xxxpredictiveHigh
29Libraryxxxxx.xxxpredictiveMedium
30Argument$_xxxxxx['xxxxx_xxxxxx']predictiveHigh
31ArgumentxxxxxxxxxxpredictiveMedium
32Argumentxx_xxpredictiveLow
33Argumentxxxx_xxpredictiveLow
34Argumentxxxx_xxxxxxx_xxxxpredictiveHigh
35ArgumentxxxxxxxxpredictiveMedium
36ArgumentxxxxxxpredictiveLow
37ArgumentxxpredictiveLow
38ArgumentxxxxxxxpredictiveLow
39Argumentxxxxxxxxxxxxxxxxxx:xxxxxxxxxxxxxxxxpredictiveHigh
40ArgumentxxxxxxxxpredictiveMedium
41ArgumentxxxxpredictiveLow
42ArgumentxxxxxxxxpredictiveMedium
43Argumentxxxxxxxx-xxxx-xxpredictiveHigh
44Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
45Input Value-xpredictiveLow
46Input Valuex%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xxpredictiveHigh
47Input ValuexxxxxxpredictiveLow
48Input Valuexxxxxxxxxx:xxxxxxxxxpredictiveHigh
49Pattern|xx|predictiveLow
50Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh
51Network Portxxx/xxxxxpredictiveMedium
52Network Portxxx xxxxxx xxxxpredictiveHigh

References (6)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!