South Asia Unknown Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (115)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en102
es4
de4
ja2
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA70
RU: Russia8
GB: Great Britain6
TR: Turkey4
DE: Germany4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Patchwork6
Hackers-for-Hire4
AsyncRAT3
Cobalt Strike3
Meterpreter3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined48
Content Management System18
Router Operating System6
Database Administration Software4
Web Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined44
Apache6
Aruba4
Alan Ward4
Google2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress8
phpMyAdmin4
Apache HTTP Server4
Alan Ward A-CART4
Google Chrome2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Secomea GateManager insufficient privileges5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.03CVE-2022-25782
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
3Alt-N MDaemon Worldclient injection4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.09CVE-2021-27182
4TP-LINK TL-WR940N PingIframeRpm.htm ipAddrDispose memory corruption7.57.3$0-$5k$0-$5kProof-of-ConceptWorkaround0.054510.00CVE-2019-6989
5Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.09CVE-2017-0055
6Danfoss AK-EM100 os command injection9.39.2$0-$5k$0-$5kNot DefinedNot Defined0.001600.04CVE-2023-25911
7GPAC mpd.c gf_mpd_parse_string memory leak4.54.5$0-$5k$0-$5kNot DefinedNot Defined0.000440.00CVE-2023-48039
8Trellix ePolicy Orchestrator URL Parameter redirect4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000480.05CVE-2023-5445
9ethyca Fides weak prng7.97.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000880.00CVE-2023-48224
10Totolink X6000R sub_4155DC command injection7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.004320.00CVE-2023-46413
11Oracle Siebel CRM EAI Open UI denial of service7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.001050.00CVE-2023-1370
12D-Link DIR-820L permission7.67.5$5k-$25k$5k-$25kNot DefinedNot Defined0.003340.00CVE-2023-44809
13Apache Airflow DAG information disclosure5.04.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000590.00CVE-2023-42663
14MediaTek MT6885 Video out-of-bounds write5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2023-32821
15Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009367.03CVE-2020-15906
16Joomla CMS gmail.php information disclosure3.33.3$5k-$25k$0-$5kNot DefinedNot Defined0.000000.05
17Joomla CMS GMail Authentication access control5.34.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.004650.04CVE-2014-7984
18TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010752.25CVE-2006-6168
19PHP PHAR phar_dir_read buffer overflow8.28.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000930.05CVE-2023-3824
20Zammad excessive authentication6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.002010.04CVE-2022-35490

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
123.82.19.250South Asia Unknown08/10/2022verifiedHigh
245.89.175.206South Asia Unknown08/10/2022verifiedHigh
345.138.172.54South Asia Unknown08/10/2022verifiedHigh
469.175.35.9898.35.175.69.unassigned.ord.singlehop.netSouth Asia Unknown08/10/2022verifiedHigh
5XX.XX.XXX.XXXxxxx.xxxxxx.xxXxxxx Xxxx Xxxxxxx06/01/2021verifiedLow
6XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxx-xxxXxxxx Xxxx Xxxxxxx06/01/2021verifiedLow
7XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxx-xxxXxxxx Xxxx Xxxxxxx06/01/2021verifiedLow
8XXX.XXX.XX.XXXxxxxx.xx-xxx-xxx-xx.xxxXxxxx Xxxx Xxxxxxx08/10/2022verifiedHigh
9XXX.XX.XX.XXXxxxx Xxxx Xxxxxxx08/10/2022verifiedHigh
10XXX.XXX.XX.XXXxxxx Xxxx Xxxxxxx06/01/2021verifiedLow
11XXX.XXX.XXX.XXxxxxxxx.xxxxxxxxxx.xxxXxxxx Xxxx Xxxxxxx08/10/2022verifiedHigh
12XXX.XX.XX.XXxx-xx-xx.xxxxxxxx.xxXxxxx Xxxx Xxxxxxx06/01/2021verifiedLow
13XXX.XXX.XXX.XXxxxx Xxxx Xxxxxxx06/01/2021verifiedLow
14XXX.XXX.XXX.Xxxx.xxx.xxx.x.xxxxxxxxx-xxxXxxxx Xxxx Xxxxxxx06/01/2021verifiedLow
15XXX.XX.XX.XXxxx.xx.xx.xx.xxxxxxxxx-xxxXxxxx Xxxx Xxxxxxx06/01/2021verifiedLow
16XXX.XX.XX.XXXXxxxx Xxxx Xxxxxxx08/10/2022verifiedHigh
17XXX.XXX.XX.XXXxxxx Xxxx Xxxxxxx08/10/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (73)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/EXCU_SHELLpredictiveMedium
2File/my_photo_gallery/image.phppredictiveHigh
3File/phppath/phppredictiveMedium
4File/real-estate-script/search_property.phppredictiveHigh
5File/reps/classes/Users.php?f=delete_agentpredictiveHigh
6File/uncpath/predictiveMedium
7FileAdmin/edit-admin.phppredictiveHigh
8Fileapp/topic/action/admin/topic.phppredictiveHigh
9Filecategory.asppredictiveMedium
10Filexxxxxxxx.xxxpredictiveMedium
11Filexxxxxxxxxx_xxxxx.xxxpredictiveHigh
12Filexxxxxxx/xxxx@/xxxxx/xxxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
13Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxxxx.xxxpredictiveMedium
15Filexxxxxxx.xxxxx.xxxpredictiveHigh
16Filexxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
17Filexxxxx_xxx_xxxxx.xxxpredictiveHigh
18Filexxxxxxxxx.xxxpredictiveHigh
19Filexxxxxxx.xxxpredictiveMedium
20Filexxxxx.xxxpredictiveMedium
21Filexxxx/xxxx/xxxxxxx/xxx/xxxxxxxxxxxxxx.xxxx.xxxpredictiveHigh
22Filexxxx/xxxxxxx.xxxpredictiveHigh
23Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
26Filexxxx_xxxx.xxxpredictiveHigh
27Filexxxxx_xxxxx/xxx.xpredictiveHigh
28Filexxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxxx.xpredictiveHigh
29Filexxx_xxxx_xxxxx.xpredictiveHigh
30Filexxxxxxx.xxxpredictiveMedium
31Filexxxxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxxxxxxxxxx.xxxpredictiveHigh
33Filexxxxxxxxxx.xxxpredictiveHigh
34Filexxxx.xxxpredictiveMedium
35Filexxxxxxxxx.xxxpredictiveHigh
36Filexxxxxxxxx_xxxpredictiveHigh
37Filexxxx-xxxxx.xxxpredictiveHigh
38Filexxxx-xxxxxxxx.xxxpredictiveHigh
39Filexxxx_xxxxxx.xxxpredictiveHigh
40Filexxxxx.xpredictiveLow
41Filexxxxx/xxxxx.xxpredictiveHigh
42Filexxxxxxx/xxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
43Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
44ArgumentxxxxxxxpredictiveLow
45Argumentxxx_xxxxx_xxxxpredictiveHigh
46ArgumentxxxxxxxpredictiveLow
47Argumentxxx_xxpredictiveLow
48Argumentxxxx_xxpredictiveLow
49ArgumentxxxxxpredictiveLow
50ArgumentxxpredictiveLow
51ArgumentxxxpredictiveLow
52ArgumentxxxxxpredictiveLow
53ArgumentxxxxxxxxxpredictiveMedium
54Argumentxxxxxxxx_xxxpredictiveMedium
55ArgumentxxxxxxxxpredictiveMedium
56ArgumentxxxpredictiveLow
57Argumentxxxxxxxx_xxxpredictiveMedium
58Argumentxxx_xxxxpredictiveMedium
59ArgumentxxxxpredictiveLow
60ArgumentxxxxxxxpredictiveLow
61ArgumentxxxxxxpredictiveLow
62Argumentxxxxx_xxxpredictiveMedium
63Argumentxxxxx_xxxxpredictiveMedium
64ArgumentxxxxxpredictiveLow
65ArgumentxxxxxxxxpredictiveMedium
66Argumentxxxx->xxxxxxxpredictiveHigh
67Argument_xxxxpredictiveLow
68Input Value%xxpredictiveLow
69Input Value.%xx.../.%xx.../predictiveHigh
70Input Value../predictiveLow
71Input Valuexxx xxxxxxxxpredictiveMedium
72Input Valuex xxxxx xxx xxxxxx xxxx,xxxx,xxxx,xxxx,xxxxxx(xxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxx)--predictiveHigh
73Network Portxxx/xx (xxxxxx)predictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!