Smominru Analysis

IOB - Indicator of Behavior (245)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en216
zh10
de10
it4
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us138
gb36
cn20
ru18
tk14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress8
Microsoft Windows8
Apache HTTP Server4
Joomla CMS4
nginx4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2Storytlr cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001930.04CVE-2014-100038
3Storytlr cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001290.03CVE-2014-100037
4DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.30CVE-2010-0966
5Git SSH URL access control7.57.2$0-$5k$0-$5kHighOfficial Fix0.551800.04CVE-2017-1000117
6JoomlaTune Com Jcomments admin.jcomments.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004890.08CVE-2010-5048
7Alurian Prismotube Video Script index.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.000790.00CVE-2011-5103
8Netgear SRX5308 sql injection7.47.4$5k-$25k$5k-$25kHighNot Defined0.000930.02CVE-2019-17049
9Apple iOS/iPadOS Image BLASTPASS buffer overflow7.06.9$25k-$100k$5k-$25kHighOfficial Fix0.003300.03CVE-2023-41064
10D-Link IP Cameras lums.cgi information disclosure4.84.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.725050.00CVE-2013-1601
11Foxit Reader AcroForms removeField use after free4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002460.00CVE-2019-6766
12Komodia Redirector SDK Web Companion cryptographic issues5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002200.00CVE-2015-2078
13PHP-Fusion submit.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.003550.02CVE-2005-4655
14OpenSSH session.c do_setup_env access control7.87.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2015-8325
15Gallarific PHP Photo Gallery script gallery.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001120.04CVE-2011-0519
16D-Link DCS Authentication improper authentication6.45.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.042040.02CVE-2013-1603
17nginx Log File link following7.87.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000920.03CVE-2016-1247
18MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.94CVE-2007-0354
19Git run-command.c run_command untrusted search path8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.022250.02CVE-2018-19486
20WordPress Metadata deserialization8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.015780.00CVE-2018-20148

IOC - Indicator of Compromise (29)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
14.2.7.1Smominru10/05/2019verifiedHigh
223.88.160.137Smominru02/13/2022verifiedHigh
335.182.171.137ec2-35-182-171-137.ca-central-1.compute.amazonaws.comSmominru02/13/2022verifiedMedium
445.58.135.106Smominru02/13/2022verifiedHigh
546.41.139.23Smominru10/05/2019verifiedHigh
654.255.141.50ec2-54-255-141-50.ap-southeast-1.compute.amazonaws.comSmominru02/13/2022verifiedMedium
7XX.XXX.X.XXXxxxx-xxxx.xxxxxxxx.xxxXxxxxxxx02/13/2022verifiedHigh
8XX.XX.XXX.XXxxxxx-xxxx.xxxxxxxx.xxxXxxxxxxx02/13/2022verifiedHigh
9XX.XXX.XX.XXXxxxxxxx02/13/2022verifiedHigh
10XX.XXX.XX.XXXxxxxxxx02/13/2022verifiedHigh
11XX.XXX.XX.XXXXxxxxxxx02/13/2022verifiedHigh
12XX.XXX.XX.XXXXxxxxxxx02/13/2022verifiedHigh
13XX.XX.XXX.XXXxxxx.xxxxxxxxxxxx.xxxXxxxxxxx02/13/2022verifiedHigh
14XX.XX.XXX.XXXxxxxxxxxxxxxxxxxxxxxxx.xxxxxxx.xxXxxxxxxx02/13/2022verifiedHigh
15XX.XXX.XXX.XXXxxxxxxx02/13/2022verifiedHigh
16XXX.XXX.XXX.XXXxxxxxx.xxxxxxxx.xxxXxxxxxxx02/13/2022verifiedHigh
17XXX.X.XXX.XXXxxxxxxx02/13/2022verifiedHigh
18XXX.X.XXX.XXXxxxxxxx02/13/2022verifiedHigh
19XXX.XX.XXX.XXXXxxxxxxx02/13/2022verifiedHigh
20XXX.XX.XXX.XXXXxxxxxxx02/13/2022verifiedHigh
21XXX.XXX.XXX.XXXXxxxxxxx02/13/2022verifiedHigh
22XXX.XXX.XXX.XXXxxxxxxxxx.xxxXxxxxxxx02/13/2022verifiedHigh
23XXX.XXX.XXX.XXXxxxxxxxxxxx.xxxXxxxxxxx02/13/2022verifiedHigh
24XXX.XXX.XXX.XXXxxxxxxx02/13/2022verifiedHigh
25XXX.XXX.XXX.XXxxxxxxxx.xxxxxxxxxxxxx.xxXxxxxxxx02/13/2022verifiedHigh
26XXX.XXX.XXX.XXxxxxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxx02/13/2022verifiedHigh
27XXX.XXX.XXX.XXXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxxxxxx02/13/2022verifiedHigh
28XXX.XXX.X.XXXXxxxxxxx10/04/2019verifiedHigh
29XXX.XX.XXX.XXXxxxxxx.xxxxxxxxxx.xxxXxxxxxxx02/13/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (110)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/download_frame.phppredictiveHigh
2File/common/info.cgipredictiveHigh
3File/dev/urandompredictiveMedium
4File/forum/away.phppredictiveHigh
5File/goform/GetNewDirpredictiveHigh
6File/hvm/hvm.cpredictiveMedium
7File/rating.phppredictiveMedium
8File/uncpath/predictiveMedium
9File/var/log/nginxpredictiveHigh
10Fileaction/AttachFile.pypredictiveHigh
11Fileactions.hsppredictiveMedium
12Fileaddentry.phppredictiveMedium
13Fileaddtocart.asppredictiveHigh
14Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
15Filexxxx.xpredictiveLow
16Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictiveHigh
18Filexxxx/xxxxxxx/xxxxx_xxx.xxpredictiveHigh
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
20FilexxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
21Filexxxxxxx.xxxpredictiveMedium
22Filexxxxxxxx.xxxpredictiveMedium
23Filexxxxx.xxxpredictiveMedium
24Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveHigh
25Filexxx/xxxx/xxxx_xxxxxx.xpredictiveHigh
26Filexxxxxxx.xxxpredictiveMedium
27Filexxxx.xxxpredictiveMedium
28Filexxxx.xpredictiveLow
29Filexxx/xxxxxx.xxxpredictiveHigh
30Filexxxxxxxx/xxxxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxxx.xxxpredictiveHigh
31Filexxxxx.xxxpredictiveMedium
32Filexxxx.xpredictiveLow
33Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveHigh
34Filexxxx/xx_xxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
36Filexx.xxxpredictiveLow
37Filexx/xxxx.xxxpredictiveMedium
38Filexxxxxxx/xxxx/xxxx_xxxx.xxpredictiveHigh
39Filexxxxxxx/xxx.xxxpredictiveHigh
40Filexxxxxxx/xxxxx/xxxxxxx/xxxx.xxxpredictiveHigh
41Filexxx/xxx_xxxxx/xx_xxxxx.xpredictiveHigh
42Filexxxx.xxpredictiveLow
43Filexxxxxxxxxx.xxxpredictiveHigh
44Filexxxx/xxxxxxxxx.xxxpredictiveHigh
45Filexxxxx_xxxxxx.xxxpredictiveHigh
46Filexxxxxxx/xxx.xxxpredictiveHigh
47Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
48Filexxxxx.xxxpredictiveMedium
49Filexxxxxxxxxx.xxxpredictiveHigh
50Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
51Filexxx-xxxxxxx.xpredictiveHigh
52Filexxxxxxx/xxxx-xxxx/xxxxxx.xpredictiveHigh
53Filexxxx.xxxpredictiveMedium
54Filexxxxxxxxxxxxxx.xxxpredictiveHigh
55Filexxxxxx_xxxxxxx.xxxpredictiveHigh
56Filexxxxxxx.xpredictiveMedium
57Filexxxx.xxxpredictiveMedium
58Filexxxxxxxxxxxxxx.xxxpredictiveHigh
59Filexxx/xxxx.xxxpredictiveMedium
60Filexxxxxx.xxxpredictiveMedium
61Filexxxx/xxx-xxx.xxxpredictiveHigh
62Filexxxxxxxx/xxxxxxxxpredictiveHigh
63FilexxxxxxxpredictiveLow
64Filexx-xxxxx/xxxx-xxx-xxxx.xxxpredictiveHigh
65Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
66Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictiveHigh
67Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
68Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
69Libraryxxxxxx.xxxpredictiveMedium
70Libraryxxx/xxxxxx/xxxxxxxxx/xxxxxxx.xxpredictiveHigh
71Libraryxxx/xxxxxxxx.xpredictiveHigh
72Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveHigh
73Argument$xxxxpredictiveLow
74Argument$_xxxxxpredictiveLow
75ArgumentxxxxxxxxpredictiveMedium
76ArgumentxxxxxxxxxpredictiveMedium
77ArgumentxxxpredictiveLow
78ArgumentxxxxxxxpredictiveLow
79Argumentxxxx/xxxxpredictiveMedium
80Argumentxxx_xxxx/xxx_xxxxxxxpredictiveHigh
81ArgumentxxxxxxxpredictiveLow
82Argumentxxxxx->xxxxpredictiveMedium
83ArgumentxxxxpredictiveLow
84Argumentxxxx_xxxpredictiveMedium
85ArgumentxxxxxxpredictiveLow
86ArgumentxxxxxxxxxxpredictiveMedium
87ArgumentxxpredictiveLow
88ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
89ArgumentxxxxxxxxxpredictiveMedium
90Argumentxxxxx[xxxxx][xx]predictiveHigh
91ArgumentxxxxxxxxxpredictiveMedium
92ArgumentxxxxpredictiveLow
93Argumentxx_xxxxxxxpredictiveMedium
94ArgumentxxxxpredictiveLow
95ArgumentxxxxpredictiveLow
96Argumentxxxx_xxxxpredictiveMedium
97ArgumentxxxxxpredictiveLow
98ArgumentxxxxxxxxxxxxxxxpredictiveHigh
99ArgumentxxxxxxxxpredictiveMedium
100ArgumentxxxxxxxxpredictiveMedium
101ArgumentxxxxxxpredictiveLow
102Argumentxxxxxx_xxxx_xxxxpredictiveHigh
103Argumentxxxxx_xxxpredictiveMedium
104ArgumentxxxxpredictiveLow
105ArgumentxxxpredictiveLow
106ArgumentxxxpredictiveLow
107Argument_xxxxxxxpredictiveMedium
108Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
109Input Value</xxxxxx><xx>xxx/* </xxxxxx><x xxxx=xxx.xxx>predictiveHigh
110Network Portxxx xxxxxx xxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!