Xpiro Analysis

IOB - Indicator of Behavior (77)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en72
fr2
zh2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us18
es6
fr2
in2
cn2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Xpiro7
Zeus1
TrickBot1
YaBucks1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined20
Smartphone Operating System8
Programming Language Software6
Operating System6
E-Commerce Management Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined24
Microsoft10
Google8
Apple4
Oracle4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android8
Microsoft Windows4
PHP2
phpMyAdmin2
Poppler2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Apache InLong access control5.55.5$5k-$25k$5k-$25kNot DefinedNot Defined0.080.00088CVE-2023-31206
2Nokia NetAct Configuration Dashboard Page xml external entity reference6.46.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00049CVE-2023-26057
3Google Android PowerVR Kernel Driver PVRSRVBridgeRGXTDMSubmitTransfer integer overflow6.56.4$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000.00043CVE-2021-0879
4Oracle MySQL Server Packaging information disclosure7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.080.00065CVE-2022-43551
5Mikrobi Babel redirect.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.070.00198CVE-2019-1010290
6Nextcloud App Password Protection improper authentication4.14.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00053CVE-2023-28647
7Google Android unwinding.cc UnwindingWorker out-of-bounds write5.45.3$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000.00042CVE-2023-21018
8OTCMS apiRun.php AutoRun cross site scripting4.44.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00052CVE-2023-1635
9Google Android use after free5.45.3$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000.00042CVE-2023-21042
10SourceCodester Alphaware Simple E-Commerce System Payment summary.php access control6.15.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00086CVE-2023-0998
11ThingsBoard hard-coded credentials8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00199CVE-2023-26462
12Microsoft Dynamics 365 cross site scripting5.44.9$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00051CVE-2023-21573
13Linux Kernel Cache Privilege Escalation6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00000CVE-2022-20565
14TIBCO Nimbus Web Client redirect7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00102CVE-2022-41559
15Mikrotik RouterOS Hotspot Process out-of-bounds7.67.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.00055CVE-2022-45313
16ThingsBoard IoT Platform Audit Log cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00045CVE-2022-31861
17Google TensorFlow FractionMaxPoolGrad out-of-bounds5.55.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00049CVE-2022-41897
18Oracle Java SE Libraries unknown vulnerability3.13.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.00667CVE-2016-5542
19Fortinet FortiTester SSH Login os command injection9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.030.00145CVE-2022-33874
20Adobe ColdFusion path traversal6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00153CVE-2022-38424

IOC - Indicator of Compromise (27)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
13.217.206.46ec2-3-217-206-46.compute-1.amazonaws.comXpiro08/13/2022verifiedMedium
23.223.115.185ec2-3-223-115-185.compute-1.amazonaws.comXpiro11/06/2021verifiedMedium
313.107.42.23Xpiro07/18/2021verifiedHigh
420.36.252.129Xpiro01/08/2022verifiedHigh
520.42.73.29Xpiro02/13/2022verifiedHigh
620.189.173.20Xpiro02/13/2022verifiedHigh
7XX.XXX.XXX.XXXxxxx02/13/2022verifiedHigh
8XX.XXX.XX.XXxx.xx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxx02/13/2022verifiedMedium
9XX.XX.XX.XXXXxxxx11/06/2021verifiedHigh
10XX.XX.XX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxx02/13/2022verifiedHigh
11XX.XX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxx02/13/2022verifiedHigh
12XX.XXX.XXX.XXXXxxxx02/13/2022verifiedHigh
13XX.XXX.XXX.XXXXxxxx02/13/2022verifiedHigh
14XX.XX.XX.XXXxxxxxxxxx.xxx.xxxxxxx.xxXxxxx10/24/2021verifiedHigh
15XX.XX.XXX.XXxxxx.xxxxxxxxx.xxxXxxxx10/24/2021verifiedHigh
16XX.XX.XXX.XXxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxx02/13/2022verifiedHigh
17XX.XXX.XXX.XXXXxxxx10/24/2021verifiedHigh
18XX.XXX.XXX.XXxxxx.xxxxxxxxxx.xxxXxxxx02/13/2022verifiedHigh
19XX.XXX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxx02/13/2022verifiedHigh
20XXX.XX.XX.XXXxxxx01/08/2022verifiedHigh
21XXX.XX.XX.XXXxxxx01/08/2022verifiedHigh
22XXX.XXX.XX.XXXxxxx02/13/2022verifiedHigh
23XXX.XX.XXX.XXXxxx-xxx-xx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxx08/13/2022verifiedMedium
24XXX.XX.XX.XXXxxxx02/13/2022verifiedHigh
25XXX.XX.XX.XXXxxxx02/13/2022verifiedHigh
26XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxx05/06/2022verifiedHigh
27XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxx02/13/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx XxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/alphaware/summary.phppredictiveHigh
2File/LoginAdminpredictiveMedium
3File/vloggers_merch/classes/Master.php?f=delete_inventorypredictiveHigh
4FileapiRun.phppredictiveMedium
5Filexxxxxxx/xxx/xxx-xxxx.xpredictiveHigh
6Filexxxxxx.xxpredictiveMedium
7Filexxx/xxxxx.xxxxpredictiveHigh
8Filexxxxxxxxxxxxx.xxxpredictiveHigh
9Filexxxxxxxx.xxxpredictiveMedium
10Filexxx_xxxx.xpredictiveMedium
11Filexxxxxx-xxxxxxx.xxxpredictiveHigh
12Filexxxxxxx.xxxpredictiveMedium
13Filexxxxxxxxx.xxpredictiveMedium
14Filexxxxxxxxx/xxx/xxx.xpredictiveHigh
15Filexxxx.xxpredictiveLow
16Filexxxxxxxxxxxx.xxxpredictiveHigh
17ArgumentxxxxxxpredictiveLow
18Argumentxxx_xxxxxx_xxxx_xxx_xxxxxx_xxxx/xxx_xxxxxx_xxxx_xxx_xxxxxx_xxxxxpredictiveHigh
19ArgumentxxxxpredictiveLow
20ArgumentxxxxxxpredictiveLow
21ArgumentxxxxpredictiveLow
22Argumentxxxxxxx_xxxxxxxpredictiveHigh
23Argumentxx_xxxxpredictiveLow
24Argumentxxx_xxxxxxx_xxxxxxxx/xxx_xxxxxxx_xxxxxxxxpredictiveHigh
25ArgumentxxxpredictiveLow
26ArgumentxxxxxxxxpredictiveMedium
27Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
28Pattern|xx|predictiveLow
29Network Portxxx xxxxxx xxxxpredictiveHigh

References (8)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!