BazarLoader Analyse
IOB - Indicator of Behavior (248)
Aktivitäten
Interesse
Schwachstellen
Kampagnen (3)
These are the campaigns that can be associated with the actor:
- Anchor
- Xxxxxxxxxxx
- Xxxxxx
IOC - Indicator of Compromise (162)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (18)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (118)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Klasse | Indicator | Typ | Akzeptanz |
---|---|---|---|---|
1 | File | //proc/kcore | prädiktiv | Medium |
2 | File | /api | prädiktiv | Low |
3 | File | /api/sys_username_passwd.cmd | prädiktiv | High |
4 | File | /forum/away.php | prädiktiv | High |
5 | File | /home/cavesConsole | prädiktiv | High |
6 | File | /inc/parser/xhtml.php | prädiktiv | High |
7 | File | /include/makecvs.php | prädiktiv | High |
8 | File | /PluXml/core/admin/parametres_edittpl.php | prädiktiv | High |
9 | File | /requests.php | prädiktiv | High |
10 | File | /usr/local/psa/admin/sbin/wrapper | prädiktiv | High |
11 | File | /wp-admin/admin.php?page=wp_file_manager_properties | prädiktiv | High |
12 | File | add.php | prädiktiv | Low |
13 | File | admin/admin.shtml | prädiktiv | High |
14 | File | AdminOrdercontroller.java | prädiktiv | High |
15 | File | xxxxx_xxx.xxx | prädiktiv | High |
16 | File | xxx/xxxx/xxxxxxxxxx/xxxxxxxxxxxxxx.xxx | prädiktiv | High |
17 | File | xxxxxxxx\xxxxx.xxx | prädiktiv | High |
18 | File | xxxxxxxxxxxxxxxx.xxxx | prädiktiv | High |
19 | File | xxx-xxxxxx-xxxxxx.x | prädiktiv | High |
20 | File | xxx.xxx | prädiktiv | Low |
21 | File | xxx.xxx | prädiktiv | Low |
22 | File | xxxxxxx/xxxxx.xxx | prädiktiv | High |
23 | File | xxxxx.xxxxxxxxx.xxx | prädiktiv | High |
24 | File | xxxxxxxxxx.xxx | prädiktiv | High |
25 | File | xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xx | prädiktiv | High |
26 | File | xxx.xxx | prädiktiv | Low |
27 | File | xxxxxxxx/xxx.xxx?xxxx=xxxxxxx | prädiktiv | High |
28 | File | xxxxxxxxxxxxxxxxxxxxxxxxx.xxxx | prädiktiv | High |
29 | File | xxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/ | prädiktiv | High |
30 | File | xxxxxx/xx/xx_xxxxx.x | prädiktiv | High |
31 | File | xxxx:x.x/xx:x/xx:x/xx:x/xx:x/x:x/x:x/x:x/x:x | prädiktiv | High |
32 | File | xxxx/xxxxxxxxxxxxxxx.xxx | prädiktiv | High |
33 | File | xxxxxxx.xxx | prädiktiv | Medium |
34 | File | xxxxxx.xxx | prädiktiv | Medium |
35 | File | xxxxx_xxxxxxx_xxxx.xxxxx.xxx | prädiktiv | High |
36 | File | xxxxxxx/xxx/xx/xx.x | prädiktiv | High |
37 | File | xxxx.xxx | prädiktiv | Medium |
38 | File | xxxxx.xxx | prädiktiv | Medium |
39 | File | xxx.x | prädiktiv | Low |
40 | File | xxxx/xxxxxxxxxx/xxxxxx-xxxxxxxxx.x | prädiktiv | High |
41 | File | xxxxxx.xxx | prädiktiv | Medium |
42 | File | xxxxxxxxxxxxxxxxxxxx.xxx | prädiktiv | High |
43 | File | xxxxxxxxxxxx.xxx | prädiktiv | High |
44 | File | xxxx.xxx | prädiktiv | Medium |
45 | File | xxxxxxx/xxxxxx.xxx | prädiktiv | High |
46 | File | xxx/xxxxxx.xxx | prädiktiv | High |
47 | File | xxxxx.xxx | prädiktiv | Medium |
48 | File | xxxx.xxx | prädiktiv | Medium |
49 | File | xxxxxx\xxxxxxxxx\xxxxxx\xxxxxxx\xxxxxxxxx | prädiktiv | High |
50 | File | xx.xxx | prädiktiv | Low |
51 | File | xxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxx | prädiktiv | High |
52 | File | xxxxx_xx.xxxx | prädiktiv | High |
53 | File | xxxxxxxx_xxxxxxx.xxx | prädiktiv | High |
54 | File | xxxx.xxx | prädiktiv | Medium |
55 | File | xxxxxxx.xxx | prädiktiv | Medium |
56 | File | xxxxxx.xxx/xxxx_xxxx_xxxx.xxx | prädiktiv | High |
57 | File | xxxxxxxx/xxxxxx-xxxxx/xxxxxxxxxxx/xxxx.xx | prädiktiv | High |
58 | File | xxxxxxx.xxx | prädiktiv | Medium |
59 | File | xxxxxxx/xxx/xxxxx/xxxxx.xxxxxx.xxx | prädiktiv | High |
60 | File | xxxxx_xxxxxxxx.xxx | prädiktiv | High |
61 | File | xxxxxxx.xxx | prädiktiv | Medium |
62 | File | xxxxxxxxxxx.xxx | prädiktiv | High |
63 | File | xxxxx.xxx | prädiktiv | Medium |
64 | File | xxxxxxxx.xxx | prädiktiv | Medium |
65 | File | xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx | prädiktiv | High |
66 | File | xx_xxx.xx | prädiktiv | Medium |
67 | File | xxxxxxxx.xx?xxxxxxxxxxxx=xxxxxxxx&xxxx=x-xxxx&xxxxxxxx=xxxxxxxxxx&xx | prädiktiv | High |
68 | File | xxxx.xxx | prädiktiv | Medium |
69 | File | xxxxxx.xxxxx.xxx | prädiktiv | High |
70 | File | xxxxxx/xxxxx/xx/xxxxxxxxxx/xxxxxxx/xxxxxxxxxx/xxxxxx/xxxxxxxxx.xxx | prädiktiv | High |
71 | File | xxxx-xxxxx.xxx | prädiktiv | High |
72 | File | xxxxxxxx.xxx | prädiktiv | Medium |
73 | File | xx-xxxxx/xxxxxxx.xxx | prädiktiv | High |
74 | File | xx-xxxxxx.xxx | prädiktiv | High |
75 | File | xx-xxxxxxxx.xxx | prädiktiv | High |
76 | File | ~/xxxxxxxxx/ | prädiktiv | Medium |
77 | Library | xxx/xxxxxx.xx | prädiktiv | High |
78 | Library | xxx/xxx_xxx.x | prädiktiv | High |
79 | Library | xxxxxxxxx/xxx-xxxxxx/xxxxxxxx.xxx | prädiktiv | High |
80 | Argument | xxxxxx | prädiktiv | Low |
81 | Argument | xxxxxxxxxxxxxxxx | prädiktiv | High |
82 | Argument | xxxxxxxx | prädiktiv | Medium |
83 | Argument | xxx | prädiktiv | Low |
84 | Argument | xxxxxxx | prädiktiv | Low |
85 | Argument | xxxx | prädiktiv | Low |
86 | Argument | xxxxxxxxxxx(xxxxxx) | prädiktiv | High |
87 | Argument | xxxx/xxxxxx/xxx | prädiktiv | High |
88 | Argument | xxxxx | prädiktiv | Low |
89 | Argument | xxxxxxxx | prädiktiv | Medium |
90 | Argument | xxxxxxxxxxxx | prädiktiv | Medium |
91 | Argument | xxxxx_xx | prädiktiv | Medium |
92 | Argument | xxxx | prädiktiv | Low |
93 | Argument | xx | prädiktiv | Low |
94 | Argument | xx_xxxxxxxx | prädiktiv | Medium |
95 | Argument | xxxx | prädiktiv | Low |
96 | Argument | xxxxxx | prädiktiv | Low |
97 | Argument | xxxxxx | prädiktiv | Low |
98 | Argument | xxxxx[xxxxx][xx] | prädiktiv | High |
99 | Argument | xxxxx | prädiktiv | Low |
100 | Argument | xxxx | prädiktiv | Low |
101 | Argument | xxxx_xxxx | prädiktiv | Medium |
102 | Argument | xxxx | prädiktiv | Low |
103 | Argument | xxxxxxxx | prädiktiv | Medium |
104 | Argument | xxxxxxxxx | prädiktiv | Medium |
105 | Argument | xxxxxx | prädiktiv | Low |
106 | Argument | xxxxxxxx/xxxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxx | prädiktiv | High |
107 | Argument | xxxx | prädiktiv | Low |
108 | Argument | xxxxxxxx | prädiktiv | Medium |
109 | Argument | xxxxxxxxxx | prädiktiv | Medium |
110 | Argument | xxxxxxxxxx_xxxx | prädiktiv | High |
111 | Argument | xxx | prädiktiv | Low |
112 | Argument | xxx | prädiktiv | Low |
113 | Argument | xxxx-xxxxx | prädiktiv | Medium |
114 | Argument | xxxx_xxxxx | prädiktiv | Medium |
115 | Argument | xxxx | prädiktiv | Low |
116 | Argument | xxxxxxxxxxxxxxxx | prädiktiv | High |
117 | Argument | xxxx->xxxxxxx | prädiktiv | High |
118 | Network Port | xxx/xxx (xxxx) | prädiktiv | High |
Referenzen (27)
The following list contains external sources which discuss the actor and the associated activities:
- https://blog.talosintelligence.com/2021/01/threat-roundup-0108-0115.html
- https://blog.talosintelligence.com/2021/05/threat-roundup-0514-0521.html
- https://blog.talosintelligence.com/2022/02/threat-roundup-0211-0218.html
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxxx.xxxxxxxx.xxx/xxxxx-xxxxxx-xxxxxxxxxxxx/xxxxxxxxxx-xxxxxxx-xxxxxx-xxxxxxxxxx-xxxxxx/
- xxxxx://xxxxxxxxx.xxxxxxx.xxx/#!/x/xxxxxxxxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxx.xxx/xxxxxxxxxxxxxx/xxxxxxx-xxxx/xxxx/xxxx/xxxx-xx-xx%xxxxxxxxxxxxx%xxxxxx
- xxxxx://xxxxxx.xxx/xxxxxxxxxxxxxx/xxxxxxx-xxxx/xxxx/xxxx/xxxx-xx-xx%xxxxxxxxxxxxx%xxxxxx
- xxxxx://xxxxxx.xxx/xxxxxxxxxxxxxx/xxxxxxx-xxxx/xxxx/xxxx/xxxx-xx-xx%xxxxxxxxxxxxx%xxxxxx
- xxxxx://xxxxxx.xxx/xxxxxxxxxxxxxx/xxxxxxx-xxxx/xxxx/xxxx/xxxx-xx-xx%xxxxxxxxxxx%xxxxxx
- xxxxx://xxxxxx.xxx/xxxxxxxxxxxxxx/xxxxxxx-xxxx/xxxx/xxxx/xxxx-xx-xx%xxxxxxxxxxxxx%xxxxxx
- xxxxx://xxxxxx.xxx/xxxxxxxxxxxxxx/xxxxxxx-xxxx/xxxx/xxxx/xxxx-xx-xx%xxxxxxxxxxxxx%xxxxxx
- xxxxx://xxxxxx.xxx/xxxxxxxxxxxxxx/xxxxxxx-xxxx/xxxx/xxxx/xxxx-xx-xx%xxxxxxxxxxxxx%xxxxxx
- xxxxx://xxxxxx.xxx/xxxxxxxxxxxxxx/xxxxxxx-xxxx/xxxx/xxxx/xxxx-xx-xx%xxxxxxxxxxxxx%xxxxxx
- xxxxx://xxxxxx.xxx/xxxxxxxxxxxxxx/xxxxxxx-xxxx/xxxx/xxxx/xxxx-xx-xx%xxxxxxxxxxxxx%xxxxxx
- xxxxx://xxxxxx.xxx/xxxxx/xxxxx_xxxxxx_xxxxxxxxxxxx/xxxx/xxxx/xxxxxx/xxxxxxxxxxx
- xxxxx://xxx.xxxx.xxx/xxxxxx/xxxxx/xxxxx+xxxx+xxxxxxxx+xxxx+xxxxxxx+xxx+xxxxxxxx/xxxxx/
- xxxxx://xxx.xxxx.xxx/xxxxxx/xxxxx/xxxxxx+xxxxxx+xxxxxxxx+xxxxxxxx+xxxxxxxxx+xxxxxxx+xxxxxxxxxxx+xxxxxxx/xxxxx/
- xxxxx://xxx.xxxx.xxx/xxxxxx/xxxxx/xxxxx+xxxxxxx+xxxxxxxxx+xxxxxxx+xxxxxxxxxxx+xxxxxxxxxx+xxxx+xx+xxxxxx+xxxxxx/xxxxx/
- xxxxx://xxxxxxxxxxxxx.xxx/xxxx/xx/xx/xxxxx-xxxxx-xxx-xxxxxx/
- xxxxx://xxxxxxxxxxxxx.xxx/xxxx/xx/xx/xxxxxxxxxxx-xx-xxxxx-xxxxxxxxxx-xx-xx-xxxxx/
- xxxxx://xxxxxxxxxxxxx.xxx/xxxx/xx/xx/xxxxxxxxxxx-xxx-xxx-xxxxx-xxxxx/
- xxxxx://xxxxxxxxxxxxx.xxx/xxxx/xx/xx/xxxxxxxxxx-xxx-xxxxx-xxxxxxxxxx-xxxxx/
- xxxxx://xxxxxxxxxxxxx.xxx/xxxx/xx/xx/xxxxxx-xxxxxxxxxx/
- xxxxx://xxxxxxx.xxx/xxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxxx.xxx/xxxxxxxxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxxx.xxx/_xxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxx