Snake Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en	32
fr	1

Country

us	27
de	2
cn	1
fr	1

Actors

Grabit	28
Snake	3
Patchwork	2

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Product

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	CVE
1	Linux Kernel TCP Stack resource management	6.4	6.0	$5k-$10k	$0-$1k	Proof-of-Concept	Not Defined	0.03	CVE-2017-5972
2	Digium Asterisk RTP resource consumption	4.3	4.1	$0-$1k	$0-$1k	Not Defined	Official Fix	0.02
3	PHPList Sending Campain sql injection	4.7	4.2	$1k-$2k	$0-$1k	Proof-of-Concept	Official Fix	0.04
4	Apache CXF Fediz OIDC Service cross-site request forgery	6.5	6.2	$5k-$10k	$0-$1k	Not Defined	Official Fix	0.00	CVE-2017-7662
5	PHPList Subscription sql injection	6.3	5.7	$2k-$5k	$0-$1k	Proof-of-Concept	Official Fix	0.05
6	Tenable Appliance Web UI simpleupload.py command injection	9.8	8.8	$25k-$50k	$0-$1k	Proof-of-Concept	Official Fix	0.05	CVE-2017-8051
7	OpenJPEG J2K File convert.c imagetopnm null pointer dereference	6.5	6.2	$0-$1k	$0-$1k	Not Defined	Official Fix	0.05	CVE-2016-9116
8	OpenJPEG J2K File convert.c imagetotga memory corruption	6.5	6.2	$0-$1k	$0-$1k	Not Defined	Official Fix	0.03	CVE-2016-9115
9	IBM UrbanCode Deploy cross site scripting	5.4	5.2	$5k-$10k	$0-$1k	Not Defined	Official Fix	0.00	CVE-2016-2994
10	Linux Kernel Kernel Profiling Subsystem ring_buffer.c ring_buffer_resize integer overflow	7.8	7.5	$10k-$25k	$0-$1k	Not Defined	Official Fix	0.00	CVE-2016-9754
11	Encrypt4all Advanced Desktop Locker privileges management	4.4	4.1	$1k-$2k	$0-$1k	Functional	Not Defined	0.07
12	GeniXCMS register.php sql injection	8.5	8.2	$2k-$5k	$0-$1k	Not Defined	Official Fix	0.04	CVE-2017-5574
13	Avast Premier Self-Protection access control	6.0	6.0	$1k-$2k	$0-$1k	Not Defined	Not Defined	0.04	CVE-2017-5567
14	IBM Informix Open Admin Tool improper authorization	8.5	8.2	$10k-$25k	$0-$1k	High	Official Fix	0.06	CVE-2017-1092
15	Alienvault OSSIM/USM Widget access control	9.8	8.8	$2k-$5k	$0-$1k	Proof-of-Concept	Official Fix	0.02	CVE-2016-8580
16	Cms-center Simple Web Cms page.php sql injection	7.3	7.1	$2k-$5k	$0-$1k	Functional	Not Defined	0.04	CVE-2007-0093
17	Apache CXF Fediz Plugins cross-site request forgery	6.5	6.2	$5k-$10k	$0-$1k	Not Defined	Official Fix	0.06	CVE-2017-7661
18	GLPI autoload.function.php getItemForItemtype path traversal	7.3	7.0	$2k-$5k	$0-$1k	Not Defined	Official Fix	0.00	CVE-2014-8360
19	Schneider Electric SoMachine HVAC DLL Loader access control	7.5	7.5	$2k-$5k	$0-$1k	Not Defined	Not Defined	0.04	CVE-2017-7966
20	radare2 DEX File config.c r_config_set use after free	4.4	4.1	$0-$1k	$0-$1k	Not Defined	Not Defined	0.05	CVE-2017-9520

Campaigns (1)

These are the campaigns that can be associated with the actor:

Snake

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Campaigns	Confidence
1	31.170.161.136	cpl02.main-hosting.eu	Snake	High
2	31.170.164.249	ns4.hostinger.com	Snake	High
3	59.125.160.178	59-125-160-178.hinet-ip.hinet.net	Snake	High
4	XX.XXX.XXX.XXX	xxxxxxxxx.xxxx.x-xxxxxxxxx.xx	Xxxxx	High
5	XX.XXX.XX.XXX		Xxxxx	High

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Confidence
1	T1059.007	CWE-79	Cross Site Scripting	High
2	T1068	CWE-264, CWE-284	Execution with Unnecessary Privileges	High
3	T1499	CWE-400	Resource Consumption	High
4	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	High

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Confidence
1	File	/lists/admin/	High
2	File	convert.c	Medium
3	File	inc/autoload.function.php	High
4	File	xxxxxx/xxxxx/xxxx_xxxxxx.x	High
5	File	xxxx/xxxxxx/xxxxxx.x	High
6	File	xxxx.xxx	Medium
7	File	xxxxxxxx.xxx	Medium
8	File	xxxxxxxxxxxx.xx	High
9	File	xxxxxxxx/xxxxxxxxxx.x	High
10	File	xx-xxxxx/xxxx-xxx.xxx	High
11	Argument	xxxxxxxxxx	Medium
12	Argument	xx	Low
13	Argument	xxxxxxxx	Medium
14	Argument	xxxxxx_xxxx_xxxx	High
15	Argument	xxx_xxxxxxxxx_xxxxxxx_xxxx	High
16	Input Value	.._	Low

References (1)

The following list contains external sources which discuss the actor and the associated activities:

https://www.threatminer.org/report.php?q=snake_whitepaper.pdf&y=2014

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!