Space Pirates Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (183)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en152
zh12
ja6
es4
sv4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us106
cn64
jp4
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Space Pirates12
Cobalt Strike5
Magniber1
Shuckworm1
PlugX1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined50
Content Management System10
Programming Language Software6
Router Operating System6
Database Administration Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined58
Microsoft4
Cisco4
Tencent4
Apache4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress8
PHP6
phpMyAdmin4
EyouCMS4
Wowza Streaming Engine4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.01847CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.510.00954CVE-2010-0966
3PHP phpinfo cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.140.08985CVE-2006-0996
4WordPress URL Validator redirect6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00995CVE-2018-10101
5WordPress get_the_generator cross site scripting5.25.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01059CVE-2018-10102
6PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix1.590.00917CVE-2007-1287
7Google Chrome V8 Remote Code Execution6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.050.39318CVE-2020-16040
8WordPress Login Page redirect6.26.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01424CVE-2018-10100
9Wondershare Filmora NativePushService unquoted search path6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.060.00052CVE-2023-31747
10Apache RocketMQ Broker path traversal6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00058CVE-2019-17572
11Nfec.de RechnungsZentrale authent.php4 sql injection5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.01513CVE-2006-1954
12Synacor Zimbra Collaboration Suite WebEx Zimlet server-side request forgery8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.050.72496CVE-2020-7796
13Basti2web Book Panel books.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.030.00064CVE-2009-4889
14Genetechsolutions Pie-Register wp-login.php cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00904CVE-2013-4954
15vsftpd deny_file unknown vulnerability3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.070.00312CVE-2015-1419
16DotNetNuke Cookie input validation7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.97064CVE-2017-9822
17Apple Mac OS X Server Profile Manager input validation7.56.5$5k-$25k$0-$5kUnprovenOfficial Fix0.030.02526CVE-2013-0269
18Tigran Abrahamyan PHPEcho CMS Smarty.class.php fetch code injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00635CVE-2008-7034
19Observium Network Monitor rrdtool.inc.php command injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00000
20Harbor improper authentication6.96.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00065CVE-2022-46463

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.76.145.2245.76.145.22.vultrusercontent.comSpace Pirates07/28/2022verifiedHigh
245.77.16.9145.77.16.91.vultrusercontent.comSpace Pirates07/28/2022verifiedHigh
347.108.89.169Space Pirates07/28/2022verifiedHigh
4103.27.109.234Space Pirates07/28/2022verifiedHigh
5XXX.XXX.XXX.XXXXxxxx Xxxxxxx07/28/2022verifiedHigh
6XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxx Xxxxxxx07/28/2022verifiedHigh
7XXX.XX.XXX.XXXXxxxx Xxxxxxx07/28/2022verifiedHigh
8XXX.XX.XXX.XXXXxxxx Xxxxxxx07/28/2022verifiedHigh
9XXX.X.XXX.XXXxxxx Xxxxxxx07/28/2022verifiedHigh
10XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxx Xxxxxxx07/28/2022verifiedHigh
11XXX.XX.XX.XXXXxxxx Xxxxxxx07/28/2022verifiedHigh
12XXX.XXX.XXX.XXXXxxxx Xxxxxxx07/28/2022verifiedHigh
13XXX.XXX.XX.XXXXxxxx Xxxxxxx07/28/2022verifiedHigh
14XXX.XXX.XXX.XXXXxxxx Xxxxxxx07/28/2022verifiedHigh
15XXX.XXX.XXX.XXXXxxxx Xxxxxxx07/28/2022verifiedHigh
16XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxx Xxxxxxx07/28/2022verifiedHigh
17XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxx Xxxxxxx07/28/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx XxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (71)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/controller/Index.phppredictiveHigh
2File/GetCSSashx/?CP=%2fwebconfigpredictiveHigh
3File/includes/rrdtool.inc.phppredictiveHigh
4File/login.phppredictiveMedium
5File/rompredictiveLow
6File/srv/www/htdocspredictiveHigh
7Fileadmin/killsourcepredictiveHigh
8Fileapi_poller.phppredictiveHigh
9Filexxxxxxxxxxx.xxxpredictiveHigh
10Filexxxxxxx.xxxxpredictiveMedium
11Filexxx/xxx.xpredictiveMedium
12Filexxxxx.xxxpredictiveMedium
13Filexxxxxxxx/xxxxxxxxxx.xxxxpredictiveHigh
14Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
15Filexxxxxxxxx.xxxpredictiveHigh
16Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
17Filexxxxxxxxxxx.xxxpredictiveHigh
18Filexxx/xxxxxx.xxxpredictiveHigh
19Filexxxxxxx/xxx_xxxxx_xxxxxx.xxxpredictiveHigh
20Filexxxxx.xxxpredictiveMedium
21Filexxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
22Filexxxx_xxxx.xxxpredictiveHigh
23Filexxxxxx.xpredictiveMedium
24Filexxxx_xxxxxx.xxxpredictiveHigh
25Filexxxxxxxxxxxx.xxxpredictiveHigh
26Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
27Filexxxxxxxxxx.xxxpredictiveHigh
28Filexxxxxxxx_xxxx.xxxpredictiveHigh
29Filexxxxxxx.xpredictiveMedium
30Filexxxxxx.xxxpredictiveMedium
31Filexxxx.xxxpredictiveMedium
32Filexxxxxx/xxxxxx.xxxxx.xxxpredictiveHigh
33Filexxx/xxxxxxxx.xpredictiveHigh
34Filexxxxxxx_xxxxx.xxxpredictiveHigh
35Filexxx_xxxxxx.xxxpredictiveHigh
36Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxx_xxxxxxxx_xxxxxxx&xxx=xxxxxxxx_xxxxxpredictiveHigh
37Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
38Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
39Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
40Filexx-xxxxx.xxxpredictiveMedium
41Filexx-xxxxxxxx.xxxpredictiveHigh
42Filexxx/xxxx.xxxpredictiveMedium
43Filexx_xxxxx/xxxxxx/xxxxxxxxx/xxxxxx_xxxx.xxxpredictiveHigh
44Libraryxxxxxxxxxx/xxxxx_xxx.xpredictiveHigh
45Argumentxxx_xxpredictiveLow
46ArgumentxxxxxxxxpredictiveMedium
47ArgumentxxxxxxpredictiveLow
48ArgumentxxxpredictiveLow
49ArgumentxxxxxxxxxxpredictiveMedium
50ArgumentxxxpredictiveLow
51Argumentxxxx_xxpredictiveLow
52ArgumentxxxxxxpredictiveLow
53ArgumentxxxxxxxxpredictiveMedium
54ArgumentxxpredictiveLow
55ArgumentxxpredictiveLow
56ArgumentxxxxpredictiveLow
57ArgumentxxxpredictiveLow
58ArgumentxxxxxpredictiveLow
59ArgumentxxxxxpredictiveLow
60ArgumentxxxxxxxxpredictiveMedium
61Argumentxxx_xxpredictiveLow
62Argumentxxx_xxxxxpredictiveMedium
63ArgumentxxxpredictiveLow
64ArgumentxxxxpredictiveLow
65Argumentxxxx_xxxxxpredictiveMedium
66Argument\xxx\predictiveLow
67Argument_xxxxxpredictiveLow
68Argument_xxxxxx_xxxxxxx_xxxxpredictiveHigh
69Input Value..predictiveLow
70Input Value/xxxx.xxxpredictiveMedium
71Network Portxxx/xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!