Zloader Analysis

IOB - Indicator of Behavior (156)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en134
jp8
ar4
es4
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows14
Fortinet FortiOS4
Apache Tomcat4
WordPress4
Ransom.REvil2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1LavaLite team cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2020-36395
2jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.040.04499CVE-2019-7550
3devent globalpom-utils FileResourceManagerProvider.java createTmpDir temp file6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.650.01018CVE-2018-25068
4Cisco ASA/Firepower Threat Defense SNMP unknown vulnerability6.96.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.01055CVE-2022-20924
5webpack loader-utils parseQuery.js parseQuery prototype pollution5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.060.01537CVE-2022-37601
6ZKTeco ZKBiosecurity baseOpLog.do sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.00890CVE-2022-36635
7ONLYOFFICE Document Server NSFileDownloader input validation8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.050.01440CVE-2020-11534
8ONLYOFFICE Document Server libxcb.so.1 XML xml injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.01440CVE-2020-11535
9ONLYOFFICE Document Server unzip input validation8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.010.01440CVE-2020-11536
10ONLYOFFICE Document Server WebSocket API sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.090.00885CVE-2020-11537
11ONLYOFFICE Document Server JWT upload pathname traversal8.07.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.05634CVE-2021-3199
12Velocidex Velociraptor temp file6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2022-35631
13AnyMind Widget Plugin anymind-widget-id.php createDOMStructure cross-site request forgery6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.060.00885CVE-2022-2435
14Supsystic Data Tables Generator Plugin cross site scripting3.63.5$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00885CVE-2022-2114
15Frappe ERPNext Profile cross site scripting4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2022-23057
16Dominion Democracy Suite Voting System ImageCast X unnecessary privileges7.87.5$0-$5k$0-$5kNot DefinedNot Defined0.040.01036CVE-2022-1744
17XWiki Platform Filter UI cross site scripting5.85.7$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00954CVE-2022-29258
18Apple macOS Kernel memory corruption7.87.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01237CVE-2022-22672
19Tuxera NTFS-3G fuse_lib_opendir memory corruption5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.01282CVE-2022-30785
20Halibut Text Document index.c cleanup_index use after free5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2021-42612

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Microsoft Signature Verification

IOC - Indicator of Compromise (23)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (88)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/user/teampredictiveHigh
2File/baseOpLog.dopredictiveHigh
3File/bcms/admin/?page=user/listpredictiveHigh
4File/uploadpredictiveLow
5Fileast/parser.gopredictiveHigh
6Fileauthent.php4predictiveMedium
7FileboardData103.php/boardDataJP.php/boardDataNA.php/boardDataWW.phppredictiveHigh
8Filecatalog.asppredictiveMedium
9Filecontrollers/Weixin.phppredictiveHigh
10Filedapur/index.phppredictiveHigh
11Filedata/gbconfiguration.datpredictiveHigh
12Filexxxxxxxx.xxxpredictiveMedium
13Filexxxxxx_x_x.xxxpredictiveHigh
14Filexxxxxxxx.xpredictiveMedium
15Filexxxxxxx.xxxpredictiveMedium
16Filexxxxx/xxxxxxxxxxx.xxxx.xxxpredictiveHigh
17Filexxxxxxx.xxxpredictiveMedium
18Filexxx_xxxx.xxxpredictiveMedium
19Filexxxxxxxxxxxxxx-xxxxxxxxxxxxx/xxx/xxxx/xxxx/xxx/xxxxxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
20Filexxxx.xxxpredictiveMedium
21Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
22Filexxxxx.xpredictiveLow
23Filexxxxx.xxxpredictiveMedium
24Filexxxxx.xxxpredictiveMedium
25Filexxxxxxxxxx/xxxxxxxx.xpredictiveHigh
26Filexxxxxxxxxxxx.xxxpredictiveHigh
27Filexxxxx.xxxpredictiveMedium
28Filexxxxxxxxxxx.xxxpredictiveHigh
29Filexxxx.xxxpredictiveMedium
30Filexxxxxxxxxx.xxpredictiveHigh
31Filexxxxxxxxxxx_xxxxxxxxxxxx.xxpredictiveHigh
32Filexxxx.xxxpredictiveMedium
33Filexxxx.xxxpredictiveMedium
34Filexxxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
36Filexxxxx.xxxpredictiveMedium
37Filexxxxxx.xxxpredictiveMedium
38Filexxxxxx.xxxxpredictiveMedium
39Filexxxxxxxx-xxxxxx_xxxxx.xxxpredictiveHigh
40Filexxxxx.xxxpredictiveMedium
41Filexxxxx.xxxxpredictiveMedium
42Filexxxxxx.xxxpredictiveMedium
43Filexx-xxxxx/xxxxx-xxxx.xxx?xxxxxx=xxxxxx_xxxxxxxpredictiveHigh
44Filexx-xxxxx.xxxpredictiveMedium
45Filexx-xxxxxxxxxxxx.xxxpredictiveHigh
46File~/xxxxxxx-xxxxxx-xx.xxxpredictiveHigh
47Libraryxxxxx.xxxpredictiveMedium
48Libraryxxxxxxxxxx.xxxpredictiveHigh
49Libraryxxxxxx.xx.xpredictiveMedium
50Libraryxxxxxxxx.xxxpredictiveMedium
51Libraryxxxxx.xxxpredictiveMedium
52Libraryxxxxxxx.xxxpredictiveMedium
53Libraryxxxxxxxx.xxxpredictiveMedium
54ArgumentxxxxxxxxxpredictiveMedium
55ArgumentxxpredictiveLow
56ArgumentxxxpredictiveLow
57ArgumentxxxpredictiveLow
58ArgumentxxxxxxxpredictiveLow
59ArgumentxxpredictiveLow
60ArgumentxxxxxxxxxxxxpredictiveMedium
61ArgumentxxxxpredictiveLow
62ArgumentxxxxxpredictiveLow
63ArgumentxxxxxxxpredictiveLow
64ArgumentxxxxpredictiveLow
65ArgumentxxxxxxxxpredictiveMedium
66Argumentxxxxxxxx xxxx/xxxxxxxx xxxxxxxx/xxxxxxxx xxxxxxx xx/xxxxxxx/xxxxpredictiveHigh
67ArgumentxxxxpredictiveLow
68ArgumentxxpredictiveLow
69ArgumentxxxpredictiveLow
70ArgumentxxxxpredictiveLow
71Argumentxxxxxxxxxxx/xxxxxxxxxpredictiveHigh
72ArgumentxxxxpredictiveLow
73ArgumentxxxxxxpredictiveLow
74ArgumentxxxxxxpredictiveLow
75Argumentxxxxxxx_xxpredictiveMedium
76Argumentxxxx_xxxxxxxx_xxxx_xxxxxpredictiveHigh
77ArgumentxxxxpredictiveLow
78ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
79ArgumentxxxxxxxxpredictiveMedium
80ArgumentxxxpredictiveLow
81ArgumentxxxpredictiveLow
82ArgumentxxxxpredictiveLow
83ArgumentxxxxxxxxpredictiveMedium
84Argumentxxxx/xx/xxxx/xxxpredictiveHigh
85ArgumentxxpredictiveLow
86Argumentxx_xxxxxxxxxxxx_xxxxpredictiveHigh
87Input Value</xx><xxx xxx="" xxxxxxx="xxxxx(x)"><xx>xpredictiveHigh
88Pattern/xxxxxxxxx/predictiveMedium

References (7)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!