Sofacy Analysis

IOB - Indicator of Behavior (160)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en144
de12
zh2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us62
ch44
tr6
cn6
ar2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Drupal6
Linux Kernel6
LG Mobile Devices6
WordPress4
Webmin4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Backdoor.Win32.Tiny.c Service Port 7778 backdoor7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.04
2Linux Kernel NILFS File System inode.c security_inode_alloc use after free8.38.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2022-2978
3SourceCodester Simple and Nice Shopping Cart Script profile.php unrestricted upload6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000980.03CVE-2022-2909
4Crow HTTP Pipelining use after free8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.007910.04CVE-2022-38667
5mySCADA myPRO command injection9.29.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001050.03CVE-2022-2234
6GNU Bash Environment Variable variables.c Shellshock os command injection9.89.6$25k-$100k$0-$5kHighOfficial Fix0.975590.00CVE-2014-6271
7WordPress Editor information disclosure4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.006560.04CVE-2021-29450
8AnyMacro AnyMacro Mail System path traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002480.00CVE-2011-2468
9phpMyAdmin Configuration File setup.php code injection7.37.0$5k-$25k$0-$5kHighOfficial Fix0.799390.05CVE-2009-1151
10WordPress class-wp-customize-widgets.php privileges management7.36.4$5k-$25k$0-$5kUnprovenOfficial Fix0.071580.03CVE-2014-5203
11Zeus Zeus Web Server memory corruption10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.193770.00CVE-2010-0359
12Ruijie RG-UAC commit.php os command injection4.74.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.03CVE-2024-4504
13OpenSSL c_rehash os command injection5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.106490.07CVE-2022-1292
14Tenda AX1803 getIptvInfo stack-based overflow7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.000870.02CVE-2023-51969
15ownCloud graphapi GetPhpInfo.php information disclosure7.67.5$0-$5k$0-$5kHighOfficial Fix0.867370.00CVE-2023-49103
16Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.006680.03CVE-2022-27228
17Git Plugin Build authorization6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.011560.06CVE-2022-36883
18Cisco RV340/RV340W/RV345/RV345P unrestricted upload7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.340030.03CVE-2023-20073
19Microsoft Word wwlib Remote Code Execution8.07.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.453520.03CVE-2023-21716
20ampache sql injection5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000720.00CVE-2023-0771

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (82)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.procmailrcpredictiveMedium
2File/dashboard/updatelogo.phppredictiveHigh
3File/etc/openshift/server_priv.pempredictiveHigh
4File/files.md5predictiveMedium
5File/index.phppredictiveMedium
6File/info/headerspredictiveHigh
7File/mkshop/Men/profile.phppredictiveHigh
8File/Noxen-master/users.phppredictiveHigh
9File/uncpath/predictiveMedium
10File/xxxx/xxxxxxxx/xxxxxxxxxx/xxxxxx.xxxpredictiveHigh
11Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
12Filexxxxxxx/xxxx.xxxpredictiveHigh
13Filexxxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
15Filexx/xxxxxx_xxx.xxxpredictiveHigh
16Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
17Filexxx.xxx?xxx=xxxxx_xxxxpredictiveHigh
18Filexxxxxxxx/xxxxpredictiveHigh
19Filex_xxxxxxpredictiveMedium
20Filexx.xpredictiveLow
21Filexxxxx.xxxpredictiveMedium
22Filexxxxxxxxxx.xxxpredictiveHigh
23Filexxxxxx.xpredictiveMedium
24Filexxxxxxxx.xxxpredictiveMedium
25Filexxxxxxxxxx.xxxpredictiveHigh
26Filexxxx_xxxx.xpredictiveMedium
27Filexxxxx.xxxpredictiveMedium
28Filexxxxxx.xxxpredictiveMedium
29Filexxxxx.xpredictiveLow
30Filexxxxxxxxxx.xxxpredictiveHigh
31Filexxxxx_xxxxxxx.xxxpredictiveHigh
32Filexxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxxpredictiveHigh
33Filexxxx.xxxpredictiveMedium
34Filexxxxx.xxxpredictiveMedium
35Filexxxxx/xxxxx-xxxx-xxxxxxxx.xxxpredictiveHigh
36Filexxxx.xxx.xxxxxxxxxxpredictiveHigh
37Filexxxxxxxxx/xxxxx/xxxxxx.xxxxpredictiveHigh
38Filexxxxxx/xxxx.xxxpredictiveHigh
39Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
40Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
41Filexxxxxxxxx.xpredictiveMedium
42Filexxxxxxx.xxxpredictiveMedium
43Filexx-xxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxx.xxxpredictiveHigh
44Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
45Filexxxxxx.xxxpredictiveMedium
46Filexx_xxxxxxx.xpredictiveMedium
47Libraryxxxxxxxxx/xxx-xxxxxx/xxxxxxxx.xxxpredictiveHigh
48Libraryxxxxx.xxxpredictiveMedium
49ArgumentxxxxpredictiveLow
50ArgumentxxxxxxxxxpredictiveMedium
51Argumentxxxx/xxxxpredictiveMedium
52Argumentxxxxxx_xxxx_xxxxxxxxpredictiveHigh
53ArgumentxxxxpredictiveLow
54Argumentxxx_xxxx/xxx_xxxxxxxpredictiveHigh
55ArgumentxxxxxxpredictiveLow
56ArgumentxxxxxxxxxxxpredictiveMedium
57Argumentxxxx_xxpredictiveLow
58ArgumentxxxxpredictiveLow
59Argumentxxx_xxpredictiveLow
60ArgumentxxxxxxxxpredictiveMedium
61Argumentxxxxxxx[xxxxx]/xxxxxxx[xxxxxxxxxxx]predictiveHigh
62Argumentxxxx_xxxxpredictiveMedium
63Argumentxxxx_xx/xxxxx_xxpredictiveHigh
64ArgumentxxxxxxpredictiveLow
65ArgumentxxxxxxxxxxxxpredictiveMedium
66ArgumentxxxxxxpredictiveLow
67Argumentxxxxxx_xxpredictiveMedium
68ArgumentxxxxxpredictiveLow
69ArgumentxxxxpredictiveLow
70Argumentxxxxxx_xxpredictiveMedium
71ArgumentxxxpredictiveLow
72ArgumentxxxxxxxxpredictiveMedium
73ArgumentxxxxxxxpredictiveLow
74ArgumentxxxxpredictiveLow
75Argumentxxxxx/xxxxxpredictiveMedium
76Argument_xxxxpredictiveLow
77Input Value"><xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveHigh
78Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
79Input Valuexxx=/&xxxpredictiveMedium
80Pattern() {predictiveLow
81Network Portxxx/xxxx (xxx)predictiveHigh
82Network Portxxx/xxxxpredictiveMedium

References (6)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!