Shiz Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (168)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en136
de22
zh6
fr2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA32
DE: Germany22
CN: China8
ES: Spain4
IR: Iran2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Ramnit9
Chthonic2
Dridex1
Shiz1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined80
Router Operating System8
Domain Name Software6
Web Server4
Virtualization Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined42
SourceCodester24
Apache4
Linux4
Google4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

SourceCodester Lost and Found Information System6
Dnsmasq6
Linux Kernel4
SquaredUp4
Google Android4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1D-Link DIR-846 QoS POST deserialization8.88.5$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000640.04CVE-2023-6580
2SourceCodester Online Exam System GET Parameter updateCourse.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001640.04CVE-2023-2642
3SourceCodester Online Internship Management System POST Parameter login.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001640.07CVE-2023-2641
4OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment memory leak6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001530.09CVE-2023-2618
5OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment null pointer dereference5.65.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001770.04CVE-2023-2617
6SourceCodester Online Reviewer System GET Parameter user-update.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.005830.04CVE-2023-2596
7SourceCodester Billing Management System POST Parameter ajax_service.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.005830.04CVE-2023-2595
8SourceCodester Food Ordering Management System Registration sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002430.00CVE-2023-2594
9SourceCodester Multi Language Hotel Management Software POST Parameter ajax.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001010.00CVE-2023-2565
10jja8 NewBingGoGo cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000810.00CVE-2023-2560
11External Media without Import Plugin external-media-without-import.php print_media_new_panel cross site scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000970.04CVE-2017-20183
12SourceCodester Online Tours & Travels Management System disapprove_delete.php exec sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001640.04CVE-2023-2619
13PHP-Login POST Parameter class.loginscript.php checkLogin sql injection8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001440.04CVE-2016-15031
14Dnsmasq Pending Request security check4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.005360.03CVE-2020-25686
15SourceCodester Employee and Visitor Gate Pass Logging System save_users sql injection7.97.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-5896
16Linux Kernel start_cpsch initialization5.75.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2021-47551
17Linux Kernel i40e_dbg_dump_desc null pointer dereference5.75.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2021-47501
18Campcodes Legal Case Management System case-type cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.00CVE-2024-4724
19RRJ Nueva Ecija Engineer Online Portal Quiz add_quiz.php cross site scripting4.14.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000510.04CVE-2024-0190
20Apache ActiveMQ deserialization7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001720.04CVE-2022-41678

IOC - Indicator of Compromise (36)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
113.107.21.200Shiz11/06/2021verifiedMedium
213.107.22.200Shiz11/06/2021verifiedMedium
323.56.9.181a23-56-9-181.deploy.static.akamaitechnologies.comShiz11/06/2021verifiedMedium
423.253.126.58Shiz11/06/2021verifiedMedium
527.86.106.68mx01.au.comShiz05/11/2022verifiedMedium
635.229.93.4646.93.229.35.bc.googleusercontent.comShiz04/14/2022verifiedLow
735.231.151.77.151.231.35.bc.googleusercontent.comShiz11/06/2021verifiedLow
845.33.2.79li956-79.members.linode.comShiz11/06/2021verifiedMedium
9XX.XX.XX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxx11/06/2021verifiedMedium
10XX.XX.XX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx11/06/2021verifiedMedium
11XX.XX.XX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx11/06/2021verifiedMedium
12XX.XX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx11/06/2021verifiedMedium
13XX.XX.XX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxx11/06/2021verifiedMedium
14XX.XX.XXX.XXXxxxxxxxxx.xxxxxxxx.xxXxxx11/06/2021verifiedLow
15XX.XX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx11/06/2021verifiedMedium
16XX.XX.XXX.XXXxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx11/06/2021verifiedMedium
17XX.XX.XXX.XXxxxx-xx.xxxxxxx.xxxxxx.xxxXxxx11/06/2021verifiedMedium
18XX.XX.XXX.XXXXxxx06/25/2022verifiedMedium
19XX.XXX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx11/06/2021verifiedMedium
20XXX.XXX.XXX.XXxxxx-xxx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxx05/06/2022verifiedMedium
21XXX.XXX.XXX.XXXXxxx11/06/2021verifiedMedium
22XXX.XXX.XX.XXXx-xxxx.xx-xxxxxx.xxxXxxx11/06/2021verifiedMedium
23XXX.XX.XX.XXXxxx11/06/2021verifiedMedium
24XXX.XX.XX.XXXxxx11/06/2021verifiedMedium
25XXX.XXX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx11/06/2021verifiedMedium
26XXX.XXX.XXX.XXXXxxx05/06/2022verifiedMedium
27XXX.X.XXX.XXxxxxxx.xx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx05/11/2022verifiedMedium
28XXX.XX.XXX.XXXxxx05/06/2022verifiedMedium
29XXX.XXX.XXX.XXxxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxx02/20/2023verifiedHigh
30XXX.XX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxx11/06/2021verifiedMedium
31XXX.XXX.XX.XXXXxxx04/14/2022verifiedMedium
32XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxx04/14/2022verifiedMedium
33XXX.XX.XXX.XXXXxxx05/06/2022verifiedMedium
34XXX.XX.XXX.XXXxxx05/06/2022verifiedMedium
35XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxx11/06/2021verifiedMedium
36XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxx04/14/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
12TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
16TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
18TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
20TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
21TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (134)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/.htpasswdpredictiveMedium
2File/admin/budget/manage_budget.phppredictiveHigh
3File/admin/case-typepredictiveHigh
4File/admin/edit_subject.phppredictiveHigh
5File/admin/save_teacher.phppredictiveHigh
6File/admin/service.phppredictiveHigh
7File/api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequestpredictiveHigh
8File/building/backmgr/urlpage/mobileurl/configfile/jx2_config.inipredictiveHigh
9File/cas/logoutpredictiveMedium
10File/cgi-bin/nasset.cgipredictiveHigh
11File/changeimage.phppredictiveHigh
12File/classes/Users.php?f=savepredictiveHigh
13File/dosen/datapredictiveMedium
14File/HNAP1predictiveLow
15File/HNAP1/predictiveLow
16File/index.php/weblinks-categoriespredictiveHigh
17File/xxxxxxx/xxxxpredictiveHigh
18File/xxxxx/xxxxpredictiveMedium
19File/xxxxxxxxxx/xxxxpredictiveHigh
20File/xxx/xxxxx?xxxxx=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&xxxxx=xxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
21File/xxxxxxxxx/xxxxpredictiveHigh
22File/xxxx/xxxxx-xx-x/predictiveHigh
23File/xxxxxxxxx/xxxxxx.xxxpredictiveHigh
24File/xxxxxxxx/xxxxxx/xxxxxx/xxxxxx/xxxxxx/xxxxx/xxxx-xxxxxx.xxxpredictiveHigh
25File/xxxx_xxxxx.xxx?xxxxxxxxx=xxxxxxxpredictiveHigh
26File/xxxxxxxx-xxxx/xxx_xx/xxxxxx.xxxxpredictiveHigh
27File/xxxxxxx/predictiveMedium
28File/xx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveHigh
29Filexxx_xxxx.xxxpredictiveMedium
30Filexxxxx/predictiveLow
31Filexxxxx/?xxxx=xxxxxxxxxx/xxxxxx_xxxxxxxxpredictiveHigh
32Filexxxxx/xxxxx.xxxpredictiveHigh
33Filexxxxx/xxxxxxxx_xxxxx_xxxx.xxxpredictiveHigh
34Filexxxxxxxxxx/xxxxx/xxxxxxx_xxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
35Filexxxxx_xxx.xxx?xxxxxx=xxxpredictiveHigh
36Filexxxx.xxxpredictiveMedium
37Filexxxx_xxxxxxx.xxxpredictiveHigh
38Filexxxx/xxx/xx.xpredictiveHigh
39Filex:\xxxxxxxx.xxxpredictiveHigh
40Filex:\xxxxxxx xxxxx (xxx)\xxxxxxxx\xxx\xxxxxx.xxxpredictiveHigh
41Filexxx.xpredictiveLow
42Filexxxxxxx/xxxxxx.xxx?x=xxxx_xxxxxxxpredictiveHigh
43Filexxxxx.xxxpredictiveMedium
44Filexxxxxxxx.xxxpredictiveMedium
45Filexxxxxxxxxx_xxxxxx.xxxpredictiveHigh
46Filexxxxxxxxxxxxx.xxxpredictiveHigh
47Filexxxxxxxx-xxxxx-xxxxxxx-xxxxxx.xxxpredictiveHigh
48Filexxxxxxxxxxxx.xxxpredictiveHigh
49Filexx_xxxxxxx.xxxpredictiveHigh
50Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
51Filexxxxxxxxxx.xxxxx.xxxpredictiveHigh
52Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
53Filexxx/xxxxxx.xxxpredictiveHigh
54Filexxxxx.xxx?x=xxxxxxxxpredictiveHigh
55Filexxxxx/xxxx.xxxpredictiveHigh
56Filexxxxxx.xxpredictiveMedium
57Filexxxxx/xxxxxxx/xxxxx.xxxxxxxxxxx.xxxpredictiveHigh
58Filexxx_xxxx.xxxpredictiveMedium
59Filexxxxxx_xxxxxxx.xxxpredictiveHigh
60Filexxxxxx.xpredictiveMedium
61Filexxxxxx/xxxxxxx/xxxxxxx_xxx_xxxxxx_xxxxxx.xxxpredictiveHigh
62Filexxxxxxxx.xxxpredictiveMedium
63Filexxxxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveHigh
64Filexxxxxxx.xpredictiveMedium
65Filexxxx/xxx/xxx_xxxx.xpredictiveHigh
66Filexxxxxxx_xxxxxxxxxxxxx.xxxpredictiveHigh
67Filexxxx_xxxx.xxxpredictiveHigh
68Filexxxxxx_xxxx.xxxpredictiveHigh
69Filexxxxxxxx.xxxpredictiveMedium
70Filexxxxx.xxxpredictiveMedium
71Filexxxxx/xxxx_xxxx.xxxpredictiveHigh
72Filexxxx_xxxxxx.xxxpredictiveHigh
73Filexxxxxx.xxxpredictiveMedium
74Filexxxxxxx.xxxxpredictiveMedium
75Filexxxx.xxpredictiveLow
76Library/xxxxxxxxxx.xxx.xxxpredictiveHigh
77Libraryxxx/xxxxxxxx.xxxpredictiveHigh
78Libraryxxxxx.xxxpredictiveMedium
79Argument$_xxxxxx['xxxxx_xxxxxx']predictiveHigh
80Argumentxxxxxxxx_xxxxpredictiveHigh
81ArgumentxxxxxxxxpredictiveMedium
82ArgumentxxxxxxpredictiveLow
83ArgumentxxxxxxxxpredictiveMedium
84Argumentxxxx_xxxx_xxxxpredictiveHigh
85ArgumentxxxxxxxxxxpredictiveMedium
86Argumentxx_xxpredictiveLow
87Argumentxxxxxx_xxpredictiveMedium
88Argumentxxxx_xxpredictiveLow
89Argumentxxxxxxx[x][xxxx]predictiveHigh
90Argumentxxxxxxxxx_xxxxpredictiveHigh
91Argumentxxxx_xxxxxxxxpredictiveHigh
92ArgumentxxxxxpredictiveLow
93Argumentxxxx_xxxxxxx_xxxxpredictiveHigh
94ArgumentxxxxxxxxpredictiveMedium
95ArgumentxxxxxxpredictiveLow
96Argumentxxxxxxxx/xxxxxxx/xxxxxxxpredictiveHigh
97ArgumentxxpredictiveLow
98ArgumentxxxxxpredictiveLow
99ArgumentxxxxxxxpredictiveLow
100ArgumentxxxxxxxxxxpredictiveMedium
101ArgumentxxxxpredictiveLow
102ArgumentxxxxxxpredictiveLow
103ArgumentxxxxxxpredictiveLow
104Argumentxxx_xxxxxxxxpredictiveMedium
105ArgumentxxxxpredictiveLow
106Argumentxxxxxxxxxxxxxxxxxx:xxxxxxxxxxxxxxxxpredictiveHigh
107ArgumentxxxxxxxxpredictiveMedium
108Argumentxxxx xxxxx/xxxx xxxxxxxxxxxpredictiveHigh
109ArgumentxxxxxxxpredictiveLow
110ArgumentxxxxxxxpredictiveLow
111Argumentxxxx/xxxxpredictiveMedium
112ArgumentxxxxpredictiveLow
113Argumentxxxxxxxx_xxxxxxx_xxxxxxx/xxxxxxxx_xxxxxx_xxxxxxxpredictiveHigh
114ArgumentxxxxxxpredictiveLow
115Argumentxxxxxxxxxx_xxxx_xxxxxxxpredictiveHigh
116ArgumentxxxpredictiveLow
117Argumentxxx/xxxxx/xxxxx/xxxxxx/xxxx-xxxxpredictiveHigh
118ArgumentxxxxxxxxpredictiveMedium
119Argumentxxxxxxxx-xxxx-xxpredictiveHigh
120Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
121Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
122Argumentxxxx_xxpredictiveLow
123Input Value-xpredictiveLow
124Input Valuex%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xxpredictiveHigh
125Input ValuexxxxxxpredictiveLow
126Input Value</xxxxx><xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
127Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveHigh
128Input ValuexxxxxpredictiveLow
129Input ValuexxxxxxpredictiveLow
130Input Valuexxxxxxxxxx:xxxxxxxxxpredictiveHigh
131Pattern|xx|predictiveLow
132Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh
133Network Portxxx/xxxxxpredictiveMedium
134Network Portxxx xxxxxx xxxxpredictiveHigh

References (7)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!