WindShift Analysis

IOB - Indicator of Behavior (82)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en70
pt8
pl2
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows8
Procmail2
IBM i2 Analyze2
Aruba CX 6200F Switch Series2
Aruba 6300 Switch Series2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Cisco SD-WAN CLI path traversal8.18.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2022-20818
2Cisco IOS XE Self-Healing privileges assignment7.37.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.060.00885CVE-2022-20855
3Apple iOS ImageIO null pointer dereference6.46.3$25k-$100k$0-$5kNot DefinedOfficial Fix0.050.01955CVE-2016-1811
4Acme Mini HTTPd Terminal input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.04187CVE-2009-4490
5Cisco SD-WAN CLI path traversal8.18.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00890CVE-2022-20775
6Apple iOS CommonCrypto information disclosure5.45.3$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.01537CVE-2016-1802
7Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.090.25090CVE-2017-0055
8Linux Kernel TPM Device use after free7.67.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.01404CVE-2022-2977
9D-Link Go-RT-AC750 gena.php command injection7.67.6$5k-$25k$5k-$25kNot DefinedNot Defined0.010.02055CVE-2022-36523
10Multivendor Marketplace Solution for WooCommerce Order Status cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2022-2657
11taviso Lotus 1-2-3 Worksheet process_fmt stack-based overflow7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01005CVE-2022-39843
12image-tiler command injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2020-28451
13Apple macOS Kernel out-of-bounds3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01018CVE-2022-32817
14Irfan Skiljan IrfanView ShowPlugInSaveOptions_W memory corruption5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2020-23561
15Microsoft Windows Defender Credential Guard Privilege Escalation8.37.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.01178CVE-2022-34711
16Microsoft Windows Kerberos Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.010.01178CVE-2022-30165
17Microsoft Windows Kerberos AppContainer Privilege Escalation8.98.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.01150CVE-2022-30164
18Microsoft Windows Network File System Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.01601CVE-2022-30136
19Vmware Workspace ONE Access improper authentication9.89.1$25k-$100k$0-$5kFunctionalOfficial Fix0.050.16531CVE-2022-22972
20Backdoor.Win32.GateHell.21 FTP Server channel accessible7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.000.00000

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • WindShift

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.procmailrcpredictiveMedium
2File/cgi-bin/wapopenpredictiveHigh
3File/htdocs/upnpinc/gena.phppredictiveHigh
4File/it-IT/splunkd/__raw/services/get_snapshotpredictiveHigh
5File/xxxxxxx/xxxxx/xxxxx.xxxpredictiveHigh
6File/xxxxxxx/predictiveMedium
7Filexxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.xpredictiveHigh
8Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
9Filexxxxxxxx.xxxpredictiveMedium
10Filexxx.xxx?xxx=xxxxx_xxxxpredictiveHigh
11Filexxxxxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
12Filexxxxxxxx.xxxpredictiveMedium
13Filexx-xxxxxxxxxxx.xxxpredictiveHigh
14File~/xx-xxxxxxxx.xxxpredictiveHigh
15Argument$_xxxxxx['xxx_xxxx']predictiveHigh
16Argument--xxxx=xxxpredictiveMedium
17ArgumentxxxxxxxxpredictiveMedium
18ArgumentxxxpredictiveLow
19ArgumentxxxxxxxxxxpredictiveMedium
20ArgumentxxxxxxxxpredictiveMedium
21ArgumentxxxxxpredictiveLow
22Argumentxxxxxx_xxpredictiveMedium
23Argumentxxxx_xxxxpredictiveMedium
24ArgumentxxxpredictiveLow
25ArgumentxxxpredictiveLow
26Argumentxxxxxxxx/xxxxpredictiveHigh
27Input Value../..predictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!