WatchDog Analysis

IOB - Indicator of Behavior (657)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en592
it10
de8
sv8
fr8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us142
sc134
mo24
cn8
ru8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apple macOS12
Google Chrome10
cPanel8
Microsoft Windows8
Linux Kernel8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1PHPMailer Phar Deserialization addAttachment deserialization5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00954CVE-2020-36326
2D-Link DIR-816L/DIR-803 URL Encoding info.php cross site scripting5.25.2$5k-$25k$0-$5kNot DefinedUnavailable0.020.00885CVE-2020-25786
3Oracle Database Application Express unknown vulnerability6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.01213CVE-2016-3448
4MediaTek MT6893 TEEI Driver use after free6.76.5$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01036CVE-2022-21773
5Linux Kernel flow_dissector.c __skb_flow_dissect input validation8.68.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.03795CVE-2017-13715
6Micro Focus Solutions Business Manager session fixiation5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2019-18946
7GitLab cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.010.00890CVE-2020-13345
8companion-auto-update Plugin cross-site request forgery6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2018-20972
9HPE Onboard Administrator Reflected cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2020-7132
10Qualcomm Snapdragon Auto NFC use after free6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2019-14024
11DuWare DuClassmate default.asp sql injection9.89.5$0-$5k$0-$5kHighUnavailable0.010.00986CVE-2006-6355
12nginx ngx_http_mp4_module memory corruption10.09.5$0-$5k$0-$5kNot DefinedOfficial Fix0.020.05288CVE-2012-2089
13WeBankPartners WeCube Terminal Plugin cleartext storage2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2022-37785
14NVIDIA GPU Display Driver User Mode Layer file inclusion8.88.8$0-$5k$0-$5kNot DefinedNot Defined0.280.01036CVE-2022-34669
15Fortinet FortiOS sslvpnd heap-based overflow9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.240.01156CVE-2022-42475
16AVTECH DVR Search.cgi privileges management7.37.1$0-$5k$0-$5kNot DefinedUnavailable0.030.00000
17AVTECH IP Camera/NVR/DVR nobody information disclosure5.35.1$0-$5k$0-$5kNot DefinedUnavailable0.030.00000
18AVTECH IP Camera/NVR/DVR Config.cgi privileges management7.37.1$0-$5k$0-$5kNot DefinedUnavailable0.030.00000
19AVTECH IP Camera/NVR/DVR Config.cgi privileges management7.37.1$0-$5k$0-$5kNot DefinedUnavailable0.030.00000
20AVTECH IP Camera/NVR/DVR PwdGrp.cgi command injection9.89.2$5k-$25k$0-$5kHighUnavailable0.020.00000

IOC - Indicator of Compromise (24)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (23)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (251)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/.vnc/sesman_${username}_passwdpredictiveHigh
2File/adminpredictiveLow
3File/admin/uesrs.php&action=display&value=HidepredictiveHigh
4File/asms/classes/Master.php?f=delete_transactionpredictiveHigh
5File/catalog/admin/categories.php?cPath=&action=new_productpredictiveHigh
6File/cgi-bin/editBookmarkpredictiveHigh
7File/cgi-bin/nobodypredictiveHigh
8File/cgi-bin/nobody/Search.cgipredictiveHigh
9File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
10File/cgi-bin/user/Config.cgipredictiveHigh
11File/chat_im/chat_window.phppredictiveHigh
12File/cloud_config/router_post/get_reg_verify_codepredictiveHigh
13File/etc/openstack-dashboard/local_settingspredictiveHigh
14File/etc/passwdpredictiveMedium
15File/filemanager/upload.phppredictiveHigh
16File/FreshRSS/p/ext.phppredictiveHigh
17File/goform/addressNatpredictiveHigh
18File/goform/addRoutingpredictiveHigh
19File/goform/SetNetControlListpredictiveHigh
20File/include/menu_v.inc.phppredictiveHigh
21File/Interface/DevManage/EC.php?cmd=uploadpredictiveHigh
22File/librarian/lab.phppredictiveHigh
23File/MagickCore/statistic.cpredictiveHigh
24File/omos/admin/?page=user/listpredictiveHigh
25File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
26File/panel/fields/addpredictiveHigh
27File/patient/settings.phppredictiveHigh
28File/xxxx/*/xxxxxxx"predictiveHigh
29File/xxxx/xxx/xxxxxxxpredictiveHigh
30File/xxxxxxx-xxx/xxxxxxxxx+xxxxxxxxpredictiveHigh
31File/xxxx/xxxxxxx/xxxxxx.xxx?x=xxxx_xxxxxxxxpredictiveHigh
32File/xxxx/xxxx_xxxxxxxpredictiveHigh
33File/xxxxxx-xxxxxxxpredictiveHigh
34File/xxxxxx/x++/xxxx/xxxxxxxx.xpredictiveHigh
35File/xxxxxxx/predictiveMedium
36File/xxxxxx/xxxxxx.xxxpredictiveHigh
37File/xxx/xxx/xxx/xxxxxxx.xxpredictiveHigh
38File/xxxxxxxxxx_xxxxxxx.xxxpredictiveHigh
39Filexxx.xxxpredictiveLow
40Filexxxxx.xxxpredictiveMedium
41Filexxxxx.xxx?x=xxxxxx&x=xxxxxx&x=xxxxxxpredictiveHigh
42Filexxxxx/xxxxx.xxxpredictiveHigh
43Filexxxxx/xxxxxxxxxx_xxxxxxxx.xxxpredictiveHigh
44Filexxxxx/xxxxxxx/xxxxxxxxxxxxpredictiveHigh
45Filexxxxx/xxxxxx-xxxxxxxxxxx.xxxpredictiveHigh
46Filexxxxx/xxxxxx.xxxpredictiveHigh
47Filexxxxxxxxxxxx/xxxxx/xxxx/predictiveHigh
48Filexxxxx.xxxpredictiveMedium
49Filexxx_xx_xxx_xxx.xxxpredictiveHigh
50Filexxx.xxxpredictiveLow
51Filexxx\xxxxxxxxxx_xxxxxxxx\xxxxxxxxxx_xxxxxxx_xxxxxxx.xxxpredictiveHigh
52Filexxxx/xxxxx/xxxxxx/xxxxx.xpredictiveHigh
53Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
54Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
55Filexxxxxx.xxxxpredictiveMedium
56Filexxx.xpredictiveLow
57Filexxx-xxxxxx-xxxxxx.xpredictiveHigh
58Filex:\xxxxxxpredictiveMedium
59Filex:\xxxxxxxxpredictiveMedium
60Filex:\xxxxxxx\xxxxxxxx.xxxpredictiveHigh
61Filexxxxxxxxxxxxxxxx.xxxxpredictiveHigh
62Filexx_xxxxxx_xxxxxxx.xxxpredictiveHigh
63FilexxxpredictiveLow
64Filexxx/xxxxxxxx/xxxx/xxxxxxxx.xxpredictiveHigh
65Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictiveHigh
66Filexxxx/xxxxx.xpredictiveMedium
67Filexxxxxx/xxxxx.xpredictiveHigh
68Filexxxxxxx.xxpredictiveMedium
69Filexxxxxxxxxx/xxxxxxx/xxxxxxxx.xxxpredictiveHigh
70Filex_xxxxxxpredictiveMedium
71Filexxxxxxxxxx/predictiveMedium
72Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
73Filexxxxxxx.xxxpredictiveMedium
74Filexxxxxx.xxxpredictiveMedium
75Filexxxxxxxxxxxxx.xxxpredictiveHigh
76Filexxxxxxx/xxxxx/xxxxxx/xx.xpredictiveHigh
77Filexxxxxxx/xxxxxxxxxx/xx/xxxx/xxxx.xpredictiveHigh
78Filexxxxxxx/xxx/xxx-xx.xpredictiveHigh
79Filexxx.xpredictiveLow
80Filexxx_xxxx.xpredictiveMedium
81Filexxxxx_xxxxxx.xxxx.xxxpredictiveHigh
82Filexxx/xxxxx.xxxxxpredictiveHigh
83Filexxxxxxxxxxxx.xxxpredictiveHigh
84Filexxxxxxx.xpredictiveMedium
85Filexxxx.xxxpredictiveMedium
86Filexxxxx_xxxx.xxxpredictiveHigh
87Filexxxxxxxx.xpredictiveMedium
88Filexxxxxxxxxxx.xxxpredictiveHigh
89Filexxxxxxx/xxxxxxxxxxxxxx/xxxxxxxxxx/xxxx/xxx/xxxx_xxxx.xxxpredictiveHigh
90Filexxxxxxx/xxxxx.xxx.xxxpredictiveHigh
91Filexxxxx.xxxpredictiveMedium
92Filexxxx.xxxpredictiveMedium
93Filexxxxxxx.xxxpredictiveMedium
94Filexxxxxxxx.xxxpredictiveMedium
95Filexx_xxxxx.xpredictiveMedium
96Filexxxxx_xxxxx.xpredictiveHigh
97Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
98Filexxxxxxxxxx/xxxxxxxxx.xpredictiveHigh
99Filexxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxxpredictiveHigh
100Filexxxx.xxxpredictiveMedium
101Filexxxxx.xxxpredictiveMedium
102Filexxxxx.xxxpredictiveMedium
103Filexxxx-xxxxx.xpredictiveMedium
104Filexx-xxxxx/xxxx.xxxpredictiveHigh
105Filexxxxxxxx_xxxxxxx.xxxpredictiveHigh
106Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictiveHigh
107Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveHigh
108Filexxx-xxxxxxx.xxxpredictiveHigh
109Filexx-xxxxx/xxxxxxx.xxxpredictiveHigh
110Filexxxxxx.xxxpredictiveMedium
111Filexxx.xpredictiveLow
112Filexxxxxxxxx.xxx.xxxpredictiveHigh
113Filexxxxxxx.xxxpredictiveMedium
114Filexxxxxx.xxxpredictiveMedium
115Filexxxxxxxxx/xxxxx.xxxxxpredictiveHigh
116Filexxxxxxx-xxxxxxxxx-xxxxxxxx.xxxpredictiveHigh
117Filexxxxx/xxxxx.xxxxxpredictiveHigh
118Filexxxxxxx_xxxxx.xxxpredictiveHigh
119Filexxxxxxxx_xxx.xxxxpredictiveHigh
120Filexxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
121Filexxxxx_xxxx.xpredictiveMedium
122Filex_xxxxxx.xxxpredictiveMedium
123Filexxxxxxx.xpredictiveMedium
124Filexxxxxxxxxx.xxxxpredictiveHigh
125Filexxxxxxx.xxpredictiveMedium
126Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictiveHigh
127Filexxxxx.xxxpredictiveMedium
128Filexxxx-xxxxxx.xpredictiveHigh
129Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
130Filexx_xxxx/xx_xxxx.xpredictiveHigh
131Filexxx.xpredictiveLow
132FilexxxxxxxxxxxxxxxxpredictiveHigh
133Filexxx_xxxxxxxx.xpredictiveHigh
134Filexxxxxx_xxxxxx.xpredictiveHigh
135Filexxx-xxxxxxx-xxx.xxpredictiveHigh
136Filexxx/xxxxx/xxxxxx.xxx?xxxxxxx=xxxxxxxpredictiveHigh
137Filexxxx-xxxxxxxx.xxxpredictiveHigh
138Filexxxxxx.xxxpredictiveMedium
139Filexxxx/xxxxx.xxxpredictiveHigh
140Filexxxxx/xxxx.xxpredictiveHigh
141Filexxxxxxxxxxxx.xxxpredictiveHigh
142Filexxx_xxxxx.xxx?xxxx=xxxxxxxxpredictiveHigh
143Filexxxxxx/xx/xxxx.xxxpredictiveHigh
144Filexxxxxx/xxxxxxxxx.xxxpredictiveHigh
145Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxxxxxx.xxxpredictiveHigh
146Filexxxxxxxxxxxxxx.xxxpredictiveHigh
147File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictiveHigh
148File~/xxx/xxxxxxx/xxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
149Libraryxxxxxxxx.xxxpredictiveMedium
150Libraryxx.xxxxxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveHigh
151Libraryxxxxxxxx.xxxpredictiveMedium
152Libraryxxx/xxx/xxx_xxxxxx_xxx.xpredictiveHigh
153Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxxx.xxxpredictiveHigh
154Libraryxxxxxxxxxxxxxxxx.xxxpredictiveHigh
155Libraryxx/xxx/xxxx/xxxxxxxxx.xpredictiveHigh
156Libraryxxxxxxx.xxxpredictiveMedium
157Libraryxxxxx.xxxpredictiveMedium
158Libraryxxxxxxxxxxxxx.xxx)predictiveHigh
159Argument-xxpredictiveLow
160Argument/.xxx/xxxxxx_${xxxxxxxx}_xxxxxxpredictiveHigh
161Argument?xxxx_xxxx=xxxxxxx.xxx/xxxx=xxxxxx/xxx=xxx+/xxx/.xxxxxxxx/xxxxxxx=//xxxxxxxxxxxxxx.xxx=xpredictiveHigh
162ArgumentxxxxxxpredictiveLow
163Argumentxxxxxxxx_xxx_xxx/xxxxxxxx_xxxxxxxx_xxxpredictiveHigh
164ArgumentxxxxpredictiveLow
165ArgumentxxxpredictiveLow
166ArgumentxxxxpredictiveLow
167Argumentxxxxx xxxxpredictiveMedium
168Argumentxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
169ArgumentxxxxxxpredictiveLow
170ArgumentxxxpredictiveLow
171Argumentx:\xxxxxxx\xpredictiveMedium
172ArgumentxxxxxxxxxxpredictiveMedium
173Argumentxxx_xxpredictiveLow
174Argumentxxxxxx xxxxpredictiveMedium
175ArgumentxxxxxxxpredictiveLow
176ArgumentxxxxxxxxpredictiveMedium
177Argumentxxx_xxxpredictiveLow
178ArgumentxxxxxxxxxxxpredictiveMedium
179Argumentxxxxxx/xxxxxxxxxxxxpredictiveHigh
180ArgumentxxxpredictiveLow
181ArgumentxxxxxxxpredictiveLow
182ArgumentxxxxxxxxpredictiveMedium
183Argumentxxxxx xxxx/xxxxxx xxxx/xxxx xxxxpredictiveHigh
184ArgumentxxxxxpredictiveLow
185ArgumentxxxxpredictiveLow
186ArgumentxxpredictiveLow
187Argumentxxx_xxxxxxxxxxxpredictiveHigh
188ArgumentxxxxxxxpredictiveLow
189ArgumentxxxxxxxpredictiveLow
190ArgumentxxxxxxpredictiveLow
191ArgumentxxxpredictiveLow
192ArgumentxxxxxpredictiveLow
193ArgumentxxxxxxxxxxpredictiveMedium
194ArgumentxxxxxxpredictiveLow
195ArgumentxxxxpredictiveLow
196Argumentxxxxx_xxxxx_xxpredictiveHigh
197Argumentxxxx_xxxxpredictiveMedium
198ArgumentxxxxxxxxpredictiveMedium
199ArgumentxxxxpredictiveLow
200ArgumentxxxxpredictiveLow
201Argumentxxxx/xxxxx/xxpredictiveHigh
202ArgumentxxxxpredictiveLow
203Argumentx_xxxxx/xx_xxxxx/xxxxxpredictiveHigh
204ArgumentxxxxxxxpredictiveLow
205Argumentxxx.xxxxxxxxxxxxxxx.xxx.xxxxxxx.xxxx.xxxxxxxxxxxxxxxxxxxx.xxxxxxpredictiveHigh
206ArgumentxxxxxxxpredictiveLow
207ArgumentxxxxpredictiveLow
208ArgumentxxxxxxxxpredictiveMedium
209ArgumentxxxxxxxxpredictiveMedium
210Argumentxxxx_xxxxpredictiveMedium
211ArgumentxxxxxxxxxpredictiveMedium
212Argumentxxxxx_xxpredictiveMedium
213ArgumentxxxxxxpredictiveLow
214ArgumentxxxxxxpredictiveLow
215Argumentxxxxxxx_xxxxpredictiveMedium
216Argumentx_xxxxpredictiveLow
217ArgumentxxxxxxxxxxxpredictiveMedium
218Argumentxxxxxxx xxxxxxxpredictiveHigh
219Argumentxxxxxxx_xxpredictiveMedium
220ArgumentxxxxxxpredictiveLow
221ArgumentxxxxxxpredictiveLow
222ArgumentxxxxxxxxxpredictiveMedium
223ArgumentxxxxxxxpredictiveLow
224Argumentxxxxxxx_xxxxxpredictiveHigh
225ArgumentxxxxxxxxxpredictiveMedium
226Argumentxxxx xxxxpredictiveMedium
227ArgumentxxxxxpredictiveLow
228ArgumentxxxxxxxxpredictiveMedium
229ArgumentxxxxxxpredictiveLow
230Argumentx_xxpredictiveLow
231Argumentxxxxxxx[]predictiveMedium
232ArgumentxxpredictiveLow
233ArgumentxxxxxpredictiveLow
234ArgumentxxxpredictiveLow
235ArgumentxxxxpredictiveLow
236ArgumentxxxxxxpredictiveLow
237ArgumentxxxxxxpredictiveLow
238ArgumentxxxxxxxxpredictiveMedium
239Argumentxxxx_xxpredictiveLow
240Argumentxxxx_xxxxpredictiveMedium
241Argumentxxxxxxx_xxxxpredictiveMedium
242ArgumentxxxxxxxxxpredictiveMedium
243Argument_xxxxxxxpredictiveMedium
244Input Value//////////...predictiveHigh
245Input Value//xxx//xxxxxxx.xxxpredictiveHigh
246Input Value/xxxxxx&xxxxxx=xxx&xxxxxxxx=xxxxxxx.*predictiveHigh
247Input Value<!--#xxxx xxx=predictiveHigh
248Input Value<xxxx<xxxxxx>xx>xxxxx(x)</xxxx</xxxxxx>xx>predictiveHigh
249Input Value<xxxxxx xxxxx>xxxxxx.xxxxxxx.xxxxxxxxxx.xxxxxxx(xxxxx_xxxxxxx).xxxx(xxx);</xxxxxx>predictiveHigh
250Input Valuexxxxxx=xxx&xxxxxxxx=xxxxxxx.*predictiveHigh
251Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!