Xpiro Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (85)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en82
es2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us18
es8
vn2
ir2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Xpiro4
Ramnit2
Zeus1
TrickBot1
YaBucks1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined26
Operating System8
Content Management System6
WordPress Plugin6
Web Browser6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined26
Microsoft10
IBM6
Apple6
Google4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel4
IBM PowerSC2
OTCMS2
Chamilo2
VMware Spring Cloud Function2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1ThemeIsle Orbit Fox Plugin cross site scripting4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00045CVE-2024-1323
2IBM PowerSC cross-domain policy6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00073CVE-2023-50940
3Embed Calendly Plugin Shortcode cross site scripting5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.030.00045CVE-2023-4995
4Tracker Software PDF-XChange Editor U3D File Parser out-of-bounds6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00000CVE-2023-42058
5Mozilla Firefox XLL Add-In File access control4.34.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00055CVE-2023-4581
6PHP Jabbers Yacht Listing Script Password Recovery information exposure6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00091CVE-2023-40761
7OpenRapid RapidCMS run-movepass.php password recovery7.57.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.00063CVE-2023-4448
8Chamilo SVG File fileUpload.lib.php unrestricted upload7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00088CVE-2023-34944
9Apache InLong access control6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00125CVE-2023-31206
10Nokia NetAct Configuration Dashboard Page xml external entity reference6.46.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00069CVE-2023-26057
11Google Android PowerVR Kernel Driver PVRSRVBridgeRGXTDMSubmitTransfer integer overflow6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00043CVE-2021-0879
12Oracle MySQL Server Packaging information disclosure7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.00092CVE-2022-43551
13Mikrobi Babel redirect.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.030.00215CVE-2019-1010290
14Nextcloud App Password Protection improper authentication4.14.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00053CVE-2023-28647
15Google Android unwinding.cc UnwindingWorker out-of-bounds write5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2023-21018
16OTCMS apiRun.php AutoRun cross site scripting4.44.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00062CVE-2023-1635
17Google Android use after free5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2023-21042
18SourceCodester Alphaware Simple E-Commerce System Payment summary.php access control6.15.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00200CVE-2023-0998
19ThingsBoard hard-coded credentials8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00337CVE-2023-26462
20Microsoft Dynamics 365 cross site scripting5.44.9$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00052CVE-2023-21573

IOC - Indicator of Compromise (27)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
13.217.206.46ec2-3-217-206-46.compute-1.amazonaws.comXpiro08/13/2022verifiedMedium
23.223.115.185ec2-3-223-115-185.compute-1.amazonaws.comXpiro11/06/2021verifiedMedium
313.107.42.23Xpiro07/18/2021verifiedHigh
420.36.252.129Xpiro01/08/2022verifiedHigh
520.42.73.29Xpiro02/13/2022verifiedHigh
620.189.173.20Xpiro02/13/2022verifiedHigh
7XX.XXX.XXX.XXXxxxx02/13/2022verifiedHigh
8XX.XXX.XX.XXxx.xx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxx02/13/2022verifiedMedium
9XX.XX.XX.XXXXxxxx11/06/2021verifiedHigh
10XX.XX.XX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxx02/13/2022verifiedHigh
11XX.XX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxx02/13/2022verifiedHigh
12XX.XXX.XXX.XXXXxxxx02/13/2022verifiedHigh
13XX.XXX.XXX.XXXXxxxx02/13/2022verifiedHigh
14XX.XX.XX.XXXxxxxxxxxx.xxx.xxxxxxx.xxXxxxx10/24/2021verifiedHigh
15XX.XX.XXX.XXxxxx.xxxxxxxxx.xxxXxxxx10/24/2021verifiedHigh
16XX.XX.XXX.XXxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxx02/13/2022verifiedHigh
17XX.XXX.XXX.XXXXxxxx10/24/2021verifiedHigh
18XX.XXX.XXX.XXxxxx.xxxxxxxxxx.xxxXxxxx02/13/2022verifiedHigh
19XX.XXX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxx02/13/2022verifiedHigh
20XXX.XX.XX.XXXxxxx01/08/2022verifiedHigh
21XXX.XX.XX.XXXxxxx01/08/2022verifiedHigh
22XXX.XXX.XX.XXXxxxx02/13/2022verifiedHigh
23XXX.XX.XXX.XXXxxx-xxx-xx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxx08/13/2022verifiedMedium
24XXX.XX.XX.XXXxxxx02/13/2022verifiedHigh
25XXX.XX.XX.XXXxxxx02/13/2022verifiedHigh
26XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxx05/06/2022verifiedHigh
27XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxx02/13/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Path TraversalpredictiveHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CWE-94Argument InjectionpredictiveHigh
4T1059.007CWE-79Cross Site ScriptingpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
14TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/alphaware/summary.phppredictiveHigh
2File/LoginAdminpredictiveMedium
3File/vloggers_merch/classes/Master.php?f=delete_inventorypredictiveHigh
4Fileadmin/run-movepass.phppredictiveHigh
5Filexxxxxx.xxxpredictiveMedium
6Filexxxxxxx/xxx/xxx-xxxx.xpredictiveHigh
7Filexxxxxx.xxpredictiveMedium
8Filexxx/xxxxx.xxxxpredictiveHigh
9Filexxxxxxxxxxxxx.xxxpredictiveHigh
10Filexxxxxxxx.xxxpredictiveMedium
11Filexxx_xxxx.xpredictiveMedium
12Filexxxxxx-xxxxxxx.xxxpredictiveHigh
13Filexxxxxxx.xxxpredictiveMedium
14Filexxxxxxxxx.xxpredictiveMedium
15Filexxxxxxxxx/xxx/xxx.xpredictiveHigh
16Filexxxx.xxpredictiveLow
17Filexxxxxxxxxxxx.xxxpredictiveHigh
18Library/xxxxxxxxxx.xxx.xxxpredictiveHigh
19ArgumentxxxxxxpredictiveLow
20Argumentxxx_xxxxxx_xxxx_xxx_xxxxxx_xxxx/xxx_xxxxxx_xxxx_xxx_xxxxxx_xxxxxpredictiveHigh
21ArgumentxxxxpredictiveLow
22ArgumentxxxxxxpredictiveLow
23ArgumentxxxxpredictiveLow
24Argumentxxxxxxxx/xxxxxxxxxpredictiveHigh
25Argumentxxxxxxx_xxxxxxxpredictiveHigh
26Argumentxx_xxxxpredictiveLow
27Argumentxxx_xxxxxxx_xxxxxxxx/xxx_xxxxxxx_xxxxxxxxpredictiveHigh
28ArgumentxxxpredictiveLow
29ArgumentxxxxxxxxpredictiveMedium
30Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
31Pattern|xx|predictiveLow
32Network Portxxx xxxxxx xxxxpredictiveHigh

References (8)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!