Syrian Electronic Army Analysis

IOB - Indicator of Behavior (297)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en286
es6
ar2
pl2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us152
cn84
ir28
kr10
es6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows12
Microsoft Office10
Linux Kernel8
WordPress8
Apache HTTP Server8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Microsoft Windows SMB input validation7.77.1$25k-$100k$0-$5kHighOfficial Fix0.000.96089CVE-2017-0144
2Cisco IOS NTP Interface Queue input validation7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.080.01136CVE-2016-1478
3Microsoft Word/Office/Outlook RTF Document memory corruption10.09.6$25k-$100k$0-$5kHighOfficial Fix0.020.90601CVE-2014-1761
4Peplink Balance Cookie admin.cgi sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.33212CVE-2017-8835
5vsftpd deny_file unknown vulnerability3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01136CVE-2015-1419
6Citrix Netscaler SD-WAN Session ID Cookie input validation9.89.4$5k-$25k$0-$5kHighOfficial Fix0.020.08944CVE-2017-6316
7Saxum Picker sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.01564CVE-2018-7178
8Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.090.25090CVE-2017-0055
9TVT Dvr Firmware path traversal7.57.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.110.07032CVE-2013-6023
10D-Link IP Cameras rtpd.cgi insecure inherited permissions9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.080.02564CVE-2013-1599
11Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.080.29797CVE-2014-4078
12Linksys WVC11B main.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.010.01917CVE-2004-2508
13Yiiframework code injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.060.01055CVE-2014-4672
14Huawei SXXXX XML Parser input validation3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2017-15346
15WordPress Installation functions.php is_blog_installed access control8.07.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.04717CVE-2020-28037
16Plupload plupload.flash.swf cross site scripting6.15.9$0-$5k$0-$5kNot DefinedOfficial Fix0.010.07104CVE-2016-4566
17Telerik Progress UI for ASP.NET AJAX Telerik.Web.UI inadequate encryption8.58.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.51031CVE-2017-11317
18WordPress Password Reset wp-login.php mail password recovery6.15.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.020.23476CVE-2017-8295
19Siklu EtherHaul information disclosure8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.02166CVE-2017-7318
20Intel Hardware Accelerated Execution Manager IntelHAXM.sys access control7.87.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.01525CVE-2017-5683

IOC - Indicator of Compromise (39)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
131.8.47.7h31-8-47-7.dyn.bashtel.ruSyrian Electronic ArmyverifiedHigh
231.8.48.7h31-8-48-7.dyn.bashtel.ruSyrian Electronic ArmyverifiedHigh
331.9.48.1Syrian Electronic ArmyverifiedHigh
431.9.48.7Syrian Electronic ArmyverifiedHigh
531.9.48.11Syrian Electronic ArmyverifiedHigh
631.9.48.84Syrian Electronic ArmyverifiedHigh
731.9.48.119Syrian Electronic ArmyverifiedHigh
831.9.48.141Syrian Electronic ArmyverifiedHigh
9XX.X.XX.XXXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
10XX.X.XX.XXXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
11XX.X.XX.XXXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
12XX.XX.XX.XXXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
13XX.XX.XXX.XXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
14XX.XX.XXX.XXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
15XX.XXX.XXX.XXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
16XX.XXX.XXX.XXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
17XX.XXX.XXX.XXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
18XX.XXX.XXX.XXXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
19XX.X.XX.XXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
20XX.XX.XX.XXXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
21XX.X.XX.XXxxxxx.xx.x.xx.xx.xxxxxxx.xxXxxxxx Xxxxxxxxxx XxxxverifiedHigh
22XX.XXX.XXX.XXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
23XX.XXX.XXX.XXXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
24XX.XXX.XXX.XXXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
25XX.XXX.XXX.XXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
26XX.XXX.XXX.XXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
27XX.XXX.XXX.XXXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
28XXX.XX.X.XXXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
29XXX.XX.XX.XXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
30XXX.XX.XXX.XXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
31XXX.XX.XXX.XXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
32XXX.XX.XXX.XXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
33XXX.XX.XXX.XXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
34XXX.XX.XXX.XXXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
35XXX.XX.XXX.XXXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
36XXX.XXX.XXX.XXXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
37XXX.XXX.XXX.XXXXxxxxx Xxxxxxxxxx XxxxverifiedHigh
38XXX.XX.XXX.XXxxxx.xxx-xxxxx.xxxxxxxx.xxxx.xxXxxxxx Xxxxxxxxxx XxxxverifiedHigh
39XXX.X.X.XXXxxxxx Xxxxxxxxxx XxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (102)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/.ssh/authorized_keys2predictiveHigh
2File/anony/mjpg.cgipredictiveHigh
3File/html/device-idpredictiveHigh
4File/uncpath/predictiveMedium
5Filea2dp_aac_decoder.ccpredictiveHigh
6Fileactbar3.ocxpredictiveMedium
7Fileadclick.phppredictiveMedium
8Fileadmin.phppredictiveMedium
9Fileadmin/users/addpredictiveHigh
10Fileadministrator/components/com_media/helpers/media.phppredictiveHigh
11Fileajax-actions.phppredictiveHigh
12FileajaxRequest/methodCall.dopredictiveHigh
13Filexxxxx.xxxpredictiveMedium
14Filexxxxxxxx.xxxpredictiveMedium
15Filexxxxxxxxx.xxxpredictiveHigh
16Filexxxxxx.xxxpredictiveMedium
17Filexxx-xxx/xxxxx/xxxxx.xxxpredictiveHigh
18Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
19Filexxxxxxxxxxxx.xxxxpredictiveHigh
20Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
21Filexxxxxxx/xxxx/xxxx/xxxx.xpredictiveHigh
22Filexxxxxxx.xxxpredictiveMedium
23Filexxxx/xxxxxxxxxx/xxxxxx-xxxxxxx.xpredictiveHigh
24Filexxx/xxxx/xxxxxx/xxxxxx_xxxxxxx.xpredictiveHigh
25Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xxpredictiveHigh
26Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
27Filexx/xxx/xxx-xxxx.xpredictiveHigh
28Filexxxxx.xxx.xxxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexxxxxxxxx.xxxpredictiveHigh
31Filexxxxxx.xpredictiveMedium
32Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveHigh
33Filexxxx.xxxpredictiveMedium
34Filexxx_xxx_xxxxxx.xpredictiveHigh
35Filexxx_xxxxx_xxxx.xpredictiveHigh
36Filexxxxx.xxxpredictiveMedium
37Filexxx/xxxxxx/xx_xxxxxx.xpredictiveHigh
38Filexxx.xxxpredictiveLow
39Filexxxxxxxx.xxxxx.xxxpredictiveHigh
40Filexxxxx_xxx.xxxpredictiveHigh
41Filexxxxxxx.xxxpredictiveMedium
42Filexxxxxxx_xxxx.xxxpredictiveHigh
43Filexxxxxxx.xpredictiveMedium
44Filexxxxx/xxxxx.xxxpredictiveHigh
45Filexxxxxxxxxxxxxxxx.xxpredictiveHigh
46Filexxxxxx.xxxpredictiveMedium
47Filexxxx.xxxpredictiveMedium
48Filexxx/xxxxxxxx.xpredictiveHigh
49Filexxxxxxx.xxxpredictiveMedium
50Filexxx/xxx/xxx-xxx/xxxx.xxxpredictiveHigh
51Filexxx.xxxpredictiveLow
52Filexx-xxxxx/xxxxx.xxxpredictiveHigh
53Filexx-xxxxx/xxxx.xxxpredictiveHigh
54Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
55Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
56Filexx-xxxxx.xxxpredictiveMedium
57Library/xxx/xxxxx/xxxxxxxxx.xxpredictiveHigh
58Libraryxxxxxx.xxxpredictiveMedium
59Libraryxxxxx.xxxpredictiveMedium
60Libraryxxxxx.xxxpredictiveMedium
61Libraryxxxxxx.xxxpredictiveMedium
62Libraryxxxxxxxxxx/xxxxxx_xxxxxxxxx.xpredictiveHigh
63Libraryxxxxxxxx.xxxpredictiveMedium
64Libraryxxxxxxxxxxxxxxxx.xxxpredictiveHigh
65Libraryxxxxxxxxxxxxxx.xxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveHigh
66Libraryxxxxxx.xxxpredictiveMedium
67Libraryxxxxxx.xxxpredictiveMedium
68Argument$xxxxpredictiveLow
69ArgumentxxxxxpredictiveLow
70Argumentxxxxxxxxxx_xxxxpredictiveHigh
71Argumentxxx_xxpredictiveLow
72ArgumentxxxxxxxpredictiveLow
73ArgumentxxxxxxxxxxpredictiveMedium
74Argumentxxxx/xxxx/xxxxxxxxxpredictiveHigh
75ArgumentxxxxxpredictiveLow
76ArgumentxxxxxpredictiveLow
77Argumentxxxx_xxxxxx[xxxxx]predictiveHigh
78ArgumentxxxxpredictiveLow
79ArgumentxxxxxxxpredictiveLow
80ArgumentxxxxpredictiveLow
81ArgumentxxpredictiveLow
82Argumentxxxxxxx_xxxxpredictiveMedium
83Argumentx_xxxxxx_xxxxx_xxxxpredictiveHigh
84Argumentxxxx_xxxxpredictiveMedium
85Argumentxxxxxxxx_xxpredictiveMedium
86ArgumentxxxxxxxxpredictiveMedium
87ArgumentxxxxxxpredictiveLow
88ArgumentxxxxxxxpredictiveLow
89ArgumentxxxpredictiveLow
90ArgumentxxxxpredictiveLow
91ArgumentxxxxpredictiveLow
92ArgumentxxxxxpredictiveLow
93Argumentxx_xxxx_xxxpredictiveMedium
94Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
95ArgumentxxxxxxxxxxxxpredictiveMedium
96Pattern|xx|xx|xx|predictiveMedium
97Network PortxxxxpredictiveLow
98Network Portxxx/xxxx (xxxxx)predictiveHigh
99Network Portxxx/xxxxpredictiveMedium
100Network Portxxx/xxx (xxx)predictiveHigh
101Network Portxxx/xxx (xxxx)predictiveHigh
102Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!