Toddler Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en177
de16
fr7
es3
pl2

Country

us62
de15
ru12
fr7
es3

Actors

Toddler206
Silence1

Activities

Interest

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Product

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1DGLogik DGLux Server IoT API permission8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2019-1010009
2Schneider Electric BMXNOR0200H Ethernet-Serial RTU Module Access Control authorization7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2019-6810
3Maran PHP Shop prod.php sql injection7.37.3$0-$5k$0-$5kHighNot Defined0.05CVE-2008-4879
4Google Android WiFi Driver out-of-bounds write6.56.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.05CVE-2019-9270
5IBM Business Automation Workflow Web UI cross site scripting4.74.7$5k-$25k$0-$5kNot DefinedNot Defined0.03CVE-2019-4149
6DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.36CVE-2010-0966
7D-Link DSL-320B login.xgi information disclosure5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.03
8AirWatch Agent Data Protection cryptographic issues4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2018-6975
9Xoops Xoops Virii Info Module index.php checksuperglobals file inclusion7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.00CVE-2007-1976
10Vixie cron Crontab File input validation4.44.2$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2019-9704
11Apache Tomcat CORS Filter 7pk security8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2018-8014
12Mozilla Firefox Mozilla Windows Updater/Maintenance Service File access control4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2017-5409
13Seagate BlackArmor NAS 220 cross site scripting4.34.2$0-$5k$0-$5kHighNot Defined1.02CVE-2013-6923
14McAfee VirusScan Enterprise Scriptscan COM Object memory corruption4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2016-8030
15Microsoft .NET Framework Code Access Security cryptographic issues9.89.8$5k-$25k$0-$5kNot DefinedNot Defined0.15CVE-2008-5100
16Patterson Dental Eaglesoft SQL Database hard-coded credentials9.89.6$0-$5k$0-$5kNot DefinedWorkaround0.00CVE-2016-2343
17Microsoft Windows Subsystem for Linux information disclosure4.84.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.06CVE-2019-0553
18Libssh2 Service kex_agree_methods input validation7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2015-1782
19CakePHP security.php unserialize privileges management5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.00
20IBM Sterling File Gateway path traversal5.35.3$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2017-1548

IOC - Indicator of Compromise (49)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameCampaignsConfidence
18.211.4.133High
223.111.204.17High
334.65.156.127127.156.65.34.bc.googleusercontent.comMedium
434.65.191.100100.191.65.34.bc.googleusercontent.comMedium
534.65.255.168168.255.65.34.bc.googleusercontent.comMedium
634.89.87.8888.87.89.34.bc.googleusercontent.comMedium
734.91.161.169169.161.91.34.bc.googleusercontent.comMedium
834.95.129.3333.129.95.34.bc.googleusercontent.comMedium
934.95.187.117117.187.95.34.bc.googleusercontent.comMedium
10XX.XX.XXX.XXXxxx.xxx.xx.xx.xx.xxxxxxxxxxxxxxxxx.xxxMedium
11XX.XXX.XXX.XXXxxx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxMedium
12XX.XXX.XX.XXXxxx.xx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxMedium
13XX.XXX.XX.XXxx.xx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxMedium
14XX.XXX.XX.XXXxxx.xx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxMedium
15XX.XXX.XXX.XXXxxx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxMedium
16XX.XXX.XXX.XXxx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxMedium
17XX.XXX.XXX.XXXxxx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxMedium
18XX.XXX.XXX.XXxx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxMedium
19XX.XXX.XX.XXXxxx.xx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxMedium
20XX.XXX.XX.XXXxxx.xx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxMedium
21XX.XXX.XX.XXXxxx.xx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxMedium
22XX.XXX.XX.XXXxxx.xx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxMedium
23XX.XXX.XXX.XXxx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxMedium
24XX.XXX.XXX.XXxx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxMedium
25XX.XXX.XXX.XXxx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxMedium
26XX.XXX.XX.XXXxxx.xx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxMedium
27XX.XXX.XX.XXxx.xx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxMedium
28XX.XXX.XXX.XXXxxx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxMedium
29XX.XX.XX.XXHigh
30XX.XXX.XXX.XXHigh
31XX.XXX.XX.XXXHigh
32XX.XX.XXX.XXHigh
33XX.XX.XXX.XXXHigh
34XX.XXX.XXX.XXHigh
35XX.XXX.XXX.XXXHigh
36XX.XXX.XXX.XXXHigh
37XX.XXX.XX.XXXxxxxxxxxxxxx.xxxxxxx.xxxHigh
38XX.XXX.X.XXXHigh
39XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xx.xxxxxxxxxxxxxxxxx.xxxMedium
40XXX.XXX.XX.XXXHigh
41XXX.XXX.XXX.XXHigh
42XXX.XX.XX.XXXxxxxxxx.xxxxHigh
43XXX.XXX.XX.XXXxxxxx.xxxxHigh
44XXX.XXX.XXX.XXHigh
45XXX.XXX.XXX.XXHigh
46XXX.XXX.XXX.XXHigh
47XXX.XXX.XXX.XXxxxx-xxx-xxx-xxx-xx.xxxxxx-xx-xxxxxx.xxHigh
48XXX.XXX.XX.XXXHigh
49XXX.XXX.XX.XXHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegesHigh
3T1110.001CWE-307, CWE-798Improper Restriction of Excessive Authentication AttemptsHigh
4TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxHigh
5TXXXXCWE-XXXXxxxxxxxxx XxxxxxHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxx XxxxxxxxxxxHigh
7TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxHigh
8TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxHigh
9TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxHigh

IOA - Indicator of Attack (91)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/appLms/ajax.server.phpHigh
2File/as/authorization.oauth2High
3File/mics/j_spring_security_checkHigh
4File/uncpath/Medium
5Fileal_initialize.phpHigh
6Fileapply_sec.cgiHigh
7Fileauction_details.phpHigh
8Filebooks.phpMedium
9Filec:\auxLow
10Filecalendar.phpMedium
11Filexxx-xxx/xx.xxxHigh
12Filexxxx/xxx/xxxx.xxHigh
13Filexxxx/xxxxxxxxxxxxxxx.xxxHigh
14Filexxxxxxxxxxx.xxxHigh
15Filexxxxxxxx-xxxxxxxx.xxxHigh
16Filexxxxxx/xxxxxxxxxxxxxxxxxHigh
17Filexxxxxx/xxxxxxxHigh
18Filexxx/xxxxxx.xxxHigh
19Filexxx/xxxxxxxxx_xxxxxx.xxxHigh
20Filexxxxx.xxxMedium
21FilexxxxxxxxxxMedium
22Filexxxx_xxxx.xxxHigh
23Filexxxxx.xxxMedium
24Filexxxxxxxxxxxxxxxx.xxxHigh
25Filexxx/xxxxxxx/xxxxxxxxx.xHigh
26Filexxxx_xxxxxx.xxxHigh
27Filexxxxxx.xMedium
28Filexxxxxxx.xxxMedium
29Filexxxx.xxxMedium
30Filexxxxx.xxxMedium
31Filexxxx.xxxMedium
32Filexxxxx/xxxxxxx/xxxxxxxxxxx/xxxxx_xxxxxx.xxxHigh
33Filexxxx/xxxx/xxxxxxxHigh
34Filexxxxxx.xxxMedium
35Filexxxx_xxxxxxx_xxxxxxxx.xxxHigh
36Filexxxxxxxxxxx.xxxHigh
37Filexxxxx.xxxMedium
38Filex_/xxx/xxx/xxxxxxxxxHigh
39Filexxxx-xxxxxxxx.xxxHigh
40Filexxxxx/xxxxx_xxxxx.xxx / xxxxx.xxxHigh
41Filexxx_xxxxxx.xxxHigh
42Filexxxx/xxx/xxxx-xxxxx.xxxHigh
43Filexxxxxxxxx.xMedium
44Filexxxxx.xxxxMedium
45Filexxxxxxxx.xxxMedium
46Filexxxxxx-xxxx.xxxHigh
47Filexxxxxxxxx.xxxHigh
48Libraryxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxx/xxxxxxxx.xxxHigh
49Libraryxxxx/xxx/xxxxxx/xx-xxxxx-xxxxxx.xxxHigh
50Libraryxxxxxx.xxxMedium
51Libraryxxxxxxx.xxx/xxxxxx.xxxHigh
52Argument$xxxxLow
53ArgumentxxxxxxLow
54Argumentxxxxxxx_xxMedium
55ArgumentxxxxxxxxMedium
56ArgumentxxxxxxLow
57ArgumentxxxLow
58Argumentxxx_xxLow
59Argumentxxxx_xxLow
60ArgumentxxxxxxxxxxMedium
61ArgumentxxxxxxLow
62ArgumentxxxxxxxxxxxMedium
63ArgumentxxxLow
64ArgumentxxxxxxxxMedium
65Argumentxxxxxx_xxxxxxHigh
66ArgumentxxxxxxLow
67ArgumentxxLow
68Argumentx_xxxxxxxxMedium
69ArgumentxxxxxLow
70ArgumentxxxxxxxxMedium
71ArgumentxxxxLow
72Argumentxxxxxxxx_xxxMedium
73ArgumentxxxLow
74ArgumentxxxxxxLow
75ArgumentxxxxxxLow
76Argumentxxxxx_xxxxxxMedium
77ArgumentxxxLow
78Argumentxxxx_xxxxMedium
79ArgumentxxxxxxLow
80ArgumentxxxxxxxxMedium
81ArgumentxxxxxxxxMedium
82Argumentxxxxxxxxxxx[xxxx_xxxx]High
83Input Value/../Low
84Input Value/../../../../../../../../../../../../xxx/xxxxxxHigh
85Input Valuexxxxx%xx%xx%xxxxx.xxxxxxx.xxx%xxxx&%xx%xx%xxxxxxxx%xxxxxxx(x)%xx%xxxxxxxx%xxHigh
86Input ValuexxxxxxxxxxxxxxxxxxxHigh
87Input Value\xxx../../../../xxx/xxxxxxHigh
88Pattern() {Low
89Pattern/xxxxxxxxxxx.xxxHigh
90Patternx|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|.|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|High
91Network Portxxx/xx (xxx xxxxxxxx)High

References (1)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!