SpyEye Analysis

IOB - Indicator of Behavior (340)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en314
de10
sv6
pl2
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

co232
us78
ru6
gb4
ua4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Mozilla Firefox18
Google Chrome16
Microsoft Windows12
Sun JRE12
FFmpeg10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.070.04187CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
3YaBB yabb.pl cross site scripting4.34.1$0-$5kCalculatingProof-of-ConceptNot Defined0.010.01213CVE-2004-2402
4MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5kCalculatingHighUnavailable2.150.02800CVE-2007-0354
5Microsoft IIS cross site scripting5.24.7$5k-$25kCalculatingProof-of-ConceptOfficial Fix0.150.25090CVE-2017-0055
6Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined1.840.00000
7ABB RobotWare for OmniCore Robot Controller Connected Services Gateway Ethernet Port missing authentication9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2021-22279
8PHPGurukul Employee Record Management System POST Parameter forgetpassword.php sql injection8.07.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.01564CVE-2021-43451
9Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.770.29797CVE-2014-4078
10Bitcoin wallet.dat AES Encryption Padding missing encryption7.16.3$0-$5kCalculatingNot DefinedOfficial Fix0.020.00000
11ONC code-validator-api XML CodeValidatorApiConfiguration.java vocabularyValidationConfigurations xml external entity reference5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01018CVE-2021-4295
12PrestaShop Twig Code code injection8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00954CVE-2022-21686
13PrestaShop sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00954CVE-2022-31181
14Lanner IAC-AST2500A spx_restservice SubNet_handler_func out-of-bounds write9.99.9$0-$5k$0-$5kNot DefinedNot Defined0.020.01440CVE-2021-26727
15SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01018CVE-2022-28959
16Nginx Open Source/Plus/Ingress Controller Resolver off-by-one5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.060.48051CVE-2021-23017
17OAID Tengine Serializer Module buffer overflow5.55.1$0-$5k$0-$5kUnprovenNot Defined0.150.00885CVE-2020-28759
18phpBB usercp_register.php sql injection7.36.6$0-$5kCalculatingProof-of-ConceptOfficial Fix0.020.02172CVE-2005-3419
19Comsenz Discuz index.php sql injection7.37.1$0-$5kCalculatingHighUnavailable0.040.00986CVE-2008-3554
20Google Chrome Index DB use after free6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.050.23230CVE-2022-1853

IOC - Indicator of Compromise (95)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
123.218.40.161a23-218-40-161.deploy.static.akamaitechnologies.comSpyEyeverifiedHigh
231.170.160.57SpyEyeverifiedHigh
338.99.83.111SpyEyeverifiedHigh
446.17.96.177SpyEyeverifiedHigh
546.17.100.230SpyEyeverifiedHigh
646.243.9.169SpyEyeverifiedHigh
750.22.104.1428e.68.1632.ip4.static.sl-reverse.comSpyEyeverifiedHigh
860.199.114.8460-199-114-84.static.tfn.net.twSpyEyeverifiedHigh
962.109.3.105indocreo.fvds.ruSpyEyeverifiedHigh
1062.193.233.77SpyEyeverifiedHigh
1164.15.147.205SpyEyeverifiedHigh
1266.7.199.17666-7-199-176.static.hostdime.comSpyEyeverifiedHigh
1366.90.97.7SpyEyeverifiedHigh
1469.89.31.133box333.bluehost.comSpyEyeverifiedHigh
1569.197.135.91SpyEyeverifiedHigh
1674.54.152.3725.98.364a.static.theplanet.comSpyEyeverifiedHigh
1774.81.82.189srv3.93w.ruSpyEyeverifiedHigh
1876.76.98.82SpyEyeverifiedHigh
1976.76.107.74SpyEyeverifiedHigh
20XX.XX.X.XXXXxxxxxverifiedHigh
21XX.XX.XX.XXXxxxxxverifiedHigh
22XX.XXX.XX.XXXxxxxxverifiedHigh
23XX.XXX.XX.XXXxxxxxverifiedHigh
24XX.XXX.XX.XXXXxxxxxverifiedHigh
25XX.XXX.XXX.XXXxxxxxverifiedHigh
26XX.XXX.XXX.XXXxxxxxverifiedHigh
27XX.XX.X.XXXxx-xx-x-xxx-xxxxxx.xxxxxx.xxxXxxxxxverifiedHigh
28XX.XXX.XXX.XXXXxxxxxverifiedHigh
29XX.XX.XXX.XXXXxxxxxverifiedHigh
30XX.XXX.XXX.XXxxxxxxx.xxxx.xx.xxXxxxxxverifiedHigh
31XX.XXX.XXX.XXXXxxxxxverifiedHigh
32XX.XXX.XXX.XXXxxxxxverifiedHigh
33XX.XXX.XXX.XXxxxxxverifiedHigh
34XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxx.xxxx.xxxXxxxxxverifiedHigh
35XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxx.xxxx.xxxXxxxxxverifiedHigh
36XX.XXX.XX.XXXxxxxxverifiedHigh
37XX.XXX.XXX.XXxxxxxxx.xxx.xxXxxxxxverifiedHigh
38XX.XXX.XXX.XXXxxxx.xxx.xxXxxxxxverifiedHigh
39XX.XXX.XXX.XXXxxxx.xxx.xxXxxxxxverifiedHigh
40XX.XXX.XX.XXXXxxxxxverifiedHigh
41XX.XXX.XX.XXXxxxxxverifiedHigh
42XX.XXX.XX.XXXXxxxxxverifiedHigh
43XX.XXX.XX.XXXXxxxxxverifiedHigh
44XX.XXX.XXX.XXXxxxxxverifiedHigh
45XX.XXX.XX.XXXxxxxxx.xxxXxxxxxverifiedHigh
46XX.XXX.XXX.XXXxxxxxverifiedHigh
47XX.XXX.XXX.XXXXxxxxxverifiedHigh
48XX.XXX.XXX.XXXxxxxxverifiedHigh
49XX.XXX.XXX.XXXXxxxxxverifiedHigh
50XX.XXX.XXX.XXXXxxxxxverifiedHigh
51XX.XXX.XXX.XXxxxx-xx.xxxxxxx.xxxXxxxxxverifiedHigh
52XX.XXX.XXX.XXXxxxxxx.xxx.xxx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxverifiedHigh
53XX.XXX.XXX.XXXXxxxxxverifiedHigh
54XXX.XXX.XXX.XXXxxxxxverifiedHigh
55XXX.XXX.XX.XXxx-xxx-xxx-xx-xx.xx.xxx.xxx.xxXxxxxxverifiedHigh
56XXX.XXX.XX.XXxx-xxx-xxx-xx-xx.xx.xxxxxxxxxxxx.xxxXxxxxxverifiedHigh
57XXX.XXX.XX.XXXxxxxxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxxxverifiedHigh
58XXX.XXX.XX.XXXxx.xx.xxxx.xxxxxx.xxxxxxxxx.xxxXxxxxxverifiedHigh
59XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxverifiedHigh
60XXX.XX.XXX.XXxxxxxx.xx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxverifiedHigh
61XXX.XX.XXX.XXxxx-xx-xxx-xx-xxxxxx.xxxxxx.xxxXxxxxxverifiedHigh
62XXX.XXX.XXX.XXXXxxxxxverifiedHigh
63XXX.XXX.XXX.XXXxxxxxverifiedHigh
64XXX.XX.XXX.XXXxxxxxverifiedHigh
65XXX.XXX.XXX.XXXxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxXxxxxxverifiedHigh
66XXX.XXX.XXX.XXXxxxxxverifiedHigh
67XXX.XXX.XXX.XXXxxxxxverifiedHigh
68XXX.XXX.XXX.XXXXxxxxxverifiedHigh
69XXX.XXX.XXX.XXXXxxxxxverifiedHigh
70XXX.XXX.XXX.XXXXxxxxxverifiedHigh
71XXX.XXX.XXX.XXXXxxxxxverifiedHigh
72XXX.XXX.XXX.XXXXxxxxxverifiedHigh
73XXX.XXX.XXX.XXXXxxxxxverifiedHigh
74XXX.XXX.XXX.XXXXxxxxxverifiedHigh
75XXX.XXX.XX.XXxxx.xxx.xx.xx-xxxxx.xxXxxxxxverifiedHigh
76XXX.XXX.XXX.Xxxx.xxx.xxx.x.xxxxxxx.xxx.xxXxxxxxverifiedHigh
77XXX.XX.XXX.XXXxxxxxverifiedHigh
78XXX.XXX.XX.XXxxx.xxxxxxx-xxxx.xxxXxxxxxverifiedHigh
79XXX.XXX.XXX.XXXXxxxxxverifiedHigh
80XXX.XXX.XXX.XXXXxxxxxverifiedHigh
81XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxx.xxxx.xxxXxxxxxverifiedHigh
82XXX.XXX.XXX.XXXxxxxxverifiedHigh
83XXX.XX.XXX.XXXXxxxxxverifiedHigh
84XXX.XX.XXX.XXXxxxxxxxxxx.xxxxxxxx.xxx.xxXxxxxxverifiedHigh
85XXX.XX.XXX.XXXXxxxxxverifiedHigh
86XXX.XXX.XXX.XXXXxxxxxverifiedHigh
87XXX.XXX.XX.XXxx.xx.xxx.xxx.xxxxxxx.xxXxxxxxverifiedHigh
88XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xxxxxxx.xxXxxxxxverifiedHigh
89XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xxxxxxx.xxXxxxxxverifiedHigh
90XXX.XXX.XXX.XXXxxxxxx.xxx-xxx-xxx-xxx.xxxxxx.xxxxxxxxx.xxxXxxxxxverifiedHigh
91XXX.XX.XX.XXXXxxxxxverifiedHigh
92XXX.XX.XXX.XXXxx-xxx-xx-xxx-xxx.xx.xxxxxxxxxxxx.xxxXxxxxxverifiedHigh
93XXX.XXX.XX.XXXxxxxxverifiedHigh
94XXX.XXX.XXX.XXxxxx-xx.xxxxxxxxxxxx.xxxXxxxxxverifiedHigh
95XXX.XX.XXX.XXxxxxx.xxxxxxxxxx.xxxXxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (139)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forgetpassword.phppredictiveHigh
2File/forum/away.phppredictiveHigh
3File/modules/registration_admission/patient_register.phppredictiveHigh
4File/spip.phppredictiveMedium
5File/Tools/tools_admin.htmpredictiveHigh
6File/uncpath/predictiveMedium
7Fileadm/krgourl.phppredictiveHigh
8Fileadmin.phppredictiveMedium
9Fileadmin/conf_users_edit.phppredictiveHigh
10FileadministerspredictiveMedium
11Fileapplication\User\Controller\ProfileController.class.phppredictiveHigh
12Filebanner-edit.phppredictiveHigh
13Filebtif_hd.ccpredictiveMedium
14FilecatchsegvpredictiveMedium
15Fileclasses/SystemSettings.phppredictiveHigh
16Fileclassified.phppredictiveHigh
17Filexxxxxx/xxx.xpredictiveMedium
18Filexxxxxxxx.xxxpredictiveMedium
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxxxxx.xxxpredictiveMedium
21Filexxxxxxx/xxxx/xx.xpredictiveHigh
22Filexxxxxxx/xxx/xxxxxx.xpredictiveHigh
23Filexxxxx.xxxpredictiveMedium
24Filexxxxxxxx.xpredictiveMedium
25Filexxxx_xxxxxx.xxxpredictiveHigh
26Filex_xxxxxxx.xpredictiveMedium
27Filexxxxx.xxxpredictiveMedium
28Filexxx/xx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexxxxxx.xxxpredictiveMedium
30Filexxx/xxxxxx.xxxpredictiveHigh
31Filexxxxxxx/xxxxxxxx/xxxxxxx.xxxxxxx.xxxpredictiveHigh
32Filexxxxx.xxxpredictiveMedium
33Filexxxxxx.xpredictiveMedium
34Filexxxxxxxx/xxxx/xxxx.xxxpredictiveHigh
35Filexx_xxxx_xxxxx_xxxxxxxx_xxxxxxxxxxxxxx.xxxpredictiveHigh
36Filexxxxxxxxxx/xxxxxx.xpredictiveHigh
37Filexxxxxxxxxx/xxx.xpredictiveHigh
38Filexxxxxxxxxx/xxxx.xpredictiveHigh
39Filexxxxxxxxxx/xxxxxxxx.xpredictiveHigh
40Filexxxxxxxxxx/xxxxxxxxxx.xpredictiveHigh
41Filexxxxxxxxxxx/xxx.xpredictiveHigh
42Filexxxxxxxxxxx/xxx.xpredictiveHigh
43Filexxxxxxxxxxx/xxx.xpredictiveHigh
44Filexxxxxxxxxxx/xxxx.xpredictiveHigh
45Filexxxxxxxxxxx/xxxxx.xpredictiveHigh
46Filexxxxxxxxxxx/xxxxxxxx.xpredictiveHigh
47Filexxxxxxx/xxxxxxx.xpredictiveHigh
48Filexxxxx.xxxpredictiveMedium
49Filexxxx/xxx.xpredictiveMedium
50Filexxxxxxx/xxx.xxxpredictiveHigh
51Filexxxxxxxxxx.xxxpredictiveHigh
52Filexxxxxxxx.xpredictiveMedium
53Filexxx/xxx/xx_xxx.xpredictiveHigh
54Filexxxxxxxxxxxx.xxxpredictiveHigh
55Filexxx_xxxxxxx.xpredictiveHigh
56Filexxxxxx.xxx.xxxpredictiveHigh
57Filexxxxxx.xxxpredictiveMedium
58Filexxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
59Filexxxxxxxx.xxxpredictiveMedium
60Filexxxxxx/xxxxxxxxxx/xxx/xxxx.xxxpredictiveHigh
61Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
62Filexxxxxxxxxxxxxxx/predictiveHigh
63Filexxxxxxxx.xpredictiveMedium
64Filexxxxx.xxxpredictiveMedium
65Filexxxxxxxx.xxxpredictiveMedium
66Filexxxx.xxxpredictiveMedium
67Filexxxxxx.xxxpredictiveMedium
68Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
69Filexxx/xx_xxxx.xpredictiveHigh
70Filexxxxxx.xxxpredictiveMedium
71Filexxxxxxxxx.xxxpredictiveHigh
72Filexxxxxx.xxxpredictiveMedium
73Filexxxxxx_xxxxxxxx.xxxpredictiveHigh
74Filex_xxxxx.xpredictiveMedium
75Filexxxxxx.xxxpredictiveMedium
76Filexxxxxxx_xxxxxxx.xxxxxxxx.xxxx_xxxxxxxxpredictiveHigh
77Filexxxxxxx/xxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
78Filexxxxxxx/xxxx/xxxxx.xxxpredictiveHigh
79Filexxxxxxxxx_xx.xpredictiveHigh
80Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
81Filexx-xxxxx.xxxpredictiveMedium
82Filexxxx.xxpredictiveLow
83Libraryxx/xxx/xxxx_xxxxxx.xxxpredictiveHigh
84Libraryxx/xxx/xxxxxxx.xxxpredictiveHigh
85Libraryxxxxxx_xxxpredictiveMedium
86LibraryxxxxxxxpredictiveLow
87Libraryxxx/xxxxxx/xxxxx.xxpredictiveHigh
88Libraryxxxxxxxxxx/xxx_xxxxx.xpredictiveHigh
89Libraryxxxxx.xxxpredictiveMedium
90Libraryxxxxxxx.xxxpredictiveMedium
91Libraryxxxxxx.xxxpredictiveMedium
92ArgumentxxxxxxxxpredictiveMedium
93ArgumentxxxxxpredictiveLow
94Argumentxxxx_xxpredictiveLow
95ArgumentxxxxxpredictiveLow
96ArgumentxxxxxxxpredictiveLow
97Argumentxxxxxx_xxxpredictiveMedium
98Argumentxxxx/xxxxpredictiveMedium
99Argumentxxxxxxxx_xxxxpredictiveHigh
100ArgumentxxxxxxpredictiveLow
101ArgumentxxxxxpredictiveLow
102ArgumentxxxxxpredictiveLow
103ArgumentxxxxxxpredictiveLow
104ArgumentxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
105ArgumentxxpredictiveLow
106ArgumentxxpredictiveLow
107ArgumentxxxxxxpredictiveLow
108Argumentxxxx xxxxxxxpredictiveMedium
109ArgumentxxxxxxpredictiveLow
110ArgumentxxxpredictiveLow
111Argumentx_xxxxxxxxxxxxxxxxpredictiveHigh
112Argumentxxxx_xxxxxx/xxxx_xxx/xxxxxxx/xxxx_xxxxxx/xxxx_x/xxxx_xpredictiveHigh
113ArgumentxxxxpredictiveLow
114ArgumentxxxxpredictiveLow
115ArgumentxxxxxpredictiveLow
116ArgumentxxxxxxxxpredictiveMedium
117ArgumentxxxxxxxxpredictiveMedium
118ArgumentxxxxxxpredictiveLow
119ArgumentxxxxxxpredictiveLow
120Argumentxxxxx_xxxxxxx_xxxxx/xxxxx_xxxxxxx_xxxxx_xxx/xxxxx_xxxxxxx_xxxxxxxpredictiveHigh
121Argumentxxxxxx_xxpredictiveMedium
122Argumentxxxx_xxxpredictiveMedium
123ArgumentxxxxxxxxpredictiveMedium
124Argumentxxxxxxxxx_xxxxxx_xxxpredictiveHigh
125Argumentxxxxxxxxxx_xxxxpredictiveHigh
126Argumentxxxxxx-xxxxxpredictiveMedium
127Argumentxxxx_xxpredictiveLow
128ArgumentxxxpredictiveLow
129Input Value..\predictiveLow
130Input ValuexxxxpredictiveLow
131Input ValuexxxxxpredictiveLow
132Input Valuexxxxx/xxxxxxxxpredictiveHigh
133Input ValuexxxxxpredictiveLow
134Input Valuexxxxx xxxxxxx xxxxxxpredictiveHigh
135Pattern|xx|/[predictiveLow
136Network Portxxxxxxxxxxxxxx xxxxxxpredictiveHigh
137Network Portxxx/xx (xxx)predictiveMedium
138Network Portxxx/xxxxpredictiveMedium
139Network Portxxx/xxxxxpredictiveMedium

References (4)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!