SideCopy Analysis
Activities
Timeline
The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.
Activities
Interest
Vulnerabilities
IOC - Indicator of Compromise (16)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (9)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Vulnerabilities | Access Vector | Type | Confidence |
---|---|---|---|---|---|
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | predictive | High |
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | predictive | High |
3 | TXXXX.XXX | CWE-XXX, CWE-XXX | Xxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx Xxxxxxxx | predictive | High |
4 | TXXXX | CWE-XXX | 7xx Xxxxxxxx Xxxxxxxx | predictive | High |
5 | TXXXX | CWE-XXX | Xxxxxxxxxx Xxxxxx | predictive | High |
6 | TXXXX | CWE-XXX | Xxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxx | predictive | High |
7 | TXXXX | CWE-XXX, CWE-XXX | Xxxxxxxxxxx Xxxxxxx Xx Xxxxxxxxxxx | predictive | High |
8 | TXXXX.XXX | CWE-XXX | Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx | predictive | High |
9 | TXXXX | CWE-XXX, CWE-XXX | Xxxxxxxxxxxxx Xxxxxx | predictive | High |
IOA - Indicator of Attack (250)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Class | Indicator | Type | Confidence |
---|---|---|---|---|
1 | File | .travis.yml | predictive | Medium |
2 | File | /.env | predictive | Low |
3 | File | /admin.php | predictive | Medium |
4 | File | /dvcset/sysset/set.cgi | predictive | High |
5 | File | /edit-db.php | predictive | Medium |
6 | File | /file?action=download&file | predictive | High |
7 | File | /installers/common.sh | predictive | High |
8 | File | /medical/inventories.php | predictive | High |
9 | File | /monitoring | predictive | Medium |
10 | File | /NAGErrors | predictive | Medium |
11 | File | /plugins/servlet/audit/resource | predictive | High |
12 | File | /plugins/servlet/project-config/PROJECT/roles | predictive | High |
13 | File | /replication | predictive | Medium |
14 | File | /RestAPI | predictive | Medium |
15 | File | /tmp | predictive | Low |
16 | File | /tmp/speedtest_urls.xml | predictive | High |
17 | File | /tmp/zarafa-vacation-* | predictive | High |
18 | File | /uncpath/ | predictive | Medium |
19 | File | /upload | predictive | Low |
20 | File | /var/log/nginx | predictive | High |
21 | File | /vloggers_merch/classes/Master.php?f=delete_order | predictive | High |
22 | File | adclick.php | predictive | Medium |
23 | File | admin-ajax.php?action=get_wdtable order[0][dir] | predictive | High |
24 | File | admin/index.php | predictive | High |
25 | File | admin\model\catalog\download.php | predictive | High |
26 | File | apcupsd.pid | predictive | Medium |
27 | File | api/sms/send-sms | predictive | High |
28 | File | api/v1/alarms | predictive | High |
29 | File | xxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxx | predictive | High |
30 | File | xxxx/xxxxxxx/xxx/xxxxxx_xxxx.x | predictive | High |
31 | File | xxxxxxxxxxxxxxxx.xxx | predictive | High |
32 | File | xxxx-xxxx.x | predictive | Medium |
33 | File | xxxx-xxxxxxx.x | predictive | High |
34 | File | xxxx/xxxxxxx.xxx | predictive | High |
35 | File | xxxxxx_xxxx.xxx | predictive | High |
36 | File | xxxxx.xxx | predictive | Medium |
37 | File | x:\xxxxxxx\xxxxxxxx\xxxxxx\xxx | predictive | High |
38 | File | xxxxxxxx.xxx | predictive | Medium |
39 | File | xxxxxxxx.xxx | predictive | Medium |
40 | File | xxxx.xxx | predictive | Medium |
41 | File | xxx-xxx/xxxx | predictive | Medium |
42 | File | xxx-xxx/xx.xxx | predictive | High |
43 | File | xxx/xxxxxxx.xx | predictive | High |
44 | File | xxxx_xxxxxx.x | predictive | High |
45 | File | xxxxxx.xxx | predictive | Medium |
46 | File | xxx_xxxxxx.xxx | predictive | High |
47 | File | xxx.xxx | predictive | Low |
48 | File | xxxxxxx.xxx | predictive | Medium |
49 | File | xxxxxx.xxx | predictive | Medium |
50 | File | xxxxxxxx.xx | predictive | Medium |
51 | File | xxxx/xxxxxxxxxxxxxxx.xxx | predictive | High |
52 | File | xxxxxx.xxx | predictive | Medium |
53 | File | xxxxxxx.xxx | predictive | Medium |
54 | File | xxxx_xxxxxx.xxx | predictive | High |
55 | File | xxxxxxx/xxx/xxxx/xxxx.x | predictive | High |
56 | File | xxxxxxx/xxxx/xxxx_xxxxxxxxx_xxxxx.x | predictive | High |
57 | File | xxxxxxx_xxxx_xxxxxx_xxxx.xxx | predictive | High |
58 | File | xxxx.xxx | predictive | Medium |
59 | File | xxx/xxxxxxxx/xxxx.x | predictive | High |
60 | File | xxx/xxxxxxxx/xxx_xxxxxxxxxxxx.x | predictive | High |
61 | File | xxxxxx.xxx | predictive | Medium |
62 | File | xxx_xxxx.x | predictive | Medium |
63 | File | xxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxx | predictive | High |
64 | File | xx/xxxxxxxxx.x | predictive | High |
65 | File | xx/xxxxx.x | predictive | Medium |
66 | File | xx.xxxxx.xxx | predictive | Medium |
67 | File | xxxxxxxxxx.xx | predictive | High |
68 | File | xxxxxxxxxxxxx.xxxx | predictive | High |
69 | File | xxxxxxxxxx.xxx | predictive | High |
70 | File | xxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xx | predictive | High |
71 | File | xxxxxxxxxxxxxxxxxxxxx.xxx | predictive | High |
72 | File | xxxxxx_xxxxx_xxxxxxx.x | predictive | High |
73 | File | xxx/xxxxxxxx.xxx | predictive | High |
74 | File | xxx/xxxxxx.xxx | predictive | High |
75 | File | xxxxxxx/xxxxx/xxx_xxxx.x | predictive | High |
76 | File | xxxxxxx/xxxx.xxx | predictive | High |
77 | File | xxxxxxxx/xxxxx-xxxxxxxxx.xxx | predictive | High |
78 | File | xxxxx.xx | predictive | Medium |
79 | File | xxxxx.xxx | predictive | Medium |
80 | File | xxxxx.xxx?xx=xxxxxxxx.xxxxxx | predictive | High |
81 | File | xxxxxxxxx/xxxxx/xxx_xxx/xxxx.xxx | predictive | High |
82 | File | xxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx | predictive | High |
83 | File | xxxxx.xxxxxxx.xxx | predictive | High |
84 | File | xxxx_xxxx.xxx | predictive | High |
85 | File | xxxxxx/xxx/xxxxxxxx.x | predictive | High |
86 | File | xxxxxx/xxxxx/xxxxx_xxxxxx_xxxxxx.x | predictive | High |
87 | File | xxx/xxxx/xxx.x/xxxx_xxxxxx.x | predictive | High |
88 | File | xxxxxxx/xx_xxx.x | predictive | High |
89 | File | xxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxx | predictive | High |
90 | File | xxxx.xxx | predictive | Medium |
91 | File | xxxxx.xxx | predictive | Medium |
92 | File | xxxxx.xxx | predictive | Medium |
93 | File | xxxxx.xxx | predictive | Medium |
94 | File | xxxxxxxxxx/xxxxxxxx.x | predictive | High |
95 | File | xxxx.x | predictive | Low |
96 | File | xxxxxxx.xxx | predictive | Medium |
97 | File | xxxxxx_xxxxx_xxxxxxx.x | predictive | High |
98 | File | xxxxxxxxxxxxxxxx.x | predictive | High |
99 | File | xxxxxxxxx/xxxx-xxxx | predictive | High |
100 | File | xxx/xxxxxxxxx/x_xxxxxx.x | predictive | High |
101 | File | xxxx.xxx | predictive | Medium |
102 | File | xxxxxxxxxxxxxxxxxxxxx.xxxx | predictive | High |
103 | File | xxx_xx.x | predictive | Medium |
104 | File | xxxxx/xxxxxxx/ | predictive | High |
105 | File | xxx.xx | predictive | Low |
106 | File | xxxxxxxxxxxxxxx.xxx | predictive | High |
107 | File | xxxxxxxxx.xxx.xxx | predictive | High |
108 | File | xxxxxxx.xxx | predictive | Medium |
109 | File | xxxxxx.xxx | predictive | Medium |
110 | File | xxxxxxxxxxxxx.xxx | predictive | High |
111 | File | xxxxxxxxxxxx.xxx | predictive | High |
112 | File | xxxxx.xxx | predictive | Medium |
113 | File | xxxx.xxx | predictive | Medium |
114 | File | xxxxxxxxxx.xxx | predictive | High |
115 | File | xxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][] | predictive | High |
116 | File | xxxxxxxx.xxxxxx | predictive | High |
117 | File | xxx_xxxxxx/xxxxxx/xxxxxxxxxxxx | predictive | High |
118 | File | xxxxxxxx.xxx | predictive | Medium |
119 | File | xxxxxxx.x | predictive | Medium |
120 | File | xxxxxxx.xxx | predictive | Medium |
121 | File | xxxxx.xxx | predictive | Medium |
122 | File | xxxxxxxx.xxx | predictive | Medium |
123 | File | xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx | predictive | High |
124 | File | xxxxxxxx_xxxx.xxx | predictive | High |
125 | File | xxxxxxxxxx/xxxxxxxxxx_xxxx.xxx?xxxxxx=xxxxxx | predictive | High |
126 | File | xxx.x | predictive | Low |
127 | File | xxxxxx.x | predictive | Medium |
128 | File | xxxxxxxxxxxxxx.xxx | predictive | High |
129 | File | xxxxx.xxx | predictive | Medium |
130 | File | xxxxx.xxx | predictive | Medium |
131 | File | xxxx-xxxxxx.x | predictive | High |
132 | File | xxxx.xxx | predictive | Medium |
133 | File | xxxx_xxxxxxx_xxxxxxxx.xxx | predictive | High |
134 | File | xxxxxxx.x | predictive | Medium |
135 | File | xxxxxxx.xxx | predictive | Medium |
136 | File | xxxxxxx.xxx.xx.xxxxxxxxxxx.xxx | predictive | High |
137 | File | xxxxxxxxxx.x | predictive | Medium |
138 | File | xxxxxx.xxx | predictive | Medium |
139 | File | xxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxx.xxx | predictive | High |
140 | File | xxxxxxxxx.x | predictive | Medium |
141 | File | xxxxx/xxxxx.xx | predictive | High |
142 | File | xxxxxx.xxx | predictive | Medium |
143 | File | xx-xxxxx/xxxxx-xxxx.xxx | predictive | High |
144 | File | xx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxxxxx-x | predictive | High |
145 | File | xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx | predictive | High |
146 | File | xx-xxxxxxxx/xxxxxxxxx.xxx | predictive | High |
147 | File | xx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxx | predictive | High |
148 | File | xx_xxxxxxx.x | predictive | Medium |
149 | File | xxxxxx.x/xxxxx.x/xxxx.x | predictive | High |
150 | File | ~/xxxx/xxx/xxxxxxx/xxxxxxxxxx/xxxxxx.xxx | predictive | High |
151 | Library | /xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxxx.xxx | predictive | High |
152 | Library | xxxxxxx.xxx | predictive | Medium |
153 | Library | xxxxxxxxx.xxx | predictive | High |
154 | Library | xxxxxxxx.xxx | predictive | Medium |
155 | Library | xxx/xxxxxxxxxxxxx.xxx | predictive | High |
156 | Library | xxxxxxxxxx/xxxxxxxx.x | predictive | High |
157 | Library | xxxxxxxx.xxx | predictive | Medium |
158 | Library | xxxxx.xxx | predictive | Medium |
159 | Library | xxxxxxxx.xxx | predictive | Medium |
160 | Argument | -x | predictive | Low |
161 | Argument | xxxxxx | predictive | Low |
162 | Argument | xxxxx.xxxxxxxx | predictive | High |
163 | Argument | xxxxxxxx | predictive | Medium |
164 | Argument | xxxxxx | predictive | Low |
165 | Argument | xxxxxxxxxx | predictive | Medium |
166 | Argument | xxx | predictive | Low |
167 | Argument | xxxxx | predictive | Low |
168 | Argument | xxx_xx | predictive | Low |
169 | Argument | xxxxxxxxxxxxxxx | predictive | High |
170 | Argument | xxxx_xx | predictive | Low |
171 | Argument | xxxxxxx-xxxxxx | predictive | High |
172 | Argument | xxxxxxxxxx | predictive | Medium |
173 | Argument | xxxxxxx | predictive | Low |
174 | Argument | xxxxxxx_xxxx->xxx($xxxxxxxx) | predictive | High |
175 | Argument | xxxxxxx | predictive | Low |
176 | Argument | xxxx | predictive | Low |
177 | Argument | xxxxxxxxxxx | predictive | Medium |
178 | Argument | xxxxxxxxxxx | predictive | Medium |
179 | Argument | xxxxxxxxx->xxxxxxxxx | predictive | High |
180 | Argument | xxxx | predictive | Low |
181 | Argument | xxxxxxx | predictive | Low |
182 | Argument | xxxx | predictive | Low |
183 | Argument | xxxx_xx | predictive | Low |
184 | Argument | xxxxxxxxxx | predictive | Medium |
185 | Argument | xxxxxxxxx | predictive | Medium |
186 | Argument | xxxxxxxx | predictive | Medium |
187 | Argument | xx | predictive | Low |
188 | Argument | xxxxxxxxx | predictive | Medium |
189 | Argument | xxxx_xx | predictive | Low |
190 | Argument | xxxx_xxxxxx_xxxxx/xxxx_xxxxxx_xxxx_xxxxxx | predictive | High |
191 | Argument | xxxxxxxxxx | predictive | Medium |
192 | Argument | xxxxxxxxx/xxxxxxxxx | predictive | High |
193 | Argument | xxxxxxxx | predictive | Medium |
194 | Argument | xxx | predictive | Low |
195 | Argument | xx_xxxx | predictive | Low |
196 | Argument | xxxx | predictive | Low |
197 | Argument | xxxxxx | predictive | Low |
198 | Argument | xx | predictive | Low |
199 | Argument | xxxxxxx/xxxx/xxxxxxxx | predictive | High |
200 | Argument | xxxxx | predictive | Low |
201 | Argument | xxxxx/xxxxxx | predictive | Medium |
202 | Argument | xxxx_xxxx | predictive | Medium |
203 | Argument | xxxxxxxx | predictive | Medium |
204 | Argument | xxxxxxxx | predictive | Medium |
205 | Argument | xxxxxxxxx | predictive | Medium |
206 | Argument | xxx_xxx | predictive | Low |
207 | Argument | xxxxxxxx_xxxxx | predictive | High |
208 | Argument | xxxxxx | predictive | Low |
209 | Argument | xxxxxx | predictive | Low |
210 | Argument | xx_xxxxxxx_xxxxxxx | predictive | High |
211 | Argument | xxxxx | predictive | Low |
212 | Argument | xxxxxxx_xxx | predictive | Medium |
213 | Argument | xxxxxxxxxx | predictive | Medium |
214 | Argument | xxxx | predictive | Low |
215 | Argument | xxxxxx | predictive | Low |
216 | Argument | xxxxxxxx_xxxxx | predictive | High |
217 | Argument | xxxxxx | predictive | Low |
218 | Argument | xxx | predictive | Low |
219 | Argument | xxxxxx | predictive | Low |
220 | Argument | xxxxxxxxx | predictive | Medium |
221 | Argument | xxxxxxxxx | predictive | Medium |
222 | Argument | xxxxxxx | predictive | Low |
223 | Argument | xxx | predictive | Low |
224 | Argument | xxx | predictive | Low |
225 | Argument | xxxx | predictive | Low |
226 | Argument | xxxxxxxx-xxxxxxxx | predictive | High |
227 | Argument | xxx | predictive | Low |
228 | Argument | xxxx | predictive | Low |
229 | Argument | xxxxxxxx | predictive | Medium |
230 | Argument | xxxxx | predictive | Low |
231 | Argument | xxxx->xxxxxxx | predictive | High |
232 | Argument | x-xxxx-xx | predictive | Medium |
233 | Argument | \xxxxxx\ | predictive | Medium |
234 | Argument | _xxx_xxxxxxx_xxxxxxx_xxxxxxxxxxxxx_xxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxx | predictive | High |
235 | Argument | _xxx_xxxxxxxxxxx_ | predictive | High |
236 | Input Value | .%xx.../.%xx.../ | predictive | High |
237 | Input Value | ../ | predictive | Low |
238 | Input Value | // | predictive | Low |
239 | Input Value | xxx xxxxxxxx | predictive | Medium |
240 | Input Value | xxxxxxxxx' xxx 'x'='x | predictive | High |
241 | Input Value | xxxxxxx_xxxxx.xxxxxxx_xxxxxxx | predictive | High |
242 | Input Value | \x | predictive | Low |
243 | Pattern | () { | predictive | Low |
244 | Pattern | xxxxxxx.xxx | predictive | Medium |
245 | Pattern | |xx| | predictive | Low |
246 | Network Port | xxxxx | predictive | Low |
247 | Network Port | xx xxxxxxx xxx.xx.xx.xx | predictive | High |
248 | Network Port | xxx/xx (xxxxxx) | predictive | High |
249 | Network Port | xxx/xxxxx | predictive | Medium |
250 | Network Port | xxx xxxxxx xxxx | predictive | High |
References (5)
The following list contains external sources which discuss the actor and the associated activities:
- https://blog.malwarebytes.com/threat-intelligence/2021/12/sidecopy-apt-connecting-lures-to-victims-payloads-to-infrastructure/
- https://blog.talosintelligence.com/2021/07/sidecopy.html
- https://github.com/vuldb/cyber_threat_intelligence/tree/main/actors/SideCopy
- https://twitter.com/ShadowChasing1/status/1491261131800780810
- https://twitter.com/ShadowChasing1/status/1499704400670986240