Wiper Analysis

IOB - Indicator of Behavior (734)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en350
de198
fr136
it30
es12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us450
fr268
it6
de4
br2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows20
WordPress16
Das U-Boot8
Mozilla Firefox6
Linux Kernel4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.410.04187CVE-2010-0966
3Woltlab Burning Board register.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.01319CVE-2007-1443
4Magic Photo Storage Website register.php privileges management5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00000
5YaBB register.pl memory corruption10.08.7$0-$5k$0-$5kUnprovenOfficial Fix0.040.08263CVE-2007-3208
6WordPress wp-register.php cross site scripting4.34.2$5k-$25k$0-$5kHighUnavailable0.020.02945CVE-2007-5105
7Phpwebgallery register.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.020.01319CVE-2007-1109
8Expinion.net News Manager Lite comment_add.asp cross site scripting4.33.8$0-$5k$0-$5kUnprovenOfficial Fix0.010.03129CVE-2004-1845
9Phorum register.php cross site scripting6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.01213CVE-2007-0769
10SSReader Ultra Star Reader ActiveX Control pdg2.dll Register memory corruption10.09.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.06523CVE-2007-5892
11SSReader Ultra Star Reader ActiveX Control register memory corruption7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.020.04679CVE-2007-5807
12StoreSprite register.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.01955CVE-2007-4307
13AlstraSoft AskMe Pro register.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00000
14Microsoft Register Server denial of service5.35.3$5k-$25k$0-$5kNot DefinedNot Defined0.000.06118CVE-2007-3658
15Scribe forum.php register code injection7.36.6$0-$5k$0-$5kProof-of-ConceptUnavailable0.020.01408CVE-2007-5822
16WordPress wp-register.php cross site scripting4.34.2$5k-$25k$0-$5kHighUnavailable0.040.01213CVE-2007-5106
17Andys Chat register.php memory corruption10.010.0$0-$5k$0-$5kNot DefinedUnavailable0.020.06523CVE-2006-7036
18PBSite register.php Local Privilege Escalation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00000
19LushiWarPlaner register.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.010.01139CVE-2007-0864
20TeamCal register.php path traversal3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00000

IOC - Indicator of Compromise (31)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
12.230.110.1372-230-110-137.ip201.fastwebnet.itWiperverifiedHigh
224.199.247.222webmail.capefearclinic.orgWiperverifiedHigh
337.71.147.186186.147.71.37.rev.sfr.netWiperverifiedHigh
437.99.163.162mail.futuregrp.orgWiperverifiedHigh
550.255.126.6550-255-126-65-static.hfc.comcastbusiness.netWiperverifiedHigh
658.185.154.99WiperverifiedHigh
770.62.153.174rrcs-70-62-153-174.central.biz.rr.comWiperverifiedHigh
8XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxx.xxxx.xxXxxxxverifiedHigh
9XX.XX.XXX.XXXxxxxxxxx-xxx-x-xxx-xxx.xxx-xx.xxx.xxxxxxx.xxXxxxxverifiedHigh
10XX.XXX.XX.XXXxxxxxxxxx.xxxx.x-xxxxxxxxx.xxXxxxxverifiedHigh
11XX.XXX.XX.XXXXxxxxverifiedHigh
12XX.X.XXX.XXXxxxx.xxxxxx.xxx.xxXxxxxverifiedHigh
13XX.XXX.XX.XXXxxxxxxxx.xxxxxxx.xxxXxxxxverifiedHigh
14XX.XX.XXX.XXxx-xx-xxx-xx.xxxx.xxxxxxxx.xxXxxxxverifiedHigh
15XX.XX.XXX.XXXxxxxxxxxxxxxxx-xxx-x-xxx-xxx.xxx-xx.xxx.xxxxxxx.xxXxxxxverifiedHigh
16XX.XX.XXX.XXxx-xx-xxx-xx.xxxxx.xxxxxxxxxx.xxXxxxxverifiedHigh
17XX.XX.XX.XXXxx-xx-xx-xxx-xxxxxx.xxx.xxxxxxxxxxxxxxx.xxxXxxxxverifiedHigh
18XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxx-xx.xxxxxxxxxxx.xxxXxxxxverifiedHigh
19XXX.XXX.XXX.XXXXxxxxverifiedHigh
20XXX.XXX.XX.XXXxx-xxx-xxx-xxx-xxx.xxxx.xxxxx.xxxxxxxx-xx.xxXxxxxverifiedHigh
21XXX.X.XXX.XXXxxx-x-xxx-xxx.xxxxx.xxxxxxxxxx.xxXxxxxverifiedHigh
22XXX.XX.XXX.XXXxxxxverifiedHigh
23XXX.XXX.XXX.XXXXxxxxverifiedHigh
24XXX.XXX.XX.XXXxxxxx-x.xxx-xxxxxxx.xxxXxxxxverifiedHigh
25XXX.XX.XXX.XXXXxxxxverifiedHigh
26XXX.XX.XX.XXxxxxx.xxx.xxxXxxxxverifiedHigh
27XXX.XXX.XXX.XXXXxxxxverifiedHigh
28XXX.XXX.XXX.XXxxxx-xxx-xxx-xxx-xx.xxxxxx.xxxxxxx.xxxXxxxxverifiedHigh
29XXX.XXX.XXX.XXXxxxxxxx.xxxxxxx.xxXxxxxverifiedHigh
30XXX.XX.XX.XXxxxx-xxx-xx-xx-xx.xxxxxxxx.xxxxxxxxxxxxx.xxXxxxxverifiedHigh
31XXX.XX.XX.XXXXxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (169)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/doorgets/app/views/ajax/commentView.phppredictiveHigh
2File/etc/passwdpredictiveMedium
3File/index.phppredictiveMedium
4File/rom-0predictiveLow
5File/tmppredictiveLow
6File/uncpath/predictiveMedium
7FileAbstractController.phppredictiveHigh
8FileActBar.ocxpredictiveMedium
9Fileadclick.phppredictiveMedium
10Fileadd_comment.phppredictiveHigh
11Fileadd_ons.phppredictiveMedium
12Fileadmin.comms.phppredictiveHigh
13Fileadmin.phppredictiveMedium
14Fileadmin/bad.phppredictiveHigh
15Fileadmincp.php?app=user&do=savepredictiveHigh
16Fileajax.php?type=../admin-panel/autoload&page=manage-userspredictiveHigh
17Fileapc.phppredictiveLow
18Fileauction.cgipredictiveMedium
19Filebase_maintenance.phppredictiveHigh
20Filecgi-bin/predictiveMedium
21Filecmd/gpt.cpredictiveMedium
22Filecomment_add.asppredictiveHigh
23FileConvert.cpredictiveMedium
24Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
25Filexxxxxx_xxxxx.xpredictiveHigh
26Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictiveHigh
27Filexxxx_x.xpredictiveMedium
28Filexxxxxxx/xxxxx/xxxxxx.xpredictiveHigh
29Filexxxxxxx/xxx/xxxxx/xxx-xxxxx.xpredictiveHigh
30Filexxxxxxx/xxx/xxxxxxxx/xxxxxxxxx/xxxxxxx.xpredictiveHigh
31Filexxxxxxx.xpredictiveMedium
32Filexxxxx.xxxpredictiveMedium
33Filexxxxxxxxxxxxxx.xxpredictiveHigh
34Filexxxx.xxxpredictiveMedium
35Filexxx/xxxx/xxxx.xpredictiveHigh
36Filexxxx.xxxpredictiveMedium
37Filexxxxxxx/xxxx_xxxxxxxxx.xxxpredictiveHigh
38Filexxxxx.xxxpredictiveMedium
39Filexxxx.xxxpredictiveMedium
40Filexxxxxxxxx.xxxpredictiveHigh
41Filexx.xxpredictiveLow
42Filexxx/xxxxxx.xxxpredictiveHigh
43Filexxxxxxx/xxxxxxx/xxxxxxxx.xxx.xxxpredictiveHigh
44Filexxxxxxx/xxxxxxx/xxxxxxxx_xxxxxxxx.xxx.xxxpredictiveHigh
45Filexxxxx.xxxpredictiveMedium
46Filexxxxxxxxx/xxx/xxxxxx.xpredictiveHigh
47Filexxxxxxxxx/xxx/xxxx.xpredictiveHigh
48Filexxxx.xxxpredictiveMedium
49Filexxx.xxxpredictiveLow
50Filexxx/xxx_xxxxxxx_xx.xpredictiveHigh
51Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
52Filexxxxxxxxx/xxxx-xxxxxx.xpredictiveHigh
53Filexxxxx.xxx.xxxpredictiveHigh
54Filexxxxxxx.xxxpredictiveMedium
55Filexxxxx.xxpredictiveMedium
56Filexxxxx.xxxpredictiveMedium
57Filexxxxxxxx.xxxpredictiveMedium
58Filexxx/xxx_xxx.xpredictiveHigh
59Filexx.xxxpredictiveLow
60Filexxxx.xxxxxx.xxpredictiveHigh
61Filexxxxx/xxx/xxxx_xxxxx.xpredictiveHigh
62Filexxxx.xxxpredictiveMedium
63Filexxxxx.xxpredictiveMedium
64Filexxxxx-xxx.xpredictiveMedium
65Filexxx-xxxx.xpredictiveMedium
66Filexxxxx.xxxpredictiveMedium
67Filexxxxx.xxxpredictiveMedium
68Filexxxxxxxx.xxxpredictiveMedium
69Filexxxxxxxx.xxxxpredictiveHigh
70Filexxxxxxxx.xxxpredictiveMedium
71Filexxxxxxxx.xxxpredictiveMedium
72Filexxxxxxxx.xxpredictiveMedium
73Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
74FilexxxxxxxxxpredictiveMedium
75Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
76Filexxxxxxxxxx/xxxxxxxxxx_xxxxxxxxxx.xxxpredictiveHigh
77Filex.xxxpredictiveLow
78Filexxxxxx.xxxpredictiveMedium
79Filexxxxxx/xxxxxxxx.xxxpredictiveHigh
80Filexxxxxxx/xxxxx/xxxx-xxx/xxxxxx.xpredictiveHigh
81Filexxxxxxxx/xxxxxxxxxxx/xxxxx/predictiveHigh
82Filexxxxxx.xxxpredictiveMedium
83Filexxxxx.xpredictiveLow
84Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
85Filexxxx.xxxpredictiveMedium
86Filexxxxxxxxxxx.xpredictiveHigh
87Filexxxxxxxxxxxxxxxx.xxxxpredictiveHigh
88Filexxxxx.xxpredictiveMedium
89Filexxxxxxxx.xpredictiveMedium
90Filexxxx-xxxxxxxx.xxxpredictiveHigh
91Filexxxxxxx.xxxpredictiveMedium
92Filexxxx/xxxxxxxx.xxxpredictiveHigh
93Filexxxxx/xxxxxxxx.xxxpredictiveHigh
94Filexxxx/xxxxxxxx.xxxpredictiveHigh
95Filexx-xxxxx/xxxxx-xxxx.xxx?xx-xxxxx-xxxxxx[]=xxxxxxxxpredictiveHigh
96Filexx-xxxxx.xxxpredictiveMedium
97Filexx-xxxxxxxx.xxxpredictiveHigh
98Filexxxxxx.xxxpredictiveMedium
99Libraryxxxxxxxx.xxxpredictiveMedium
100Libraryxxx/xxx/xxxxxx.xxpredictiveHigh
101Libraryxxx/xxx/xxxxx.xxxpredictiveHigh
102Libraryxxxxxxxx.xxxpredictiveMedium
103Libraryxxxxxxxx.xxxpredictiveMedium
104Libraryxxxx.xxxpredictiveMedium
105Libraryxxx/xxx/xxxx/xxx/xxxx.xxxpredictiveHigh
106ArgumentxxxxxxxpredictiveLow
107ArgumentxxxxxxpredictiveLow
108Argumentxxx_xxxpredictiveLow
109Argumentxxxx_xxxxpredictiveMedium
110ArgumentxxxxxxxxpredictiveMedium
111Argumentxxxx_xxpredictiveLow
112ArgumentxxxxxxxpredictiveLow
113ArgumentxxxxpredictiveLow
114ArgumentxxxxxxxpredictiveLow
115Argumentxxxxxxxxxxx/xxxx/xxxxxxxpredictiveHigh
116ArgumentxxxxpredictiveLow
117ArgumentxxxxxpredictiveLow
118ArgumentxxxxxpredictiveLow
119Argumentxxxxxxx=xxxxxxxxpredictiveHigh
120ArgumentxxxxpredictiveLow
121Argumentxxxx_xxxxxpredictiveMedium
122ArgumentxxxxxxxxpredictiveMedium
123ArgumentxxpredictiveLow
124Argumentxx_xxxxxxxxpredictiveMedium
125Argumentxxxxxxx_xxxxpredictiveMedium
126Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictiveHigh
127ArgumentxxxxpredictiveLow
128ArgumentxxxxxxxxxxxxxpredictiveHigh
129Argumentxxxxxx?xxxxxxpredictiveHigh
130ArgumentxxxxxxxpredictiveLow
131ArgumentxxxxpredictiveLow
132Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
133ArgumentxxxxpredictiveLow
134ArgumentxxxxpredictiveLow
135ArgumentxxxxpredictiveLow
136ArgumentxxxxxxxxpredictiveMedium
137Argumentxxxx_xxxxpredictiveMedium
138ArgumentxxxxxxxxxxxxpredictiveMedium
139Argumentxxxxxxxx/xxxx/xxxxxpredictiveHigh
140ArgumentxxxxxxxpredictiveLow
141Argumentxxx_xxxxpredictiveMedium
142Argumentxxxx/xxxxpredictiveMedium
143ArgumentxxxxxxpredictiveLow
144ArgumentxxxxxxxxxxxxpredictiveMedium
145ArgumentxxxxxxpredictiveLow
146ArgumentxxxpredictiveLow
147ArgumentxxxxxxxxxxpredictiveMedium
148ArgumentxxxxpredictiveLow
149ArgumentxxxxxxxxpredictiveMedium
150ArgumentxxxxxpredictiveLow
151Argumentxxx/xxxxx_xxxxxxx.$predictiveHigh
152ArgumentxxxxpredictiveLow
153ArgumentxxxpredictiveLow
154ArgumentxxxxxpredictiveLow
155ArgumentxxxpredictiveLow
156ArgumentxxxxxxxxpredictiveMedium
157Argumentxxxx_xxxxxpredictiveMedium
158Argumentxxxx_xxxxxpredictiveMedium
159ArgumentxxxpredictiveLow
160Argument_xxxxxx[xxxx_xxxx]predictiveHigh
161Input ValuexxxxpredictiveLow
162Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
163Input ValuexxxxpredictiveLow
164Pattern|xx|xx|xx|predictiveMedium
165Pattern|xx|xxx|xx xx xx xx|predictiveHigh
166Network Portxxxx xxxxpredictiveMedium
167Network Portxxx/xxxx (xxx)predictiveHigh
168Network Portxxx/xxxxxpredictiveMedium
169Network Portxxx xxxxxx xxxxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!