Stolen Pencil Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en69
de9
it3
pl3
es3

Country

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.94CVE-2010-0966
3DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.06CVE-2007-1167
4phpPgAds/phpAdsNew lib-sessions.inc.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.00
5LionWiki index.php file inclusion6.96.6$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2020-27191
6Apache Log4j Lookup infinite loop6.46.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2021-45105
7Fast C++ CSV Parser csv.h trim_chars memory corruption8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-13421
8October CMS cross-site request forgery6.55.9$0-$5k$0-$5kFunctionalNot Defined0.05CVE-2017-16244
9Sympies Wordpress Survey And Poll admin/ settings.php ajax_survey sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.00CVE-2015-2090
10Atlassian JIRA Server/Data Center Filter Subscription EditSubscription.jspa access control6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-43946
11JCK Editor links.php sql injection8.58.3$0-$5k$0-$5kHighNot Defined0.04CVE-2018-17254
12FXC FXC5210 Administrative Page cross site scripting4.14.0$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2018-0679
13OSQA cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2012-1782
14Inim Electronics SmartLiving SmartLAN testemail Module web.cgi system format string9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-21992
15Microsoft Exchange Server Remote Code Execution7.36.8$25k-$100k$0-$5kFunctionalOfficial Fix0.03CVE-2021-27065
16Microsoft Exchange Server Privilege Escalation8.57.6$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.03CVE-2021-27078
17Microsoft Microsoft Exchange Server code injection8.47.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.09CVE-2020-17141
18VMware Workstation/Fusion e1000e Virtual Network Adapter out-of-bounds write7.87.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2019-5541
19MikroTik RouterOS License Upgrade Interface memory corruption7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2018-1156
20AirMax AirOS command injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-8171

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
2TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
3TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (42)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2File/horde/util/go.phppredictiveHigh
3File/secure/EditSubscription.jspapredictiveHigh
4File/systemrw/predictiveMedium
5File/tmp/supp_logpredictiveHigh
6FileActivityStarter.javapredictiveHigh
7Filexxxxx/xxxxx.xxxpredictiveHigh
8Filexxxxxxx_xxx.xxxpredictiveHigh
9Filexxx.xpredictiveLow
10Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
11Filexxx/xxxxxx.xxxpredictiveHigh
12Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
13Filexxxxx.xxxpredictiveMedium
14Filexxxxxxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
15Filexxxxx/xxx/xxxxx/xxxxxxxxxxxxxx/xxxxxxx/xxxxxxpredictiveHigh
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxxx/xxxx.xxxpredictiveHigh
18Filexxxxxxxx.xxxpredictiveMedium
19Filexxxxxxxx.xxxpredictiveMedium
20Filexxxx/xxxx.xxxpredictiveHigh
21Filexxx.xxxpredictiveLow
22Filexxxxxxxxxxx-xxxxxx/xxx/xxxxxxxxxx/xxxx.xxxpredictiveHigh
23Libraryxxx-xxxxxxxx.xxx.xxxpredictiveHigh
24Argumentxxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:predictiveHigh
25ArgumentxxxxxxxxpredictiveMedium
26ArgumentxxxxxxxxxpredictiveMedium
27ArgumentxxxxxxxpredictiveLow
28ArgumentxxxxxxxxxxxxpredictiveMedium
29ArgumentxxxxxxxxpredictiveMedium
30ArgumentxxpredictiveLow
31ArgumentxxxxpredictiveLow
32ArgumentxxpredictiveLow
33ArgumentxxpredictiveLow
34ArgumentxxxpredictiveLow
35ArgumentxxxxxxpredictiveLow
36Argumentxxx_xxxxpredictiveMedium
37ArgumentxxxxxxxxxpredictiveMedium
38ArgumentxxxpredictiveLow
39Argumentxxxxxx_xxpredictiveMedium
40ArgumentxxxpredictiveLow
41Argument_xxxxxxxpredictiveMedium
42Input Value%xxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!