ZHtrap Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en270
zh6
de2
ar2
fr2

Country

us25
lu24
ca15
es7
ru3

Actors

ZHtrap282
Matryosh1

Activities

Interest

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.37CVE-2016-6210
2S-Cms callback1.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2018-20477
3Naviwebs Navigate CMS login.php sql injection8.57.9$0-$5k$0-$5kHighNot Defined0.00CVE-2018-17552
4Pydio os command injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2015-3431
5Vastal phpVID browse_videos.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.04CVE-2013-5312
6Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
7Adobe Experience Manager Form Field cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-21084
8Hashcash server.php code injection8.17.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2006-3750
9Phoenix Contact Classic Automation Worx Software Suite Project initialization6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-33542
10XWiki redirect5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2022-23618
11RabbitMQ rabbitmq_federation_management Plugin cross site scriting2.01.9$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-32719
12Autodesk AutoCAD DWG File buffer overflow6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-27042
13Huawei Smartphone Configuration Privilege Escalation7.37.3$5k-$25k$5k-$25kNot DefinedNot Defined0.05CVE-2021-22343
14phpList Import Emails cross site scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-23217
15Synacor Zimbra Collaboration Suite Web Client cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-35207
16ACRN Device mem.c use after free5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-36145
17Fortinet FortiMail Administrative Interface buffer overflow6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-22129
18FlameCMS login.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2019-16309
19Vanilla Forums Filename cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2010-4264

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegesHigh
3T1110.001CWE-798Improper Restriction of Excessive Authentication AttemptsHigh
4TXXXXCWE-XXXXxxxxxxxxx XxxxxxHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxx XxxxxxxxxxxHigh
6TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxHigh
7TXXXX.XXXCWE-XXXXxxxxxxxxxxxHigh
8TXXXX.XXXCWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxHigh

IOA - Indicator of Attack (91)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/exponent_constants.phpHigh
2File/group/applyMedium
3File/image_zoom.phpHigh
4File/it-IT/splunkd/__raw/services/get_snapshotHigh
5File/jerry-core/ecma/base/ecma-gc.cHigh
6File/master/core/PostHandler.phpHigh
7File/preferences/tagsHigh
8Fileaccount/login.phpHigh
9Fileadmin.php/admin/admin/del/ids/<id>.htmlHigh
10Filearch/x86/events/intel/ds.cHigh
11Filexxxx/xxxxxxxxx.xxxHigh
12Filexxxxxx_xxxxxx.xxxHigh
13Filexxxxxxxxx.xxxHigh
14Filexxx.xxxLow
15Filexxxxxx/xxxxxxxxx.xHigh
16Filexxxxxx.xxMedium
17Filexxxxxxxxxxxxxxxxxxx.xxxxHigh
18Filexxxx/xxxxxxxxxxxxxxx.xxxHigh
19Filexxxxxxxxxxx/xxxx/xxx.xHigh
20Filexxxxxxxxxxx.xxxHigh
21Filexxxx_xxxxxxx.xHigh
22Filexxxxx.xxxMedium
23Filexxxxx.xxx/xxxxxxxxxxx/xxxxxx_xxxxxxx_xxx_xxxxxxxxxxxHigh
24Filexxxx.xxxMedium
25Filexxxx_xxxxxxx.xxxHigh
26Filexxx_xxxxxx_xxxxxx.xxHigh
27Filexxxx_xxxxxxx.xxxHigh
28Filexxxxx.xxxMedium
29Filexxxxx.xxxMedium
30Filexxxxxx_xxxxxxxxx.xxHigh
31Filexxxxxxx.xxxMedium
32Filexxx/xxxx/xx_xxxx_xxxxx.xHigh
33Filexxx/xxxx/xx_xxxxxxxxx.xHigh
34Filexxxxxxxxx.xxx.xxxHigh
35Filexxxxxxxx.xxMedium
36Filexxxxxxx/xxxxxx.xxxxxxx/xxxxxxxxxxxxxx.xxxHigh
37Filexxxx.xLow
38Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxHigh
39Filexxxx/xxx/xxx.xxxHigh
40Filexxxxxx.xxxMedium
41Filexxxxxx_xxxx.xHigh
42Filexxxxxx/xxxx/xxxxxx/xxxxxx/xxxxxx.xxHigh
43Filexxx_xxxxx_xxxx_xxxx.xxxHigh
44Filexxxxxxxxxx.xMedium
45Filexxxxxxx.xxxMedium
46Filexxxxxxxxxxxxx.xxxHigh
47File~/xxxxx-xxxxx.xxxHigh
48Library/xxxxxx/xxxxxx.xxxxx.xxxHigh
49Libraryxxxxxx.xxxMedium
50Libraryxxxxxx/xxx/xxxxxxxxx/xxx/xxx_xxx.xHigh
51ArgumentxxxxxxxxxxxMedium
52Argumentxxx x xxxxMedium
53ArgumentxxxxxxxxxxxxxHigh
54ArgumentxxLow
55ArgumentxxxLow
56ArgumentxxxLow
57ArgumentxxxxxLow
58ArgumentxxxLow
59Argumentxxxxxxx-xxxxxxxxxxxHigh
60ArgumentxxxxxxxxxxMedium
61Argumentxxxx_xxxxMedium
62ArgumentxxxxxxxxMedium
63Argumentxxxxxxxx/xxx/xxxxxx/xxxxxxxHigh
64ArgumentxxxxLow
65Argumentxxxxxxxxxxxxxx($xxx)High
66ArgumentxxxxxxxxMedium
67ArgumentxxLow
68Argumentxx xxxxxxxMedium
69ArgumentxxxxLow
70ArgumentxxxxxxxxxxxxxxHigh
71Argumentxxxxxxx_xxMedium
72Argumentxxxxxxxxx_xxxxxxxx_xxxxHigh
73Argumentxxxxxxx_xxxxMedium
74ArgumentxxxxLow
75ArgumentxxLow
76ArgumentxxxxxxxLow
77ArgumentxxxxxxxxMedium
78ArgumentxxxxxxxxxMedium
79Argumentxxxxx_xxxxMedium
80Argumentx_xxLow
81Argumentxx_xxxxxMedium
82ArgumentxxxxxxxLow
83Argumentxxxx xxxxMedium
84Argumentxxxx_xxxxMedium
85ArgumentxxxxxxxxMedium
86Argumentxxxxx/xxxxxxxxxxxHigh
87ArgumentxxxxLow
88ArgumentxxxxxxxxxxxxxxHigh
89ArgumentxxxxxxxxxMedium
90Input Value::$xxxxx_xxxxxxxxxxHigh
91Network Portxxx xxxxxx xxxxHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!