Vobfus Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en55
de3
fr2
it1
es1

Country

us30
ru13
cn7
fr3
de3

Actors

Vobfus36
Potao26

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Product

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Maran PHP Shop prod.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.00CVE-2008-4879
2Drupal User Module access control8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2016-6211
3OpenCart download.php editDownload path traversal4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2018-11495
4DICOM DCMTK Port 4242 Service parsePresentationContext memory corruption7.46.8$0-$5k$0-$5kProof-of-ConceptWorkaround0.03CVE-2015-8979
5CS-Cart Administration files unrestricted upload5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2017-15673
6LINBIT csync2 SSL daemon.c csync_daemon_session Remote Code Execution9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-15522
7Rocklobster Contact Form 7 unrestricted upload6.36.3$0-$5k$0-$5kNot DefinedOfficial Fix0.14CVE-2020-35489
8vBulletin getHookList sql injection4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2019-17271
9Magento PageBuilder Template input validation8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2019-8144
10WordPress wpdb->prepare sql injection8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.21CVE-2017-16510
11Simple Machines Forum Access Restriction PersonalMessage.php MessageSearch2 access control8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-10305
12Forum picture/META tags mod_forum_fields_parse.php file inclusion7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.05CVE-2007-1818
13Duware Duclassmate Account account.asp cross site scriting5.45.0$0-$5k$0-$5kProof-of-ConceptWorkaround0.08CVE-2004-2198
14Joomla CMS path traversal6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.08CVE-2015-8565
15Joomla CMS default.php access control5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2016-9837
16media-library-assistant Plugin mla_gallery injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-11928
17Juniper Junos RSH Service improper authentication9.08.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-0052
18Huawei HG8245H URL information disclosure7.47.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2017-15328
19QNAP QTS command injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2018-14746
20TP-LINK TL-WVR/TL-WAR/TL-ER/TL-R uhttpd diagnostic.lua zone_get_effect_devices command injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2017-16957

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsConfidence
152.137.90.34VobfusHigh
2XX.XX.XX.XXXxxxxxHigh
3XXX.XXX.XXX.XXXXxxxxxHigh
4XXX.XXX.XXX.XXXXxxxxxHigh
5XXX.XXX.XXX.XXXxxxx.xxxxxx.xxxXxxxxxHigh

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingHigh
2TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxHigh
3TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxHigh
4TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxHigh

IOA - Indicator of Attack (48)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/setSystemAdminHigh
2File/uncpath/Medium
3File/webpages/dataHigh
4Fileaccount.aspMedium
5Fileadmin\model\catalog\download.phpHigh
6Fileajax/api/hook/getHookListHigh
7Filexxxx.xLow
8Filexxx-xxx/Medium
9Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxHigh
10Filexxxxxxx/xxx_xxxxxxx.xxxHigh
11Filexxxxxx.xMedium
12Filexxxxx_xxxx.xMedium
13Filexxxx.xxxMedium
14Filexxx/xxxxxx.xxxHigh
15Filexxxxx.xxxMedium
16Filexxx_xxxxx_xxxxxx_xxxxx.xxxHigh
17Filexxxxxxxxxxxxxxx.xxxHigh
18Filexxxx.xxxMedium
19Filexxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxxHigh
20Filexxx.xLow
21Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxHigh
22Filexxxxx_xx.xxxMedium
23Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxx.xxxHigh
24Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxxxxxx.xxxHigh
25ArgumentxxxxxxxLow
26ArgumentxxxxxxxxMedium
27ArgumentxxxLow
28Argumentxxxxxx[xxxxxxx_xxx]High
29ArgumentxxxxxxxxxxxxxxxxHigh
30ArgumentxxxxxxxxMedium
31ArgumentxxxxxxxxxMedium
32ArgumentxxxxxLow
33Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxHigh
34ArgumentxxxLow
35ArgumentxxxxLow
36Argumentxx_xxxxxxxxMedium
37Argumentxxxx[xxxxxxxxxxxxxxxxx]High
38Argumentxxxx_xxxxMedium
39Argumentxxxxx_xxxx_xxxxHigh
40Argumentxxxxxxxx_xxxxxHigh
41ArgumentxxxxLow
42Argumentxxx_xxxxx/xxxx_xxxxx/xxxx_xxxxxHigh
43Argumentx_xxxxxxMedium
44ArgumentxxxxLow
45ArgumentxxxxxLow
46Input Value../Low
47Input Value/%xxLow
48Network Portxxx/xxxxMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!