Ursu Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (54)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en32
ja10
zh8
fr2
jp2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn18
jp14
us10
ru8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Ursu6
Nanocore RAT1
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined14
Smartphone Operating System8
Groupware Software4
Social Network Software4
Content Management System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined20
Google8
Intel4
Splunk2
Zarafa2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android8
Dolphin4
Unisoc T6104
Unisoc T6064
Unisoc T7604

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Google Android Qualcomm Bootloader access control8.38.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00062CVE-2016-10276
2Synacor Zimbra Collaboration xml external entity reference8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00441CVE-2016-9924
3Asus AsusWRT start_apply.htm os command injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.01350CVE-2018-20334
4Movable Type sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00249CVE-2016-5742
5Google Android Pendingintent access control7.36.1$25k-$100k$0-$5kUnprovenOfficial Fix0.020.00103CVE-2014-8609
6Simple Machines Forum LogInOut.php code injection8.08.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00489CVE-2016-5727
7Thymeleaf/spring-boot-admin HTML File sandbox6.06.0$0-$5k$0-$5kNot DefinedNot Defined0.000.00055CVE-2023-38286
8Lapce race condition7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000.00053CVE-2023-3891
9Intel QAT Driver out-of-bounds write8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00043CVE-2022-21804
10node-uuid GUID entropy5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00246CVE-2015-8851
11Microsoft Windows SmartScreen authorization5.25.0$25k-$100k$5k-$25kFunctionalOfficial Fix0.020.00499CVE-2023-24880
12Brave Browser ipfs Scheme denial of service5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00138CVE-2022-47932
13Quassel quasselcore datastreampeer.cpp processMessage(const memory corruption8.58.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01620CVE-2018-1000178
14Unisoc S8000 WLAN Driver stack-based overflow6.06.0$0-$5k$0-$5kNot DefinedNot Defined0.000.00042CVE-2022-44448
15PostgreSQL Non-Temporary Object sql injection7.27.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00239CVE-2022-1552
16Ivanti Pulse Connect Secure Header request smuggling5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.070.00053CVE-2022-21826
17Intel Wireless Bluetooth/Killer Bluetooth out-of-bounds5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2021-23179
18Zoom Client for Meetings Auto Update data authenticity8.58.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2022-28757
19Dolphin photos_gallery.php privileges management7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.43987CVE-2006-4189
20Dolphin profile_video.php privileges management7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.43987CVE-2006-4189

IOC - Indicator of Compromise (50)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
114.0.32.88Ursu07/22/2021verifiedHigh
214.0.63.141Ursu07/22/2021verifiedHigh
314.11.5.18M014011005018.v4.enabler.ne.jpUrsu07/22/2021verifiedHigh
415.11.35.18Ursu07/22/2021verifiedHigh
523.3.13.88a23-3-13-88.deploy.static.akamaitechnologies.comUrsu07/22/2021verifiedHigh
627.254.66.8asn4.hostneverdie.comUrsu06/19/2022verifiedHigh
734.117.237.239239.237.117.34.bc.googleusercontent.comUrsu08/29/2021verifiedMedium
835.162.37.28ec2-35-162-37-28.us-west-2.compute.amazonaws.comUrsu07/22/2021verifiedMedium
944.230.33.128ec2-44-230-33-128.us-west-2.compute.amazonaws.comUrsu07/22/2021verifiedMedium
1044.236.48.31ec2-44-236-48-31.us-west-2.compute.amazonaws.comUrsu08/29/2021verifiedMedium
11XX.XXX.X.XXXxx-xxx-x-xxx.xxxxx-xx.xxxxx.xxxXxxx12/18/2021verifiedHigh
12XX.XXX.XXX.XXXxxx.xxx.xxx.xx.xx.xxxXxxx07/22/2021verifiedHigh
13XX.XXX.XXX.XXxxxx.xxxxxxx.xxxXxxx05/22/2022verifiedHigh
14XX.XX.XXX.XXXxxx.xxxxx.xxXxxx07/22/2021verifiedHigh
15XXX.XX.XXX.XXXxxx04/08/2022verifiedHigh
16XXX.XXX.XXX.XXxxx03/21/2023verifiedHigh
17XXX.XXX.XXX.XXxxx03/21/2023verifiedHigh
18XXX.XXX.XXX.XXxxx03/21/2023verifiedHigh
19XXX.XXX.XXX.XXXxxx03/21/2023verifiedHigh
20XXX.XXX.XXX.XXXxxx03/21/2023verifiedHigh
21XXX.XXX.XXX.XXXxxx03/21/2023verifiedHigh
22XXX.XXX.XXX.XXXXxxx03/21/2023verifiedHigh
23XXX.XXX.XXX.XXxxx03/21/2023verifiedHigh
24XXX.XXX.XXX.XXxxx03/21/2023verifiedHigh
25XXX.XXX.XXX.XXxxx03/21/2023verifiedHigh
26XXX.XXX.XXX.XXxxx03/21/2023verifiedHigh
27XXX.XXX.XXX.XXXxxx03/21/2023verifiedHigh
28XXX.XXX.XXX.XXXxxx03/21/2023verifiedHigh
29XXX.XX.XXX.XXXXxxx05/22/2022verifiedHigh
30XXX.XXX.XX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxx12/18/2021verifiedHigh
31XXX.XX.XXX.XXxxx03/21/2023verifiedHigh
32XXX.XX.XXX.XXxxx03/21/2023verifiedHigh
33XXX.XX.XXX.XXxxx03/21/2023verifiedHigh
34XXX.XX.XXX.XXxxx03/21/2023verifiedHigh
35XXX.XX.XXX.XXXxxx03/21/2023verifiedHigh
36XXX.XX.XXX.XXXxxx03/21/2023verifiedHigh
37XXX.XX.XXX.XXXxxx03/21/2023verifiedHigh
38XXX.XX.XXX.XXXXxxx03/21/2023verifiedHigh
39XXX.XX.XXX.XXXXxxx03/21/2023verifiedHigh
40XXX.XX.XXX.XXXXxxx03/21/2023verifiedHigh
41XXX.XX.XXX.XXXXxxx03/21/2023verifiedHigh
42XXX.XX.XXX.XXxxxx.xxxxxxxxxxx.xxxXxxx07/22/2021verifiedHigh
43XXX.XXX.XX.XXXxxx07/23/2021verifiedHigh
44XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxx07/22/2021verifiedHigh
45XXX.XX.XX.XXXxxx07/22/2021verifiedHigh
46XXX.XXX.XXX.XXxxxx.xxxxx.xxxXxxx07/22/2021verifiedHigh
47XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxx.xxxXxxx07/22/2021verifiedMedium
48XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxx07/23/2021verifiedHigh
49XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxx-xx.xxxxx.xxxXxxx12/18/2021verifiedHigh
50XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxx-xx.xxxxx.xxxXxxx12/18/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059CWE-94Argument InjectionpredictiveHigh
2T1059.007CWE-79Cross Site ScriptingpredictiveHigh
3T1068CWE-264, CWE-269Execution with Unnecessary PrivilegespredictiveHigh
4TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File$SPLUNK_HOME/etc/splunk-launch.confpredictiveHigh
2File/config/getuserpredictiveHigh
3File/start_apply.htmpredictiveHigh
4Filexxxxxxxxxxxxxx.xxxpredictiveHigh
5Filexxxxxxx_xxxx.xxxx.xxx/xxxxxxx_xxxx.xxxpredictiveHigh
6Filexxxxxx.xxxxpredictiveMedium
7Filexxxxxxxx.xxxpredictiveMedium
8Filexxxxxx_xxxxxxx.xxxpredictiveHigh
9Filexxxxxxx_xxxxx.xxxpredictiveHigh
10Filexxxxxx.xxxpredictiveMedium
11Filexxxxxxxxxxxx.xxxpredictiveHigh
12Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
13Filexxxxxx.xxxpredictiveMedium
14Argument$_xxxxxx['xxxx_xxxx_xxxxx']predictiveHigh
15Argumentxxxxxxxxxxxxx/xxxxxxxxxxxxxpredictiveHigh
16Argumentxxxxxxx-xxxxxxpredictiveHigh
17Argumentxxx[xxx]predictiveMedium
18Argumentxx_xxxxxpredictiveMedium
19Argumentxxxxx_xxxpredictiveMedium
20Input Valuexxx.xxx[xxxxx]predictiveHigh
21Pattern|xx|xx|xx|predictiveMedium

References (10)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!