Socks Analysis

IOB - Indicator of Behavior (21)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

de20
en2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us22

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Intel Advanced Threat Defense4
Linux Kernel2
Intel McAfee Vulnerability Manager2
McAfee Advanced Threat Defense2
D-Link DIR-816 A22

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1HashiCorp Vault/Vault Enterprise access control7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00954CVE-2022-36129
2Blue Prism Enterprise access control4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.040.00890CVE-2022-36117
3Devolutions SERVER Password List Entry access control5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2021-23921
4D-Link DIR-816 A2 dir_setWanWifi command injection6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000.01055CVE-2021-26810
5Django django.views.static.serve redirect6.26.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01018CVE-2017-7234
6Xen Memory access control6.96.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.080.02685CVE-2017-7228
7Riverbed RIOS Bootloader access control4.44.4$0-$5k$0-$5kNot DefinedUnavailable0.070.00885CVE-2017-7305
8Riverbed RIOS Single-User Mode cli access control6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00885CVE-2017-7307
9OpenDaylight Plugin SDN Topology input validation7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.070.01319CVE-2015-1612
10OpenDaylight Plugin SDN Topology input validation7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.040.01319CVE-2015-1611
11Horde Groupware Webmail Edition Horde_Crypt command injection7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.080.02055CVE-2017-7413
12Go SSH Library Host Key key management7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.080.01018CVE-2017-3204
13Linux Kernel Filesystem policy.c fscrypt_process_policy access control5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.080.00950CVE-2016-10318
14Intel Advanced Threat Defense Malware Detection 7pk security6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.080.00885CVE-2015-8986
15McAfee Advanced Threat Defense Malware Detection data authenticity7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.080.01055CVE-2016-3983
16McAfee Vulnerability Manager Enterprise Manager cross-site request forgery8.88.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01055CVE-2016-2199
17Intel McAfee Vulnerability Manager Enterprise Manager Password cryptographic issues7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.080.00885CVE-2015-8989
18Intel McAfee Email Gateway File Extension Filter access control6.96.6$5k-$25kCalculatingNot DefinedOfficial Fix0.040.00885CVE-2016-8005
19Intel McAfee Host Intrusion Prevention Services Registry Key access control5.75.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.080.01404CVE-2016-8007
20Intel Advanced Threat Defense ATD Detection 7pk security7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.080.00885CVE-2015-8990

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
123.20.239.12ec2-23-20-239-12.compute-1.amazonaws.comSocksverifiedMedium
2XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxxverifiedHigh
3XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1068CWE-264, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
2T1202CWE-77Command InjectionpredictiveHigh
3TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
4TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/goform/dir_setWanWifipredictiveHigh
2File/xxx/xxx/xxx/xxxpredictiveHigh
3Filexx/xxxxxx/xxxxxx.xpredictiveHigh
4ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!