Snake Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en32
fr1

Country

us27
de2
cn1
fr1

Actors

Grabit28
Snake3
Patchwork2

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Linux Kernel TCP Stack resource management6.46.0$5k-$10k$0-$1kProof-of-ConceptNot Defined0.03CVE-2017-5972
2Digium Asterisk RTP resource consumption4.34.1$0-$1k$0-$1kNot DefinedOfficial Fix0.02
3PHPList Sending Campain sql injection4.74.2$1k-$2k$0-$1kProof-of-ConceptOfficial Fix0.04
4Apache CXF Fediz OIDC Service cross-site request forgery6.56.2$5k-$10k$0-$1kNot DefinedOfficial Fix0.00CVE-2017-7662
5PHPList Subscription sql injection6.35.7$2k-$5k$0-$1kProof-of-ConceptOfficial Fix0.05
6Tenable Appliance Web UI simpleupload.py command injection9.88.8$25k-$50k$0-$1kProof-of-ConceptOfficial Fix0.05CVE-2017-8051
7OpenJPEG J2K File convert.c imagetopnm null pointer dereference6.56.2$0-$1k$0-$1kNot DefinedOfficial Fix0.05CVE-2016-9116
8OpenJPEG J2K File convert.c imagetotga memory corruption6.56.2$0-$1k$0-$1kNot DefinedOfficial Fix0.03CVE-2016-9115
9IBM UrbanCode Deploy cross site scripting5.45.2$5k-$10k$0-$1kNot DefinedOfficial Fix0.00CVE-2016-2994
10Linux Kernel Kernel Profiling Subsystem ring_buffer.c ring_buffer_resize integer overflow7.87.5$10k-$25k$0-$1kNot DefinedOfficial Fix0.00CVE-2016-9754
11Encrypt4all Advanced Desktop Locker privileges management4.44.1$1k-$2k$0-$1kFunctionalNot Defined0.07
12GeniXCMS register.php sql injection8.58.2$2k-$5k$0-$1kNot DefinedOfficial Fix0.04CVE-2017-5574
13Avast Premier Self-Protection access control6.06.0$1k-$2k$0-$1kNot DefinedNot Defined0.04CVE-2017-5567
14IBM Informix Open Admin Tool improper authorization8.58.2$10k-$25k$0-$1kHighOfficial Fix0.06CVE-2017-1092
15Alienvault OSSIM/USM Widget access control9.88.8$2k-$5k$0-$1kProof-of-ConceptOfficial Fix0.02CVE-2016-8580
16Cms-center Simple Web Cms page.php sql injection7.37.1$2k-$5k$0-$1kFunctionalNot Defined0.04CVE-2007-0093
17Apache CXF Fediz Plugins cross-site request forgery6.56.2$5k-$10k$0-$1kNot DefinedOfficial Fix0.06CVE-2017-7661
18GLPI autoload.function.php getItemForItemtype path traversal7.37.0$2k-$5k$0-$1kNot DefinedOfficial Fix0.00CVE-2014-8360
19Schneider Electric SoMachine HVAC DLL Loader access control7.57.5$2k-$5k$0-$1kNot DefinedNot Defined0.04CVE-2017-7966
20radare2 DEX File config.c r_config_set use after free4.44.1$0-$1k$0-$1kNot DefinedNot Defined0.05CVE-2017-9520

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Snake

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameCampaignsConfidence
131.170.161.136cpl02.main-hosting.euSnakeHigh
231.170.164.249ns4.hostinger.comSnakeHigh
359.125.160.17859-125-160-178.hinet-ip.hinet.netSnakeHigh
4XX.XXX.XXX.XXXxxxxxxxxx.xxxx.x-xxxxxxxxx.xxXxxxxHigh
5XX.XXX.XX.XXXXxxxxHigh

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79Cross Site ScriptingHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegesHigh
3T1499CWE-400Resource ConsumptionHigh
4TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxHigh

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/lists/admin/High
2Fileconvert.cMedium
3Fileinc/autoload.function.phpHigh
4Filexxxxxx/xxxxx/xxxx_xxxxxx.xHigh
5Filexxxx/xxxxxx/xxxxxx.xHigh
6Filexxxx.xxxMedium
7Filexxxxxxxx.xxxMedium
8Filexxxxxxxxxxxx.xxHigh
9Filexxxxxxxx/xxxxxxxxxx.xHigh
10Filexx-xxxxx/xxxx-xxx.xxxHigh
11ArgumentxxxxxxxxxxMedium
12ArgumentxxLow
13ArgumentxxxxxxxxMedium
14Argumentxxxxxx_xxxx_xxxxHigh
15Argumentxxx_xxxxxxxxx_xxxxxxx_xxxxHigh
16Input Value.._Low

References (1)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!