FelixRoot Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (620)

Tidslinje

Lang

en542
de16
es12
pl12
it12

Land

us280
ru26
it10
cn8
ua4

Skådespelare

FelixRoot2
BianLian2
APT331
APT281
Meterpreter1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined214
WordPress Plugin18
Content Management System16
Operating System16
Learning Management Software10

Säljare

Not Defined166
Microsoft16
Google10
IBM10
Cisco8

Produkt

Moodle8
PHP8
Linux Kernel8
Iomega/Lenovo/LenovoEMC NAS6
Google Android6

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.29CVE-2010-0966
2Pligg cloud.php sql injektion6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.67
3Trivantis Coursemill Learning Management System userlogin.jsp privilegier eskalering9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.002300.00CVE-2013-3599
4Moodle Manifest locallib.php informationsgivning5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.003130.00CVE-2014-3543
5TikiWiki tiki-register.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010751.87CVE-2006-6168
6Tiki Admin Password tiki-login.php svag autentisering8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009365.03CVE-2020-15906
7jforum User privilegier eskalering5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.05CVE-2019-7550
8LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.16
9PHPizabi index.php kataloggenomgång6.55.7$0-$5k$0-$5kUnprovenUnavailable0.008260.19CVE-2008-3723
10MGB OpenSource Guestbook email.php sql injektion7.37.3$0-$5k$0-$5kHighUnavailable0.013021.68CVE-2007-0354
11V-EVA Press Release Script page.php sql injektion7.37.1$0-$5k$0-$5kHighUnavailable0.001870.14CVE-2010-5047
12Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
13eTicket newticket.php cross site scripting4.34.1$0-$5k$0-$5kHighOfficial Fix0.002200.07CVE-2008-0093
14PHP phpinfo cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.089850.04CVE-2006-0996
15Hypersilence Silentum Guestbook silentum_guestbook.php sql injektion7.37.1$0-$5k$0-$5kHighUnavailable0.001070.04CVE-2009-4687
16Apple Mac OS X Server Wiki Server sql injektion5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.003391.92CVE-2015-5911
17cPanel Boxtrapper cgi-sys Script bxd.cgi förnekande av tjänsten4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.04
18PHPizabi template.class.php assignuser informationsgivning4.34.2$0-$5k$0-$5kHighUnavailable0.005070.05CVE-2008-2018
19PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.04CVE-2007-1287
20vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001220.07CVE-2018-6200

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
188.198.13.116static.88.198.13.116.clients.your-server.deFelixRoot31/07/2018verifiedHög
2XXX.XX.XXX.XXXxxxxxxxxx.xxxx.xxxxXxxxxxxxx31/07/2018verifiedHög
3XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxxx31/07/2018verifiedHög

TTP - Tactics, Techniques, Procedures (24)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1CAPEC-10CWE-19, CWE-20, CWE-59, CWE-73, CWE-74, CWE-99, CWE-116, CWE-119, CWE-120, CWE-121, CWE-122, CWE-125, CWE-185, CWE-189, CWE-190, CWE-192, CWE-266, CWE-275, CWE-285, CWE-287, CWE-345, CWE-346, CWE-347, CWE-352, CWE-362, CWE-371, CWE-399, CWE-400, CWE-404, CWE-416, CWE-441, CWE-444, CWE-476, CWE-610, CWE-611, CWE-693, CWE-697, CWE-707, CWE-732, CWE-770, CWE-787, CWE-824, CWE-862, CWE-863, CWE-908, CWE-918, CWE-942, CWE-1021, CWE-1125Unknown VulnerabilitypredictiveHög
2T1006CAPEC-126CWE-22, CWE-23, CWE-425Path TraversalpredictiveHög
3T1040CAPEC-102CWE-310, CWE-319Authentication Bypass by Capture-replaypredictiveHög
4T1055CAPEC-10CWE-74, CWE-707Improper Neutralization of Data within XPath ExpressionspredictiveHög
5T1059CAPEC-10CWE-74, CWE-88, CWE-94, CWE-707Argument InjectionpredictiveHög
6TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx XxxxxxxxxpredictiveHög
7TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
8TXXXX.XXXCAPEC-191CWE-XXX, CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
9TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
10TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHög
11TXXXXCAPEC-0CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHög
12TXXXXCAPEC-0CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHög
13TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveHög
14TXXXX.XXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHög
15TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
16TXXXXCAPEC-37CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
17TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHög
18TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHög
19TXXXX.XXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHög
20TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHög
21TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
22TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög
23TXXXX.XXXCAPEC-0CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHög
24TXXXX.XXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (189)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/admin/?page=system_info/contact_infopredictiveHög
2File/admin/login.phppredictiveHög
3File/admin/produts/controller.phppredictiveHög
4File/admin/user/teampredictiveHög
5File/book-services.phppredictiveHög
6File/cgi-bin/system_mgr.cgipredictiveHög
7File/common/logViewer/logViewer.jsfpredictiveHög
8File/crmeb/app/admin/controller/store/CopyTaobao.phppredictiveHög
9File/DXR.axdpredictiveMedium
10File/en/blog-comment-4predictiveHög
11File/forum/away.phppredictiveHög
12File/goform/aspFormpredictiveHög
13File/h/predictiveLåg
14File/hocms/classes/Master.php?f=delete_collectionpredictiveHög
15File/InternalPages/ExecuteTask.aspxpredictiveHög
16File/mifs/c/i/reg/reg.htmlpredictiveHög
17File/ms/cms/content/list.dopredictiveHög
18File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHög
19File/orms/predictiveLåg
20File/plesk-site-preview/predictiveHög
21File/project/PROJECTNAME/reports/predictiveHög
22File/school/model/get_admin_profile.phppredictiveHög
23File/show_news.phppredictiveHög
24File/xxxxxxx-xxxxxxx-xxxxxx/xxx.xxx?xxxx=xxxxxpredictiveHög
25File/xxxxxxxxx.xxxpredictiveHög
26File/xxxxxxx/predictiveMedium
27Filexxxxxxx.xxxpredictiveMedium
28Filexxxxxxx.xxxpredictiveMedium
29Filexxxxxxx.xxxpredictiveMedium
30Filexxxxx-xxxx.xxxpredictiveHög
31Filexxxxx.xxxpredictiveMedium
32Filexxxxx/xxxxxxxxxx.xxxpredictiveHög
33Filexxxxx/xxxx-xxxx.xxxpredictiveHög
34Filexxxxx/xxxxx.xxxpredictiveHög
35Filexxxxx_xxxxxxx_xxxxx.xxxpredictiveHög
36Filexxx.xxxpredictiveLåg
37Filexxx/xxxx/xxxxxxxxxxxxx/xxxx.xxxpredictiveHög
38Filexxxx.xxx_xxxxx_xxxx_xxxxx.xxxpredictiveHög
39Filexxxx.xxxpredictiveMedium
40Filexxxxxx.xxxpredictiveMedium
41Filexxx.xxxpredictiveLåg
42Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHög
43Filexxxxxxxxx.xxxpredictiveHög
44Filexxxxx.xxxpredictiveMedium
45Filexxxxxxxxxxxxxxxxxxxxxxx.xpredictiveHög
46Filexxxxxxxxxx/xxx.xxxxxxxxxx/xxx.xxxxxxxxxx.xxpredictiveHög
47Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
48Filexxxxxxx.xxxpredictiveMedium
49Filexxxxxx.xxxpredictiveMedium
50Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHög
51Filexxxxxxxxxxx/xx/xxx/xxxxxx/xxxxxx_xxx.xpredictiveHög
52Filexxxxx.xxxpredictiveMedium
53Filexxx/xxxx/xxxxxxxx/xxxxxxxx_xxxx.xpredictiveHög
54Filexxx/xxxxxxxx/xxxx_xxxxx_xxxxxxx.xpredictiveHög
55Filexxxxxxx.xxxpredictiveMedium
56Filexxxxx.xxxpredictiveMedium
57Filexxxxxxxxx.xxxpredictiveHög
58Filexxx/xxxxxx.xxxpredictiveHög
59Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHög
60Filexxxxx.xxxxpredictiveMedium
61Filexxxxx.xxxpredictiveMedium
62Filexxxx.xpredictiveLåg
63Filexx/xxx.xxpredictiveMedium
64Filexxxxxxxxx_xx.x/xxxxx/xxxxx.xxx?x=xxxxxxxxxxxxx&x=xxxpredictiveHög
65Filexxxxxx.xpredictiveMedium
66Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHög
67Filexxxxxxxxxxx.xxxpredictiveHög
68Filexxx/xxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHög
69Filexxx/xxxxxx/xxxxxxxxx.xxxpredictiveHög
70Filexxx/xxx/xxxx.xxxpredictiveHög
71Filexxxxxxx/xxxxxx/xxxxx.xxxpredictiveHög
72Filexxxxxxxxx/xxxx-xxxxpredictiveHög
73Filexxxxxxxxx.xxxpredictiveHög
74Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHög
75Filexxx_xxxx.xxxpredictiveMedium
76Filexxxxxxx.xxxxpredictiveMedium
77Filexxxx.xxxpredictiveMedium
78Filexxxxxxxxxxx.xxpredictiveHög
79Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHög
80Filexxxx/xxxx_xxxxxx.xxxpredictiveHög
81Filexxxx.xxxpredictiveMedium
82Filexxxx.xxxpredictiveMedium
83Filexxxxx.xxxpredictiveMedium
84Filexxxxxxxxxx.xxxpredictiveHög
85Filexxxxxxxx.xxxpredictiveMedium
86Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHög
87Filexxxxxxxx_xxxxxx.xxxpredictiveHög
88Filexxxxxxx/xxx-xxxxxx-xxxxpredictiveHög
89Filexxx/xxxxxxx_xxxxxxx.xxxpredictiveHög
90Filexxxxx.xxxpredictiveMedium
91Filexxxxxxxx_xxxxxxxxx.xxxpredictiveHög
92Filexxx/xxxxxx.xpredictiveMedium
93Filexxx_xxxx.xxxpredictiveMedium
94Filexxxxxx_xxxxxxx.xpredictiveHög
95Filexxxxxxx_xxxxxxxx.xxxpredictiveHög
96Filexxxxxxxx.xxxxx.xxxpredictiveHög
97Filexxxx-xxxxxx_xxxxxxxxxx.xxxpredictiveHög
98Filexxxx-xxxxxxxx.xxxpredictiveHög
99Filexxxx-xxxxx.xxxpredictiveHög
100Filexxxx-xxxxx.xxxpredictiveHög
101Filexxxx-xxxxxxxx.xxxpredictiveHög
102Filexxxxxx/xxxxx/xxxxx_xxxxx.xxxpredictiveHög
103Filexxxxxxx/xxxxxxxx-xxxxpredictiveHög
104Filexxxxxxxxx.xxxpredictiveHög
105Filexxx/xxx/xxx-xxxxxxpredictiveHög
106Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHög
107Filexx-xxxxx/xxxx.xxxpredictiveHög
108Library/xxxxxxxx/xxxxxxx.xxxpredictiveHög
109Library/xxx/xxx/xxxx.xxxpredictiveHög
110Library/xxx/xxxxxx.xxxxx.xxxpredictiveHög
111Libraryxxx/xxxx_xxxxxxx/xxxxxxpredictiveHög
112Libraryxxx/xxxxxxx.xxxpredictiveHög
113Libraryxxx/xxxxx/xxxxxxxx.xxxpredictiveHög
114Libraryxxx/xxx/xxxxxxxx.xxxpredictiveHög
115Libraryxxx.xxxpredictiveLåg
116Libraryxxxxxxx.xxxpredictiveMedium
117Libraryxxxxxxxx.xxxpredictiveMedium
118Libraryxxxxxxxxxxxx.xxxpredictiveHög
119Libraryxxxxxxx.xxxpredictiveMedium
120Argument-xpredictiveLåg
121ArgumentxxxxxxxxxxxxxxpredictiveHög
122ArgumentxxxxxxxxpredictiveMedium
123ArgumentxxxxpredictiveLåg
124ArgumentxxxpredictiveLåg
125ArgumentxxxxxxxxxxpredictiveMedium
126Argumentxxx_xxpredictiveLåg
127Argumentxx_xxxxxpredictiveMedium
128ArgumentxxxxxxxpredictiveLåg
129Argumentxxxxxxx_xxxx/xxxxxxx_xxxxxxxpredictiveHög
130Argumentxxxxxxx_xxpredictiveMedium
131ArgumentxxxxpredictiveLåg
132ArgumentxxxpredictiveLåg
133ArgumentxxxxxxxpredictiveLåg
134ArgumentxxxxpredictiveLåg
135ArgumentxxxxxxxxxxxxxxpredictiveHög
136ArgumentxxxxxpredictiveLåg
137Argumentxxxxx_xxxpredictiveMedium
138ArgumentxxxxpredictiveLåg
139ArgumentxxpredictiveLåg
140ArgumentxxxxxxxxpredictiveMedium
141Argumentxxxx_xxxxxpredictiveMedium
142Argumentxxxx_xxxxxxx_xxxxxxxxxpredictiveHög
143Argumentxxxx_xxxxxxxpredictiveMedium
144ArgumentxxpredictiveLåg
145Argumentxxx_xxxxxxxxpredictiveMedium
146Argumentxxxxx_xxx_xxxxxxxxxpredictiveHög
147ArgumentxxxxxxpredictiveLåg
148ArgumentxxxxxpredictiveLåg
149Argumentxx_xxxxxxxxpredictiveMedium
150ArgumentxxxxxxxpredictiveLåg
151ArgumentxxxxpredictiveLåg
152ArgumentxxxxpredictiveLåg
153ArgumentxxxxxxxpredictiveLåg
154ArgumentxxxxxxxxxpredictiveMedium
155Argumentxx_xxxxxxxxpredictiveMedium
156Argumentxx_xxxxxpredictiveMedium
157Argumentxxx_xxxxxxxpredictiveMedium
158ArgumentxxxxxpredictiveLåg
159ArgumentxxxxxxxxpredictiveMedium
160ArgumentxxxxxxxxxpredictiveMedium
161Argumentx_xxxxxxxpredictiveMedium
162ArgumentxxxxxxxxpredictiveMedium
163Argumentxxxxxxxx_xxxpredictiveMedium
164ArgumentxxxxxxpredictiveLåg
165Argumentxxx_xxxxxxpredictiveMedium
166Argumentxxxxxx/xxxxxxxxxxxx/xxxxxxxxpredictiveHög
167Argumentxxxxxx_xxxxpredictiveMedium
168ArgumentxxxxxxxxxxxxxpredictiveHög
169Argumentxxx_xxxxx/xxx_xxxxxx/xxx_xxxxxpredictiveHög
170ArgumentxxxxxxpredictiveLåg
171ArgumentxxxxxxxxpredictiveMedium
172ArgumentxxxxxxxpredictiveLåg
173ArgumentxxxxxxxxxpredictiveMedium
174ArgumentxxxpredictiveLåg
175ArgumentxxxxxxxxpredictiveMedium
176Argumentxxxxxx_xxxxpredictiveMedium
177ArgumentxxxpredictiveLåg
178ArgumentxxxpredictiveLåg
179ArgumentxxxxxxxxpredictiveMedium
180Argument_xxxxxxpredictiveLåg
181Argument__x/xxxxxxpredictiveMedium
182Argument__xxxxxxxxxxxxxpredictiveHög
183Input Valuexxxxx"][xxxxxx]xxxxx('xxx')[/xxxxxx]predictiveHög
184Input Value<xxxxxx>xxxxx(x);</xxxxxx>predictiveHög
185Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveHög
186Input Valuexxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x)predictiveHög
187Input Valuexxxx:./../predictiveMedium
188Network Portxxx/xxxxxpredictiveMedium
189Network Portxxx xxxxxx xxxxpredictiveHög

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Interested in the pricing of exploits?

See the underground prices here!