Sugar Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (355)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en350
de4
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us22
es18
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Sugar2
FIN71
Wizard Spider1
APT281
TrickBot1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined166
Operating System28
Content Management System18
Web Browser14
Cloud Software12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined104
Microsoft20
Cisco14
Google12
Apple12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows16
Google Chrome6
Google Android6
Apple iCloud6
Mozilla Firefox6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2thecodingmachine Gotenberg html server-side request forgery5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00092CVE-2021-23345
3ALEOS API memory corruption4.13.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00114CVE-2019-11848
4VMware Tools VM3DMP Driver denial of service6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2021-21997
5Synology Download Station server-side request forgery4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00054CVE-2021-34811
6Apache HTTP Server mod_rewrite redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.000.00258CVE-2020-1927
7Cisco Jabber resource management6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00107CVE-2021-1570
8Wibu CodeMeter Runtime Runtime Server denial of service5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.02268CVE-2021-20094
9LaikeTui ZIP Archive unrestricted upload6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00320CVE-2021-34128
10IBM Resilient SOAR inadequate encryption2.72.6$0-$5kCalculatingNot DefinedOfficial Fix0.000.00042CVE-2021-20567
11Tianocore EDK2 Private Key IpSecDxe.efi Privilege Escalation5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00168CVE-2021-28213
12Samsung Account SettingWebView access control3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2021-25403
13Samsung Smart Phone SecSettings permission5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2021-25393
14Huawei Smart Phone App access control5.55.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00058CVE-2021-22334
15Chiyu BF-430/BF-431/BF-450M man.cgi cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.97079CVE-2021-31250
16Linux Kernel UDP Port deadlock4.03.8$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00042CVE-2001-1400
17Huawei Smart Phone missing authentication4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000.00070CVE-2021-22316
18Nextcloud Server Lookup insertion of sensitive information into sent data2.72.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00063CVE-2021-32653
19RebornCore ObjectInputStream.readObject deserialization6.36.0$0-$5kCalculatingNot DefinedOfficial Fix0.030.02926CVE-2021-33790
20Red Hat Ansible Tower OAuth2 Authentication improper authentication6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00044CVE-2020-10709

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
182.146.53.237docker-05.yarperspektiva.ruSugar02/05/2022verifiedHigh
2XXX.XX.XXX.XXXXxxxx02/05/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (23)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CWE-94Argument InjectionpredictiveHigh
4T1059.007CWE-79, CWE-80, CWE-83Cross Site ScriptingpredictiveHigh
5T1068CWE-264, CWE-266, CWE-269, CWE-270, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxx-xxx Xxxx Xxxxxxx XxxxpredictiveHigh
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
14TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
19TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
20TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
21TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
22TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh
23TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (110)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/$({curlpredictiveMedium
2File/+CSCOE+/logon.htmlpredictiveHigh
3File/bfd/pef.cpredictiveMedium
4File/cms/print.phppredictiveHigh
5File/convert/htmlpredictiveHigh
6File/device/device=140/tab=wifi/viewpredictiveHigh
7File/doorgets/app/requests/user/emailingRequest.phppredictiveHigh
8File/etc/passwdpredictiveMedium
9File/one/getpassword.phppredictiveHigh
10File/oscommerce/admin/administrators.phppredictiveHigh
11File/public/admin.phppredictiveHigh
12File/restapi/v1/certificates/FFM-SSLInspectpredictiveHigh
13File/xxx/xxxxx-xxxxxxxx/xxxxx-xxxxxxx-xxxxpredictiveHigh
14File/xxx/xxxx/xxpredictiveMedium
15File/xxx/xxxx.xxxpredictiveHigh
16File/_xxxx/xxxxxxx/predictiveHigh
17Filexxxxx/xxxxxx-xxxxxxxx.xxxpredictiveHigh
18Filexxxxxxx/xxxxxx.xxx?xx=xxxxxxxxpredictiveHigh
19Filexxxxxx.xxxpredictiveMedium
20Filexxxxxx_xxxxxxxx.xxxpredictiveHigh
21Filexxxxxxxx.xxxpredictiveMedium
22Filexxx-xxx/xxxxxxxxxpredictiveHigh
23Filexxxxx-xx-xxxxxx-xxxxx.xxxpredictiveHigh
24Filexxx.xxxxpredictiveMedium
25Filexxx.xxxpredictiveLow
26Filexxxxxxxxxx/xxxxxxxxxx-xxxxxxxx.xxxpredictiveHigh
27Filexxxx/xxxxx-xxxxxx.xxxpredictiveHigh
28Filexxxx/xxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexxxxx_xxxxxxx.xpredictiveHigh
30Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
31Filexxx/xxxxxx/xxxxxx/xxxxxxxxxxx/xxx.xxxpredictiveHigh
32Filexxxxxxxx?xxxx=xxxxxpredictiveHigh
33Filexxxxxxxxxx.xxxpredictiveHigh
34Filexxxxxx\xxxxx.xxxxxxx_xxxxxxx.xxxpredictiveHigh
35Filexxxx-xxxxx.xpredictiveMedium
36Filexxxxxxxxxxx.xxxpredictiveHigh
37Filexxxxxxx_xxx.xpredictiveHigh
38Filexxx_xxxx.xxxpredictiveMedium
39Filexxxx/xxx_xxx_xxxxx.xpredictiveHigh
40Filexxxxxxxx/xxxxxxxx/xxxxxx/xxxxxxxx/xxxxx/xxxxx-xxxxxxx.xxxpredictiveHigh
41Filexxxxx.xxpredictiveMedium
42Filexxxxx.xxxpredictiveMedium
43Filexxxxx.xxx/xxxxx/xxxxxpredictiveHigh
44Filexxxxx.xxx?xxxxxx=xxxxxx&xxxxxx=xxxpredictiveHigh
45Filexxxxxxxx.xxxpredictiveMedium
46Filexxxx-xxxxxx-xxxxxxxxx.xxxpredictiveHigh
47Filexxxx/xxxxxxx/xxxxxxxx.xxxx.xxxpredictiveHigh
48Filexxxxx.xxxpredictiveMedium
49Filexxxxx.xxxpredictiveMedium
50Filexxx.xxxpredictiveLow
51Filexx-xxxxx/xxxx.xxxpredictiveHigh
52Filexxxxxxx_xxxxx.xxxpredictiveHigh
53Filexx/xxx.xpredictiveMedium
54Filexxx/xxx_xxxxx/xx_xxxxx.xpredictiveHigh
55Filexxxx_xxxx.xpredictiveMedium
56Filexxxxxxxxxxxxx.xxxpredictiveHigh
57Filexxxxxxx.xxxpredictiveMedium
58Filexxxxxxxxxxxxx.xpredictiveHigh
59Filexxxxxxxxxxxxx.xxxpredictiveHigh
60Filexxxxxxxxxxxxx.xxxpredictiveHigh
61Filexxxxxxxxxxxxx.xxxpredictiveHigh
62Filexxxxxx/xxxxxx.xxxpredictiveHigh
63Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
64Filexxxx.xpredictiveLow
65Filexxxx_xxx.xxxpredictiveMedium
66Filexxxxxx.xxpredictiveMedium
67Filexxxxx_xxx_xxxxxxx.xpredictiveHigh
68Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
69Filexxxxxx.xxxpredictiveMedium
70Filexxxx/xxxxxxxxxxxxxx.xxxpredictiveHigh
71Filexxx_xxxxxx.xpredictiveMedium
72Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
73Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
74Libraryxxxxxxxxxx.xxxpredictiveHigh
75Argument.xxxxxpredictiveLow
76Argumentxxxxxx[xxxx]predictiveMedium
77ArgumentxxxxxxxpredictiveLow
78Argumentxxxx_xxpredictiveLow
79Argumentxxx_xxpredictiveLow
80Argumentxxxxxx xxxxpredictiveMedium
81ArgumentxxxpredictiveLow
82Argumentxxxxxx['xxxx']predictiveHigh
83ArgumentxxxxxxxxpredictiveMedium
84ArgumentxxxxxxpredictiveLow
85ArgumentxxxxxxpredictiveLow
86Argumentxxxx_xxxxpredictiveMedium
87ArgumentxxxxxpredictiveLow
88ArgumentxxpredictiveLow
89ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
90ArgumentxxxpredictiveLow
91ArgumentxxxxpredictiveLow
92ArgumentxxxxxxxpredictiveLow
93ArgumentxxxxxxxxpredictiveMedium
94Argumentxxxx_xxpredictiveLow
95Argumentxxx_xxxxxx_xxx_xxxxxx_xxxxxxxpredictiveHigh
96Argumentxxxxxx_xxxpredictiveMedium
97ArgumentxxxpredictiveLow
98ArgumentxxxpredictiveLow
99ArgumentxxxxxxpredictiveLow
100ArgumentxxxxxxxxxpredictiveMedium
101ArgumentxxxxpredictiveLow
102ArgumentxxxxxxxxpredictiveMedium
103ArgumentxxxxpredictiveLow
104Argument_xxx_xxxxxxx_xxxxx_xxxxxxxxxx_xxxxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxpredictiveHigh
105Input Value%x/%xpredictiveLow
106Input Value../xxxxx.xxxxpredictiveHigh
107Input ValuexxxxpredictiveLow
108Input Value===predictiveLow
109Network PortxxxxpredictiveLow
110Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!