Sodinokibi Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en73
de1
zh1
es1
fr1

Country

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Debian fuse Package cuse access control7.87.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2016-1233
2HPE Ezmeral Data Fabric TEZ MapR Ecosystem access control6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-29215
3nginx ngx_http_mp4_module information disclosure4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2018-16845
4SonarQube values missing encryption5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-27986
5Bitnami Docker Container .env random values3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-21979
6PHP addcslashe numeric error8.57.4$25k-$100k$0-$5kUnprovenOfficial Fix0.04CVE-2016-4344
7Sophos XG Firewall HTTPS Bookmark buffer overflow8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-15069
8Marvin Minsky Universal Turing Machine input validation4.64.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.00CVE-2021-32471
9Sophos Cyberoam Firewall SSL VPN Console injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2019-17059
10Apple iCloud WebKit Universal cross site scriting4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-9925
11njs njs_value.c njs_value_property input validation5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-24349
12PHP mysqlnd_wireprotocol.c php_mysqlnd_rset_header_read information disclosure5.35.3$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2010-3062
13njs njs_json.c njs_json_stringify_iterator out-of-bounds read5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2020-24348
14Apple iTunes ImageIO memory corruption6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-9876
15Microsoft Windows Work Folders Service privileges management7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2020-1470
16TinyMCE Core Parser/Paste Plugin/Visualchars Plugin cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-17480
17Microsoft Internet Explorer MSHTML Engine input validation7.16.8$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-1567
18Microsoft Edge/ChakraCore Scripting Engine memory corruption7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.03CVE-2020-1555
19Oracle Java SE JSSE information disclosure3.73.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-14577
20Oracle Java SE Hotspot unknown vulnerability3.73.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-14573

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/dev/cuseMedium
2File/dev/snd/seqMedium
3File/tmp/app/.envHigh
4File/usr/local/WowzaStreamingEngine/bin/High
5Filexxx/xxxxxxxx/xxxxxxHigh
6Filexxxx/xxxxxxxxxxxxxxx.xxxHigh
7Filexxxxxxx.xxxMedium
8Filexxxxxxx.xxxxMedium
9Filexx/xxxxx.xMedium
10Filexxxxxxx.xMedium
11Filexxxxx.xxMedium
12Filexxxxxxx_xxxxxxxxxxxx.xHigh
13Filexxxx.xLow
14Filexxx_xxxxx.xMedium
15Filexxx_xxxx.xMedium
16Filexxx_xxxxx.xMedium
17Filexxxxxx/xxxxxxxxxxxxxxxxx.xxHigh
18Filexxxx-xxxxxx.xHigh
19Filexxxxxxxxx_xxxHigh
20Filexxxx/xxx/xxxx-xxxxx.xxxHigh
21Argumentxxx_xxxLow
22ArgumentxxxxxxxxxxxxxxHigh
23ArgumentxxxxxxLow
24Input Value.%xx.../.%xx.../High
25Input Valuexxxxx/xxxxxxxxHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!