TG-3390 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en902
zh52
it12
de10
es10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA390
CN: China88
ES: Spain28
RU: Russia16
IT: Italy6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike6
APT274
Remcos3
RedLine Stealer3
TG-33902

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined426
Operating System74
Content Management System42
Programming Language Software42
Web Browser28

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined274
Apple52
Microsoft38
Google32
Oracle22

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apple Mac OS X42
Google Chrome20
Microsoft Windows14
Google Android12
WordPress12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.39CVE-2010-0966
3Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.05CVE-2017-0055
4vsftpd deny_file unknown vulnerability3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.002610.09CVE-2015-1419
5Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.00CVE-2014-4078
6jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.05CVE-2019-7550
7HP Storage Data Protector memory corruption10.010.0$5k-$25k$0-$5kHighNot Defined0.522530.04CVE-2014-2623
8Guangzhou 1GE ONU/V2804RGW formPing os command injection5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.719150.08CVE-2020-8958
9LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.09
10glorylion JFinalOA SysOrg.java sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.05CVE-2023-0758
11RARLabs WinRAR ZIP Archive Remote Code Execution7.06.9$0-$5k$0-$5kHighOfficial Fix0.198560.04CVE-2023-38831
12ONLYOFFICE Document Server JWT upload pathname traversal8.07.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.028230.04CVE-2021-3199
13SourceCodester Simple Cold Storage Management System Contact Us cross-site request forgery4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000680.04CVE-2022-3585
14FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.002030.13CVE-2008-5928
15Dell EMC iDRAC9 Web Interface improper authentication8.68.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.008010.00CVE-2019-3706
16nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.61CVE-2020-12440
17Basti2web Book Panel books.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.000640.09CVE-2009-4889
18Lars Ellingsen Guestserver guestbook.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001690.17CVE-2005-4222
19Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.26CVE-2009-4935
20Siemens DCA Vantage Analyzer Onboard Database hard-coded password5.45.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000610.00CVE-2020-7590

Campaigns (3)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (40)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
143.242.35.13TG-3390Gh0st RAT12/20/2020verifiedLow
243.242.35.16TG-3390Gh0st RAT12/20/2020verifiedLow
345.114.9.174TG-3390Bronze Union12/20/2020verifiedLow
449.143.192.221TG-339012/20/2020verifiedLow
549.143.205.30TG-339012/20/2020verifiedLow
666.63.178.142unassigned.quadranet.comTG-339012/20/2020verifiedLow
767.215.232.179ed-cricalf.latention.comTG-339012/20/2020verifiedLow
867.215.232.181ninths.latention.comTG-339012/20/2020verifiedLow
9XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxx.xxxxxxxxx.xxxXx-xxxx12/20/2020verifiedLow
10XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxx.xxxxxxxxx.xxxXx-xxxx12/20/2020verifiedLow
11XX.XX.XXX.XXXxxxxxxxxxx.xxxxxxxxx.xxxXx-xxxx12/20/2020verifiedLow
12XX.XX.XXX.XXXxxx-xxx-xx-xx.xxxxxx.xxxxxxx.xxxx.xxxXx-xxxx12/20/2020verifiedLow
13XX.XX.XXX.XXXxxx-xxx-xx-xx.xxxxxx.xxxxxxx.xxxx.xxxXx-xxxx12/20/2020verifiedLow
14XX.XX.XXX.XXXxxx-xxx-xx-xx.xxxxxx.xxxxxxx.xxxx.xxxXx-xxxx12/20/2020verifiedLow
15XX.XX.XXX.XXXxxxxxxxxxx.xxxxxxxxx.xxxXx-xxxx12/20/2020verifiedLow
16XX.XX.XXX.XXXxxxxxxxxxx.xxxxxxxxx.xxxXx-xxxx12/20/2020verifiedLow
17XX.XX.XXX.XXXxxxxxxxxxx.xxxxxxxxx.xxxXx-xxxx12/20/2020verifiedLow
18XX.XX.XXX.XXXxxxxxxxxxx.xxxxxxxxx.xxxXx-xxxx12/20/2020verifiedLow
19XX.XX.XX.XXxxxx.xxxXx-xxxxXxxxxx Xxxxx12/20/2020verifiedLow
20XXX.XX.X.XXXxxxxxxx.xxxxxx.xx.xxxxxxxx.xxxXx-xxxx12/20/2020verifiedLow
21XXX.XX.X.XXxxxxxxx.xxxxxx.xx.xxxxxxxx.xxxXx-xxxx12/20/2020verifiedLow
22XXX.XX.XXX.XXXXx-xxxxXxxxxxxx Xxxxx12/20/2020verifiedLow
23XXX.XX.XX.XXXx-xxxxXxxxx Xxx12/20/2020verifiedLow
24XXX.XXX.XXX.XXXXx-xxxxXxxxxx Xxxxx12/20/2020verifiedLow
25XXX.XXX.XX.XXXXx-xxxx12/20/2020verifiedLow
26XXX.XXX.XX.XXXXx-xxxxXxxxxx Xxxxx12/20/2020verifiedLow
27XXX.XX.XX.XXXXx-xxxxXxxxxxxx Xxxxx12/20/2020verifiedLow
28XXX.XX.XX.XXXxxxxxxx.xxxxx.xxxxXx-xxxxXxxxxxxx Xxxxx12/20/2020verifiedLow
29XXX.XXX.XXX.XXXXx-xxxx12/20/2020verifiedLow
30XXX.XXX.XX.XXx.x.xxxxx.xxXx-xxxx12/20/2020verifiedVery Low
31XXX.XXX.XX.XXx.x.xxxxx.xxXx-xxxx12/20/2020verifiedVery Low
32XXX.XXX.XX.XXx.x.xxxxx.xxXx-xxxx12/20/2020verifiedVery Low
33XXX.XX.XXX.XXXXx-xxxxXxxxxx Xxxxx12/20/2020verifiedLow
34XXX.XXX.XXX.XXxx-xxx-xxx-xxx.xxxxxx.xxxxxxx.xxxx.xxxXx-xxxx12/20/2020verifiedLow
35XXX.XXX.XXX.XXxx-xxx-xxx-xxx.xxxxxx.xxxxxxx.xxxx.xxxXx-xxxx12/20/2020verifiedLow
36XXX.XXX.XXX.XXxx-xxx-xxx-xxx.xxxxxx.xxxxxxx.xxxx.xxxXx-xxxx12/20/2020verifiedLow
37XXX.XXX.XXX.XXXXx-xxxxXxxxxx Xxxxx12/20/2020verifiedLow
38XXX.XXX.XXX.XXXXx-xxxxXxxxxx Xxxxx12/20/2020verifiedLow
39XXX.XXX.XXX.XXXXx-xxxxXxxxxx Xxxxx12/20/2020verifiedLow
40XXX.XXX.XXX.XXXXx-xxxxXxxxxx Xxxxx12/20/2020verifiedLow

TTP - Tactics, Techniques, Procedures (27)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294, CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80, CWE-85Cross Site ScriptingpredictiveHigh
6T1068CAPEC-122CWE-264, CWE-269, CWE-270, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
7TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
12TXXXXCAPEC-1CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
13TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-466CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-220CWE-XXXXxxxxxxxx XxxxxxxxxpredictiveHigh
19TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
20TXXXX.XXXCAPEC-142CWE-XXXXxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx XxxxxxxxpredictiveHigh
21TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
22TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
23TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
24TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
25TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
26TXXXX.XXXCAPEC-59CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
27TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (323)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/adminspredictiveLow
3File/api/admin/system/store/order/listpredictiveHigh
4File/cgi-bin/live_api.cgipredictiveHigh
5File/cgi-bin/wapopenpredictiveHigh
6File/cgi-bin/wlogin.cgipredictiveHigh
7File/csms/?page=contact_uspredictiveHigh
8File/etc/ajenti/config.ymlpredictiveHigh
9File/etc/shadowpredictiveMedium
10File/farm/product.phppredictiveHigh
11File/forum/away.phppredictiveHigh
12File/getcfg.phppredictiveMedium
13File/goform/telnetpredictiveHigh
14File/infusions/shoutbox_panel/shoutbox_admin.phppredictiveHigh
15File/modules/profile/index.phppredictiveHigh
16File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
17File/oscommerce/admin/currencies.phppredictiveHigh
18File/proc/pid/syscallpredictiveHigh
19File/rom-0predictiveLow
20File/session/list/allActiveSessionpredictiveHigh
21File/syslog_rulespredictiveHigh
22File/tmp/outpredictiveMedium
23File/tmp/phpglibccheckpredictiveHigh
24File/uncpath/predictiveMedium
25File/uploadpredictiveLow
26File/users/{id}predictiveMedium
27File/usr/bin/pkexecpredictiveHigh
28File/var/tmp/sess_*predictiveHigh
29File/var/WEB-GUI/cgi-bin/telnet.cgipredictiveHigh
30File/videopredictiveLow
31File/videotalkpredictiveMedium
32Fileaction-visitor.phppredictiveHigh
33Fileactionphp/download.File.phppredictiveHigh
34FileActivityManagerService.javapredictiveHigh
35Fileadaptmap_reg.cpredictiveHigh
36Fileadd_comment.phppredictiveHigh
37Fileadmin.cgipredictiveMedium
38Filexxxxx.xxx?xxxxxx=xxxxxpredictiveHigh
39Filexxxxx/xxxxx.xxxpredictiveHigh
40Filexxxxx/xxxxxxx.xxxpredictiveHigh
41Filexxxxx/xxxxx.xxx?xx=xxxxx/xxxxxx=xxxx/xxxx_xx=xpredictiveHigh
42Filexxxxx_xxxxxxx.xxxxpredictiveHigh
43Filexxxxxx.xxxpredictiveMedium
44Filexxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
45Filexxxx/xxxxxxxxx.xxxpredictiveHigh
46Filexxxxx_xxxxxx.xxxpredictiveHigh
47Filexxx/xxxxxxxxx/xxxxxxxx_xxxxxx_xxxx.xxxpredictiveHigh
48Filexxx/xxxx_xxxx/xxxx_xxxxxxxxxxx.xxxpredictiveHigh
49Filexxx/xxxxxx/xxxxxxx/xxxxx/xxxxxxx_xxxxx.xxxxx.xxxpredictiveHigh
50Filexxx/xxxxxxxxx_xxxxxxxxx/xxxxxxxxx_xxxxxxxx_xxxx.xxxpredictiveHigh
51Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
52Filexxxxxx/xxxxxxxxx.xxpredictiveHigh
53Filexxxxxx/xxxxxx.xxpredictiveHigh
54Filexxxxxxxxxxxx.xxxpredictiveHigh
55Filexxxx/xxxx.xpredictiveMedium
56Filexxx/xxxx_xxxxxx.xxxpredictiveHigh
57Filexxxxxxxxxx/xxxxxxxx/xxxx/xpredictiveHigh
58Filexxxxxxx/xxxxx/xxxxxxxxpredictiveHigh
59Filexxxxx.xxxpredictiveMedium
60Filexxxxxx.xxxpredictiveMedium
61Filexxxx_xxx.xxxpredictiveMedium
62Filexxx.xxxpredictiveLow
63Filexxx-xxxx.xxxpredictiveMedium
64Filexx_xxx.xxpredictiveMedium
65Filexxx-xxx/xxxxxxxxxpredictiveHigh
66Filexxx-xxx/xx_xxxxxx_xxxxxx.xxxpredictiveHigh
67Filexxxxx.xxxxxxxxxxxx.xxxpredictiveHigh
68Filexxxxxxx/xxxx_xxxxx.xxxpredictiveHigh
69Filexxx.xxxpredictiveLow
70Filexxxxxxx_xxx.xxxpredictiveHigh
71Filexxx_xxxxxxx_xxxxxxxxx_xxxxxxxxx_xxxxxxxxxxxxxx.xxxpredictiveHigh
72Filexxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
73Filexxxx/xxxxxxx/xxxxxxxxx_xxxx_xxx.xxpredictiveHigh
74Filexxx-xxx/xxxxxxxxxxxxx.xxxpredictiveHigh
75Filexx_xxxx.xpredictiveMedium
76Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
77Filexxxxxx.xxxpredictiveMedium
78Filexxxxxxxxxxxxx/xxxxxx/xxxx.xxxpredictiveHigh
79Filexxxxxxxx?xxxx=xxxxxpredictiveHigh
80Filexxxxxxx/xxxx/xxxxxxx.xpredictiveHigh
81Filexxxxx_xxx.xpredictiveMedium
82Filex/xxxxxx/xxxxxxxx.xxxpredictiveHigh
83Filexxxx-xxxxxxxx-xxxxxx.xxxpredictiveHigh
84Filexxxxxxxx.xxxpredictiveMedium
85Filexxxxx.xxxpredictiveMedium
86Filexxxxxx/xxxxxx/xxxxxx.xxxpredictiveHigh
87Filexxxxxxx-xxxxxxx/xxxx/xxxxxx/xxxxxxxx/xxx/xxxxxxxxx/xxxxxx.xxpredictiveHigh
88Filexxxxx.xxxpredictiveMedium
89Filexx_xxxxx.xxxpredictiveMedium
90Filexxxxx.xxxpredictiveMedium
91Filexxx/xxxx/xxxx_xxxxxx.xpredictiveHigh
92Filexxx/xxxxxxxx/xxx.xpredictiveHigh
93Filexxxx.xxxpredictiveMedium
94Filexxxxxxxxxx/xxx.xxpredictiveHigh
95Filexxxxxxxxx/xx/xxxxxxxxxxxx.xxxpredictiveHigh
96Filexx/xxxx/xxx.xpredictiveHigh
97Filexxx/xxx-xxxxx.xpredictiveHigh
98Filexxxxxxxxxxxxxx.xxxpredictiveHigh
99Filexxx.xxxpredictiveLow
100Filexxxxxxxxx.xxxpredictiveHigh
101Filexxxxxxxxx.xxpredictiveMedium
102Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
103Filexxxx-xxxxxxx.xpredictiveHigh
104Filexxxxxx/xxxxxxpredictiveHigh
105Filexxxx_xxxx.xpredictiveMedium
106Filexx/xxx/xxxxx.xpredictiveHigh
107Filexxxxx_xxxxx_xxxx_xxxxxx_xxxx_x_xx_x.xpredictiveHigh
108Filexxxxx-xxxxxxxxxx.xpredictiveHigh
109Filexxx/xxxxxx.xxxpredictiveHigh
110Filexxxxxxxx/xxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
111Filexxxxx.xxxpredictiveMedium
112Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
113Filexxxxxxxx.xxxpredictiveMedium
114Filexxxx_xxxx.xxxpredictiveHigh
115Filexxxx_xxx.xpredictiveMedium
116Filexxxx.xpredictiveLow
117Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveHigh
118Filexxx/xxxxxxxxxx/xxxxxxxxx.xxpredictiveHigh
119Filexxxxxxxxxx/xxxxxx.xpredictiveHigh
120Filexxxxxxxxx/xxx.xpredictiveHigh
121Filexxxxxx.xpredictiveMedium
122Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveHigh
123Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
124Filexxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
125Filexxxxx.xxxxpredictiveMedium
126Filexxxxx.xxxpredictiveMedium
127Filexxxxx.xxxpredictiveMedium
128Filexxxxxxxx.xxxpredictiveMedium
129Filexxxxxxx/xxxxxx_xxxxxxx/{xx}predictiveHigh
130Filexx-xxxxx/xxxx-xxxx.xxxpredictiveHigh
131Filexxxxxxxx/xx/xxxxxxx/xxxxxxxxxxxx.xpredictiveHigh
132Filexxxxx/__xxxx_xxxx.xxxpredictiveHigh
133Filexxxxxx.xxxxxxx_xx_xx.xxpredictiveHigh
134Filexxx/xxxx/xxxx_xxxxxx.xpredictiveHigh
135Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
136Filexxx_xxxxxxxx.xpredictiveHigh
137Filexxx_xxxx.xpredictiveMedium
138Filexxxxxxxxxxx.xxxpredictiveHigh
139Filexxx_xxxx.xxxpredictiveMedium
140Filexxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxxx.xxxxpredictiveHigh
141Filexxxxxx.xxxpredictiveMedium
142Filexxxxxx/xxxxxxx-xxx-xxxpredictiveHigh
143Filexxx/xxx-xxxxx.xpredictiveHigh
144Filexxx.xxxpredictiveLow
145Filexxxxx.xxxpredictiveMedium
146Filexxxxxxxxxxxxx.xxxpredictiveHigh
147Filexxxxxxxxxxx_xxxxxxxxxxxx.xxpredictiveHigh
148Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
149Filexxxxxxxxxxx.xxxpredictiveHigh
150Filexxxx.xxxpredictiveMedium
151Filexxxxx.xxxpredictiveMedium
152Filexxxxx.xxxpredictiveMedium
153Filexxxxxxxx.xxxpredictiveMedium
154Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
155Filexxxxxxxxxxxx.xxxpredictiveHigh
156Filexxxxxxxx_xxxx.xxxpredictiveHigh
157Filexxxxx.xxxpredictiveMedium
158Filexx_xxxx.xpredictiveMedium
159Filexxxx/xxxxxxxxxxxxxx/xxxx_xxxxxxx.xpredictiveHigh
160Filexxxxxxxxxx.xxxpredictiveHigh
161Filexxxx_xxxxxxxxx.xxxpredictiveHigh
162Filexxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
163Filexxxx-xxxxxx.xpredictiveHigh
164Filexxxx.xpredictiveLow
165Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
166Filexxx/xxxx/xxxx/xxx/xxxxxxxxx/xxx/xxxxxx/xxxxx/xxxxxx.xxxxpredictiveHigh
167Filexxxxx_xxxxx.xxxpredictiveHigh
168Filexxxxx.xxxpredictiveMedium
169Filexxxxxxxxx.xxxpredictiveHigh
170Filexxxxx.xpredictiveLow
171Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
172Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
173Filexxx_xxx.xpredictiveMedium
174Filexxxx_xxx_xxxx.xxxpredictiveHigh
175Filexxx.xxxpredictiveLow
176Filexxxx-xxxxxxx.xxxpredictiveHigh
177Filexxxxx/xxxxxxxx.xxxpredictiveHigh
178Filexxxxx_xxxxx.xxxxpredictiveHigh
179Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
180Filexxx/xxxxxx/xxxx/xx/xx_xxxx.xpredictiveHigh
181Filexxxxxxxxx.xxpredictiveMedium
182Filexxx.xxxpredictiveLow
183Filexxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxxpredictiveHigh
184Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
185Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
186Filexx-xxxxxxxx/xx/xxxxxxxxxxxxpredictiveHigh
187Filexx-xxxxx.xxxpredictiveMedium
188Filexxx/xx_xxx.xxxpredictiveHigh
189File\xxxxxxx\xxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
190File~/xxx-xxx-xxxxxx.xxxpredictiveHigh
191Libraryxxxxxxxx/xxxxxxx/xxxxxxxx/xxx/xxxx/xxxx/xxxxxx/xxx/xxxxxx/xxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxx/xxxxxxxx_xxxxxxxxxxxxxxxx.xxxxpredictiveHigh
192Libraryxxxxxx[xxxxxx_xxxxpredictiveHigh
193Libraryxxxxxx.xxxpredictiveMedium
194Libraryxxxxxxx/xxxxxxxxx/xxxxxx.xpredictiveHigh
195Libraryxxx/xxxxxxxx.xpredictiveHigh
196Libraryxxx/x.xpredictiveLow
197Libraryxxx/xxxxxxx.xxpredictiveHigh
198Libraryxxxxxxxxxx.xxxpredictiveHigh
199Libraryxxxxxx.xxxpredictiveMedium
200Libraryxxxxxxxx.xxxpredictiveMedium
201Libraryxxx/xx_xxx.xpredictiveMedium
202Libraryxxxxxx.xxxpredictiveMedium
203Libraryxx-xxxxxxx/xxxxxxx/xx-xxxx-xxxxxxx/xxx/xxxxx/predictiveHigh
204Libraryxxxxxx.xxxpredictiveMedium
205Argumentxx/xxpredictiveLow
206ArgumentxxxxpredictiveLow
207ArgumentxxxpredictiveLow
208Argumentxxxxx_xxxpredictiveMedium
209Argumentxxxxxx_xxxxpredictiveMedium
210ArgumentxxxxxxxxxxxxxxpredictiveHigh
211ArgumentxxxxpredictiveLow
212ArgumentxxxxxxxxpredictiveMedium
213ArgumentxxxxxpredictiveLow
214ArgumentxxxxxxpredictiveLow
215Argumentxxxxxxxx xxxx/xxx xxxx/xxxxx xxxx/xxxxxxx/xxxx/xxxxx/xxxxxx/xxxxx xx xxxxx/xxx xxxx/xxx xxxxxx/xxxx xxxx/xxx/xxxxx/xxxxxpredictiveHigh
216ArgumentxxxpredictiveLow
217ArgumentxxxxxxxxxxpredictiveMedium
218ArgumentxxxxxpredictiveLow
219Argumentxxx_xxpredictiveLow
220ArgumentxxxxxxxxpredictiveMedium
221Argumentxxxx_xxpredictiveLow
222ArgumentxxxxxxxpredictiveLow
223Argumentxxxxxx/xxxxxxxpredictiveHigh
224Argumentxxxxxx[xxxxxx_xxxx]predictiveHigh
225ArgumentxxxxxxxpredictiveLow
226ArgumentxxxxxxxxxxxxpredictiveMedium
227Argumentxxxxxx_xxpredictiveMedium
228ArgumentxxxxxxxxxxpredictiveMedium
229ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
230ArgumentxxxxxxxxxxpredictiveMedium
231Argumentxxxx_xxxpredictiveMedium
232Argumentxxxxxxx_xxxxpredictiveMedium
233ArgumentxxxxxpredictiveLow
234Argumentxxxx xx xxxxxxxpredictiveHigh
235Argumentxxxxxxxx_xxxxpredictiveHigh
236ArgumentxxxpredictiveLow
237Argumentxxx_xxxxpredictiveMedium
238ArgumentxxxxxxxpredictiveLow
239ArgumentxxxxxpredictiveLow
240ArgumentxxxxxxpredictiveLow
241Argumentxxxxxx/xxxxxxpredictiveHigh
242ArgumentxxxxxxxpredictiveLow
243ArgumentxxxxxxxxpredictiveMedium
244ArgumentxxxxxpredictiveLow
245Argumentxxxxx_xxpredictiveMedium
246ArgumentxxxxxxxxpredictiveMedium
247ArgumentxxxxpredictiveLow
248ArgumentxxxxxxxxxxpredictiveMedium
249ArgumentxxxxxxxxpredictiveMedium
250Argumentxxxxx_xxxpredictiveMedium
251Argumentxxxx/xxpredictiveLow
252Argumentxxx=xxxpredictiveLow
253Argumentxxxx xxxxpredictiveMedium
254Argumentxxx-xxx-xxxxpredictiveMedium
255ArgumentxxxxpredictiveLow
256Argumentxxx_xxxxxxxxxpredictiveHigh
257Argumentxxx_xxxxxxpredictiveMedium
258ArgumentxxxxpredictiveLow
259ArgumentxxpredictiveLow
260Argumentxx/xxxxxxxxx_xxpredictiveHigh
261Argumentxxxxx_xxxx/xxxxxx/xxxxxpredictiveHigh
262Argumentxxxx_xxpredictiveLow
263ArgumentxxxxxpredictiveLow
264ArgumentxxxxpredictiveLow
265ArgumentxxxxxxxxpredictiveMedium
266ArgumentxxxxpredictiveLow
267ArgumentxxxxxxpredictiveLow
268ArgumentxxxxxxxxxxpredictiveMedium
269Argumentxxxxxxxxxxxx_xxxxxxpredictiveHigh
270Argumentxxxx_xxxxpredictiveMedium
271ArgumentxxxxpredictiveLow
272Argumentxxxx/xxxxxxxxxx xxxxx/xxxxxpredictiveHigh
273Argumentxxxx_xxxxxxpredictiveMedium
274ArgumentxxxxxpredictiveLow
275ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
276ArgumentxxxxpredictiveLow
277ArgumentxxxxpredictiveLow
278ArgumentxxxxxxxxpredictiveMedium
279ArgumentxxxxxxxxpredictiveMedium
280ArgumentxxxxxxxxxpredictiveMedium
281Argumentxxxxx_xxxx_xxxxpredictiveHigh
282ArgumentxxxxxxxxxxxxpredictiveMedium
283ArgumentxxxxxpredictiveLow
284ArgumentxxxxxxxxpredictiveMedium
285Argumentxxxxxx/xxxxxpredictiveMedium
286ArgumentxxxxxxpredictiveLow
287ArgumentxxxxxxxxpredictiveMedium
288ArgumentxxxxxxxxxxpredictiveMedium
289ArgumentxxxpredictiveLow
290ArgumentxxxxpredictiveLow
291Argumentxxx_xxxxx_xxxxxpredictiveHigh
292ArgumentxxxxxxxxxpredictiveMedium
293ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
294ArgumentxxxxxxxpredictiveLow
295ArgumentxxxxxxxxxpredictiveMedium
296Argumentxxxxx_xxxxxpredictiveMedium
297ArgumentxxxxpredictiveLow
298Argumentxxxxxxxx_xxpredictiveMedium
299Argumentxxxxx_xxxpredictiveMedium
300ArgumentxxxpredictiveLow
301ArgumentxxxxxxxxxpredictiveMedium
302ArgumentxxxxxxxxxxxpredictiveMedium
303ArgumentxxxxpredictiveLow
304ArgumentxxxxxxxxpredictiveMedium
305Argumentxxxxxxxx/xxxxpredictiveHigh
306Argumentxxxx_xxxxx/xxxx_xxxx/xxpredictiveHigh
307Argumentxxx_xxxxpredictiveMedium
308ArgumentxxxpredictiveLow
309ArgumentxxxxxpredictiveLow
310Input Value%xx%xx%xxxxxxxx%xxxxxxx%xxxxxxxxxx.xxxxxx%xx%xx/xxxxxx%xx%xxxxx%xxxxxxx=%xxxpredictiveHigh
311Input Value../predictiveLow
312Input Value../..predictiveLow
313Input Value./xxx/predictiveLow
314Input Value/xx *predictiveLow
315Input Valuex\"><xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
316Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
317Input Valuexxxxxxxx.+xxxpredictiveHigh
318Input Value…/.predictiveLow
319Network Portxxx/xxxpredictiveLow
320Network Portxxx/xxxpredictiveLow
321Network Portxxx/xxxxpredictiveMedium
322Network Portxxx/xxxxxpredictiveMedium
323Network Portxxx xxxxxx xxxxpredictiveHigh

References (6)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!