South Asia Unknown Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (114)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	96
de	8
es	4
ja	4
ru	2

Country

us	72
ru	8
gb	8
de	4
es	2

Actors

Patchwork	5
Hackers-for-Hire	3
AsyncRAT	3
Cobalt Strike	3
Meterpreter	3

Activities

Interest

Timeline

Type

Not Defined	50
Content Management System	10
Operating System	6
Database Software	4
Programming Language Software	4

Vendor

Not Defined	40
Microsoft	8
Apache	4
IBM	2
Lotfian	2

Product

Microsoft Windows	6
phpMyAdmin	4
WordPress	2
sitepress-multilingual-cms Plugin	2
IBM Tivoli Secureway Policy Director	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	Secomea GateManager insufficient privileges	5.9	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00054	CVE-2022-25782
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
3	Alt-N MDaemon Worldclient injection	4.9	4.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.06	0.00090	CVE-2021-27182
4	TP-LINK TL-WR940N PingIframeRpm.htm ipAddrDispose memory corruption	7.5	7.5	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.02	0.05451	CVE-2019-6989
5	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.04	0.00548	CVE-2017-0055
6	GPAC mpd.c gf_mpd_parse_string memory leak	4.5	4.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00044	CVE-2023-48039
7	Trellix ePolicy Orchestrator URL Parameter redirect	4.8	4.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00048	CVE-2023-5445
8	ethyca Fides weak prng	7.9	7.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00088	CVE-2023-48224
9	Totolink X6000R sub_4155DC command injection	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00200	CVE-2023-46413
10	Oracle Siebel CRM EAI Open UI denial of service	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00094	CVE-2023-1370
11	D-Link DIR-820L permission	7.6	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.02	0.00671	CVE-2023-44809
12	Apache Airflow DAG information disclosure	5.0	4.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00059	CVE-2023-42663
13	MediaTek MT6885 Video out-of-bounds write	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00042	CVE-2023-32821
14	Tiki Admin Password tiki-login.php improper authentication	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	5.49	0.00936	CVE-2020-15906
15	Joomla CMS gmail.php information disclosure	3.3	3.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.02	0.00000
16	Joomla CMS GMail Authentication access control	5.3	4.6	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.00370	CVE-2014-7984
17	TikiWiki tiki-register.php input validation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	10.00	0.01009	CVE-2006-6168
18	PHP PHAR phar_dir_read buffer overflow	8.2	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00126	CVE-2023-3824
19	Zammad excessive authentication	6.7	6.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00201	CVE-2022-35490
20	Debian Linux smokeping smokeping_cgi code	7.3	7.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00	0.00863	CVE-2015-0859

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	23.82.19.250		South Asia Unknown	08/10/2022	verified	High
2	45.89.175.206		South Asia Unknown	08/10/2022	verified	High
3	45.138.172.54		South Asia Unknown	08/10/2022	verified	High
4	69.175.35.98	98.35.175.69.unassigned.ord.singlehop.net	South Asia Unknown	08/10/2022	verified	High
5	XX.XX.XXX.XXX	xxxx.xxxxxx.xx	Xxxxx Xxxx Xxxxxxx	06/01/2021	verified	High
6	XXX.XX.XX.XXX	xxx.xx.xx.xxx.xxxxxxxxx-xxx	Xxxxx Xxxx Xxxxxxx	06/01/2021	verified	High
7	XXX.XX.XX.XXX	xxx.xx.xx.xxx.xxxxxxxxx-xxx	Xxxxx Xxxx Xxxxxxx	06/01/2021	verified	High
8	XXX.XXX.XX.XXX	xxxxx.xx-xxx-xxx-xx.xxx	Xxxxx Xxxx Xxxxxxx	08/10/2022	verified	High
9	XXX.XX.XX.XX		Xxxxx Xxxx Xxxxxxx	08/10/2022	verified	High
10	XXX.XXX.XX.XX		Xxxxx Xxxx Xxxxxxx	06/01/2021	verified	High
11	XXX.XXX.XXX.XX	xxxxxxx.xxxxxxxxxx.xxx	Xxxxx Xxxx Xxxxxxx	08/10/2022	verified	High
12	XXX.XX.XX.XX	xx-xx-xx.xxxxxxxx.xx	Xxxxx Xxxx Xxxxxxx	06/01/2021	verified	High
13	XXX.XXX.XXX.X		Xxxxx Xxxx Xxxxxxx	06/01/2021	verified	High
14	XXX.XXX.XXX.X	xxx.xxx.xxx.x.xxxxxxxxx-xxx	Xxxxx Xxxx Xxxxxxx	06/01/2021	verified	High
15	XXX.XX.XX.XX	xxx.xx.xx.xx.xxxxxxxxx-xxx	Xxxxx Xxxx Xxxxxxx	06/01/2021	verified	High
16	XXX.XX.XX.XXX		Xxxxx Xxxx Xxxxxxx	08/10/2022	verified	High
17	XXX.XXX.XX.XX		Xxxxx Xxxx Xxxxxxx	08/10/2022	verified	High

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CWE-22	Path Traversal	predictive	High
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	High
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	High
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX.XXX	CWE-XXX, CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	High
6	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
8	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
10	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
11	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	High
12	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
13	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High
14	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	High
15	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (73)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/EXCU_SHELL	predictive	Medium
2	File	/my_photo_gallery/image.php	predictive	High
3	File	/phppath/php	predictive	Medium
4	File	/real-estate-script/search_property.php	predictive	High
5	File	/reps/classes/Users.php?f=delete_agent	predictive	High
6	File	/uncpath/	predictive	Medium
7	File	Admin/edit-admin.php	predictive	High
8	File	app/topic/action/admin/topic.php	predictive	High
9	File	category.asp	predictive	Medium
10	File	xxxxxxxx.xxx	predictive	Medium
11	File	xxxxxxxxxx_xxxxx.xxx	predictive	High
12	File	xxxxxxx/xxxx@/xxxxx/xxxxxxxxxx/xxxxxxxx.xxxx	predictive	High
13	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
14	File	xxxxxxx.xxx	predictive	Medium
15	File	xxxxxxx.xxxxx.xxx	predictive	High
16	File	xxxxxxxxx/xxxxxxxxx.xxx	predictive	High
17	File	xxxxx_xxx_xxxxx.xxx	predictive	High
18	File	xxxxxxxxx.xxx	predictive	High
19	File	xxxxxxx.xxx	predictive	Medium
20	File	xxxxx.xxx	predictive	Medium
21	File	xxxx/xxxx/xxxxxxx/xxx/xxxxxxxxxxxxxx.xxxx.xxx	predictive	High
22	File	xxxx/xxxxxxx.xxx	predictive	High
23	File	xxxxxxxx/xxxxx-xx-xxxxxxxxx.xxx	predictive	High
24	File	xxxxx.xxx	predictive	Medium
25	File	xxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx	predictive	High
26	File	xxxx_xxxx.xxx	predictive	High
27	File	xxxxx_xxxxx/xxx.x	predictive	High
28	File	xxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxxx.x	predictive	High
29	File	xxx_xxxx_xxxxx.x	predictive	High
30	File	xxxxxxx.xxx	predictive	Medium
31	File	xxxxxxxxxxxxx.xxx	predictive	High
32	File	xxxxxxxxxxxxxx.xxx	predictive	High
33	File	xxxxxxxxxx.xxx	predictive	High
34	File	xxxx.xxx	predictive	Medium
35	File	xxxxxxxxx.xxx	predictive	High
36	File	xxxxxxxxx_xxx	predictive	High
37	File	xxxx-xxxxx.xxx	predictive	High
38	File	xxxx-xxxxxxxx.xxx	predictive	High
39	File	xxxx_xxxxxx.xxx	predictive	High
40	File	xxxxx.x	predictive	Low
41	File	xxxxx/xxxxx.xx	predictive	High
42	File	xxxxxxx/xxxxxx/xxxxxxxxxxx.xxx	predictive	High
43	File	xx-xxxxxxxx/xxxxxxxxx.xxx	predictive	High
44	Argument	xxxxxxx	predictive	Low
45	Argument	xxx_xxxxx_xxxx	predictive	High
46	Argument	xxxxxxx	predictive	Low
47	Argument	xxx_xx	predictive	Low
48	Argument	xxxx_xx	predictive	Low
49	Argument	xxxxx	predictive	Low
50	Argument	xx	predictive	Low
51	Argument	xxx	predictive	Low
52	Argument	xxxxx	predictive	Low
53	Argument	xxxxxxxxx	predictive	Medium
54	Argument	xxxxxxxx_xxx	predictive	Medium
55	Argument	xxxxxxxx	predictive	Medium
56	Argument	xxx	predictive	Low
57	Argument	xxxxxxxx_xxx	predictive	Medium
58	Argument	xxx_xxxx	predictive	Medium
59	Argument	xxxx	predictive	Low
60	Argument	xxxxxxx	predictive	Low
61	Argument	xxxxxx	predictive	Low
62	Argument	xxxxx_xxx	predictive	Medium
63	Argument	xxxxx_xxxx	predictive	Medium
64	Argument	xxxxx	predictive	Low
65	Argument	xxxxxxxx	predictive	Medium
66	Argument	xxxx->xxxxxxx	predictive	High
67	Argument	_xxxx	predictive	Low
68	Input Value	%xx	predictive	Low
69	Input Value	.%xx.../.%xx.../	predictive	High
70	Input Value	../	predictive	Low
71	Input Value	xxx xxxxxxxx	predictive	Medium
72	Input Value	x xxxxx xxx xxxxxx xxxx,xxxx,xxxx,xxxx,xxxxxx(xxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxx)--	predictive	High
73	Network Port	xxx/xx (xxxxxx)	predictive	High

References (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!