Sofacy Analysis

IOB - Indicator of Behavior (151)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en136
de14
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us48
ch44
tr10
cn6
co2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress12
phpMyAdmin6
Microsoft Windows4
Drupal4
Citrix Gateway Plug-in2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Backdoor.Win32.Tiny.c Service Port 7778 backdoor7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.010.00000
2Linux Kernel NILFS File System inode.c security_inode_alloc use after free8.38.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.040.01404CVE-2022-2978
3SourceCodester Simple and Nice Shopping Cart Script profile.php unrestricted upload6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00885CVE-2022-2909
4Crow HTTP Pipelining use after free8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.02509CVE-2022-38667
5mySCADA myPRO command injection9.29.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2022-2234
6GNU Bash Environment Variable variables.c Shellshock os command injection9.89.3$100k and more$0-$5kHighOfficial Fix0.000.96235CVE-2014-6271
7WordPress Editor information disclosure4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.080.00950CVE-2021-29450
8AnyMacro AnyMacro Mail System path traversal5.35.3$0-$5kCalculatingNot DefinedNot Defined0.020.01213CVE-2011-2468
9phpMyAdmin Configuration File setup.php code injection7.37.0$5k-$25k$0-$5kHighOfficial Fix0.020.86435CVE-2009-1151
10WordPress class-wp-customize-widgets.php privileges management7.36.4$5k-$25k$0-$5kUnprovenOfficial Fix0.030.06523CVE-2014-5203
11Zeus Zeus Web Server memory corruption10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.35205CVE-2010-0359
12x-text Language Tag out-of-bounds5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.270.01018CVE-2021-38561
13WordPress Pingback server-side request forgery5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined1.490.00885CVE-2022-3590
14Telepad missing authentication7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.080.01156CVE-2022-45477
15FreeBSD Ping pr_pack stack-based overflow7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00000CVE-2022-23093
16Red Hat OpenShift server_priv.pem default permission4.54.5$5k-$25k$5k-$25kNot DefinedNot Defined0.040.00885CVE-2013-4281
17Linux Kernel NTFS3 Subsystem cleanup7.07.0$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00885CVE-2022-3238
18Microsoft Windows Mark of the Web unknown vulnerability5.45.1$25k-$100k$5k-$25kFunctionalOfficial Fix0.080.09127CVE-2022-41049
19Drupal Database Abstraction API expandArguments sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.040.93531CVE-2014-3704
20SQLite ALTER TABLE memory corruption8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.050.00885CVE-2020-35527

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (77)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.procmailrcpredictiveMedium
2File/dashboard/updatelogo.phppredictiveHigh
3File/etc/openshift/server_priv.pempredictiveHigh
4File/files.md5predictiveMedium
5File/index.phppredictiveMedium
6File/info/headerspredictiveHigh
7File/mkshop/Men/profile.phppredictiveHigh
8File/Noxen-master/users.phppredictiveHigh
9File/uncpath/predictiveMedium
10Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
11Filexxxxxxx/xxxx.xxxpredictiveHigh
12Filexxxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
14Filexx/xxxxxx_xxx.xxxpredictiveHigh
15Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
16Filexxx.xxx?xxx=xxxxx_xxxxpredictiveHigh
17Filexxxxxxxx/xxxxpredictiveHigh
18Filexx.xpredictiveLow
19Filexxxxx.xxxpredictiveMedium
20Filexxxxxxxxxx.xxxpredictiveHigh
21Filexxxxxx.xpredictiveMedium
22Filexxxxxxxx.xxxpredictiveMedium
23Filexxxx_xxxx.xpredictiveMedium
24Filexxxxx.xxxpredictiveMedium
25Filexxxxxx.xxxpredictiveMedium
26Filexxxxx.xpredictiveLow
27Filexxxxxxxxxx.xxxpredictiveHigh
28Filexxxxx_xxxxxxx.xxxpredictiveHigh
29Filexxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxxpredictiveHigh
30Filexxxx.xxxpredictiveMedium
31Filexxxxx.xxxpredictiveMedium
32Filexxxxx/xxxxx-xxxx-xxxxxxxx.xxxpredictiveHigh
33Filexxxx.xxx.xxxxxxxxxxpredictiveHigh
34Filexxxxxxxxx/xxxxx/xxxxxx.xxxxpredictiveHigh
35Filexxxxxx/xxxx.xxxpredictiveHigh
36Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
37Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
38Filexxxxxxxxx.xpredictiveMedium
39Filexxxxxxx.xxxpredictiveMedium
40Filexx-xxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxx.xxxpredictiveHigh
41Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
42Filexxxxxx.xxxpredictiveMedium
43Filexx_xxxxxxx.xpredictiveMedium
44Libraryxxxxxxxxx/xxx-xxxxxx/xxxxxxxx.xxxpredictiveHigh
45Libraryxxxxx.xxxpredictiveMedium
46ArgumentxxxxpredictiveLow
47ArgumentxxxxxxxxxpredictiveMedium
48Argumentxxxx/xxxxpredictiveMedium
49Argumentxxxxxx_xxxx_xxxxxxxxpredictiveHigh
50ArgumentxxxxpredictiveLow
51Argumentxxx_xxxx/xxx_xxxxxxxpredictiveHigh
52ArgumentxxxxxxpredictiveLow
53ArgumentxxxxxxxxxxxpredictiveMedium
54Argumentxxxx_xxpredictiveLow
55ArgumentxxxxpredictiveLow
56Argumentxxx_xxpredictiveLow
57ArgumentxxxxxxxxpredictiveMedium
58Argumentxxxxxxx[xxxxx]/xxxxxxx[xxxxxxxxxxx]predictiveHigh
59Argumentxxxx_xxxxpredictiveMedium
60ArgumentxxxxxxpredictiveLow
61ArgumentxxxxxxxxxxxxpredictiveMedium
62ArgumentxxxxxxpredictiveLow
63Argumentxxxxxx_xxpredictiveMedium
64ArgumentxxxxxpredictiveLow
65ArgumentxxxxpredictiveLow
66Argumentxxxxxx_xxpredictiveMedium
67ArgumentxxxpredictiveLow
68ArgumentxxxxxxxxpredictiveMedium
69ArgumentxxxxxxxpredictiveLow
70Argumentxxxxx/xxxxxpredictiveMedium
71Argument_xxxxpredictiveLow
72Input Value"><xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveHigh
73Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
74Input Valuexxx=/&xxxpredictiveMedium
75Pattern() {predictiveLow
76Network Portxxx/xxxx (xxx)predictiveHigh
77Network Portxxx/xxxxpredictiveMedium

References (6)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!