Shuckworm Analysis

IOB - Indicator of Behavior (246)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en190
zh24
ru18
fr6
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ru68
cn60
us56
gb6
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress10
Microsoft Exchange Server8
Microsoft Windows6
SiteServer CMS4
Kayako SupportSuite4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined3.440.00000CVE-2020-12440
2Microsoft Exchange Server ProxyShell Remote Code Execution9.58.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.150.61804CVE-2021-34473
3WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.230.01034CVE-2022-21664
4VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00954CVE-2019-13275
5Gitea API cross-site request forgery4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00954CVE-2021-45326
6SalesForce Tableau Server Administration Agent path traversal8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.030.01156CVE-2022-22128
7CutePHP CuteNews unrestricted upload7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.35200CVE-2019-11447
8WordPress Object injection5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.01034CVE-2022-21663
9OpenProject Activities API sql injection7.77.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.93596CVE-2019-11600
10Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k and more$0-$5kProof-of-ConceptOfficial Fix0.060.02288CVE-2022-26923
11QNAP QTS Media Library access control8.58.2$0-$5k$0-$5kHighOfficial Fix0.030.27000CVE-2017-13067
12Microsoft Exchange Server Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.31667CVE-2021-42321
13Sophos Firewall User Portal/Webadmin code injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.060.01156CVE-2022-3236
14Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.04187CVE-2011-0643
15Proxmox Virtual Environment/Mail Gateway HTTP Request server-side request forgery8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01018CVE-2022-35508
16Django Admin Interface debug.py cross site scripting6.15.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.23437CVE-2016-6186
17Bitcoin wallet.dat AES Encryption Padding missing encryption7.16.3$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00000
18Qualcomm Snapdragon Auto Crypto Engine uninitialized resource9.89.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2019-2323
19Web Based Quiz System welcome.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2022-32991
20Microsoft Exchange Server Privilege Escalation8.78.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.060.01150CVE-2022-24516

IOC - Indicator of Compromise (59)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.63.157.115-63-157-11.cloudvps.regruhosting.ruShuckwormverifiedHigh
25.252.178.1155-252-178-115.mivocloud.comShuckwormverifiedHigh
35.252.178.120no-rdns.mivocloud.comShuckwormverifiedHigh
45.252.178.1455-252-178-145.mivocloud.comShuckwormverifiedHigh
531.31.203.6131-31-203-61.cloudvps.regruhosting.ruShuckwormverifiedHigh
637.140.197.16537-140-197-165.cloudvps.regruhosting.ruShuckwormverifiedHigh
737.140.197.25137-140-197-251.cloudvps.regruhosting.ruShuckwormverifiedHigh
845.76.169.6245.76.169.62.vultrusercontent.comShuckwormverifiedHigh
970.34.217.070.34.217.0.vultrusercontent.comShuckwormverifiedHigh
1080.78.241.1580-78-241-15.cloudvps.regruhosting.ruShuckwormverifiedHigh
1180.78.245.226srv3.netpatch.ruShuckwormverifiedHigh
1280.78.253.3180-78-253-31.cloudvps.regruhosting.ruShuckwormverifiedHigh
13XX.XX.XXX.XXXxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
14XX.XX.XXX.XXXxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
15XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
16XX.XXX.XX.XXxx-xxx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
17XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
18XX.XXX.XX.XXxx-xxx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
19XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
20XX.XXX.XX.XXXxxxxxxxxxxxxx.xxxXxxxxxxxxverifiedHigh
21XX.XXX.XX.XXxx-xxx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
22XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
23XX.XXX.XX.XXxx-xxx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
24XX.XXX.XX.XXxx-xxx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
25XX.XXX.XXX.XXxx-xxx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
26XX.XXX.XXX.XXxx-xxx-xxx-xx.xxxxxxxxx.xxxXxxxxxxxxverifiedHigh
27XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxxxx.xxxXxxxxxxxxverifiedHigh
28XX.XXX.XXX.XXXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxverifiedHigh
29XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxverifiedHigh
30XXX.X.XXX.XXxxx-x-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
31XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxverifiedHigh
32XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxverifiedHigh
33XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxverifiedHigh
34XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
35XXX.XXX.XXX.XXXxxx.xxxxxx.xxXxxxxxxxxverifiedHigh
36XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
37XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxverifiedHigh
38XXX.XX.XX.XXxxx-xx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
39XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
40XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
41XXX.XX.XX.XXxxx-xx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
42XXX.XX.XX.XXxxx-xx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
43XXX.XXX.XX.XXxx-xxx-xxx-xx-xx.xx-xxxxxx.xxxXxxxxxxxxverifiedHigh
44XXX.XXX.XX.XXXxx-xxx-xxx-xx-xxx.xx-xxxxxx.xxxXxxxxxxxxverifiedHigh
45XXX.XXX.XX.XXXxxxxxx.xxxxxxxx.xxxXxxxxxxxxverifiedHigh
46XXX.XXX.XX.XXXXxxxxxxxxverifiedHigh
47XXX.XXX.XX.XXXxx-xxx-xxx-xx-xxx.xx-xxxxxx.xxxXxxxxxxxxverifiedHigh
48XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
49XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
50XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
51XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
52XXX.XX.XX.XXXxxxxxx-xx.xxxxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
53XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
54XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
55XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
56XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxverifiedHigh
57XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxxx.xxxXxxxxxxxxverifiedHigh
58XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxxx.xxxXxxxxxxxxverifiedHigh
59XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxx.xxxXxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (117)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/RecordingList/DownloadRecord?file=predictiveHigh
2File/dashboard/system/express/entities/forms/save_control/[GUID]predictiveHigh
3File/data/data/com.tronlink.wallet/shared_prefs/<wallet-name>.xmlpredictiveHigh
4File/errorpredictiveLow
5File/forum/away.phppredictiveHigh
6File/gena.cgipredictiveMedium
7File/loginpredictiveLow
8File/php/ajax.phppredictiveHigh
9File/proxypredictiveLow
10File/rapi/read_urlpredictiveHigh
11File/sec/content/sec_asa_users_local_db_add.htmlpredictiveHigh
12File/see_more_details.phppredictiveHigh
13File/sys/user/queryUserComponentDatapredictiveHigh
14File/xxxxxxxx/xxxx_xxxxx.xxxpredictiveHigh
15File/xx-xxxxx/xxxxx-xxxx.xxx?xx_xxxx=x&xxxxxx_xxxxpredictiveHigh
16Filexxxxxxx.xxxpredictiveMedium
17Filexxxxx/xxxxxx/xxxxxxx.xxxpredictiveHigh
18Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
19Filexxxxxxxx.xxpredictiveMedium
20Filexxx/xxx/xxxx-xxxpredictiveHigh
21Filexxx/xxx.xxxpredictiveMedium
22Filexxxxxx/xxx.xpredictiveMedium
23Filexxxxxx/xxxx_xxxxxxxx.xxxpredictiveHigh
24Filexxxxxxxxx.xxx.xxxpredictiveHigh
25Filexxxxx/xxxxx.xxxpredictiveHigh
26Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
27Filexxxx_xxxxx.xxxpredictiveHigh
28Filexxxxx.xxxpredictiveMedium
29Filexxxxxxxxx.xxxxpredictiveHigh
30Filexx/xx-xx.xpredictiveMedium
31Filexxx/xxxx_xxxx.xpredictiveHigh
32Filexxxx_xxxxxx.xpredictiveHigh
33Filexxxx/xxxxxxx.xpredictiveHigh
34Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
35Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
36Filexxxxx.xxxpredictiveMedium
37Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
38Filexxxxxxxxxx.xxxpredictiveHigh
39Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
40Filexxx/xxx.xxxpredictiveMedium
41Filexxx.xpredictiveLow
42Filexxxxxxxxx/xxxxx.xxxpredictiveHigh
43Filexxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxxx.xxxxpredictiveHigh
44Filexxxxxx.xpredictiveMedium
45Filexxxx.xxxpredictiveMedium
46Filexxxxx.xxxpredictiveMedium
47Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
48Filex_xxx.xxxpredictiveMedium
49Filexxxxxxxxxxx_xxxxxx/xxxxxxxxxxxx/xxx_xxxxxxxxxxx.xxxpredictiveHigh
50Filexxxxx.xxxpredictiveMedium
51Filexxx/xxxxxxx_xxxxxxx.xxxpredictiveHigh
52Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictiveHigh
53Filexxxxxxxxxxxx.xxxpredictiveHigh
54Filexxxxxxxx.xxxpredictiveMedium
55Filexxxxxx.xxxxpredictiveMedium
56Filexxxx.xxxpredictiveMedium
57Filexxxxx/xxxxx.xxxpredictiveHigh
58Filexxxxxxxx.xxxpredictiveMedium
59Filexxxx-xxxxxxxx.xxxpredictiveHigh
60Filexxxxx/xxx/xxxxxxx/xxxxxx.xxxpredictiveHigh
61Filexxxxxxxxxxxxxxxxxxxxxxxxxx!xxx.xxxxpredictiveHigh
62FilexxxxxxxxxxpredictiveMedium
63Filexxxxx/xxxxx.xxpredictiveHigh
64Filexxxxxxx/xxxxx.xxxpredictiveHigh
65Filexxxxxx.xxxpredictiveMedium
66Filexxxxxxxx.xpredictiveMedium
67FilexxxxxxxpredictiveLow
68Filexxxxxxx.xxxpredictiveMedium
69Filexx-xxxxx/xxxx-xxx-xxxx.xxxpredictiveHigh
70Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
71Filexx-xxxx/xxx/xx/xxxxxxx/predictiveHigh
72File_xxxxxxxxx_xxxxxx_xxxxx___.xxxpredictiveHigh
73Libraryxxxxxxxx.xxx.xxxxxxxxx.xxxxxx()predictiveHigh
74Libraryxxxxx.xxxpredictiveMedium
75ArgumentxxpredictiveLow
76Argumentxxxxxx_xxxxpredictiveMedium
77ArgumentxxxpredictiveLow
78ArgumentxxxpredictiveLow
79ArgumentxxxxpredictiveLow
80ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
81Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
82Argumentxxxxxx_xxpredictiveMedium
83ArgumentxxxpredictiveLow
84ArgumentxxxxxxxxxxxxxxxpredictiveHigh
85ArgumentxxxxpredictiveLow
86ArgumentxxxxxxxxpredictiveMedium
87Argumentxxxx_xxxxxxxxpredictiveHigh
88ArgumentxxxxxxpredictiveLow
89Argumentxx_xxpredictiveLow
90ArgumentxxxxpredictiveLow
91ArgumentxxxxxxxxpredictiveMedium
92ArgumentxxpredictiveLow
93ArgumentxxxxxxxxxpredictiveMedium
94ArgumentxxxxxxxpredictiveLow
95Argumentxxxx/xxx_xxxxxxxxxpredictiveHigh
96ArgumentxxxpredictiveLow
97ArgumentxxxpredictiveLow
98ArgumentxxxxxxxxpredictiveMedium
99ArgumentxxxxxxxxxpredictiveMedium
100Argumentxx_xxxxpredictiveLow
101Argumentxxxx_xxpredictiveLow
102Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
103ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
104ArgumentxxxxpredictiveLow
105ArgumentxxxxxxxxpredictiveMedium
106ArgumentxxxpredictiveLow
107ArgumentxxxxpredictiveLow
108Argumentxxxx/xx/xxxx/xxxpredictiveHigh
109Argumentxxxxx_xxxxxxpredictiveMedium
110Input Value%xxpredictiveLow
111Input Value.%xx.../.%xx.../predictiveHigh
112Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
113Input ValuexxxxxxxxxxpredictiveMedium
114Network PortxxxxpredictiveLow
115Network Portxxxx xxxxpredictiveMedium
116Network Portxxx/xxxpredictiveLow
117Network Portxxx/xxxx (xx-xxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!