Urelas Analysis

IOB - Indicator of Behavior (129)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en40
it32
de18
sv14
pl14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

jp102
es6
sv4
fr2
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Joomla CMS20
Huge-IT Video Gallery2
Rwcards Component2
Huge-IT Catalog2
phpMyAdmin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Joomla CMS com_frontpage sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.00
2Joomla CMS com_news sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.00
3ms Package Regex resource management6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001540.00CVE-2015-8315
4aWeb Cart Watching System for Virtuemart sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002080.00CVE-2016-10114
5Joomla CMS com_carocci sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.00
6Joomla CMS com_webgrouper sql injection6.36.1$5k-$25k$0-$5kNot DefinedNot Defined0.000000.00
7Huge-IT Catalog Extension cross site scripting7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.002870.00CVE-2016-1000119
8Huge-IT Catalog ajax_url.php sql injection9.88.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001590.00CVE-2016-1000125
9Ruby Onigmo regparse.c parse_char_class input validation6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.003890.00CVE-2017-6181
10Joomla CMS com_kide sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.00
11Huge-IT Video Gallery ajax_url.php sql injection7.37.1$0-$5k$0-$5kHighNot Defined0.004850.00CVE-2016-1000123
12Smart Related Articles Extension dialog.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002050.00CVE-2017-7628
13Joomla CMS com_kunena sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.00
14Joomla CMS com_filecabinet sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.00
15Joomla CMS com_blog_calendar index.php sql injection6.36.1$5k-$25k$0-$5kNot DefinedNot Defined0.000000.03
16Rwcards Component index.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.196630.00CVE-2007-1703
17DTH DT Register Extension index.php sql injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.00
18Joomla CMS com_fidecalendar sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.00
19Joomla CMS com_sngevents sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.00
20Joomla CMS com_virtuemart sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.00

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
11.234.83.146campustown.co.krUrelas04/08/2022verifiedHigh
2XXX.XXX.XXX.XXXxxx-xxx-xxxxx.xx.xxxxxx.xx.xxXxxxxx04/08/2022verifiedHigh
3XXX.XX.XX.XXXXxxxxx04/08/2022verifiedHigh
4XXX.XX.XX.XXXXxxxxx04/08/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (2)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
2TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/index.phppredictiveMedium
2Fileajax_url.phppredictiveMedium
3Filedialog.phppredictiveMedium
4Fileindex.phppredictiveMedium
5Filexxxxxxxxxx.xxx.xxxpredictiveHigh
6Filexxxxxxxx.xpredictiveMedium
7Libraryxxxxxxxx_xxxxxxxxx.xxx.xxxpredictiveHigh
8ArgumentxxxpredictiveLow
9Argumentxxxxxxxxxxxxxx/xxxxxxxxxxxpredictiveHigh
10Argumentxxxxxxxx_xxpredictiveMedium
11Argumentxxx[x]predictiveLow
12Argumentxxx[xxxxxx][xxxxxxxxx]predictiveHigh
13ArgumentxxxpredictiveLow
14ArgumentxxxpredictiveLow
15ArgumentxxpredictiveLow
16ArgumentxxxxpredictiveLow
17ArgumentxxxxxxpredictiveLow
18ArgumentxxxxxpredictiveLow
19Argumentxxxxxx_xxxxpredictiveMedium
20ArgumentxxxxpredictiveLow
21Input Valuex) xx x-- -predictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!