SparklingGoblin Analysis

IOB - Indicator of Behavior (15)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en14
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

D-Link DNS-320B2
D-Link DNS-320L2
D-Link DNS-322L2
D-Link DNS-3252
D-Link DNR-3262

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1GitLab Community Edition/Enterprise Edition ipynb File cross site scripting6.16.1$0-$5k$0-$5kNot DefinedNot Defined0.000.00954CVE-2021-39906
2Microsoft Power BI Report Server Privilege Escalation7.06.1$5k-$25k$0-$5kUnprovenOfficial Fix0.010.01728CVE-2021-31984
3Laravel Image Upload ValidatesAttributes.php unrestricted upload5.55.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.29468CVE-2021-43617
4Apache HTTP Server mod_rewrite redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.080.07767CVE-2020-1927
5Request Tracker File Upload cross site scripting5.24.9$0-$5kCalculatingNot DefinedOfficial Fix0.070.01136CVE-2016-6127
6RoundCube Webmail Password Plugin access control7.56.6$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00950CVE-2017-8114
7Gallarific PHP Photo Gallery script gallery.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00986CVE-2011-0519
8SoftEther VPN Server See.sys Kernel 7pk security6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00890CVE-2019-11868
9Typecho write-post.php cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2017-16230
10D-Link DNS-345 Cookie improper authentication8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01213CVE-2014-7857
11Zoho ManageEngine ServiceDesk Plus FileDownload.jsp path traversal5.35.0$0-$5kCalculatingProof-of-ConceptNot Defined0.040.01055CVE-2011-2757
12Wired Community Software WWWThreads register.php sql injection6.56.2$0-$5kCalculatingProof-of-ConceptUnavailable0.060.01319CVE-2006-1958
13Russcom Network Loginphp register.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.000.01213CVE-2006-2160
14Discuz UCenter Home shop.php sql injection7.37.1$0-$5kCalculatingHighUnavailable0.060.00986CVE-2010-4912
15TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.360.01136CVE-2006-6168

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • SideWalk

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
5TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileadmin/write-post.phppredictiveHigh
2FileFileDownload.jsppredictiveHigh
3Filegallery.phppredictiveMedium
4Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
5Filexxxxxxxx.xxxpredictiveMedium
6Filexxxx.xxxpredictiveMedium
7Filexxxx-xxxxxxxx.xxxpredictiveHigh
8Libraryxxx.xxxpredictiveLow
9ArgumentxxxpredictiveLow
10ArgumentxxxxxxxxpredictiveMedium
11ArgumentxxpredictiveLow
12ArgumentxxxxxxxxpredictiveMedium
13ArgumentxxxxxxpredictiveLow
14ArgumentxxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!