TunnelVision Analysis

IOB - Indicator of Behavior (44)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en40
pl2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us30
mx10
gb4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

TunnelVision5
Mint Sandstorm2
IcedID1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined8
Operating System4
Groupware Software4
Content Management System4
Log Management Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined10
Microsoft6
Itechscripts2
YITH2
McAfee2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Itechscripts iTechBids2
PbootCMS2
Cacti2
Microsoft Windows2
YITH WooCommerce Gift Cards Premium Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.01621CVE-2007-1192
2SAP NetWeaver MigrationService improper authorization9.29.2$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00068CVE-2021-21481
3WordPress cross site scripting5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.050.01034CVE-2022-21662
4WordPress WP_Query sql injection6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.92907CVE-2022-21661
5Microsoft Windows RDP authorization8.87.7$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.00129CVE-2021-1669
6DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix2.690.00954CVE-2010-0966
7Cacti Request Parameter remote_agent.php injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.140.97186CVE-2022-46169
8All in One SEO Plugin REST API Endpoint access control6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00730CVE-2021-25036
9YITH WooCommerce Gift Cards Premium Plugin Shopping Cart php unrestricted upload7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.07359CVE-2021-3120
10WordPress wp-publications Plugin Archive bibtexbrowser.php path traversal7.87.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00476CVE-2021-38360
11WP Import Export Plugin class-wpie-general.php wpie_process_file_download authorization6.46.3$0-$5k$0-$5kNot DefinedNot Defined0.050.00129CVE-2022-0236
12Cisco Small Business RV345 stack-based overflow9.99.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.030.94468CVE-2022-20699
13WordPress Object injection5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00192CVE-2022-21663
14Oracle GlassFish Open Source Edition Demo Feature hard-coded credentials8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.080.00270CVE-2018-14324
15Microsoft Exchange Server Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.95439CVE-2021-42321
16F5 BIG-IP TMUI Privilege Escalation8.88.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.010.00152CVE-2021-22988
17Microsoft SharePoint Server Privilege Escalation8.87.7$25k-$100k$0-$5kUnprovenOfficial Fix0.010.19278CVE-2021-31181
18Umbraco CMS Installation path traversal5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00219CVE-2020-5811
19Dnsmasq information disclosure3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00331CVE-2019-14834
20Smartstore WebApi Authentication improper authentication8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00280CVE-2020-15243

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
151.89.135.142ip142.ip-51-89-135.euTunnelVision02/25/2022verifiedHigh
251.89.169.198ip198.ip-51-89-169.euTunnelVision02/25/2022verifiedHigh
3XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxXxxxxxxxxxxx02/25/2022verifiedHigh
4XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxXxxxxxxxxxxx02/25/2022verifiedHigh
5XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxxxxxxxxx02/25/2022verifiedHigh
6XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxxxxxxxxx02/25/2022verifiedHigh
7XXX.XX.XXX.XXxxxxxxxxxxx02/25/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3TXXXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx XxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/user/Config.cgipredictiveHigh
2File/etc/sudoerspredictiveMedium
3Fileadmin.php/User/del/ucode/predictiveHigh
4Filedata/gbconfiguration.datpredictiveHigh
5Filexxxxxx.xxxpredictiveMedium
6Filexxx/xxxxxx.xxxpredictiveHigh
7Filexxxxx_xxx.xxxpredictiveHigh
8FilexxxpredictiveLow
9Filexxxx.xxxpredictiveMedium
10Filexxxxxxxxx.xxxpredictiveHigh
11Filexxxxxx_xxxxx.xxxpredictiveHigh
12Filexxxx.xxxpredictiveMedium
13Filexxxxxx/xxxxx.xxx/xxxx/xxxxpredictiveHigh
14Filexxxxxxxxx.xxxpredictiveHigh
15Filexxxxxx/xxxxx/xxxx_xxx.xxxpredictiveHigh
16File~/xxxxxxxxxxxxx.xxxpredictiveHigh
17File~/xxxxxxxx/xxxxxxx/xxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
18ArgumentxxxxxxxxpredictiveMedium
19ArgumentxxxpredictiveLow
20Argumentxxxx/xxxxxxxpredictiveMedium
21Argumentxxxx_xxpredictiveLow
22ArgumentxxxxxxxxpredictiveMedium
23ArgumentxxxxpredictiveLow
24ArgumentxxxxxxxpredictiveLow
25Argumentx_xxxxpredictiveLow
26Argumentxxxxx_xxpredictiveMedium
27ArgumentxxxxxxxxpredictiveMedium
28Input Valuexxxxxx=xxx&xxxxxxxx=xxxxxxx.*predictiveHigh
29Input ValuexxxxxpredictiveLow
30Input Valuexxxxxxxxx xxxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!