Shiz Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (169)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en126
de34
zh6
es2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

DE: Germany34
US: USA26
CN: China8
IR: Iran2
TR: Turkey2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Ramnit9
Shiz3
Feodo1
Ircbot1
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined88
Router Operating System8
Operating System6
Programming Language Software6
Domain Name Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined34
SourceCodester30
Linux4
Google4
Microsoft4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

SourceCodester Lost and Found Information System6
Linux Kernel4
SourceCodester Online Exam System4
Dnsmasq4
PHP4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1D-Link DIR-846 QoS POST HNAP1 deserialization8.88.5$5k-$25k$0-$5kProof-of-ConceptNot defined 0.001210.00CVE-2023-6580
2SourceCodester Online Exam System GET Parameter updateCourse.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000530.02CVE-2023-2642
3SourceCodester Online Internship Management System POST Parameter login.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.000530.04CVE-2023-2641
4OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment memory leak6.06.0$0-$5k$0-$5kNot definedOfficial fix 0.000370.02CVE-2023-2618
5OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment null pointer dereference5.65.5$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.000400.05CVE-2023-2617
6SourceCodester Online Reviewer System GET Parameter user-update.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot defined 0.000530.02CVE-2023-2596
7SourceCodester Billing Management System POST Parameter ajax_service.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000530.05CVE-2023-2595
8SourceCodester Food Ordering Management System Registration sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.001050.02CVE-2023-2594
9SourceCodester Multi Language Hotel Management Software POST Parameter ajax.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000700.07CVE-2023-2565
10jja8 NewBingGoGo cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000700.02CVE-2023-2560
11External Media without Import Plugin external-media-without-import.php print_media_new_panel cross site scripting4.44.3$0-$5k$0-$5kNot definedOfficial fix 0.000850.02CVE-2017-20183
12SourceCodester Online Tours & Travels Management System disapprove_delete.php exec sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000520.02CVE-2023-2619
13PHP-Login POST Parameter class.loginscript.php checkLogin sql injection8.18.0$0-$5k$0-$5kNot definedOfficial fix 0.000440.05CVE-2016-15031
14Dnsmasq Pending Request security check4.74.6$0-$5k$0-$5kNot definedOfficial fix 0.005560.00CVE-2020-25686
15SourceCodester Lot Reservation Management System ajax.php cross site scripting4.14.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.000990.02CVE-2024-7284
16SourceCodester Employee and Visitor Gate Pass Logging System Users.php save_users sql injection8.38.1$0-$5k$0-$5kProof-of-ConceptNot defined 0.000460.02CVE-2024-5896
17Linux Kernel start_cpsch initialization6.16.0$0-$5k$0-$5kNot definedOfficial fix 0.000300.00CVE-2021-47551
18Linux Kernel i40e_dbg_dump_desc null pointer dereference5.65.5$0-$5k$0-$5kNot definedOfficial fix 0.000390.00CVE-2021-47501
19Campcodes Legal Case Management System case-type cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot defined 0.000690.04CVE-2024-4724
20RRJ Nueva Ecija Engineer Online Portal Quiz add_quiz.php cross site scripting4.14.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.002270.07CVE-2024-0190

IOC - Indicator of Compromise (36)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
113.107.21.200Shiz11/06/2021verifiedLow
213.107.22.200Shiz11/06/2021verifiedLow
323.56.9.181a23-56-9-181.deploy.static.akamaitechnologies.comShiz11/06/2021verifiedLow
423.253.126.58Shiz11/06/2021verifiedLow
527.86.106.68mx01.au.comShiz05/11/2022verifiedLow
635.229.93.4646.93.229.35.bc.googleusercontent.comShiz04/14/2022verifiedLow
735.231.151.77.151.231.35.bc.googleusercontent.comShiz11/06/2021verifiedLow
845.33.2.79li956-79.members.linode.comShiz11/06/2021verifiedLow
9XX.XX.XX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxx11/06/2021verifiedLow
10XX.XX.XX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx11/06/2021verifiedLow
11XX.XX.XX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx11/06/2021verifiedLow
12XX.XX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx11/06/2021verifiedLow
13XX.XX.XX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxx11/06/2021verifiedLow
14XX.XX.XXX.XXXxxxxxxxxx.xxxxxxxx.xxXxxx11/06/2021verifiedLow
15XX.XX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx11/06/2021verifiedLow
16XX.XX.XXX.XXXxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx11/06/2021verifiedLow
17XX.XX.XXX.XXxxxx-xx.xxxxxxx.xxxxxx.xxxXxxx11/06/2021verifiedLow
18XX.XX.XXX.XXXXxxx06/25/2022verifiedMedium
19XX.XXX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx11/06/2021verifiedLow
20XXX.XXX.XXX.XXxxxx-xxx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxx05/06/2022verifiedLow
21XXX.XXX.XXX.XXXXxxx11/06/2021verifiedLow
22XXX.XXX.XX.XXXx-xxxx.xx-xxxxxx.xxxXxxx11/06/2021verifiedLow
23XXX.XX.XX.XXXxxx11/06/2021verifiedLow
24XXX.XX.XX.XXXxxx11/06/2021verifiedLow
25XXX.XXX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx11/06/2021verifiedLow
26XXX.XXX.XXX.XXXXxxx05/06/2022verifiedLow
27XXX.X.XXX.XXxxxxxx.xx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx05/11/2022verifiedVery Low
28XXX.XX.XXX.XXXxxx05/06/2022verifiedLow
29XXX.XXX.XXX.XXxxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxx02/20/2023verifiedMedium
30XXX.XX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx11/06/2021verifiedLow
31XXX.XXX.XX.XXXXxxx04/14/2022verifiedLow
32XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxx04/14/2022verifiedLow
33XXX.XX.XXX.XXXXxxx05/06/2022verifiedLow
34XXX.XX.XXX.XXXxxx05/06/2022verifiedLow
35XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxx11/06/2021verifiedLow
36XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxx04/14/2022verifiedLow

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
16TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
18TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
20TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
21TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (136)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/.htpasswdpredictiveMedium
2File/admin/ajax.php?action=save_settingspredictiveHigh
3File/admin/budget/manage_budget.phppredictiveHigh
4File/admin/case-typepredictiveHigh
5File/admin/edit_subject.phppredictiveHigh
6File/admin/save_teacher.phppredictiveHigh
7File/admin/service.phppredictiveHigh
8File/api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequestpredictiveHigh
9File/building/backmgr/urlpage/mobileurl/configfile/jx2_config.inipredictiveHigh
10File/cas/logoutpredictiveMedium
11File/cgi-bin/nasset.cgipredictiveHigh
12File/changeimage.phppredictiveHigh
13File/classes/Users.php?f=savepredictiveHigh
14File/dosen/datapredictiveMedium
15File/HNAP1predictiveLow
16File/HNAP1/predictiveLow
17File/xxxxx.xxx/xxxxxxxx-xxxxxxxxxxpredictiveHigh
18File/xxxxxxx/xxxxpredictiveHigh
19File/xxxxx/xxxxpredictiveMedium
20File/xxxxxxxxxx/xxxxpredictiveHigh
21File/xxx/xxxxx?xxxxx=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&xxxxx=xxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
22File/xxxxxxxxx/xxxxpredictiveHigh
23File/xxxx/xxxxx-xx-x/predictiveHigh
24File/xxxxxxxxx/xxxxxx.xxxpredictiveHigh
25File/xxxxxxxx/xxxxxx/xxxxxx/xxxxxx/xxxxxx/xxxxx/xxxx-xxxxxx.xxxpredictiveHigh
26File/xxxx_xxxxx.xxx?xxxxxxxxx=xxxxxxxpredictiveHigh
27File/xxxxxxxx-xxxx/xxx_xx/xxxxxx.xxxxpredictiveHigh
28File/xxxxxxx/predictiveMedium
29File/xx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveHigh
30Filexxx_xxxx.xxxpredictiveMedium
31Filexxxxx/predictiveLow
32Filexxxxx/?xxxx=xxxxxxxxxx/xxxxxx_xxxxxxxxpredictiveHigh
33Filexxxxx/xxxxx.xxxpredictiveHigh
34Filexxxxx/xxxxxxxx_xxxxx_xxxx.xxxpredictiveHigh
35Filexxxxxxxxxx/xxxxx/xxxxxxx_xxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
36Filexxxxx_xxx.xxx?xxxxxx=xxxpredictiveHigh
37Filexxxx.xxxpredictiveMedium
38Filexxxx_xxxxxxx.xxxpredictiveHigh
39Filexxxx/xxx/xx.xpredictiveHigh
40Filex:\xxxxxxxx.xxxpredictiveHigh
41Filex:\xxxxxxx xxxxx (xxx)\xxxxxxxx\xxx\xxxxxx.xxxpredictiveHigh
42Filexxx.xpredictiveLow
43Filexxxxxxx/xxxxxx.xxx?x=xxxx_xxxxxxxpredictiveHigh
44Filexxxxx.xxxpredictiveMedium
45Filexxxxxxxx.xxxpredictiveMedium
46Filexxxxxxxxxx_xxxxxx.xxxpredictiveHigh
47Filexxxxxxxxxxxxx.xxxpredictiveHigh
48Filexxxxxxxx-xxxxx-xxxxxxx-xxxxxx.xxxpredictiveHigh
49Filexxxxxxxxxxxx.xxxpredictiveHigh
50Filexx_xxxxxxx.xxxpredictiveHigh
51Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
52Filexxxxxxxxxx.xxxxx.xxxpredictiveHigh
53Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
54Filexxx/xxxxxx.xxxpredictiveHigh
55Filexxxxx.xxx?x=xxxxxxxxpredictiveHigh
56Filexxxxx/xxxx.xxxpredictiveHigh
57Filexxxxxx.xxpredictiveMedium
58Filexxxxx/xxxxxxx/xxxxx.xxxxxxxxxxx.xxxpredictiveHigh
59Filexxx_xxxx.xxxpredictiveMedium
60Filexxxxxx_xxxxxxx.xxxpredictiveHigh
61Filexxxxxx.xpredictiveMedium
62Filexxxxxx/xxxxxxx/xxxxxxx_xxx_xxxxxx_xxxxxx.xxxpredictiveHigh
63Filexxxxxxxx.xxxpredictiveMedium
64Filexxxxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveHigh
65Filexxxxxxx.xpredictiveMedium
66Filexxxx/xxx/xxx_xxxx.xpredictiveHigh
67Filexxxxxxx_xxxxxxxxxxxxx.xxxpredictiveHigh
68Filexxxx_xxxx.xxxpredictiveHigh
69Filexxxxxx_xxxx.xxxpredictiveHigh
70Filexxxxxxxx.xxxpredictiveMedium
71Filexxxxx.xxxpredictiveMedium
72Filexxxxx/xxxx_xxxx.xxxpredictiveHigh
73Filexxxx_xxxxxx.xxxpredictiveHigh
74Filexxxxxx.xxxpredictiveMedium
75Filexxxxxxx.xxxxpredictiveMedium
76Filexxxx.xxpredictiveLow
77Library/xxxxxxxxxx.xxx.xxxpredictiveHigh
78Libraryxxx/xxxxxxxx.xxxpredictiveHigh
79Libraryxxxxx.xxxpredictiveMedium
80Argument$_xxxxxx['xxxxx_xxxxxx']predictiveHigh
81ArgumentxxxxxpredictiveLow
82Argumentxxxxxxxx_xxxxpredictiveHigh
83ArgumentxxxxxxxxpredictiveMedium
84ArgumentxxxxxxpredictiveLow
85ArgumentxxxxxxxxpredictiveMedium
86Argumentxxxx_xxxx_xxxxpredictiveHigh
87ArgumentxxxxxxxxxxpredictiveMedium
88Argumentxx_xxpredictiveLow
89Argumentxxxxxx_xxpredictiveMedium
90Argumentxxxx_xxpredictiveLow
91Argumentxxxxxxx[x][xxxx]predictiveHigh
92Argumentxxxxxxxxx_xxxxpredictiveHigh
93Argumentxxxx_xxxxxxxxpredictiveHigh
94ArgumentxxxxxpredictiveLow
95Argumentxxxx_xxxxxxx_xxxxpredictiveHigh
96ArgumentxxxxxxxxpredictiveMedium
97ArgumentxxxxxxpredictiveLow
98Argumentxxxxxxxx/xxxxxxx/xxxxxxxpredictiveHigh
99ArgumentxxpredictiveLow
100ArgumentxxxxxpredictiveLow
101ArgumentxxxxxxxpredictiveLow
102ArgumentxxxxxxxxxxpredictiveMedium
103ArgumentxxxxpredictiveLow
104ArgumentxxxxxxpredictiveLow
105ArgumentxxxxxxpredictiveLow
106Argumentxxx_xxxxxxxxpredictiveMedium
107ArgumentxxxxpredictiveLow
108Argumentxxxxxxxxxxxxxxxxxx:xxxxxxxxxxxxxxxxpredictiveHigh
109ArgumentxxxxxxxxpredictiveMedium
110Argumentxxxx xxxxx/xxxx xxxxxxxxxxxpredictiveHigh
111ArgumentxxxxxxxpredictiveLow
112ArgumentxxxxxxxpredictiveLow
113Argumentxxxx/xxxxpredictiveMedium
114ArgumentxxxxpredictiveLow
115Argumentxxxxxxxx_xxxxxxx_xxxxxxx/xxxxxxxx_xxxxxx_xxxxxxxpredictiveHigh
116ArgumentxxxxxxpredictiveLow
117Argumentxxxxxxxxxx_xxxx_xxxxxxxpredictiveHigh
118ArgumentxxxpredictiveLow
119Argumentxxx/xxxxx/xxxxx/xxxxxx/xxxx-xxxxpredictiveHigh
120ArgumentxxxxxxxxpredictiveMedium
121Argumentxxxxxxxx-xxxx-xxpredictiveHigh
122Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
123Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
124Argumentxxxx_xxpredictiveLow
125Input Value-xpredictiveLow
126Input Valuex%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xxpredictiveHigh
127Input ValuexxxxxxpredictiveLow
128Input Value</xxxxx><xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
129Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveHigh
130Input ValuexxxxxpredictiveLow
131Input ValuexxxxxxpredictiveLow
132Input Valuexxxxxxxxxx:xxxxxxxxxpredictiveHigh
133Pattern|xx|predictiveLow
134Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh
135Network Portxxx/xxxxxpredictiveMedium
136Network Portxxx xxxxxx xxxxpredictiveHigh

References (7)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!