Xanthe Analysis

IOB - Indicator of Behavior (32)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en18
ja6
zh6
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache Log4j2
Google Go2
OpenSSH2
TOTOLINK EX1200T2
Circle with Disney2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Splunk Enterprise Forwarder Bundle access control8.58.3$0-$5k$0-$5kNot DefinedOfficial Fix0.110.01440CVE-2022-32158
2Microsoft Windows 16-bit Compatibility information disclosure3.33.3$25k-$100k$0-$5kNot DefinedWorkaround0.000.00000
3Google Chrome resource management7.37.0$25k-$100kCalculatingNot DefinedOfficial Fix0.010.01213CVE-2011-2796
4Samsung TizenRT l2_packet_pcap.c l2_packet_receive_timeout denial of service5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00954CVE-2022-40279
5Microsoft Internet Explorer FTP Server memory corruption6.36.3$25k-$100k$0-$5kHighUnavailable0.020.69671CVE-2009-3023
6Microsoft Windows Shell Shortcut Parser input validation10.09.5$100k and more$0-$5kHighOfficial Fix0.040.91230CVE-2010-2568
7TOTOLINK EX1200T command injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.020.02509CVE-2021-42872
8Cellopoint Cellos URL server-side request forgery6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2020-17386
9Fortinet FortiOS/FortiProxy Administrative Interface authentication bypass9.89.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.200.89292CVE-2022-40684
10HCL iNotes Form weak password5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2022-27558
11Google Chrome FedCM use after free6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.27766CVE-2022-2852
12F5 BIG-IP Configuration Utility injection7.27.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2022-35735
13SourceCodester Expense Management System POST Parameter report.php fetch_report_credit sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00885CVE-2022-2688
14GeoServer Proxy Host server-side request forgery5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.040.01018CVE-2021-40822
15HPE Data Protector missing authentication9.89.6$5k-$25k$0-$5kHighOfficial Fix0.000.90916CVE-2016-2004
16kaptcha Captcha DefaultTextCreator.java Random random values8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.01055CVE-2018-18531
17NXP LPC55S69JEV98 SB2 Update Parser buffer overflow5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.010.01005CVE-2022-22819
18SRS Simple Hits Counter Plugin sql injection7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.020.01055CVE-2020-5766
19Dell EMC SRS Policy Manager XML Parser xml external entity reference7.37.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000.01055CVE-2021-21517
20Apache Log4j Lookup infinite loop6.46.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.060.44262CVE-2021-45105

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
134.92.166.158158.166.92.34.bc.googleusercontent.comXantheverifiedMedium
2XX.XXX.XX.XXXxxxxxverifiedHigh
3XXX.XX.XX.XXxxxxxxx.xxxXxxxxxverifiedHigh
4XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxverifiedHigh
5XXX.XX.XX.XXXXxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1055CWE-74InjectionpredictiveHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
3TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileauth2-gss.cpredictiveMedium
2Filecategory.phppredictiveMedium
3Filexxxxxx.xxxpredictiveMedium
4Filexxxx-xxxxxx.xpredictiveHigh
5Filexxxx/xxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
6Filexxx_xxxxxxxxxx/xxx/xx_xxxxxx/xx_xxxxxx_xxxx.xpredictiveHigh
7Argumentxxxx/xxpredictiveLow
8ArgumentxxxxpredictiveLow
9ArgumentxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!