Wiper Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (773)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en410
de190
fr118
it36
es12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us460
fr290
it12
de4
cn2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Wiper11
Cyclops Blink3
RuRAT2
Emotet1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined162
Operating System50
Content Management System28
Forum Software14
Programming Language Software14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined116
Microsoft44
Apache18
GNU14
Red Hat10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows26
WordPress8
Mozilla Firefox6
PHP6
Linux Kernel6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.86CVE-2010-0966
3Woltlab Burning Board register.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.009570.00CVE-2007-1443
4Magic Photo Storage Website register.php privileges management5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
5YaBB register.pl memory corruption10.08.7$0-$5k$0-$5kUnprovenOfficial Fix0.173480.00CVE-2007-3208
6WordPress wp-register.php cross site scripting4.34.2$5k-$25k$0-$5kHighUnavailable0.003220.00CVE-2007-5105
7Phpwebgallery register.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.007590.03CVE-2007-1109
8Expinion.net News Manager Lite comment_add.asp cross site scripting4.33.8$0-$5k$0-$5kUnprovenOfficial Fix0.006070.02CVE-2004-1845
9Phorum register.php cross site scripting6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.016010.02CVE-2007-0769
10SSReader Ultra Star Reader ActiveX Control pdg2.dll Register memory corruption10.09.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.070570.03CVE-2007-5892
11SSReader Ultra Star Reader ActiveX Control register memory corruption7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.036170.00CVE-2007-5807
12StoreSprite register.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.018500.02CVE-2007-4307
13AlstraSoft AskMe Pro register.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
14Microsoft Register Server denial of service5.35.3$5k-$25k$0-$5kNot DefinedNot Defined0.003500.00CVE-2007-3658
15Scribe forum.php register code injection7.36.6$0-$5k$0-$5kProof-of-ConceptUnavailable0.024340.00CVE-2007-5822
16WordPress wp-register.php cross site scripting4.34.2$5k-$25k$0-$5kHighUnavailable0.005330.04CVE-2007-5106
17Andys Chat register.php memory corruption10.010.0$0-$5k$0-$5kNot DefinedUnavailable0.031060.00CVE-2006-7036
18PBSite register.php Local Privilege Escalation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.05
19LushiWarPlaner register.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.008210.08CVE-2007-0864
20TeamCal register.php path traversal3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00

IOC - Indicator of Compromise (31)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
12.230.110.1372-230-110-137.ip201.fastwebnet.itWiper05/20/2022verifiedHigh
224.199.247.222webmail.capefearclinic.orgWiper05/20/2022verifiedHigh
337.71.147.186186.147.71.37.rev.sfr.netWiper05/20/2022verifiedHigh
437.99.163.162mail.futuregrp.orgWiper05/20/2022verifiedHigh
550.255.126.6550-255-126-65-static.hfc.comcastbusiness.netWiper05/20/2022verifiedHigh
658.185.154.99Wiper01/01/2021verifiedHigh
770.62.153.174rrcs-70-62-153-174.central.biz.rr.comWiper05/20/2022verifiedHigh
8XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxx.xxxx.xxXxxxx05/20/2022verifiedHigh
9XX.XX.XXX.XXXxxxxxxxx-xxx-x-xxx-xxx.xxx-xx.xxx.xxxxxxx.xxXxxxx05/20/2022verifiedHigh
10XX.XXX.XX.XXXxxxxxxxxx.xxxx.x-xxxxxxxxx.xxXxxxx05/20/2022verifiedHigh
11XX.XXX.XX.XXXXxxxx05/20/2022verifiedHigh
12XX.X.XXX.XXXxxxx.xxxxxx.xxx.xxXxxxx05/20/2022verifiedHigh
13XX.XXX.XX.XXXxxxxxxxx.xxxxxxx.xxxXxxxx05/20/2022verifiedHigh
14XX.XX.XXX.XXxx-xx-xxx-xx.xxxx.xxxxxxxx.xxXxxxx01/01/2021verifiedHigh
15XX.XX.XXX.XXXxxxxxxxxxxxxxx-xxx-x-xxx-xxx.xxx-xx.xxx.xxxxxxx.xxXxxxx05/20/2022verifiedHigh
16XX.XX.XXX.XXxx-xx-xxx-xx.xxxxx.xxxxxxxxxx.xxXxxxx05/20/2022verifiedHigh
17XX.XX.XX.XXXxx-xx-xx-xxx-xxxxxx.xxx.xxxxxxxxxxxxxxx.xxxXxxxx05/20/2022verifiedHigh
18XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxx-xx.xxxxxxxxxxx.xxxXxxxx05/20/2022verifiedHigh
19XXX.XXX.XXX.XXXXxxxx05/20/2022verifiedHigh
20XXX.XXX.XX.XXXxx-xxx-xxx-xxx-xxx.xxxx.xxxxx.xxxxxxxx-xx.xxXxxxx05/20/2022verifiedHigh
21XXX.X.XXX.XXXxxx-x-xxx-xxx.xxxxx.xxxxxxxxxx.xxXxxxx05/20/2022verifiedHigh
22XXX.XX.XXX.XXXxxxx05/20/2022verifiedHigh
23XXX.XXX.XXX.XXXXxxxx05/20/2022verifiedHigh
24XXX.XXX.XX.XXXxxxxx-x.xxx-xxxxxxx.xxxXxxxx05/20/2022verifiedHigh
25XXX.XX.XXX.XXXXxxxx01/01/2021verifiedHigh
26XXX.XX.XX.XXxxxxx.xxx.xxxXxxxx05/20/2022verifiedHigh
27XXX.XXX.XXX.XXXXxxxx05/20/2022verifiedHigh
28XXX.XXX.XXX.XXxxxx-xxx-xxx-xxx-xx.xxxxxx.xxxxxxx.xxxXxxxx05/20/2022verifiedHigh
29XXX.XXX.XXX.XXXxxxxxxx.xxxxxxx.xxXxxxx05/20/2022verifiedHigh
30XXX.XX.XX.XXxxxx-xxx-xx-xx-xx.xxxxxxxx.xxxxxxxxxxxxx.xxXxxxx05/20/2022verifiedHigh
31XXX.XX.XX.XXXXxxxx01/01/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22, CWE-425Path TraversalpredictiveHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CWE-94Argument InjectionpredictiveHigh
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5T1068CWE-264, CWE-266, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictiveHigh
15TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
18TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
19TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
20TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
21TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
22TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (184)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/nobodypredictiveHigh
2File/doorgets/app/views/ajax/commentView.phppredictiveHigh
3File/etc/passwdpredictiveMedium
4File/GponForm/device_Form?script/predictiveHigh
5File/index.phppredictiveMedium
6File/index.php?controller=GzUser&action=edit&id=1predictiveHigh
7File/rom-0predictiveLow
8File/timeline2.phppredictiveHigh
9File/tmppredictiveLow
10File/uncpath/predictiveMedium
11File/user-utils/users/md5.jsonpredictiveHigh
12File/wp-admin/admin-ajax.phppredictiveHigh
13FileAbstractController.phppredictiveHigh
14FileActBar.ocxpredictiveMedium
15Fileadclick.phppredictiveMedium
16Fileadd_comment.phppredictiveHigh
17Fileadd_ons.phppredictiveMedium
18Fileadmin.comms.phppredictiveHigh
19Fileadmin.phppredictiveMedium
20Fileadmin/bad.phppredictiveHigh
21Fileadmin/users/newpredictiveHigh
22Fileadmincp.php?app=user&do=savepredictiveHigh
23Fileajax.php?type=../admin-panel/autoload&page=manage-userspredictiveHigh
24Fileapc.phppredictiveLow
25Filexxxxxxx.xxxpredictiveMedium
26Filexxxx_xxxxxxxxxxx.xxxpredictiveHigh
27Filexxx-xxx/predictiveMedium
28Filexxx/xxx.xpredictiveMedium
29Filexxxxxxx_xxx.xxxpredictiveHigh
30Filexxxxxxx.xpredictiveMedium
31Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxx_xxxxx.xpredictiveHigh
33Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictiveHigh
34Filexxxx_x.xpredictiveMedium
35Filexxxxxxx/xxxxx/xxxxxx.xpredictiveHigh
36Filexxxxxxx/xxx/xxxxx/xxx-xxxxx.xpredictiveHigh
37Filexxxxxxx/xxx/xxxxxxxx/xxxxxxxxx/xxxxxxx.xpredictiveHigh
38Filexxxxxxx.xpredictiveMedium
39Filexxxxx.xxxpredictiveMedium
40Filexxxxxxxxxxxxxx.xxpredictiveHigh
41Filexxxx.xxxpredictiveMedium
42Filexxx/xxxx/xxxx.xpredictiveHigh
43Filexxxx.xxxpredictiveMedium
44Filexxxxxxx/xxxx_xxxxxxxxx.xxxpredictiveHigh
45Filexxxxx.xxxpredictiveMedium
46Filexxxxxx/xxxxxx.xxxxpredictiveHigh
47Filexxxx.xxxpredictiveMedium
48Filexxxxxxxxx.xxxpredictiveHigh
49Filexx.xxpredictiveLow
50Filexxx/xxxxxx.xxxpredictiveHigh
51Filexxxxxxx/xxxxxxx/xxxxxxxx.xxx.xxxpredictiveHigh
52Filexxxxxxx/xxxxxxx/xxxxxxxx_xxxxxxxx.xxx.xxxpredictiveHigh
53Filexxxxx.xxxpredictiveMedium
54Filexxxxxxxxx/xxx/xxxxxx.xpredictiveHigh
55Filexxxxxxxxx/xxx/xxxx.xpredictiveHigh
56Filexxxx.xxxpredictiveMedium
57Filexxx.xxxpredictiveLow
58Filexxx/xxx_xxxxxxx_xx.xpredictiveHigh
59Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
60Filexxxxxxxxx/xxxx-xxxxxx.xpredictiveHigh
61Filexxxxx.xxx.xxxpredictiveHigh
62Filexxxxxxx.xxxpredictiveMedium
63Filexxxxx.xxpredictiveMedium
64Filexxxxx.xxxpredictiveMedium
65Filexxxxxx.xxx?x=xxxxxxx_xxx&xxpredictiveHigh
66Filexxxxxxxx.xxxpredictiveMedium
67Filexxx/xxx_xxx.xpredictiveHigh
68Filexx.xxxpredictiveLow
69Filexxxx.xxxxxx.xxpredictiveHigh
70Filexxxxx/xxx/xxxx_xxxxx.xpredictiveHigh
71Filexxxx.xxxpredictiveMedium
72Filexxxxx.xxpredictiveMedium
73Filexxxxx-xxx.xpredictiveMedium
74Filexxx-xxxx.xpredictiveMedium
75Filexxxxx.xxxpredictiveMedium
76Filexxxxx.xxxpredictiveMedium
77Filexxxxxxxx.xxxpredictiveMedium
78Filexxxxxxxx.xxxxpredictiveHigh
79Filexxxxxxxx.xxxpredictiveMedium
80Filexxxxxxxx.xxxpredictiveMedium
81Filexxxxxxxx.xxpredictiveMedium
82Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
83FilexxxxxxxxxpredictiveMedium
84Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
85Filexxxxxxxxxx/xxxxxxxxxx_xxxxxxxxxx.xxxpredictiveHigh
86Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
87Filex.xxxpredictiveLow
88Filexxxxxx.xxxpredictiveMedium
89Filexxxxxx/xxxxxxxx.xxxpredictiveHigh
90Filexxxxxxx/xxxxx/xxxx-xxx/xxxxxx.xpredictiveHigh
91Filexxxxxxxx/xxxxxxxxxxx/xxxxx/predictiveHigh
92Filexxxxxx.xxxpredictiveMedium
93Filexxxxx.xpredictiveLow
94Filexxxx.xpredictiveLow
95Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
96Filexxxx.xxxpredictiveMedium
97Filexxxxxxxxxxx.xpredictiveHigh
98Filexxxxxxxxxxxxxxxx.xxxxpredictiveHigh
99Filexxxxx.xxpredictiveMedium
100Filexxxxxxxx.xpredictiveMedium
101Filexxxx-xxxxxxxx.xxxpredictiveHigh
102Filexxxxxxx.xxxpredictiveMedium
103Filexxxx/xxxxxxxx.xxxpredictiveHigh
104Filexxxxx/xxxxxxxx.xxxpredictiveHigh
105Filexxxx/xxxxxxxx.xxxpredictiveHigh
106Filexx-xxxxx/xxxxx-xxxx.xxx?xx-xxxxx-xxxxxx[]=xxxxxxxxpredictiveHigh
107Filexx-xxxxx.xxxpredictiveMedium
108Filexx-xxxxxxxx.xxxpredictiveHigh
109Filexxxxxx.xxxpredictiveMedium
110Libraryxxxxxxxx.xxxpredictiveMedium
111Libraryxxx/xxx/xxxxxx.xxpredictiveHigh
112Libraryxxx/xxx/xxxxx.xxxpredictiveHigh
113Libraryxxxxxxxx.xxxpredictiveMedium
114Libraryxxxxxxxx.xxxpredictiveMedium
115Libraryxxxx.xxxpredictiveMedium
116Libraryxxx/xxx/xxxx/xxx/xxxx.xxxpredictiveHigh
117ArgumentxxxxxxxpredictiveLow
118ArgumentxxxxxxpredictiveLow
119Argumentxxx_xxxpredictiveLow
120Argumentxxxx_xxxxpredictiveMedium
121ArgumentxxxxxxxxpredictiveMedium
122Argumentxxxx_xxpredictiveLow
123ArgumentxxxxxxxxxxxxxpredictiveHigh
124ArgumentxxxxxxxpredictiveLow
125ArgumentxxxxpredictiveLow
126ArgumentxxxxxxxpredictiveLow
127Argumentxxxxxxxxxxx/xxxx/xxxxxxxpredictiveHigh
128ArgumentxxxxpredictiveLow
129ArgumentxxxxxpredictiveLow
130ArgumentxxxxxpredictiveLow
131Argumentxxxxxxx=xxxxxxxxpredictiveHigh
132ArgumentxxxxpredictiveLow
133Argumentxxxx_xxxxxpredictiveMedium
134ArgumentxxxxxxxxpredictiveMedium
135ArgumentxxpredictiveLow
136Argumentxx_xxxxxxxxpredictiveMedium
137ArgumentxxxpredictiveLow
138Argumentxxxxxxx_xxxxpredictiveMedium
139Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictiveHigh
140ArgumentxxxxpredictiveLow
141ArgumentxxxxxxxxxxxxxpredictiveHigh
142Argumentxxxxxx?xxxxxxpredictiveHigh
143ArgumentxxxxxxxpredictiveLow
144ArgumentxxxxpredictiveLow
145Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
146ArgumentxxxxpredictiveLow
147ArgumentxxxxpredictiveLow
148ArgumentxxxxpredictiveLow
149ArgumentxxxxxxxxpredictiveMedium
150Argumentxxxx_xxxxpredictiveMedium
151ArgumentxxxxxxxxxxxxpredictiveMedium
152ArgumentxxxxxxxxxpredictiveMedium
153Argumentxxxxxxxx/xxxx/xxxxxpredictiveHigh
154ArgumentxxxxxxxpredictiveLow
155Argumentxxx_xxxxpredictiveMedium
156ArgumentxxxxxxxxpredictiveMedium
157Argumentxxxx/xxxxpredictiveMedium
158ArgumentxxxxxxpredictiveLow
159ArgumentxxxxxxxxxxxxpredictiveMedium
160ArgumentxxxxxxpredictiveLow
161ArgumentxxxpredictiveLow
162ArgumentxxxxxxxxxxpredictiveMedium
163ArgumentxxxxpredictiveLow
164ArgumentxxxxxxxxpredictiveMedium
165ArgumentxxxxxpredictiveLow
166Argumentxxx/xxxxx_xxxxxxx.$predictiveHigh
167ArgumentxxxxpredictiveLow
168ArgumentxxxpredictiveLow
169ArgumentxxxxxpredictiveLow
170ArgumentxxxpredictiveLow
171ArgumentxxxxxxxxpredictiveMedium
172Argumentxxxx_xxxxxpredictiveMedium
173Argumentxxxx_xxxxxpredictiveMedium
174ArgumentxxxpredictiveLow
175Argument_xxxxxx[xxxx_xxxx]predictiveHigh
176Input ValuexxxxpredictiveLow
177Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
178Input ValuexxxxpredictiveLow
179Pattern|xx|xx|xx|predictiveMedium
180Pattern|xx|xxx|xx xx xx xx|predictiveHigh
181Network Portxxxx xxxxpredictiveMedium
182Network Portxxx/xxxx (xxx)predictiveHigh
183Network Portxxx/xxxxxpredictiveMedium
184Network Portxxx xxxxxx xxxxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!