Sload Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (455)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en454
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

DE: Germany2
GB: Great Britain2
IR: Iran2
US: USA2
TR: Turkey2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Sload5
Baldr1
Nemty1
Azorult1
CoinMiner1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined140
Web Browser36
Operating System24
Content Management System22
Forum Software20

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined188
Microsoft30
Oracle28
IBM22
Google16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android16
Mozilla Firefox12
Microsoft Edge12
Microsoft Windows10
ImageMagick8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1TAP Plugin path traversal7.06.8$0-$5k$0-$5kNot definedOfficial fix 0.003400.00CVE-2016-4986
2Dojotoolkit Dojo iframe_history.html Remote Code Execution9.89.4$0-$5k$0-$5kNot definedOfficial fix 0.004620.00CVE-2010-2272
3Moodle Administration Page sql injection7.27.2$5k-$25k$5k-$25kNot definedNot defined 0.003660.00CVE-2022-40315
4Oracle BI Publisher BI Publisher Security Local Privilege Escalation7.27.1$5k-$25k$0-$5kHighOfficial fixverified0.943610.02CVE-2019-2616
5Chamilo LMS File Upload lp_upload.php import_package unrestricted upload8.58.5$0-$5k$0-$5kNot definedNot defined 0.035090.00CVE-2019-13082
6Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.000980.00CVE-2011-0643
7Apache Kylin Restful API improper authentication4.84.8$5k-$25k$0-$5kNot definedNot definedexpected0.932210.00CVE-2020-13937
8vBulletin decodeArguments input validation7.37.3$0-$5k$0-$5kHighNot definedexpected0.853940.05CVE-2015-7808
9vBulletin cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot defined 0.012480.07CVE-2004-1824
10Tapatalk Plugin XMLRPC API unsubscribe_forum.php sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.098450.00CVE-2014-2023
11phpBB Perl ucp_pm_options.php message_options cross-site request forgery6.36.0$0-$5k$0-$5kNot definedOfficial fix 0.004340.02CVE-2015-1432
12vBulletin sql injection7.37.0$0-$5k$0-$5kNot definedOfficial fix 0.004030.00CVE-2014-5102
13PunBB cross site scripting4.34.3$0-$5k$0-$5kNot definedNot defined 0.002540.00CVE-2010-0455
14vBulletin redirector.php6.66.6$0-$5k$0-$5kNot definedNot defined 0.055600.06CVE-2018-6200
15vBulletin Vbulletin Forum Remote Code Execution9.88.5$0-$5k$0-$5kUnprovenOfficial fix 0.008900.00CVE-2012-4328
16phpBB install.php privileges management5.35.3$0-$5k$0-$5kNot definedNot defined 0.003350.04CVE-2002-1707
17PunBB register.php sql injection7.37.0$0-$5k$0-$5kNot definedOfficial fix 0.014610.00CVE-2005-0569
18vBulletin moderation.php sql injection7.37.0$0-$5k$0-$5kHighOfficial fixexpected0.847730.07CVE-2016-6195
19vBulletin XMLRPC API breadcrumbs_create.php sql injection6.36.3$0-$5k$0-$5kHighUnavailablepossible0.013650.00CVE-2014-2022
20vBulletin visitormessage.php code injection7.57.4$0-$5kCalculatingHighUnavailable 0.177310.00CVE-2014-9463

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
12.59.117.6server4.poyrazhosting.comSload05/06/2022verifiedLow
251.77.231.185vps-06fdbf53.vps.ovh.netSload05/06/2022verifiedLow
351.254.205.8484.ip-51-254-205.euSload05/06/2022verifiedMedium
4XX.XXX.XXX.XXXXxxxx04/12/2022verifiedLow
5XX.XXX.XXX.XXxxx.xxXxxxx05/06/2022verifiedMedium
6XX.XX.XXX.XXXXxxxx04/12/2022verifiedLow
7XXX.XXX.XXX.XXxxxx.xxxx.xxxXxxxx05/06/2022verifiedMedium
8XXX.XXX.XXX.XXXXxxxx05/06/2022verifiedMedium
9XXX.XXX.XXX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxx05/06/2022verifiedMedium
10XXX.XXX.XX.XXxxx-xx-xxxx.xxxxx.xxxXxxxx04/12/2022verifiedLow
11XXX.XXX.XXX.XXxxxxxxxxxxxxxxxx.xxxxxxxx.xxxXxxxx05/06/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
20TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (184)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/adminpredictiveLow
2File/admin/launch_message.phppredictiveHigh
3File/admin/send_message.phppredictiveHigh
4File/categoriesServletpredictiveHigh
5File/category.phppredictiveHigh
6File/cgi-bin/login_action.cgipredictiveHigh
7File/dev/datum/predictiveMedium
8File/forms/web_runScriptpredictiveHigh
9File/getImagepredictiveMedium
10File/html/feed.phppredictiveHigh
11File/includes/rrdtool.inc.phppredictiveHigh
12File/job/(job-name)/apipredictiveHigh
13File/multi-vendor-shopping-script/product-list.phppredictiveHigh
14File/plugin/extended-choice-parameter/js/predictiveHigh
15File/src/basic/fs-util.cpredictiveHigh
16File/wfo/control/emp_selector_pupredictiveHigh
17Fileadmin/conf_users_edit.phppredictiveHigh
18Fileadmin/settings/update/predictiveHigh
19Fileadmin/tags.phppredictiveHigh
20Fileadministrator.cfcpredictiveHigh
21Fileajax/api/hook/decodeArgumentspredictiveHigh
22Filexxxxxxxx/xxxxxxxx/xxxx/xxxx.xxpredictiveHigh
23Filexx_xxxxxxxxxx.xxxpredictiveHigh
24Filexxxxxxx_xxxxxx.xpredictiveHigh
25Filexxxxxx_xx.xpredictiveMedium
26Filexxxxxxxxxxx_xxxxxx.xxxpredictiveHigh
27Filexxxx_xxxx.xpredictiveMedium
28Filexxxxxx/xxx.xpredictiveMedium
29Filexxxxxx/xxxx.xpredictiveHigh
30Filexxxxxxxxxxx/xxxxxx/xxx.xxxpredictiveHigh
31Filexxxxxxx.xpredictiveMedium
32Filexxx/xxxx/xxxxxxx/xx/xxxx.xxxpredictiveHigh
33Filexxxxxx/xxxxx.xpredictiveHigh
34Filexxxxxx/xx/xxxxx_xxxx.xpredictiveHigh
35Filexxx_xx_xxx.xpredictiveMedium
36Filexxx_xx_xxxxxx.xpredictiveHigh
37Filexxx_xxx.xpredictiveMedium
38Filexxxx-xxxxx/xxxxxxx-xxxxx.xpredictiveHigh
39Filexxxxxx.xxxpredictiveMedium
40Filexxxxxxxxx.xxxpredictiveHigh
41Filexxxxxxx/xxx/xxx/xxxxxx/xxxxxx_xxxxxxx.xpredictiveHigh
42Filexxxxxxx/xxxxxxxxxx/xxx/xxxx/xx_xxxx.xpredictiveHigh
43Filexxxxxxx/xxxxx/xxx/xxx-xxx/xxx-xxx-xxxxxxxx.xpredictiveHigh
44Filexxxxxxx/xxx/xxxxxxxxxx/xxxxx.xpredictiveHigh
45Filexxxxxxx/xxx/xxx/xxxxxxx.xpredictiveHigh
46Filexxxxxxx/xxxxxxxxx/xxxxxxxxx.xpredictiveHigh
47Filexxxxx_xxx_xxxxxx.xpredictiveHigh
48Filexx_xxxxxxx.xpredictiveMedium
49Filexxxxx.xxxpredictiveMedium
50Filexxx/xxxxxxxx/xxx.xpredictiveHigh
51Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xpredictiveHigh
52Filexxx/xxxx/xxxx.xpredictiveHigh
53Filexxxxx.xpredictiveLow
54Filexxxxxxxxxx.xxxpredictiveHigh
55Filexxxx.xpredictiveLow
56Filexxxxxxxxxxxxx.xxxpredictiveHigh
57Filexxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
58Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
59Filexxxxxxxxx/xxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
60Filexxxxxxxxx/xxxxxxx/xxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
61Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
62Filexx/xxxxxx/xxxxxx.xpredictiveHigh
63Filexx/xxxx/xxxxx.xpredictiveHigh
64Filexxxxx.xxxpredictiveMedium
65Filexxxxxx/xxxxxxxxxxxxxxpredictiveHigh
66Filexxxxxx.xxxpredictiveMedium
67Filexxxxx.xxxpredictiveMedium
68Filexxx/xxxxxxxxx-xxxpredictiveHigh
69Filexx/xxxx/xx.xpredictiveMedium
70Filexx/xxx/xxxxxxxx.xpredictiveHigh
71Filexx/xxx/xxx-xxxx.xpredictiveHigh
72Filexxxxxx_xxxxxxx.xxxxpredictiveHigh
73Filexxxxx.xxxx.xxx_xxxxxxpredictiveHigh
74Filexxx/xx/xxxx/xxxxx.xxxxxpredictiveHigh
75Filexxxxxxx/xxxxx/xxxx_xxxx.xpredictiveHigh
76Filexxxxxxxx/xxxxxxx.xxxpredictiveHigh
77Filexxxxxxxx/xxx/xxx_xx_xxxxxxx.xxxpredictiveHigh
78Filexxxxxxx.xxxpredictiveMedium
79Filexxxxxxxxx.xxxpredictiveHigh
80Filexxx-xxxx.xpredictiveMedium
81Filexxxxxx_xxxx.xpredictiveHigh
82Filexxx.x/xxxxxx.xpredictiveHigh
83Filexxxxxx/xxxxxxxx.xxpredictiveHigh
84Filexxxxx.xxxpredictiveMedium
85Filexxxxxxxx.xxxpredictiveMedium
86Filexxx_xxxxx_xxxxxx.xxxpredictiveHigh
87Filexx_xxxxxx.xxxpredictiveHigh
88Filexxxxxx/xxxxxx.xpredictiveHigh
89Filexxxxxxxxxx/xx.xpredictiveHigh
90Filexxxx.xxxpredictiveMedium
91Filexxxxxx.xxpredictiveMedium
92Filexxxxx.xxxpredictiveMedium
93Filexxxxxxxx.xxxpredictiveMedium
94Filexxxxxxx/xxxxxx.xpredictiveHigh
95Filexxxxxxx.xxxpredictiveMedium
96Filexxxxxx_xxx.xpredictiveMedium
97Filexxxxxxxxxxx.xxxpredictiveHigh
98Filexxxxxxxx.xxxpredictiveMedium
99Filexxx.xpredictiveLow
100Filexxxxxxxxx.xxxpredictiveHigh
101Filexxxxxxx.xxxpredictiveMedium
102Filexxxxxxxxxx.xxxpredictiveHigh
103Filexxxxxxxx.xxxpredictiveMedium
104Filexxxx/xxxx/predictiveMedium
105Filexxxxxxx.xpredictiveMedium
106Filexxxxxx.xpredictiveMedium
107Filexxxxxx.xxxpredictiveMedium
108Filexxxxxxxxxx.xxxpredictiveHigh
109Filexxxxxxx.xxx/xxxxxxx.xxxxxxxxxxxx/xxxxxxx/xxxxxxxxx/xxxxxxxxx.xxxx.xxpredictiveHigh
110Filexxxxxxxxxxx_xxxxx.xxxpredictiveHigh
111Filexxxxxx.xxxpredictiveMedium
112Filexxxxxxxxxxxxxx.xxxpredictiveHigh
113Filexxxxx_xxxxxxx.xpredictiveHigh
114Filexxxxx_xxxxxxxx.xpredictiveHigh
115Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxxx.xxxpredictiveHigh
116Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
117Filexx-xxxxxxxx/xx-xxxxxxxxx.xxxpredictiveHigh
118Filexx-xxxx.xxxpredictiveMedium
119Filexxx/xxxxx/xxxxx.xxxpredictiveHigh
120Filexx_xxxxxxx.xpredictiveMedium
121Libraryxxx/xxxxxx.xpredictiveMedium
122Libraryxxxxxx.xxxpredictiveMedium
123Libraryxxxxxxxx.xxxpredictiveMedium
124Libraryxxxxxx.xxxpredictiveMedium
125Libraryxxx.xxxpredictiveLow
126Argument-xpredictiveLow
127Argument/xxx/xxxxxxxxxxx/xxxxxx/xx_xxxxxxxxxx.xxx?xxx=<xxxxx-xxx>/xxxxxxxx=x/xxxxxxxpredictiveHigh
128ArgumentxxxxxxxxxpredictiveMedium
129Argumentxxxxx_xxpredictiveMedium
130ArgumentxxxxpredictiveLow
131ArgumentxxxxxxxxxpredictiveMedium
132Argumentxxxxxxxxxxxx$xxxxxxpredictiveHigh
133Argumentxxxx_xxxpredictiveMedium
134ArgumentxxxxxpredictiveLow
135ArgumentxxxpredictiveLow
136ArgumentxxxxxxxxpredictiveMedium
137Argumentxxx_xxxxpredictiveMedium
138Argumentxxxx_xxxxpredictiveMedium
139ArgumentxxpredictiveLow
140Argumentxx/xxxxpredictiveLow
141Argumentxxxxxxxx/xxxpredictiveMedium
142Argumentxx_xxxxxxx_xxxxpredictiveHigh
143ArgumentxxxxxxpredictiveLow
144Argumentxx_xxxxxxxpredictiveMedium
145ArgumentxxxxxxxxpredictiveMedium
146ArgumentxxxxxxpredictiveLow
147ArgumentxxxxpredictiveLow
148Argumentx_xxx/xxxxpredictiveMedium
149ArgumentxxxxxxpredictiveLow
150Argumentxxxx_xxxxpredictiveMedium
151Argumentxxxxx_xxxx_xxxpredictiveHigh
152ArgumentxxxpredictiveLow
153ArgumentxxpredictiveLow
154ArgumentxxxxxxxpredictiveLow
155Argumentx/xxxxxpredictiveLow
156Argumentxxx.xx.xxx_xxxpredictiveHigh
157ArgumentxxxxxxxxxpredictiveMedium
158ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveHigh
159Argumentxxxxxx_xxxxpredictiveMedium
160Argumentxxxxxx_xxxxxxpredictiveHigh
161Argumentxxxxxxxxxx/xxxxxx/xxxxxxxx/xxxxxx_xxxxx/xxxxxx_xxxpredictiveHigh
162ArgumentxxxxpredictiveLow
163ArgumentxxpredictiveLow
164ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
165ArgumentxxxxxpredictiveLow
166Argumentxxx_xxx_xxxxpredictiveMedium
167ArgumentxxxxpredictiveLow
168ArgumentxxpredictiveLow
169ArgumentxxxxxxxxxxxxpredictiveMedium
170ArgumentxxxxxpredictiveLow
171Argumentxxxxx/xxxxxxxxpredictiveHigh
172ArgumentxxxxxxpredictiveLow
173ArgumentxxxpredictiveLow
174ArgumentxxxpredictiveLow
175Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
176ArgumentxxxxxpredictiveLow
177Argumentxxxxx/xxxxxxpredictiveMedium
178Argumentx/xpredictiveLow
179Input Value%x[xx]predictiveLow
180Input Value..\predictiveLow
181Input Value<xxxxxx>xxxxx("xxx")</xxxxxx>predictiveHigh
182Input ValuexxxxpredictiveLow
183Network Portxxx/xx (xxx)predictiveMedium
184Network Portxxx/xx (xxxxxx)predictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!