Ursu Analysis

IOB - Indicator of Behavior (46)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en22
zh12
ja6
fr4
jp2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn20
us10
jp8
ru6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android8
WordPress4
Zoom Client for Meetings2
Securimage2
Centra Smart Connect2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Google Android Qualcomm Bootloader access control8.38.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.060.01102CVE-2016-10276
2Synacor Zimbra Collaboration xml external entity reference8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.200.01055CVE-2016-9924
3Asus AsusWRT start_apply.htm os command injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.040.02055CVE-2018-20334
4Movable Type sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.01213CVE-2016-5742
5Google Android Pendingintent access control7.36.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.010.01669CVE-2014-8609
6Simple Machines Forum LogInOut.php code injection8.08.0$0-$5k$0-$5kNot DefinedOfficial Fix0.230.01213CVE-2016-5727
7PostgreSQL Non-Temporary Object sql injection7.27.1$0-$5k$0-$5kNot DefinedOfficial Fix0.050.01034CVE-2022-1552
8Ivanti Pulse Connect Secure Header request smuggling5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-21826
9Intel Wireless Bluetooth/Killer Bluetooth out-of-bounds5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2021-23179
10Zoom Client for Meetings Auto Update data authenticity8.58.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00885CVE-2022-28757
11Dolphin photos_gallery.php privileges management7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.03932CVE-2006-4189
12Dolphin profile_video.php privileges management7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.03932CVE-2006-4189
13MediaTek MT6893 TEEI Driver use after free6.76.5$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01036CVE-2022-21773
14MediaTek MT6983 TEEI Driver use after free6.76.5$0-$5k$0-$5kNot DefinedOfficial Fix0.060.01036CVE-2022-21774
15Elastic Vega Charts Kibana cross site scripting4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2022-23713
16Synacor Zimbra Collaboration Suite WebMail Reflected cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01018CVE-2020-13653
17Asus RT-AC2900 input validation8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.10938CVE-2018-8826
18QNAP QTS/QuTS Hero command injection5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020.09029CVE-2020-2509
19D-Link DCS-2530L/DCS-2670L getuser Password information disclosure6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.020.16531CVE-2020-25078
20Google Android Qualcomm Sound Driver access control7.97.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.030.01102CVE-2016-10287

IOC - Indicator of Compromise (26)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059CWE-94Cross Site ScriptingpredictiveHigh
2T1059.007CWE-79Cross Site ScriptingpredictiveHigh
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File$SPLUNK_HOME/etc/splunk-launch.confpredictiveHigh
2File/config/getuserpredictiveHigh
3File/start_apply.htmpredictiveHigh
4Filexxxxxxx_xxxx.xxxx.xxx/xxxxxxx_xxxx.xxxpredictiveHigh
5Filexxxxxx.xxxxpredictiveMedium
6Filexxxxxxxx.xxxpredictiveMedium
7Filexxxxxx_xxxxxxx.xxxpredictiveHigh
8Filexxxxxxx_xxxxx.xxxpredictiveHigh
9Filexxxxxx.xxxpredictiveMedium
10Filexxxxxxxxxxxx.xxxpredictiveHigh
11Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
12Filexxxxxx.xxxpredictiveMedium
13Argument$_xxxxxx['xxxx_xxxx_xxxxx']predictiveHigh
14Argumentxxxxxxxxxxxxx/xxxxxxxxxxxxxpredictiveHigh
15Argumentxxxxxxx-xxxxxxpredictiveHigh
16Argumentxxx[xxx]predictiveMedium
17Argumentxx_xxxxxpredictiveMedium
18Argumentxxxxx_xxxpredictiveMedium
19Input Valuexxx.xxx[xxxxx]predictiveHigh
20Pattern|xx|xx|xx|predictiveMedium

References (9)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!