Space Pirates Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (244)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en164
zh62
es8
ja6
jp2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn142
us92
zw2
jp2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Space Pirates12
Cobalt Strike5
PlugX1
Magniber1
Qakbot1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined82
Content Management System18
Firewall Software8
Programming Language Software8
Router Operating System6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined82
Fortinet10
Apache6
Zoho ManageEngine4
Cisco4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress14
Fortinet FortiOS6
PHP6
SquirrelMail4
Laravel4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.550.00943CVE-2010-0966
3PHP phpinfo cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.08985CVE-2006-0996
4WordPress URL Validator redirect6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00509CVE-2018-10101
5WordPress get_the_generator cross site scripting5.25.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00451CVE-2018-10102
6PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.02101CVE-2007-1287
7Grafana Dashboard access control6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00044CVE-2023-2801
8Google Chrome V8 Remote Code Execution6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.24380CVE-2020-16040
9WordPress Login Page redirect6.26.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00731CVE-2018-10100
10SquirrelMail compose.php Serialized deserialization9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.020.00456CVE-2020-14932
11GNU Screen socket.c ReceiveMsg unnecessary privileges4.94.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.00062CVE-2023-24626
12SmarterTools SmarterStats Remote Code Execution9.89.8$0-$5kCalculatingNot DefinedNot Defined0.030.00777CVE-2011-2159
13Git Plugin Build authorization6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000.01156CVE-2022-36883
14MinDoc ZIP File unrestricted upload5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00084CVE-2022-29637
15MinDoc attach_#.jpg access control7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00056CVE-2018-19114
16Wondershare Filmora NativePushService unquoted search path6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.010.00052CVE-2023-31747
17Apache RocketMQ Broker path traversal6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.040.00058CVE-2019-17572
18Nfec.de RechnungsZentrale authent.php4 sql injection5.34.8$0-$5kCalculatingProof-of-ConceptOfficial Fix0.030.01513CVE-2006-1954
19Synacor Zimbra Collaboration Suite WebEx Zimlet server-side request forgery8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.70648CVE-2020-7796
20Basti2web Book Panel books.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.040.00064CVE-2009-4889

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.76.145.2245.76.145.22.vultrusercontent.comSpace Pirates07/28/2022verifiedHigh
245.77.16.9145.77.16.91.vultrusercontent.comSpace Pirates07/28/2022verifiedHigh
347.108.89.169Space Pirates07/28/2022verifiedHigh
4103.27.109.234Space Pirates07/28/2022verifiedHigh
5XXX.XXX.XXX.XXXXxxxx Xxxxxxx07/28/2022verifiedHigh
6XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxx Xxxxxxx07/28/2022verifiedHigh
7XXX.XX.XXX.XXXXxxxx Xxxxxxx07/28/2022verifiedHigh
8XXX.XX.XXX.XXXXxxxx Xxxxxxx07/28/2022verifiedHigh
9XXX.X.XXX.XXXxxxx Xxxxxxx07/28/2022verifiedHigh
10XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxx Xxxxxxx07/28/2022verifiedHigh
11XXX.XX.XX.XXXXxxxx Xxxxxxx07/28/2022verifiedHigh
12XXX.XXX.XXX.XXXXxxxx Xxxxxxx07/28/2022verifiedHigh
13XXX.XXX.XX.XXXXxxxx Xxxxxxx07/28/2022verifiedHigh
14XXX.XXX.XXX.XXXXxxxx Xxxxxxx07/28/2022verifiedHigh
15XXX.XXX.XXX.XXXXxxxx Xxxxxxx07/28/2022verifiedHigh
16XXX.XXX.XXX.XXXXxxxx Xxxxxxx02/19/2024verifiedHigh
17XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxx Xxxxxxx07/28/2022verifiedHigh
18XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxx Xxxxxxx07/28/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CWE-94Argument InjectionpredictiveHigh
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (88)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/controller/Index.phppredictiveHigh
2File/GetCSSashx/?CP=%2fwebconfigpredictiveHigh
3File/includes/rrdtool.inc.phppredictiveHigh
4File/login.phppredictiveMedium
5File/robots.txtpredictiveMedium
6File/rompredictiveLow
7File/srv/www/htdocspredictiveHigh
8Fileaa/../../uploads/blog/201811/attach_#.jpgpredictiveHigh
9Fileabook_database.phppredictiveHigh
10Fileadmin/killsourcepredictiveHigh
11Filexxx_xxxxxx.xxxpredictiveHigh
12Filexxxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxx.xxxxpredictiveMedium
14Filexxx/xxx.xpredictiveMedium
15Filexxxxx.xxxpredictiveMedium
16Filexxxxxxxx.xxxpredictiveMedium
17Filexxxxxxxx/xxxxxxxxxx.xxxxpredictiveHigh
18Filexxxxxxx.xxxpredictiveMedium
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxxxxxxx.xxxpredictiveHigh
21Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
22Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
23Filexxxx.xxxpredictiveMedium
24Filexxxxxxxxxxx.xxxpredictiveHigh
25Filexxx/xxxxxx.xxxpredictiveHigh
26Filexxxxxxx/xxx_xxxxx_xxxxxx.xxxpredictiveHigh
27Filexxxxx.xxxpredictiveMedium
28Filexxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
29Filexxxx_xxxx.xxxpredictiveHigh
30Filexxxxxx.xpredictiveMedium
31Filexxxx_xxxxxx.xxxpredictiveHigh
32Filexxxxxxxxxxxx.xxxpredictiveHigh
33Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
34Filexxxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxxx_xxxx.xxxpredictiveHigh
36Filexxxxxxx.xpredictiveMedium
37Filexxxxxx.xxxpredictiveMedium
38Filexxxx.xxxpredictiveMedium
39Filexxxxxx/xxxxxx.xxxxx.xxxpredictiveHigh
40Filexxxxxx.xpredictiveMedium
41Filexxx/xxxxxxxx.xpredictiveHigh
42Filexxxxxxx_xxxxx.xxxpredictiveHigh
43Filexxxxxxx.xxxpredictiveMedium
44Filexxx_xxxxxx.xxxpredictiveHigh
45Filexxxx.xxxpredictiveMedium
46Filexxxxxx.xxxpredictiveMedium
47Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxx_xxxxxxxx_xxxxxxx&xxx=xxxxxxxx_xxxxxpredictiveHigh
48Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
49Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
50Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
51Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
52Filexx-xxxxx.xxxpredictiveMedium
53Filexx-xxxxxxxx.xxxpredictiveHigh
54Filexxx/xxxx.xxxpredictiveMedium
55Filexx_xxxxx/xxxxxx/xxxxxxxxx/xxxxxx_xxxx.xxxpredictiveHigh
56Libraryxxxxxxxxxx/xxxxx_xxx.xpredictiveHigh
57Argumentxxx_xxpredictiveLow
58ArgumentxxxxxxxxxxxpredictiveMedium
59ArgumentxxxxxxxxpredictiveMedium
60ArgumentxxxxxxxxpredictiveMedium
61ArgumentxxxxxxpredictiveLow
62ArgumentxxxpredictiveLow
63ArgumentxxxxxxxxxxpredictiveMedium
64ArgumentxxxpredictiveLow
65Argumentxxxx_xxpredictiveLow
66ArgumentxxxxxxpredictiveLow
67ArgumentxxxxxxxxpredictiveMedium
68ArgumentxxpredictiveLow
69ArgumentxxpredictiveLow
70ArgumentxxxxpredictiveLow
71ArgumentxxxxxxxxxxpredictiveMedium
72ArgumentxxxpredictiveLow
73ArgumentxxxxxpredictiveLow
74ArgumentxxxxxpredictiveLow
75ArgumentxxxxxxxxpredictiveMedium
76Argumentxxxxxxx xxxxxpredictiveHigh
77Argumentxxx_xxpredictiveLow
78Argumentxxx_xxxxxpredictiveMedium
79ArgumentxxxpredictiveLow
80ArgumentxxxpredictiveLow
81ArgumentxxxxpredictiveLow
82Argumentxxxx_xxxxxpredictiveMedium
83Argument\xxx\predictiveLow
84Argument_xxxxxpredictiveLow
85Argument_xxxxxx_xxxxxxx_xxxxpredictiveHigh
86Input Value..predictiveLow
87Input Value/xxxx.xxxpredictiveMedium
88Network Portxxx/xxxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!