SideCopy Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en891
de33
zh24
fr12
es11

Country

nl755
us164
de16
pt6
es2

Actors

Domestic Kitten151
CetaRAT147
Charming Kitten138
SideCopy47
APT3644

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Product

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.10CVE-2019-7550
2nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined2.29CVE-2020-12440
3Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2021-34530
4Microsoft Windows Event Tracing Privilege Escalation7.36.3$25k-$100k$25k-$100kUnprovenOfficial Fix0.03CVE-2021-34487
5Huawei ACXXXX/SXXXX SSH Packet input validation7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix2.57CVE-2014-8572
6Apache HTTP Server mod_rewrite redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.33CVE-2020-1927
7Microsoft .NET Core/Visual Studio denial of service6.45.5$5k-$25k$0-$5kUnprovenOfficial Fix0.04CVE-2021-26423
8Microsoft Windows TCP/IP Stack Privilege Escalation9.98.6$100k and more$25k-$100kUnprovenOfficial Fix0.06CVE-2021-26424
9Microsoft Windows Event Tracing Privilege Escalation8.37.3$100k and more$25k-$100kUnprovenOfficial Fix0.00CVE-2021-26425
10Microsoft Windows Bluetooth Driver Privilege Escalation8.37.3$100k and more$25k-$100kUnprovenOfficial Fix0.09CVE-2021-34537
11Microsoft Dynamics 365 Privilege Escalation8.57.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2021-34524
12Microsoft Windows Storage Spaces Controller Local Privilege Escalation7.86.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2021-34536
13Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2021-34533
14Microsoft Windows Services for NFS ONCRPC XDR Driver information disclosure6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2021-36926
15Microsoft ASP.NET Core/Visual Studio information disclosure4.94.3$5k-$25k$0-$5kUnprovenOfficial Fix0.03CVE-2021-34532
16Microsoft Windows Services for NFS ONCRPC XDR Driver information disclosure6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2021-36933
17Microsoft Windows Remote Desktop Client Remote Code Execution8.87.9$100k and more$25k-$100kProof-of-ConceptOfficial Fix0.00CVE-2021-34535
18Microsoft Windows Media MPEG-4 Video Decoder Remote Code Execution8.37.3$100k and more$25k-$100kUnprovenOfficial Fix0.03CVE-2021-36937
19Microsoft Windows Cryptographic Primitives Library information disclosure4.94.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2021-36938
20Microsoft Windows MSHTML Platform Remote Code Execution5.95.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.05CVE-2021-34534

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
1109.236.85.152customer.worldstream.nlSideCopyverifiedHigh
2144.91.65.100vmi652772.contaboserver.netSideCopyverifiedHigh
3144.91.87.179vmi778487.contaboserver.netSideCopyverifiedHigh
4144.91.91.236vmi512038.contaboserver.netSideCopyverifiedHigh
5XXX.XXX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
6XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxx.xxxXxxxxxxxverifiedMedium
7XXX.XX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
8XXX.XX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
9XXX.XX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
10XXX.XX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
11XXX.XX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
12XXX.XX.XX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
13XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
14XXX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
15XXX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh
16XXX.XXX.XX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
3TXXXX.XXXCWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
4TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
7TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxx Xx XxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (250)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.travis.ymlpredictiveMedium
2File/.envpredictiveLow
3File/admin.phppredictiveMedium
4File/dvcset/sysset/set.cgipredictiveHigh
5File/edit-db.phppredictiveMedium
6File/file?action=download&filepredictiveHigh
7File/installers/common.shpredictiveHigh
8File/medical/inventories.phppredictiveHigh
9File/monitoringpredictiveMedium
10File/NAGErrorspredictiveMedium
11File/plugins/servlet/audit/resourcepredictiveHigh
12File/plugins/servlet/project-config/PROJECT/rolespredictiveHigh
13File/replicationpredictiveMedium
14File/RestAPIpredictiveMedium
15File/tmppredictiveLow
16File/tmp/speedtest_urls.xmlpredictiveHigh
17File/tmp/zarafa-vacation-*predictiveHigh
18File/uncpath/predictiveMedium
19File/uploadpredictiveLow
20File/var/log/nginxpredictiveHigh
21File/vloggers_merch/classes/Master.php?f=delete_orderpredictiveHigh
22Fileadclick.phppredictiveMedium
23Fileadmin-ajax.php?action=get_wdtable order[0][dir]predictiveHigh
24Fileadmin/index.phppredictiveHigh
25Fileadmin\model\catalog\download.phppredictiveHigh
26Fileapcupsd.pidpredictiveMedium
27Fileapi/sms/send-smspredictiveHigh
28Fileapi/v1/alarmspredictiveHigh
29Filexxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
30Filexxxx/xxxxxxx/xxx/xxxxxx_xxxx.xpredictiveHigh
31Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
32Filexxxx-xxxx.xpredictiveMedium
33Filexxxx-xxxxxxx.xpredictiveHigh
34Filexxxx/xxxxxxx.xxxpredictiveHigh
35Filexxxxxx_xxxx.xxxpredictiveHigh
36Filexxxxx.xxxpredictiveMedium
37Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxpredictiveHigh
38Filexxxxxxxx.xxxpredictiveMedium
39Filexxxxxxxx.xxxpredictiveMedium
40Filexxxx.xxxpredictiveMedium
41Filexxx-xxx/xxxxpredictiveMedium
42Filexxx-xxx/xx.xxxpredictiveHigh
43Filexxx/xxxxxxx.xxpredictiveHigh
44Filexxxx_xxxxxx.xpredictiveHigh
45Filexxxxxx.xxxpredictiveMedium
46Filexxx_xxxxxx.xxxpredictiveHigh
47Filexxx.xxxpredictiveLow
48Filexxxxxxx.xxxpredictiveMedium
49Filexxxxxx.xxxpredictiveMedium
50Filexxxxxxxx.xxpredictiveMedium
51Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
52Filexxxxxx.xxxpredictiveMedium
53Filexxxxxxx.xxxpredictiveMedium
54Filexxxx_xxxxxx.xxxpredictiveHigh
55Filexxxxxxx/xxx/xxxx/xxxx.xpredictiveHigh
56Filexxxxxxx/xxxx/xxxx_xxxxxxxxx_xxxxx.xpredictiveHigh
57Filexxxxxxx_xxxx_xxxxxx_xxxx.xxxpredictiveHigh
58Filexxxx.xxxpredictiveMedium
59Filexxx/xxxxxxxx/xxxx.xpredictiveHigh
60Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xpredictiveHigh
61Filexxxxxx.xxxpredictiveMedium
62Filexxx_xxxx.xpredictiveMedium
63Filexxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
64Filexx/xxxxxxxxx.xpredictiveHigh
65Filexx/xxxxx.xpredictiveMedium
66Filexx.xxxxx.xxxpredictiveMedium
67Filexxxxxxxxxx.xxpredictiveHigh
68Filexxxxxxxxxxxxx.xxxxpredictiveHigh
69Filexxxxxxxxxx.xxxpredictiveHigh
70Filexxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
71Filexxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
72Filexxxxxx_xxxxx_xxxxxxx.xpredictiveHigh
73Filexxx/xxxxxxxx.xxxpredictiveHigh
74Filexxx/xxxxxx.xxxpredictiveHigh
75Filexxxxxxx/xxxxx/xxx_xxxx.xpredictiveHigh
76Filexxxxxxx/xxxx.xxxpredictiveHigh
77Filexxxxxxxx/xxxxx-xxxxxxxxx.xxxpredictiveHigh
78Filexxxxx.xxpredictiveMedium
79Filexxxxx.xxxpredictiveMedium
80Filexxxxx.xxx?xx=xxxxxxxx.xxxxxxpredictiveHigh
81Filexxxxxxxxx/xxxxx/xxx_xxx/xxxx.xxxpredictiveHigh
82Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
83Filexxxxx.xxxxxxx.xxxpredictiveHigh
84Filexxxx_xxxx.xxxpredictiveHigh
85Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
86Filexxxxxx/xxxxx/xxxxx_xxxxxx_xxxxxx.xpredictiveHigh
87Filexxx/xxxx/xxx.x/xxxx_xxxxxx.xpredictiveHigh
88Filexxxxxxx/xx_xxx.xpredictiveHigh
89Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
90Filexxxx.xxxpredictiveMedium
91Filexxxxx.xxxpredictiveMedium
92Filexxxxx.xxxpredictiveMedium
93Filexxxxx.xxxpredictiveMedium
94Filexxxxxxxxxx/xxxxxxxx.xpredictiveHigh
95Filexxxx.xpredictiveLow
96Filexxxxxxx.xxxpredictiveMedium
97Filexxxxxx_xxxxx_xxxxxxx.xpredictiveHigh
98Filexxxxxxxxxxxxxxxx.xpredictiveHigh
99Filexxxxxxxxx/xxxx-xxxxpredictiveHigh
100Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveHigh
101Filexxxx.xxxpredictiveMedium
102Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
103Filexxx_xx.xpredictiveMedium
104Filexxxxx/xxxxxxx/predictiveHigh
105Filexxx.xxpredictiveLow
106Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
107Filexxxxxxxxx.xxx.xxxpredictiveHigh
108Filexxxxxxx.xxxpredictiveMedium
109Filexxxxxx.xxxpredictiveMedium
110Filexxxxxxxxxxxxx.xxxpredictiveHigh
111Filexxxxxxxxxxxx.xxxpredictiveHigh
112Filexxxxx.xxxpredictiveMedium
113Filexxxx.xxxpredictiveMedium
114Filexxxxxxxxxx.xxxpredictiveHigh
115Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
116Filexxxxxxxx.xxxxxxpredictiveHigh
117Filexxx_xxxxxx/xxxxxx/xxxxxxxxxxxxpredictiveHigh
118Filexxxxxxxx.xxxpredictiveMedium
119Filexxxxxxx.xpredictiveMedium
120Filexxxxxxx.xxxpredictiveMedium
121Filexxxxx.xxxpredictiveMedium
122Filexxxxxxxx.xxxpredictiveMedium
123Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
124Filexxxxxxxx_xxxx.xxxpredictiveHigh
125Filexxxxxxxxxx/xxxxxxxxxx_xxxx.xxx?xxxxxx=xxxxxxpredictiveHigh
126Filexxx.xpredictiveLow
127Filexxxxxx.xpredictiveMedium
128Filexxxxxxxxxxxxxx.xxxpredictiveHigh
129Filexxxxx.xxxpredictiveMedium
130Filexxxxx.xxxpredictiveMedium
131Filexxxx-xxxxxx.xpredictiveHigh
132Filexxxx.xxxpredictiveMedium
133Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
134Filexxxxxxx.xpredictiveMedium
135Filexxxxxxx.xxxpredictiveMedium
136Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
137Filexxxxxxxxxx.xpredictiveMedium
138Filexxxxxx.xxxpredictiveMedium
139Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxx.xxxpredictiveHigh
140Filexxxxxxxxx.xpredictiveMedium
141Filexxxxx/xxxxx.xxpredictiveHigh
142Filexxxxxx.xxxpredictiveMedium
143Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
144Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxxxxx-xpredictiveHigh
145Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
146Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
147Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
148Filexx_xxxxxxx.xpredictiveMedium
149Filexxxxxx.x/xxxxx.x/xxxx.xpredictiveHigh
150File~/xxxx/xxx/xxxxxxx/xxxxxxxxxx/xxxxxx.xxxpredictiveHigh
151Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxxx.xxxpredictiveHigh
152Libraryxxxxxxx.xxxpredictiveMedium
153Libraryxxxxxxxxx.xxxpredictiveHigh
154Libraryxxxxxxxx.xxxpredictiveMedium
155Libraryxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
156Libraryxxxxxxxxxx/xxxxxxxx.xpredictiveHigh
157Libraryxxxxxxxx.xxxpredictiveMedium
158Libraryxxxxx.xxxpredictiveMedium
159Libraryxxxxxxxx.xxxpredictiveMedium
160Argument-xpredictiveLow
161ArgumentxxxxxxpredictiveLow
162Argumentxxxxx.xxxxxxxxpredictiveHigh
163ArgumentxxxxxxxxpredictiveMedium
164ArgumentxxxxxxpredictiveLow
165ArgumentxxxxxxxxxxpredictiveMedium
166ArgumentxxxpredictiveLow
167ArgumentxxxxxpredictiveLow
168Argumentxxx_xxpredictiveLow
169ArgumentxxxxxxxxxxxxxxxpredictiveHigh
170Argumentxxxx_xxpredictiveLow
171Argumentxxxxxxx-xxxxxxpredictiveHigh
172ArgumentxxxxxxxxxxpredictiveMedium
173ArgumentxxxxxxxpredictiveLow
174Argumentxxxxxxx_xxxx->xxx($xxxxxxxx)predictiveHigh
175ArgumentxxxxxxxpredictiveLow
176ArgumentxxxxpredictiveLow
177ArgumentxxxxxxxxxxxpredictiveMedium
178ArgumentxxxxxxxxxxxpredictiveMedium
179Argumentxxxxxxxxx->xxxxxxxxxpredictiveHigh
180ArgumentxxxxpredictiveLow
181ArgumentxxxxxxxpredictiveLow
182ArgumentxxxxpredictiveLow
183Argumentxxxx_xxpredictiveLow
184ArgumentxxxxxxxxxxpredictiveMedium
185ArgumentxxxxxxxxxpredictiveMedium
186ArgumentxxxxxxxxpredictiveMedium
187ArgumentxxpredictiveLow
188ArgumentxxxxxxxxxpredictiveMedium
189Argumentxxxx_xxpredictiveLow
190Argumentxxxx_xxxxxx_xxxxx/xxxx_xxxxxx_xxxx_xxxxxxpredictiveHigh
191ArgumentxxxxxxxxxxpredictiveMedium
192Argumentxxxxxxxxx/xxxxxxxxxpredictiveHigh
193ArgumentxxxxxxxxpredictiveMedium
194ArgumentxxxpredictiveLow
195Argumentxx_xxxxpredictiveLow
196ArgumentxxxxpredictiveLow
197ArgumentxxxxxxpredictiveLow
198ArgumentxxpredictiveLow
199Argumentxxxxxxx/xxxx/xxxxxxxxpredictiveHigh
200ArgumentxxxxxpredictiveLow
201Argumentxxxxx/xxxxxxpredictiveMedium
202Argumentxxxx_xxxxpredictiveMedium
203ArgumentxxxxxxxxpredictiveMedium
204ArgumentxxxxxxxxpredictiveMedium
205ArgumentxxxxxxxxxpredictiveMedium
206Argumentxxx_xxxpredictiveLow
207Argumentxxxxxxxx_xxxxxpredictiveHigh
208ArgumentxxxxxxpredictiveLow
209ArgumentxxxxxxpredictiveLow
210Argumentxx_xxxxxxx_xxxxxxxpredictiveHigh
211ArgumentxxxxxpredictiveLow
212Argumentxxxxxxx_xxxpredictiveMedium
213ArgumentxxxxxxxxxxpredictiveMedium
214ArgumentxxxxpredictiveLow
215ArgumentxxxxxxpredictiveLow
216Argumentxxxxxxxx_xxxxxpredictiveHigh
217ArgumentxxxxxxpredictiveLow
218ArgumentxxxpredictiveLow
219ArgumentxxxxxxpredictiveLow
220ArgumentxxxxxxxxxpredictiveMedium
221ArgumentxxxxxxxxxpredictiveMedium
222ArgumentxxxxxxxpredictiveLow
223ArgumentxxxpredictiveLow
224ArgumentxxxpredictiveLow
225ArgumentxxxxpredictiveLow
226Argumentxxxxxxxx-xxxxxxxxpredictiveHigh
227ArgumentxxxpredictiveLow
228ArgumentxxxxpredictiveLow
229ArgumentxxxxxxxxpredictiveMedium
230ArgumentxxxxxpredictiveLow
231Argumentxxxx->xxxxxxxpredictiveHigh
232Argumentx-xxxx-xxpredictiveMedium
233Argument\xxxxxx\predictiveMedium
234Argument_xxx_xxxxxxx_xxxxxxx_xxxxxxxxxxxxx_xxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxpredictiveHigh
235Argument_xxx_xxxxxxxxxxx_predictiveHigh
236Input Value.%xx.../.%xx.../predictiveHigh
237Input Value../predictiveLow
238Input Value//predictiveLow
239Input Valuexxx xxxxxxxxpredictiveMedium
240Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
241Input Valuexxxxxxx_xxxxx.xxxxxxx_xxxxxxxpredictiveHigh
242Input Value\xpredictiveLow
243Pattern() {predictiveLow
244Patternxxxxxxx.xxxpredictiveMedium
245Pattern|xx|predictiveLow
246Network PortxxxxxpredictiveLow
247Network Portxx xxxxxxx xxx.xx.xx.xxpredictiveHigh
248Network Portxxx/xx (xxxxxx)predictiveHigh
249Network Portxxx/xxxxxpredictiveMedium
250Network Portxxx xxxxxx xxxxpredictiveHigh

References (5)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!