Typeframe Analysisinfo

IOB - Indicator of Behavior (64)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en62
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Oracle Database4
OTRS4
Unix2
ProFTPD2
SMEWeb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Symantec Messaging Gateway Charting ChartStream.java doGet path traversal6.56.0$5k-$25k$0-$5kHighOfficial Fix0.960430.07CVE-2016-5312
2WordPress REST API class-wp-rest-posts-controller.php privileges management6.36.3$5k-$25k$5k-$25kNot DefinedOfficial Fix0.002780.02CVE-2019-20043
3Microsoft IIS uncpath cross site scripting5.25.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.004830.04CVE-2017-0055
4Eagle Speed USB Modem Software ZDServ privileges management5.34.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
5Billion Router 7700NR4 Telnet Service hard-coded credentials7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.00
6OTRS webscript.pl os command injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.002980.00CVE-2011-0456
7wpa_supplicant data processing7.87.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000640.05CVE-2016-4477
8Corebos csv injection5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.000560.00CVE-2023-48029
9VideoLAN VLC Media Player MKV File send heap-based overflow7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.002180.00CVE-2020-26664
10Microsoft Windows Kernel-Mode Driver win32k.sys memory corruption5.35.1$5k-$25k$0-$5kHighOfficial Fix0.003670.00CVE-2015-2546
11Check Point SmartConsole access control6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2020-6024
12vu Mass Mailer Login Page redir.asp sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.003880.52CVE-2007-6138
13Apple Mac OS X Server Wiki Server cross site scripting4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.002630.32CVE-2009-2814
14PHP File Permission rename access control6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.005430.03CVE-2019-9637
15Microsoft Windows DNS Server Remote Code Execution9.88.5$100k and more$5k-$25kUnprovenOfficial Fix0.035040.04CVE-2021-26897
16BlackCat CMS ajax_save.php cross site scripting3.63.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001250.04CVE-2021-27237
17Elementor File Upload unrestricted upload8.68.6$0-$5k$0-$5kNot DefinedNot Defined0.001360.05CVE-2020-7055
18DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.014700.12CVE-2010-0966
19Cacti cmd.php popen sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.018230.03CVE-2006-6799
20GuildFTPd memory corruption10.010.0$0-$5k$0-$5kHighNot Defined0.419100.00CVE-2008-4572

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Typeframe

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
159.90.93.97static.bb.knl.59.90.93.97.bsnl.inLazarusTypeframe12/17/2020verifiedLow
280.91.118.45ip-80-91-118-45.net.abissnet.alLazarusTypeframe12/17/2020verifiedLow
3XX.X.XXX.XXXxxxxxxxxxx.xxx.xxXxxxxxxxx03/27/2022verifiedMedium
4XX.XXX.XXX.XXXxxxx-xx-xxx-xxx-xxx.xxxxxxxx.xxx.xx.xxxXxxxxxxxx03/27/2022verifiedMedium
5XXX.XXX.XX.XXXXxxxxxxxx03/27/2022verifiedMedium
6XXX.XXX.XX.XXXxxxxxxxx03/27/2022verifiedMedium
7XXX.XXX.XXX.XXxxxxxxXxxxxxxxx12/17/2020verifiedLow

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (31)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.procmailrcpredictiveMedium
2File/etc/sudoerspredictiveMedium
3File/uncpath/predictiveMedium
4Filebackend/preferences/ajax_save.phppredictiveHigh
5Filexxxxxxx.xxxpredictiveMedium
6Filexxx.xxxpredictiveLow
7Filexxx/xx/xxxxxxxxx/xxxxxxx/xxxxxxxxxxx.xxxxpredictiveHigh
8Filexxx.xxxpredictiveLow
9Filexxx/xxxxxx.xxxpredictiveHigh
10Filexxxxx.xxpredictiveMedium
11Filexx.xxxpredictiveLow
12Filexxx/xxxxxx.xpredictiveMedium
13FilexxxxxxpredictiveLow
14Filexxxxx.xxxpredictiveMedium
15Filexxxxxxxxx_xxxpredictiveHigh
16Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
17Filexxxxxxxxx.xxpredictiveMedium
18Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
19Libraryxxxxxx.xxxpredictiveMedium
20Libraryxxxxxxxxxxx.xxxpredictiveHigh
21ArgumentxxxxxxxxpredictiveMedium
22Argumentxxxxxxx xxxxpredictiveMedium
23ArgumentxxxxxxxxxxpredictiveMedium
24ArgumentxxxxxxxxpredictiveMedium
25Argumentxxxxxx_xxxxxxx_xxxxxxx/xxxxxx_xxxxxxx_xxxxpredictiveHigh
26ArgumentxxpredictiveLow
27ArgumentxxxxpredictiveLow
28Input Value../../xxx-xxx/xxxpredictiveHigh
29Input ValuexxxxxxxxpredictiveMedium
30Input Value\x\xpredictiveLow
31Network Portxxx/xx (xxxxxx)predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!