Socks Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (21)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

de	18
en	4

Country

us	18

Actors

TrickBot	1

Activities

Interest

Timeline

Type

Not Defined	12
Software Library	2
Operating System	2
Router Operating System	2
Endpoint Management Software	2

Vendor

Not Defined	6
Intel	6
Linux	2
D-Link	2
Blue Prism	2

Product

Intel Advanced Threat Defense	4
Go SSH Library	2
Linux Kernel	2
D-Link DIR-816 A2	2
OpenDaylight Plugin	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	HashiCorp Vault/Vault Enterprise access control	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00161	CVE-2022-36129
2	Blue Prism Enterprise access control	4.7	4.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00082	CVE-2022-36117
3	Devolutions SERVER Password List Entry access control	5.5	5.3	$0-$5k	Calculating	Not Defined	Official Fix	0.00	0.00168	CVE-2021-23921
4	D-Link DIR-816 A2 dir_setWanWifi command injection	6.3	6.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00	0.00559	CVE-2021-26810
5	Django django.views.static.serve redirect	6.2	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00160	CVE-2017-7234
6	Xen Memory access control	6.9	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.00101	CVE-2017-7228
7	Riverbed RIOS Bootloader access control	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00	0.00062	CVE-2017-7305
8	Riverbed RIOS Single-User Mode cli access control	6.7	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00077	CVE-2017-7307
9	OpenDaylight Plugin SDN Topology input validation	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00338	CVE-2015-1612
10	OpenDaylight Plugin SDN Topology input validation	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00288	CVE-2015-1611
11	Horde Groupware Webmail Edition Horde_Crypt command injection	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.94773	CVE-2017-7413
12	Go SSH Library Host Key key management	7.7	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00237	CVE-2017-3204
13	Linux Kernel Filesystem policy.c fscrypt_process_policy access control	5.4	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00181	CVE-2016-10318
14	Intel Advanced Threat Defense Malware Detection 7pk security	6.4	6.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00	0.00061	CVE-2015-8986
15	McAfee Advanced Threat Defense Malware Detection data authenticity	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00117	CVE-2016-3983
16	McAfee Vulnerability Manager Enterprise Manager cross-site request forgery	8.8	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00086	CVE-2016-2199
17	Intel McAfee Vulnerability Manager Enterprise Manager Password cryptographic issues	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00070	CVE-2015-8989
18	Intel McAfee Email Gateway File Extension Filter access control	6.9	6.6	$5k-$25k	Calculating	Not Defined	Official Fix	0.00	0.00054	CVE-2016-8005
19	Intel McAfee Host Intrusion Prevention Services Registry Key access control	5.7	5.4	$5k-$25k	Calculating	Not Defined	Official Fix	0.00	0.00044	CVE-2016-8007
20	Intel Advanced Threat Defense ATD Detection 7pk security	7.4	7.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00	0.00096	CVE-2015-8990

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	23.20.239.12	ec2-23-20-239-12.compute-1.amazonaws.com	Socks	05/05/2022	verified	Medium
2	XXX.XX.XXX.XXX	x-xxxx.x-xxxxxx.xxx	Xxxxx	05/05/2022	verified	High
3	XXX.XXX.XX.XXX	xxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxx	Xxxxx	04/29/2022	verified	High

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1068	CWE-264, CWE-284	Execution with Unnecessary Privileges	predictive	High
2	T1202	CWE-77	Command Shell in Externally Accessible Directory	predictive	High
3	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
4	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
6	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High
7	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	High

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/goform/dir_setWanWifi	predictive	High
2	File	/xxx/xxx/xxx/xxx	predictive	High
3	File	xx/xxxxxx/xxxxxx.x	predictive	High
4	Argument	xxxxxxxxxxxxxxxxxxxx	predictive	High

References (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Might our Artificial Intelligence support you?

Check our Alexa App!