Xpiro Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en22
de2

Country

us8
fr1
kr1

Actors

Zeus13
Xpiro11

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined3.59CVE-2020-12440
2woocommerce-exporter Plugin access control8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2016-10935
3Microsoft IIS File Name Tilde privileges management6.55.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.06CVE-2005-4360
4memcached numeric error10.010.0$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2009-2415
5PHP phpinfo cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2006-0996
6Microsoft Outlook Web App redir.aspx authentication spoofing5.35.0$5k-$25k$0-$5kProof-of-ConceptUnavailable0.00
7vsftpd deny_file unknown vulnerability3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2015-1419
8phpMyAdmin Username sql injection7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2016-9864
9CMS Made Simple Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2010-4663
10JIRA startup.jsp redirect6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2019-11585
11Adobe Photoshop CC command injection7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2019-7989
12Symantec Management Center REST API information disclosure5.85.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2019-9697
13DameWare Mini Remote Control User ID lstrcpyA memory corruption5.65.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.06CVE-2005-2842
14Search Exclude Plugin Option search-exclude.php access control7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2019-15895
15Microsoft Yammer Security Feature Policy input validation7.47.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2019-1265
16Integard Pro LoginAdmin buffer overflow8.58.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.00CVE-2019-16702
17Microsoft Excel memory corruption7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-1331
18NVIDIA Virtual GPU Manager vGPU Plugin input validation3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2019-5698
19wolfSSL ASN.1 Certificate asn.c out-of-bounds write7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-18840
20slp-validate Bitcoin Script input validation4.84.4$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2019-16761

IOC - Indicator of Compromise

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameCampaignsConfidence
13.223.115.185ec2-3-223-115-185.compute-1.amazonaws.comMedium
213.107.42.23High
320.36.252.129High
4XX.XX.XX.XXXHigh
5XX.XX.XX.XXXxxxxxxxxx.xxx.xxxxxxx.xxHigh
6XX.XX.XXX.XXxxxx.xxxxxxxxx.xxxHigh
7XX.XXX.XXX.XXXHigh
8XXX.XX.XX.XXHigh
9XXX.XX.XX.XXHigh

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79Cross Site ScriptingHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegesHigh
3T1499CWE-400Resource ConsumptionHigh

IOA - Indicator of Attack

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/LoginAdminMedium
2Filedrivers/spi/spi-gpio.cHigh
3Fileowa/redir.aspxHigh
4Filexxxxxx-xxxxxxx.xxxHigh
5Filexxxxxxx.xxxMedium
6Filexxxxxxxxx/xxx/xxx.xHigh
7ArgumentxxxxLow
8ArgumentxxxLow
9Input Value::$xxxxx_xxxxxxxxxxHigh
10Network Portxxx xxxxxx xxxxHigh

References

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!