Specter Analysis

IOB - Indicator of Behavior (83)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en82
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress4
Linux Kernel4
Microsoft Windows4
Python4
Cogentdatahub Cogent DataHub2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Microsoft Windows cmd.exe privileges management7.36.6$25k-$100k$0-$5kProof-of-ConceptNot Defined0.030.00000
2OpenNetAdmin os command injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00885CVE-2019-25065
3Fortinet FortiMail Webmail Login Reflected cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.010.00954CVE-2017-7732
4Drupal Session Data data processing8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.05785CVE-2016-3171
5Drupal User Module user_save access control8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.060.01213CVE-2016-3169
6Joomla CMS LDAP Authentication improper authentication5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.060.01136CVE-2014-6632
7Redis redis-cli memory corruption7.16.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.04285CVE-2018-12326
8Gwolle Guestbook Plugin ajaxresponse.php code injection7.26.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.08944CVE-2015-8351
9OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.460.49183CVE-2016-6210
10DD-WRT Web Interface cross-site request forgery7.56.9$0-$5k$0-$5kUnprovenNot Defined0.050.02359CVE-2012-6297
11PuTTY Help File input validation6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01669CVE-2019-9896
12woocommerce-catalog-enquiry Plugin unrestricted upload7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2017-18592
13W3 Super Cache Plugin Incomplete Fix CVE-2013-2009 escape output8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.04836CVE-2013-2011
14SOGo Blacklist Filter incomplete blacklist4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01132CVE-2016-6189
15Microsoft Windows Group Policy privileges management7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.010.01150CVE-2020-1317
16Cogentdatahub Cogent DataHub GetPermissions.asp code injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.030.78265CVE-2014-3789
17Web2py information disclosure6.46.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00885CVE-2016-4806
18Web2py Password 7pk security7.77.3$0-$5k$0-$5kNot DefinedOfficial Fix0.060.01136CVE-2016-10321
19nginx Log File link following7.87.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.090.05028CVE-2016-1247
20Apache Hadoop YARN NodeManager Password information disclosure7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2016-3086

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxxxxxxxx XxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (43)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/tmp/.pk11ipc1predictiveHigh
2File/var/log/nginxpredictiveHigh
3File/webservices/api/v2.phppredictiveHigh
4Fileadm-index.phppredictiveHigh
5Filebase/ErrorHandler.phppredictiveHigh
6Filexxx.xxxpredictiveLow
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
8Filexxxxxx.xxxpredictiveMedium
9Filexxxxxxx/xxx/xx/xxxxxxxxxx.xpredictiveHigh
10Filexxxxxxxxx/xx/xxxxxxxxxxxx.xxxpredictiveHigh
11Filexxxxxxxx/xxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxxxxxxxxx.xxxpredictiveHigh
13Filexxx/xxxxxx.xxxpredictiveHigh
14Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
15Filexxxxxxxx.xxpredictiveMedium
16Filexxxxxxx.xxxpredictiveMedium
17Filexxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxxxxxxx.xxxpredictiveHigh
19Filexxxxxx/xxxxxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
20Filexxxxxxx.xxxpredictiveMedium
21Filexxxxxxxxxxxxxxxx.xxpredictiveHigh
22Filexxx/xxxxxx.xpredictiveMedium
23Filexxxxx_xxxxx.xxxpredictiveHigh
24Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
25Filexx-xxxxx/xxxx.xxxpredictiveHigh
26Libraryxxxxxx[xxxxxx_xxxxpredictiveHigh
27LibraryxxxxxxxxxpredictiveMedium
28Libraryxxxxx.xxxpredictiveMedium
29Argument-xpredictiveLow
30ArgumentxxxxxxxpredictiveLow
31ArgumentxxxxxxxxpredictiveMedium
32Argumentxxxxxx[xxxxxx_xxxx]predictiveHigh
33ArgumentxxxxpredictiveLow
34ArgumentxxxpredictiveLow
35ArgumentxxpredictiveLow
36ArgumentxxxxxxxxxpredictiveMedium
37ArgumentxxxxxxxxxpredictiveMedium
38ArgumentxxxxxpredictiveLow
39ArgumentxxxxxxxxpredictiveMedium
40Argumentxx_xxxxpredictiveLow
41ArgumentxxxxxxpredictiveLow
42ArgumentxxxxxpredictiveLow
43ArgumentxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!