Typeframe Analysis

IOB - Indicator of Behavior (61)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en58
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

al44
us18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Procmail4
WordPress4
Oracle Database4
Microsoft IIS2
Check Point SmartConsole2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Symantec Messaging Gateway Charting ChartStream.java doGet path traversal6.56.0$5k-$25k$0-$5kHighOfficial Fix0.020.09848CVE-2016-5312
2WordPress REST API class-wp-rest-posts-controller.php privileges management6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.010.01183CVE-2019-20043
3Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.140.25090CVE-2017-0055
4Eagle Speed USB Modem Software ZDServ privileges management5.34.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00000
5Billion Router 7700NR4 Telnet Service hard-coded credentials7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.030.00000
6OTRS webscript.pl os command injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.020.01213CVE-2011-0456
7wpa_supplicant data processing7.87.6$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00954CVE-2016-4477
8Check Point SmartConsole access control6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00885CVE-2020-6024
9vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.01139CVE-2007-6138
10Apple Mac OS X Server Wiki Server cross site scripting4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.030.01319CVE-2009-2814
11PHP File Permission rename access control6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.02686CVE-2019-9637
12Microsoft Windows DNS Server Remote Code Execution9.88.5$100k and more$5k-$25kUnprovenOfficial Fix0.020.01875CVE-2021-26897
13BlackCat CMS ajax_save.php cross site scripting3.63.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010.02192CVE-2021-27237
14Elementor File Upload unrestricted upload8.68.6$0-$5k$0-$5kNot DefinedNot Defined0.030.01773CVE-2020-7055
15DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.530.04187CVE-2010-0966
16Cacti cmd.php popen sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010.04386CVE-2006-6799
17GuildFTPd memory corruption10.010.0$0-$5k$0-$5kHighNot Defined0.030.64607CVE-2008-4572
18Oracle Database Java VM Privilege Escalation8.07.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2020-2735
19Oracle Database Java VM access control6.86.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2019-2749
20Oracle Database Server Core RDBMS unknown vulnerability4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2019-2734

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Typeframe

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3TXXXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.procmailrcpredictiveMedium
2File/etc/sudoerspredictiveMedium
3File/uncpath/predictiveMedium
4Filebackend/preferences/ajax_save.phppredictiveHigh
5Filexxxxxxx.xxxpredictiveMedium
6Filexxx.xxxpredictiveLow
7Filexxx/xx/xxxxxxxxx/xxxxxxx/xxxxxxxxxxx.xxxxpredictiveHigh
8Filexxx.xxxpredictiveLow
9Filexxx/xxxxxx.xxxpredictiveHigh
10Filexxxxx.xxpredictiveMedium
11Filexx.xxxpredictiveLow
12Filexxx/xxxxxx.xpredictiveMedium
13FilexxxxxxpredictiveLow
14Filexxxxx.xxxpredictiveMedium
15Filexxxxxxxxx_xxxpredictiveHigh
16Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
17Filexxxxxxxxx.xxpredictiveMedium
18Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
19Libraryxxxxxxxxxxx.xxxpredictiveHigh
20ArgumentxxxxxxxxpredictiveMedium
21Argumentxxxxxxx xxxxpredictiveMedium
22ArgumentxxxxxxxxxxpredictiveMedium
23ArgumentxxxxxxxxpredictiveMedium
24Argumentxxxxxx_xxxxxxx_xxxxxxx/xxxxxx_xxxxxxx_xxxxpredictiveHigh
25ArgumentxxpredictiveLow
26ArgumentxxxxpredictiveLow
27Input Value../../xxx-xxx/xxxpredictiveHigh
28Input ValuexxxxxxxxpredictiveMedium
29Input Value\x\xpredictiveLow
30Network Portxxx/xx (xxxxxx)predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!