Sysrv Analysis

IOB - Indicator of Behavior (152)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en126
ru14
ja4
pl4
zh4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us42
ua32
cn6
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Sysrv3
Mirai3
Cobalt Strike3
Nanocore RAT2
Remcos2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined60
Content Management System26
Web Server6
Router Operating System6
Smartphone Operating System6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined50
Joomla8
IBM6
Cisco6
Apache4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Joomla CMS8
Apache HTTP Server4
OnePlug CMS4
spip2
MikroTik RouterOS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Apple iOS ImageIO null pointer dereference6.46.3$25k-$100k$0-$5kNot DefinedOfficial Fix0.050.02898CVE-2016-1811
2Grafana path traversal6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.97494CVE-2021-43798
3CKFinder File Name unrestricted upload7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.150.00155CVE-2019-15862
4PHPMailer Phar Deserialization addAttachment deserialization5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00308CVE-2020-36326
5Apple iOS CommonCrypto information disclosure5.45.3$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.00181CVE-2016-1802
6ASP Portal add_edit_cat.asp sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00814CVE-2006-1353
7MyBatis Plus sql injection8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00063CVE-2023-25330
8Zabbix Application Server Privilege Escalation4.74.6$0-$5k$0-$5kNot DefinedNot Defined0.050.00226CVE-2021-46088
9Grafana Labs Permission improper authentication9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.97260CVE-2021-39226
10Duo Network Gateway Log log file4.94.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00044CVE-2020-3483
11Linux Kernel af_packet.c packet_set_ring memory corruption6.56.4$0-$5k$0-$5kHighOfficial Fix0.050.00089CVE-2017-7308
12Biscom Secure File Transfer code injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01334CVE-2020-8796
13Oracle Siebel CRM Siebel Core - Server Infrastructure information disclosure5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00168CVE-2021-2368
14studio-42 elfinder phar File Remote Code Execution5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00932CVE-2021-23394
15shell-quote Windows Drive Letter exec os command injection5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00140CVE-2021-42740
16Joomla CMS com_contact access control6.36.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00077CVE-2019-15028
17Joomla CMS Notes List View sql injection7.57.2$5k-$25k$0-$5kHighOfficial Fix0.000.05947CVE-2018-8045
18Cren ListProc catmail memory corruption10.010.0$0-$5k$0-$5kNot DefinedNot Defined0.010.01787CVE-2003-0274
19GitLab 2FA improper authentication4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00207CVE-2020-13304
20Yukihiro Matsumoto Ruby resource management5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.060.22763CVE-2006-5467

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
131.42.177.123scalemany.comSysrv07/27/2022verifiedHigh
231.210.20.120Sysrv07/27/2022verifiedHigh
3XX.XXX.XX.XXXXxxxx07/27/2022verifiedHigh
4XX.XXX.XXX.XXXxxxx07/27/2022verifiedHigh
5XXX.XXX.XXX.XXxxx-xxxx.xxxxx--xxxxxxx.xxxXxxxx07/27/2022verifiedHigh
6XXX.XX.XXX.XXXxxxx07/27/2022verifiedHigh
7XXX.XXX.XXX.XXXxxxx07/27/2022verifiedHigh
8XXX.XX.XX.XXXxxxx07/27/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Pathname TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74InjectionpredictiveHigh
4T1059CWE-94Cross Site ScriptingpredictiveHigh
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx XxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxx Xxxxxxxxx Xx X Xxxxxxxxxxx'x Xxxxx Xx XxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
15TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (78)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/contenttemppredictiveHigh
2File/htdocs/upnpinc/gena.phppredictiveHigh
3File/lab.htmlpredictiveMedium
4File/member/picture/albumpredictiveHigh
5File/products/details.asppredictiveHigh
6File/public/plugins/predictiveHigh
7File/services/details.asppredictiveHigh
8File/vendorpredictiveLow
9Fileadd_edit_cat.asppredictiveHigh
10Filexxxxx.xxxpredictiveMedium
11Filexxxxx/xxxxxx.xxxxxxxxx_xxxxx.xxxpredictiveHigh
12Filexxxxxxx.xxxpredictiveMedium
13Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
14Filexxxxxxxxxx.xxxpredictiveHigh
15Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxx.xxx.xxxpredictiveHigh
17Filexxxxxxxx.xxx.xxxpredictiveHigh
18Filexxxxxxxxxxxxx.xxxxxpredictiveHigh
19Filexxx/xxxx.xpredictiveMedium
20Filexxx/xxxxxx.xxxpredictiveHigh
21Filexxxxxxx.xxxpredictiveMedium
22Filexxxxxxx/xxxx_xxxxxxxxxx.xxxpredictiveHigh
23Filexxxx_xxxx.xxxpredictiveHigh
24Filexxxxxx_xxxxx_xxxxxxx.xpredictiveHigh
25Filexxx/xxxxxx/xx_xxxxxx.xpredictiveHigh
26Filexxxx.xxxpredictiveMedium
27Filexxxxxxx/xxxxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
28Filexxxxxxx.xxxpredictiveMedium
29Filexxxxx/xxxxxxx.xxxpredictiveHigh
30Filexxxxxxxx.xxxpredictiveMedium
31Filexxxxxxxx.xxxpredictiveMedium
32Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveHigh
33Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
34Filexxxx_xxxxx.xxxxpredictiveHigh
35Filexxxxx_xxxx_xxx.xxxpredictiveHigh
36Filexxxxx_xxxxx.xxxpredictiveHigh
37Filexxx.xxxpredictiveLow
38Filexxxxxxxx.xxxpredictiveMedium
39Filexxxxxxx.xxxpredictiveMedium
40Filexx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveHigh
41Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
42File\xxx\xxxxxxxx\xxxxxxxx\xxxxxxxx.xxxpredictiveHigh
43Libraryxxx_xxxxxx.xxxpredictiveHigh
44Libraryxxxxxx[xxxxxx_xxxxpredictiveHigh
45Libraryxxxxxxxxx/xxx/xxxxxxxxxx/xxxx/xxxxx/xxxxxxx.xxxxx.xxxpredictiveHigh
46ArgumentxxxxxxxxpredictiveMedium
47Argumentxxxxx_xxxxpredictiveMedium
48Argumentxxx_xxxpredictiveLow
49Argumentxxx_xxpredictiveLow
50Argumentxxxx_xxpredictiveLow
51Argumentxxxxxx[xxxxxx_xxxx]predictiveHigh
52ArgumentxxxxxxxxxxxxpredictiveMedium
53ArgumentxxxxxxxxpredictiveMedium
54ArgumentxxxxpredictiveLow
55ArgumentxxpredictiveLow
56ArgumentxxxxxxxxxpredictiveMedium
57ArgumentxxxpredictiveLow
58Argumentxxx_xxxxxxx_xxxpredictiveHigh
59Argumentxxxxxxx xxxxpredictiveMedium
60Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
61ArgumentxxxxpredictiveLow
62Argumentxxxxxx_xxxxxx[xxxxxx_xxxx]predictiveHigh
63ArgumentxxxpredictiveLow
64Argumentxxxxxxx_xxpredictiveMedium
65ArgumentxxxxxxxxxxxpredictiveMedium
66Argumentxxxxxx_xxxxpredictiveMedium
67ArgumentxxxxxxpredictiveLow
68Argumentxxxxxxx_xxpredictiveMedium
69ArgumentxxxxpredictiveLow
70Argumentxxxxxxx xxxxxxxpredictiveHigh
71ArgumentxxxpredictiveLow
72Argumentxxxxxxxxx_xxxxxpredictiveHigh
73ArgumentxxxxxxxpredictiveLow
74ArgumentxxxxxpredictiveLow
75ArgumentxxxxpredictiveLow
76Argumentxxxxxxxx/xxxxxxxx/xxxxxxxxxxxpredictiveHigh
77Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
78Input Value..predictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!