Sodinokibi Analysis

IOB - Indicator of Behavior (88)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en78
fr2
zh2
pl2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows10
Google Chrome4
SonicWALL Firewall2
Marvin Minsky Universal Turing Machine2
Fail2ban2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.260.01213CVE-2008-5928
2Debian fuse Package cuse access control7.87.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2016-1233
3LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable1.260.00000
4OpenX adclick.php redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.400.01213CVE-2014-2230
5Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix1.740.00954CVE-2015-5911
6SAP 3D Visual Enterprise Viewer GIF File denial of service3.83.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2021-27593
7Apple macOS IOMobileFrameBuffer memory corruption7.87.2$5k-$25k$0-$5kFunctionalOfficial Fix0.010.01843CVE-2022-22587
8Apple iOS/iPadOS IOMobileFrameBuffer memory corruption7.87.2$25k-$100k$5k-$25kFunctionalOfficial Fix0.070.01843CVE-2022-22587
9Apple Safari WebKit resource management7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.03870CVE-2014-4452
10HPE Ezmeral Data Fabric TEZ MapR Ecosystem access control6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2021-29215
11nginx ngx_http_mp4_module information disclosure4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.030.04714CVE-2018-16845
12SonarQube values missing encryption5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000.16531CVE-2020-27986
13Bitnami Docker Container .env random values3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2021-21979
14PHP addcslashe numeric error8.58.1$5k-$25k$0-$5kUnprovenOfficial Fix0.030.01136CVE-2016-4344
15Sophos XG Firewall HTTPS Bookmark buffer overflow8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01156CVE-2020-15069
16Marvin Minsky Universal Turing Machine input validation4.64.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.02683CVE-2021-32471
17Sophos Cyberoam Firewall SSL VPN Console injection8.58.2$0-$5kCalculatingNot DefinedOfficial Fix0.000.01136CVE-2019-17059
18Apple iCloud WebKit Universal cross site scripting4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01108CVE-2020-9925
19njs njs_value.c njs_value_property input validation5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00890CVE-2020-24349
20PHP mysqlnd_wireprotocol.c php_mysqlnd_rset_header_read information disclosure5.35.3$5k-$25k$0-$5kNot DefinedNot Defined0.030.01319CVE-2010-3062

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
146.30.215.77webcluster1.webpod6-cph3.one.comSodinokibiverifiedHigh
246.45.134.70server-46.45.134.70.as42926.netSodinokibiverifiedHigh
350.116.71.86box6146.bluehost.comSodinokibiverifiedHigh
452.9.200.151www.drvoip.comSodinokibiverifiedHigh
552.28.116.69ec2-52-28-116-69.eu-central-1.compute.amazonaws.comSodinokibiverifiedMedium
6XX.XXX.XX.XXxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
7XX.XXX.X.XXxxx-xx-xxx-x-xx.xxxxxxx.xxxx-xxxxxxx-xxxxx.xxxXxxxxxxxxxverifiedHigh
8XX.XXX.XX.XXXXxxxxxxxxxverifiedHigh
9XX.XX.XXX.XXXxxxxxxxxxx.xxxxxxx.xxx.xxxXxxxxxxxxxverifiedHigh
10XXX.XXX.XX.XXxx-xxx-xxx-xx-xx.xx.xxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
11XXX.XX.XXX.XXXxx-xxx-xx-xxx-xxx.xxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
12XXX.XXX.XXX.XXxxxxxx.xxxx.xxXxxxxxxxxxverifiedHigh
13XXX.XXX.XXX.XXXxxxx.xxxxxxxxxxxxxxxx.xxXxxxxxxxxxverifiedHigh
14XXX.XXX.XX.XXxxxxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
15XXX.XX.X.XXXxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
16XXX.XXX.XX.XXXxxxxxx.xxxxxxxxxxxx.xxXxxxxxxxxxverifiedHigh
17XXX.XXX.XXX.XXxx-xxx-xxx-xxx-xx.xxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
18XXX.XXX.XX.XXXxxxxxxxxxx.xxxxxxx.xxx.xxxXxxxxxxxxxverifiedHigh
19XXX.XXX.XX.XXXxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
20XXX.XX.XXX.XXxxxx.xxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
21XXX.XXX.XXX.XXxxxxx-xx.xxxxxxxx.xxxXxxxxxxxxxverifiedHigh
22XXX.XX.XXX.XXXxx-xxx-xx-xxx-xxx.xx.xxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
23XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
24XXX.XXX.XX.Xxxxxxxxxxx.xxx.xxxXxxxxxxxxxverifiedHigh
25XXX.XXX.XX.XXxxxxxxxxxx.xxx.xxxXxxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/dev/cusepredictiveMedium
2File/dev/snd/seqpredictiveMedium
3File/forum/away.phppredictiveHigh
4File/tmp/app/.envpredictiveHigh
5File/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx/xxx/predictiveHigh
6Filexxxxxxx.xxxpredictiveMedium
7Filexxx/xxxxxxxx/xxxxxxpredictiveHigh
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
9Filexxxxxxx.xxxpredictiveMedium
10Filexxxxxxx.xxxxpredictiveMedium
11Filexx/xxxxx.xpredictiveMedium
12Filexxxxxxx.xpredictiveMedium
13Filexxxxx.xxpredictiveMedium
14Filexxxxxxx_xxxxxxxxxxxx.xpredictiveHigh
15Filexxxx.xpredictiveLow
16Filexxx_xxxxx.xpredictiveMedium
17Filexxx_xxxx.xpredictiveMedium
18Filexxx_xxxxx.xpredictiveMedium
19Filexxxxxx/xxxxxxxxxxxxxxxxx.xxpredictiveHigh
20Filexxxxx.xxxpredictiveMedium
21Filexxxx-xxxxxx.xpredictiveHigh
22Filexxxxxxxxx_xxxpredictiveHigh
23Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
24Argumentxxx_xxxpredictiveLow
25ArgumentxxxxpredictiveLow
26ArgumentxxpredictiveLow
27ArgumentxxxxxxxxxxxxxxpredictiveHigh
28ArgumentxxxxxxpredictiveLow
29Input Value.%xx.../.%xx.../predictiveHigh
30Input Valuexxxxx/xxxxxxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!