SideCopy Analiza
IOB - Indicator of Behavior (1000)
Zajęcia
Wysiłek
Luki w zabezpieczeniach
IOC - Indicator of Compromise (18)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (20)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (242)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Klasa | Indicator | Rodzaj | Pewność siebie |
---|---|---|---|---|
1 | File | .travis.yml | predictive | Medium |
2 | File | /.env | predictive | Niski |
3 | File | /admin.php | predictive | Medium |
4 | File | /admin/?page=inmates/view_inmate | predictive | Wysoki |
5 | File | /admin/subnets/ripe-query.php | predictive | Wysoki |
6 | File | /apply.cgi | predictive | Medium |
7 | File | /core/conditions/AbstractWrapper.java | predictive | Wysoki |
8 | File | /debug/pprof | predictive | Medium |
9 | File | /defaultui/player/modern.html | predictive | Wysoki |
10 | File | /dvcset/sysset/set.cgi | predictive | Wysoki |
11 | File | /edit-db.php | predictive | Medium |
12 | File | /export | predictive | Niski |
13 | File | /file?action=download&file | predictive | Wysoki |
14 | File | /forum/away.php | predictive | Wysoki |
15 | File | /goform/aspForm | predictive | Wysoki |
16 | File | /hardware | predictive | Medium |
17 | File | /installers/common.sh | predictive | Wysoki |
18 | File | /librarian/bookdetails.php | predictive | Wysoki |
19 | File | /medical/inventories.php | predictive | Wysoki |
20 | File | /monitoring | predictive | Medium |
21 | File | /opt/zimbra/jetty/webapps/zimbra/public | predictive | Wysoki |
22 | File | /plugin/LiveChat/getChat.json.php | predictive | Wysoki |
23 | File | /plugins/servlet/audit/resource | predictive | Wysoki |
24 | File | /plugins/servlet/project-config/PROJECT/roles | predictive | Wysoki |
25 | File | /proc | predictive | Niski |
26 | File | /replication | predictive | Medium |
27 | File | /RestAPI | predictive | Medium |
28 | File | /xxx/xxxxxx-xxxxxxxx-* | predictive | Wysoki |
29 | File | /xxxxxxx/ | predictive | Medium |
30 | File | /xxxxxx | predictive | Niski |
31 | File | /xxxx/xxxxxx.xxx?xxx=x | predictive | Wysoki |
32 | File | /xxx/xxx/xxxxx | predictive | Wysoki |
33 | File | /xxx/xxx/xxxxxxxx.xxx | predictive | Wysoki |
34 | File | /xxxxxx/xxxxxx.xxxx | predictive | Wysoki |
35 | File | /xxxxxxxx_xxxxx/xxxxxxx/xxxxxx.xxx?x=xxxxxx_xxxxx | predictive | Wysoki |
36 | File | /xx-xxxx/xxxxxx/x.x/xxxxx?xxx | predictive | Wysoki |
37 | File | xxxxxxxxxxxxxxxxxxxxxx.xxxx | predictive | Wysoki |
38 | File | xxxxxxx.xxx | predictive | Medium |
39 | File | xxxxxxx.xxx | predictive | Medium |
40 | File | xxx.xxx | predictive | Niski |
41 | File | xxxxxxx.xxx | predictive | Medium |
42 | File | xxx/xxx/xxxx-xxx | predictive | Wysoki |
43 | File | xxxxx.xxx | predictive | Medium |
44 | File | xxxxxxxxxxxxxxxxxxxxx.xxxx | predictive | Wysoki |
45 | File | xxxx/xxxxxxx/xxx/xxxxxx_xxxx.x | predictive | Wysoki |
46 | File | xxxx-xxxx.x | predictive | Medium |
47 | File | xxxx/xxxxxxx.xxx | predictive | Wysoki |
48 | File | x/xxxxxx/xxxxx.xxx | predictive | Wysoki |
49 | File | x:\xxxxxxx xxxxx\xxxxxx xxxxx\xxx\xxxxxxx.xxx | predictive | Wysoki |
50 | File | x:\xxxxxxx\xxxxxxxx\xxxxxx\xxx | predictive | Wysoki |
51 | File | xxx-xxx/xx.xxx | predictive | Wysoki |
52 | File | xxx/xxxxxxx.xx | predictive | Wysoki |
53 | File | xxxxx.xxx | predictive | Medium |
54 | File | xxxxxx.xxx | predictive | Medium |
55 | File | xxx_xxxxxx.xxx | predictive | Wysoki |
56 | File | xxx.xxx | predictive | Niski |
57 | File | xxxxxxx.xxx | predictive | Medium |
58 | File | xxxxxx.xxx | predictive | Medium |
59 | File | xxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/ | predictive | Wysoki |
60 | File | x_xxxxxx | predictive | Medium |
61 | File | xxxxxxx.xxx | predictive | Medium |
62 | File | xxxx_xxxxxx.xxx | predictive | Wysoki |
63 | File | xxxxxxx/xxxxx/xxxxxx.x | predictive | Wysoki |
64 | File | xxxxxxx/xxx/xxxxxxx/xxxx.x | predictive | Wysoki |
65 | File | xxxx_xxxxx.xxx | predictive | Wysoki |
66 | File | xxxxxxxxxxx.xxx | predictive | Wysoki |
67 | File | xxx/xxxxxxxx/xxxx.x | predictive | Wysoki |
68 | File | xxx/xxxxxxxx/xxx_xxxxxxxxxxxx.x | predictive | Wysoki |
69 | File | xxxxxxxx.x | predictive | Medium |
70 | File | xx/xxxxxxxxx.x | predictive | Wysoki |
71 | File | xx/xxxxx.x | predictive | Medium |
72 | File | xx/xxxxx/xxxxxxx.x | predictive | Wysoki |
73 | File | xxxxx.xxx | predictive | Medium |
74 | File | xxxxxx.xxx | predictive | Medium |
75 | File | xxxxxxxxxx.xx | predictive | Wysoki |
76 | File | xxxxxxxxxxxxx.xxxx | predictive | Wysoki |
77 | File | xxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xx | predictive | Wysoki |
78 | File | xxxxx-xxxxx.x | predictive | Wysoki |
79 | File | xxxxxx_xxxxx_xxxxxxx.x | predictive | Wysoki |
80 | File | xxxxx-xxxxxxxxxx.x | predictive | Wysoki |
81 | File | xxx/xxxxxx.xxx | predictive | Wysoki |
82 | File | xxxxx.xxx | predictive | Medium |
83 | File | xxxxx:/xxxxxxxx/xxxxxxxxxxxx.xxxx | predictive | Wysoki |
84 | File | xxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx | predictive | Wysoki |
85 | File | xxxx_xxxx.xxx | predictive | Wysoki |
86 | File | xxxx_xxxx.xxx | predictive | Wysoki |
87 | File | xxxx_xxxxxx.xx | predictive | Wysoki |
88 | File | xxxxxx/xxx/xxxxxxxx.x | predictive | Wysoki |
89 | File | xxxxxx/xxxxx/xxxxx_xxxxxx_xxxxxx.x | predictive | Wysoki |
90 | File | xxxxxxx/xx_xxx.x | predictive | Wysoki |
91 | File | xxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxx | predictive | Wysoki |
92 | File | xxxx.xxx | predictive | Medium |
93 | File | xxxxx.xxx | predictive | Medium |
94 | File | xxxxx.xxx | predictive | Medium |
95 | File | xxxxx/ | predictive | Niski |
96 | File | xxxxxxxxxx/xxxxxxxx.x | predictive | Wysoki |
97 | File | xxxxxxxxxx/xxx.x | predictive | Wysoki |
98 | File | xxxx.x | predictive | Niski |
99 | File | xxxx.xxx | predictive | Medium |
100 | File | xxxxxx_xxxxx_xxxxxxx.x | predictive | Wysoki |
101 | File | xxxxxxxxxxxxxxxx.x | predictive | Wysoki |
102 | File | xxx/xxxxxxxxx/xx_xxxxxx_xxx.x | predictive | Wysoki |
103 | File | xxx/xxxxxxxxx/x_xxxxxx.x | predictive | Wysoki |
104 | File | xxxx.xxx | predictive | Medium |
105 | File | xxx_xxxxxxx.x | predictive | Wysoki |
106 | File | xxxxxxxxxxxxxxxxxxxxx.xxxx | predictive | Wysoki |
107 | File | xxx_xx.x | predictive | Medium |
108 | File | xxxxxxxxxxxxxxxxx.xxx | predictive | Wysoki |
109 | File | xxxx_xxxxxx.x | predictive | Wysoki |
110 | File | xxxxxxxxx.xxx.xxx | predictive | Wysoki |
111 | File | xxxxxxx.xxx | predictive | Medium |
112 | File | xxxxxxxx.xxxx | predictive | Wysoki |
113 | File | xxxxxxxxxxxxx.xxxx | predictive | Wysoki |
114 | File | xxxxxx.x | predictive | Medium |
115 | File | xxxxxxxxxxxxx.xxx | predictive | Wysoki |
116 | File | xxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][] | predictive | Wysoki |
117 | File | xxxxxxxx.xxx | predictive | Medium |
118 | File | xxxxxxx.xxx | predictive | Medium |
119 | File | xxxxx.xxx | predictive | Medium |
120 | File | xxxxxxxx.xxx | predictive | Medium |
121 | File | xxxxxxx.x | predictive | Medium |
122 | File | xxxxxxxxxx_xxxxx.xxxxxx | predictive | Wysoki |
123 | File | xxxx_xxx_xx.x | predictive | Wysoki |
124 | File | xx_xxx.x | predictive | Medium |
125 | File | xxxxxx.x | predictive | Medium |
126 | File | xxxxx.xxx | predictive | Medium |
127 | File | xxxx-xxxxxx.x | predictive | Wysoki |
128 | File | xxxxxxx.x | predictive | Medium |
129 | File | xxx/xxx_xxxxx.x | predictive | Wysoki |
130 | File | xxxxxxx.xxx | predictive | Medium |
131 | File | xxxxxxx.xxx.xx.xxxxxxxxxxx.xxx | predictive | Wysoki |
132 | File | xxx_xxx.x | predictive | Medium |
133 | File | xxxx-xxxxx.xxx | predictive | Wysoki |
134 | File | xxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxx.xxx | predictive | Wysoki |
135 | File | xxxx.xxxxxxxxx.xxx | predictive | Wysoki |
136 | File | xxxx_xxxx.xxx | predictive | Wysoki |
137 | File | xxxxxx.xxx | predictive | Medium |
138 | File | xxx.xxx | predictive | Niski |
139 | File | xxx.xxxxxx | predictive | Medium |
140 | File | xxxxxx/xx/xxxx.xxx | predictive | Wysoki |
141 | File | xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx | predictive | Wysoki |
142 | File | xx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxx | predictive | Wysoki |
143 | File | xx-xxxxxxxx/xxxx.xxx | predictive | Wysoki |
144 | File | xx/xx/xxxxx | predictive | Medium |
145 | File | xx_xxxxxxx.x | predictive | Medium |
146 | File | _xxxxxxxx/xxxxxxxx.xxx | predictive | Wysoki |
147 | File | ~/xxxx/xxx/xxxxxxx/xxxxxxxxxx/xxxxxx.xxx | predictive | Wysoki |
148 | Library | xxxxx/xxxxxxxxx/xxxx.xxxxxxxxx.xxx | predictive | Wysoki |
149 | Library | xxxxxxxxxx/xxxxxxxx.x | predictive | Wysoki |
150 | Library | xxxxxxxx.xxx | predictive | Medium |
151 | Library | xxxxxxxxx.xxx | predictive | Wysoki |
152 | Library | xxxxxxxx.xxx | predictive | Medium |
153 | Library | xxxxxx.xxx.xxx.xxx | predictive | Wysoki |
154 | Library | xxxxxxxx.xxx | predictive | Medium |
155 | Library | xxxxx.xxx | predictive | Medium |
156 | Library | xxxxxxxx.xxx | predictive | Medium |
157 | Library | xxxxxxxx.xxx | predictive | Medium |
158 | Argument | -x | predictive | Niski |
159 | Argument | xxxxx.xxxxxxxx | predictive | Wysoki |
160 | Argument | xxxxxx_xxxx | predictive | Medium |
161 | Argument | xxxxxxxx | predictive | Medium |
162 | Argument | xxx | predictive | Niski |
163 | Argument | xxxxx | predictive | Niski |
164 | Argument | xxx_xx | predictive | Niski |
165 | Argument | xxxx_xx | predictive | Niski |
166 | Argument | xxxxxx | predictive | Niski |
167 | Argument | xxxxxxx xxxx | predictive | Medium |
168 | Argument | xxxxxxxxxx | predictive | Medium |
169 | Argument | xxxxxxx | predictive | Niski |
170 | Argument | xxxxxxx_xxxx->xxx($xxxxxxxx) | predictive | Wysoki |
171 | Argument | xxxxx | predictive | Niski |
172 | Argument | xxxxxx_xxxx | predictive | Medium |
173 | Argument | xxxxxxx | predictive | Niski |
174 | Argument | xxxx_xx | predictive | Niski |
175 | Argument | xxxx | predictive | Niski |
176 | Argument | xxxxxxxx | predictive | Medium |
177 | Argument | xx | predictive | Niski |
178 | Argument | xx | predictive | Niski |
179 | Argument | xxxxxxxxxxxxxx | predictive | Wysoki |
180 | Argument | xxxxxxx | predictive | Niski |
181 | Argument | xxxxx[xxxxx][xx] | predictive | Wysoki |
182 | Argument | xxxx_xxxxxx_xxxx | predictive | Wysoki |
183 | Argument | xxxx x xxxx | predictive | Medium |
184 | Argument | xxxxxxxxx/xxxxxxxxx | predictive | Wysoki |
185 | Argument | xxxx | predictive | Niski |
186 | Argument | xxxxxxxxxxxxxxxxxxxx | predictive | Wysoki |
187 | Argument | xx | predictive | Niski |
188 | Argument | xxxxxxx/xxxx/xxxxxxxx | predictive | Wysoki |
189 | Argument | xxxxx/xxxxxx | predictive | Medium |
190 | Argument | xxxx | predictive | Niski |
191 | Argument | xxxxxxxx | predictive | Medium |
192 | Argument | xxxxxxxx | predictive | Medium |
193 | Argument | xxxxxxxx | predictive | Medium |
194 | Argument | xxxxxxxxx | predictive | Medium |
195 | Argument | xxx_xxx | predictive | Niski |
196 | Argument | xxxxxxxxxxxxx | predictive | Wysoki |
197 | Argument | xxxxxx | predictive | Niski |
198 | Argument | xxxxxxx | predictive | Niski |
199 | Argument | xx_xxxxxxx_xxxxxxx | predictive | Wysoki |
200 | Argument | xxxxxxxxxxxxx | predictive | Wysoki |
201 | Argument | xxxxx | predictive | Niski |
202 | Argument | xxxxxxx_xxx | predictive | Medium |
203 | Argument | xxxx | predictive | Niski |
204 | Argument | xxxxxxxxxxxxx | predictive | Wysoki |
205 | Argument | xxxxxxx | predictive | Niski |
206 | Argument | xxxxxx | predictive | Niski |
207 | Argument | xxxxxxxx_xxxxx | predictive | Wysoki |
208 | Argument | xxxxxxxxxxxx | predictive | Medium |
209 | Argument | xxxxxx | predictive | Niski |
210 | Argument | xxxxx | predictive | Niski |
211 | Argument | xxx | predictive | Niski |
212 | Argument | xxx/xxxxxxx | predictive | Medium |
213 | Argument | xxxxxx | predictive | Niski |
214 | Argument | xxx | predictive | Niski |
215 | Argument | xxxxxxxx-xxxxxxxx | predictive | Wysoki |
216 | Argument | xxxxxxxxxxxxxx | predictive | Wysoki |
217 | Argument | xxx | predictive | Niski |
218 | Argument | xxxx | predictive | Niski |
219 | Argument | xxxxxxxx | predictive | Medium |
220 | Argument | xxxxxxx | predictive | Niski |
221 | Argument | xxxx->xxxxxxx | predictive | Wysoki |
222 | Argument | x-xxxxxxxxx-xxx | predictive | Wysoki |
223 | Argument | xxx | predictive | Niski |
224 | Argument | _xxx_xxxxxxx_xxxxxxx_xxxxxxxxxxxxx_xxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxx | predictive | Wysoki |
225 | Argument | _xxx_xxxxxxxxxxx_ | predictive | Wysoki |
226 | Input Value | ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxx | predictive | Wysoki |
227 | Input Value | .%xx.../.%xx.../ | predictive | Wysoki |
228 | Input Value | // | predictive | Niski |
229 | Input Value | xxx xxxxxxxx | predictive | Medium |
230 | Input Value | x%xx%xxxxx%xxx=x%xxxxxxx%xxxxxxxx%xxx,xxxx(),x,x,x,x,x,x,x,x,xxxxxxxx(),x,x,x,x,x,x,x,x,x,x,x,x,x--+ | predictive | Wysoki |
231 | Input Value | xxxxxxxx | predictive | Medium |
232 | Input Value | xxxxxxxxx' xxx 'x'='x | predictive | Wysoki |
233 | Input Value | xxxxx | predictive | Niski |
234 | Input Value | xxxxxxx_xxxxx.xxxxxxx_xxxxxxx | predictive | Wysoki |
235 | Input Value | \x | predictive | Niski |
236 | Input Value | ….// | predictive | Niski |
237 | Pattern | |xx| | predictive | Niski |
238 | Network Port | xxxxx | predictive | Niski |
239 | Network Port | xx xxxxxxx xxx.xx.xx.xx | predictive | Wysoki |
240 | Network Port | xxxxx xxx-xxx, xxx | predictive | Wysoki |
241 | Network Port | xxx/xx (xxxxxx) | predictive | Wysoki |
242 | Network Port | xxx xxxxxx xxxx | predictive | Wysoki |
Referencje (7)
The following list contains external sources which discuss the actor and the associated activities:
- https://blog.malwarebytes.com/threat-intelligence/2021/12/sidecopy-apt-connecting-lures-to-victims-payloads-to-infrastructure/
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxxxx.xxxx
- xxxxx://xxxxx.xxx/xxxx/xxxxxxxxx-xxxxxxxx-xxx-xxxxx-xxxx-xxxxxx-xx-xxxxxx-xxxx/
- xxxxx://xxxxxx.xxx/xxxxx/xxxxx_xxxxxx_xxxxxxxxxxxx/xxxx/xxxx/xxxxxx/xxxxxxxx
- xxxxx://xxxxxxxxxxxxx.xxx/xxxxxx-xxxxxxxxxx-xxxxxxxx-xxxxxxxx-xx-xxxxxxxx-xxxxxxx-xx-xxx-xxxxx-xxxxxxxx/
- xxxxx://xxxxxxx.xxx/xxxxxxxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxxx.xxx/xxxxxxxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxx