Agent Tesla Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en932
zh24
de22
es6
sv4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us860
cn48
es12
ru10
de8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike7
RedLine Stealer5
Mirai5
AsyncRAT3
PhotoLoader3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined362
Operating System120
Content Management System48
Programming Language Software42
Multimedia Player Software24

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined202
Apple86
Oracle54
Microsoft42
Adobe30

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apple Mac OS X76
Microsoft Windows20
Oracle Enterprise Manager Grid Control18
Oracle Java SE16
Google Chrome16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2Vmware Workspace ONE Access/Identity Manager Template injection9.89.4$5k-$25k$0-$5kHighOfficial Fix0.974600.00CVE-2022-22954
3Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.26CVE-2017-0055
4DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.40CVE-2010-0966
5vsftpd deny_file unknown vulnerability3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003120.06CVE-2015-1419
6Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.12CVE-2014-4078
7HP Storage Data Protector memory corruption10.010.0$25k-$100k$0-$5kHighNot Defined0.521780.00CVE-2014-2623
8Guangzhou 1GE ONU/V2804RGW formPing os command injection5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.770790.04CVE-2020-8958
9Basti2web Book Panel books.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.000640.05CVE-2009-4889
10LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000001.41
11RARLabs WinRAR ZIP Archive Remote Code Execution6.36.0$0-$5k$0-$5kHighOfficial Fix0.338500.00CVE-2023-38831
12OpenSSH Supplemental Group privileges management4.64.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000560.09CVE-2021-41617
13SourceCodester Simple Cold Storage Management System Contact Us cross-site request forgery4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000680.00CVE-2022-3585
14FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.002030.03CVE-2008-5928
15nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.44CVE-2020-12440
16Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.14CVE-2009-4935
17OpenSSH Readonly Mode sftp-server.c process_open permission5.35.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.006600.03CVE-2017-15906
18Zoho ManageEngine Firewall Analyzer DNS Name Stored cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001380.04CVE-2019-11676
19Microsoft IIS FTP Server memory corruption7.57.2$25k-$100k$0-$5kHighOfficial Fix0.968430.00CVE-2010-3972
20Tor Guard Relay De-anonymization information disclosure5.65.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.003890.00CVE-2017-0377

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (147)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
12.9.12.0anantes-154-1-77-net.w2-9.abo.wanadoo.frAgent Tesla10/15/2018verifiedHigh
23.93.18.244ec2-3-93-18-244.compute-1.amazonaws.comAgent Tesla09/07/2022verifiedMedium
33.217.248.28ec2-3-217-248-28.compute-1.amazonaws.comAgent Tesla09/07/2022verifiedMedium
45.253.38.46Agent Tesla10/02/2023verifiedHigh
523.95.85.18123-95-85-181-host.colocrossing.comAgent Tesla06/12/2022verifiedHigh
623.95.128.19523-95-128-195-host.colocrossing.comAgent Tesla09/06/2023verifiedHigh
731.3.251.197h31-3-251-197.host.redstation.co.ukAgent Tesla03/31/2022verifiedHigh
831.155.119.217Agent Tesla04/02/2024verifiedHigh
931.209.137.12smtp.vivaldi.netAgent Tesla06/11/2022verifiedHigh
1031.220.2.200shared.swiftslots.comAgent Tesla11/02/2023verifiedHigh
1134.154.74.8585.74.154.34.bc.googleusercontent.comAgent Tesla01/08/2024verifiedMedium
1234.200.207.31ec2-34-200-207-31.compute-1.amazonaws.comAgent Tesla09/07/2022verifiedMedium
1337.19.196.108unn-37-19-196-108.datapacket.comAgent Tesla06/11/2022verifiedHigh
1437.49.228.234Agent Tesla03/04/2024verifiedHigh
1541.90.176.165Agent Tesla04/02/2024verifiedHigh
1641.90.177.10Agent Tesla04/02/2024verifiedHigh
1741.90.179.140Agent Tesla04/02/2024verifiedHigh
1841.90.180.123Agent Tesla04/02/2024verifiedHigh
1941.90.180.219Agent Tesla04/02/2024verifiedHigh
2041.90.181.104Agent Tesla04/02/2024verifiedHigh
2141.90.185.44Agent Tesla04/02/2024verifiedHigh
2241.90.186.173Agent Tesla04/02/2024verifiedHigh
2341.90.186.247Agent Tesla04/02/2024verifiedHigh
2441.90.186.248Agent Tesla04/02/2024verifiedHigh
2541.90.188.113Agent Tesla04/02/2024verifiedHigh
2641.90.189.214Agent Tesla04/02/2024verifiedHigh
2743.230.131.138srv1.nusadatacenter.comAgent Tesla11/12/2023verifiedHigh
2845.33.8.3045-33-8-30.ip.linodeusercontent.comAgent Tesla01/22/2024verifiedHigh
2945.38.135.112Agent Tesla04/02/2024verifiedHigh
3045.142.215.180connectoms.hostAgent Tesla05/18/2022verifiedHigh
31XX.XXX.XX.XXXxxxx Xxxxx05/18/2022verifiedHigh
32XX.X.XX.XXXXxxxx Xxxxx04/02/2024verifiedHigh
33XX.X.XXX.XXXXxxxx Xxxxx04/02/2024verifiedHigh
34XX.X.XXX.XXXXxxxx Xxxxx04/02/2024verifiedHigh
35XX.X.XXX.XXXXxxxx Xxxxx04/02/2024verifiedHigh
36XX.XXX.XXX.XXXxxxxxxxxxxxxxx.xxxXxxxx Xxxxx10/15/2018verifiedHigh
37XX.XX.XXX.XXXXxxxx Xxxxx09/23/2023verifiedHigh
38XX.XX.X.XXXxxx-xx-xx-x-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxx Xxxxx06/11/2022verifiedMedium
39XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxXxxxx Xxxxx05/05/2022verifiedHigh
40XX.XX.XXX.XXxx.xxxx.xxx.xxxx.xxxxxxxXxxxx Xxxxx05/05/2022verifiedHigh
41XX.XXX.XXX.XXxxxxxx.xxxxxxxxxxxxxxxxxxxx.xxxXxxxx Xxxxx11/24/2023verifiedHigh
42XX.XXX.XXX.XXXXxxxx Xxxxx05/18/2022verifiedHigh
43XX.XX.XX.XXxxxxxx.xx.xx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxx Xxxxx05/18/2022verifiedHigh
44XX.XXX.XXX.XXxxxx.xxxxxxxxx.xxxXxxxx Xxxxx09/27/2023verifiedHigh
45XX.XX.XXX.XXXxxxxxxx.xxxxxxxxxxx.xxxXxxxx Xxxxx05/02/2024verifiedHigh
46XX.XXX.XX.XXXxxxxxxxxxx.xxxxxxxxx.xxxXxxxx XxxxxXxxxxxxx Xxxxx03/03/2022verifiedHigh
47XX.XXX.XXX.XXXXxxxx Xxxxx06/21/2022verifiedHigh
48XX.XXX.XX.XXxxxx Xxxxx04/02/2024verifiedHigh
49XX.XXX.XX.XXXxxxx XxxxxXxx-xxxx-xxxxx12/20/2023verifiedHigh
50XX.XXX.XX.XXXxx.xxxxxxxx.xxxXxxxx Xxxxx07/06/2022verifiedHigh
51XX.XXX.XXX.XXXxxxx Xxxxx05/05/2022verifiedHigh
52XX.XX.XXX.XXxxxxxxxxxxx.xxxXxxxx Xxxxx04/02/2024verifiedHigh
53XX.XX.XXX.XXxxxxxxxx.xxxxxxx.xxxxxXxxxx Xxxxx07/12/2023verifiedHigh
54XX.XX.XXX.XXXxx-xxx-xxx.xxxxxxxx.xxxxXxxxx Xxxxx04/02/2024verifiedHigh
55XX.XXX.XX.XXXxxxxx-xx-xxx-xx-xxx.xxxxxx.xxxXxxxx Xxxxx01/17/2024verifiedHigh
56XX.XXX.XXX.XXXXxxxx Xxxxx07/05/2023verifiedHigh
57XX.XX.XXX.XXXxxxx.xxxx.xxXxxxx Xxxxx05/10/2024verifiedHigh
58XX.XX.X.XXXxxxx Xxxxx10/15/2023verifiedHigh
59XX.XX.XXX.XXXXxxxx Xxxxx04/02/2024verifiedHigh
60XX.XX.XXX.XXXXxxxx Xxxxx01/19/2024verifiedHigh
61XX.XX.XXX.XXXxxxx Xxxxx11/06/2023verifiedHigh
62XX.XXX.XXX.XXxxxxxxxxxxx.xxxXxxxx Xxxxx04/02/2024verifiedHigh
63XX.XXX.XXX.Xxxxxxxxxxxx.xxxXxxxx Xxxxx04/02/2024verifiedHigh
64XX.XXX.XX.XXXxxxx Xxxxx03/19/2024verifiedHigh
65XX.XXX.XXX.XXxxxx-xxx-xx.xxxxxxxxxxxx.xxxXxxxx Xxxxx05/30/2022verifiedHigh
66XX.XXX.XX.XXXxxxx Xxxxx03/24/2023verifiedHigh
67XXX.XXX.XXX.XXXXxxxx Xxxxx11/09/2021verifiedHigh
68XXX.XXX.XX.XXxxxx Xxxxx07/29/2022verifiedHigh
69XXX.XXX.XXX.XXXxxxx Xxxxx04/06/2022verifiedHigh
70XXX.XX.XXX.XXXxxxx Xxxxx05/05/2022verifiedHigh
71XXX.XXX.XX.XXxxx-xxx-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxx Xxxxx03/19/2024verifiedHigh
72XXX.XXX.XX.XXxxx-xxx-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxx Xxxxx07/06/2022verifiedHigh
73XXX.XXX.XXX.XXXxxxx Xxxxx03/31/2022verifiedHigh
74XXX.XXX.XXX.XXXxxxx Xxxxx03/31/2022verifiedHigh
75XXX.XXX.XXX.XXXXxxxx Xxxxx03/31/2022verifiedHigh
76XXX.XXX.XXX.XXXXxxxx Xxxxx03/31/2022verifiedHigh
77XXX.XXX.XXX.XXXxxxx Xxxxx03/31/2022verifiedHigh
78XXX.XXX.XXX.XXXxxxx Xxxxx03/31/2022verifiedHigh
79XXX.XXX.XXX.XXXXxxxx Xxxxx03/31/2022verifiedHigh
80XXX.XXX.XXX.XXXxxxx Xxxxx03/31/2022verifiedHigh
81XXX.XXX.XXX.XXXXxxxx Xxxxx03/31/2022verifiedHigh
82XXX.XXX.XXX.XXXXxxxx Xxxxx03/31/2022verifiedHigh
83XXX.XXX.XXX.XXXxxxx Xxxxx03/31/2022verifiedHigh
84XXX.XXX.XXX.XXXXxxxx Xxxxx03/31/2022verifiedHigh
85XXX.XXX.XXX.XXXXxxxx Xxxxx04/02/2024verifiedHigh
86XXX.XXX.XX.XXXXxxxx Xxxxx04/02/2024verifiedHigh
87XXX.XXX.XX.XXXxxxx Xxxxx04/02/2024verifiedHigh
88XXX.XXX.XXX.XXXxxxx-xxxxx.xxxxxxxxxxxxxxxxx.xxxXxxxx Xxxxx08/24/2021verifiedHigh
89XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxxx.xxxxxxXxxxx Xxxxx10/04/2023verifiedHigh
90XXX.XXX.XXX.XXXxxxx.xx-xx.xxxXxxxx Xxxxx12/08/2023verifiedHigh
91XXX.XXX.X.XXxxxx.xxxxxxxxx.xxxxXxxxx Xxxxx07/22/2023verifiedHigh
92XXX.XX.XXX.XXxxxxxx-xxxx-xx.xxxxxxxxxxxxxxxxxxxxx.xxxXxxxx Xxxxx07/13/2023verifiedHigh
93XXX.XX.X.XXXXxxxx Xxxxx10/10/2023verifiedHigh
94XXX.XXX.XXX.XXXxxxxxxxxxx.xxx-xxx-xxx-xxx.xxxxx.xxxXxxxx Xxxxx04/02/2024verifiedHigh
95XXX.XXX.XXX.XXXxxxxxxxxxx.xxx-xxx-xxx-xxx.xxxxx.xxxXxxxx Xxxxx04/02/2024verifiedHigh
96XXX.XXX.XXX.XXXXxxxx Xxxxx04/02/2024verifiedHigh
97XXX.X.XX.XXXXxxxx Xxxxx04/02/2024verifiedHigh
98XXX.X.XXX.XXXXxxxx Xxxxx04/02/2024verifiedHigh
99XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxxXxxxx XxxxxXxxxxxxx Xxxxx03/03/2022verifiedHigh
100XXX.XXX.XXX.XXXXxxxx Xxxxx07/06/2022verifiedHigh
101XXX.XXX.X.XXXXxxxx Xxxxx04/02/2024verifiedHigh
102XXX.XXX.XX.XXxxx-xxx-xx-xx.xxxxxxxxxxxx.xxxXxxxx Xxxxx11/22/2023verifiedHigh
103XXX.XXX.XXX.XXxxxxxxxx.xxxxxxxxxxx.xxxXxxxx Xxxxx07/06/2022verifiedHigh
104XXX.XXX.XX.XXxxxx-xxx.xx-xxx.xxxXxxxx Xxxxx06/12/2022verifiedHigh
105XXX.XX.XX.XXXXxxxx Xxxxx05/19/2023verifiedHigh
106XXX.XX.XX.XXXXxxxx Xxxxx05/19/2023verifiedHigh
107XXX.XX.XXX.XXXXxxxx Xxxxx03/31/2024verifiedHigh
108XXX.XX.XX.XXXxxxxxxxxxx.xxx-xx-xx-xxx.xxxxx.xxxXxxxx Xxxxx04/02/2024verifiedHigh
109XXX.XXX.XXX.XXxx-xxx-xxx-xxx-xx.xx.xxxxxxxxxxxx.xxxXxxxx Xxxxx03/07/2024verifiedHigh
110XXX.XXX.XXX.XXXXxxxx Xxxxx04/02/2024verifiedHigh
111XXX.XX.XXX.XXXxxxxxxxx.xxxxxxxxxxx.xxxXxxxx Xxxxx04/06/2023verifiedHigh
112XXX.XX.XX.XXxxxxxxxx.xxxxxxxxxx.xxXxxxx Xxxxx05/18/2022verifiedHigh
113XXX.XX.X.XXXxxxx-xxx-xx-x-xxx.xxxxxxxxxxxx.xxXxxxx Xxxxx11/22/2023verifiedHigh
114XXX.XXX.XX.XXxxxxxxxxxx-xxxx.xxxx.xxxxxxxXxxxx Xxxxx05/18/2022verifiedHigh
115XXX.XXX.XX.XXXxxxx Xxxxx01/17/2023verifiedHigh
116XXX.XXX.XXX.XXXxxxx Xxxxx05/19/2023verifiedHigh
117XXX.XXX.XXX.XXXXxxxx Xxxxx12/27/2022verifiedHigh
118XXX.XXX.XXX.XXXxxxx Xxxxx05/25/2023verifiedHigh
119XXX.XXX.XXX.XXxxxxx.xxxxxxx.xxXxxxx Xxxxx11/22/2023verifiedHigh
120XXX.XXX.XXX.XXXxxxx.xxxxxxxxxx.xxXxxxx Xxxxx05/19/2023verifiedHigh
121XXX.X.XX.XXXxxx-x-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx Xxxxx03/12/2024verifiedHigh
122XXX.X.XXX.Xxxx-x-xxx-x-xxxx.xxxxxxxxxxxx.xxxXxxxx Xxxxx05/02/2024verifiedHigh
123XXX.XX.XX.XXXXxxxx Xxxxx08/10/2022verifiedHigh
124XXX.XXX.XX.XXxxxxxxxx.xxxx.xxxXxxxx Xxxxx05/05/2022verifiedHigh
125XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxxx Xxxxx07/29/2022verifiedHigh
126XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxxXxxxx Xxxxx11/22/2023verifiedHigh
127XXX.XXX.XX.XXx-xxx-xxx-xx-xx.xxxxx-xxx.xxxxxxx-xxxxxxx.xxxxxxxxxx.xxxXxxxx Xxxxx04/02/2024verifiedHigh
128XXX.XXX.XX.XXx-xxx-xxx-xx-xx.xxxxx-xxx.xxxxxxx-xxxxxxx.xxxxxxxxxx.xxxXxxxx Xxxxx04/02/2024verifiedHigh
129XXX.XXX.XXX.XXxxxxx-xxxxxxx.xxxxxxxxxxxx.xxxXxxxx Xxxxx04/02/2024verifiedHigh
130XXX.XXX.XXX.XXXxxxxx-xxxxxxx.xxxxxxxxxxxx.xxxXxxxx Xxxxx04/02/2024verifiedHigh
131XXX.XXX.XXX.XXxxxxxx-xxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxxx Xxxxx04/02/2024verifiedHigh
132XXX.XX.XX.XXXxxxx XxxxxXxx-xxxx-xxxxx12/20/2023verifiedHigh
133XXX.XXX.XXX.XXXxxxx Xxxxx12/06/2022verifiedHigh
134XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxxxx.xxxXxxxx Xxxxx04/02/2024verifiedHigh
135XXX.XX.XXX.Xxxx-xx-xxx-x-xxxx.xxxxxxxxxxxx.xxxXxxxx Xxxxx07/06/2022verifiedHigh
136XXX.XX.XXX.XXXXxxxx Xxxxx05/05/2022verifiedHigh
137XXX.XX.XX.XXXxxxxx.xxxxxxxxxx.xxxXxxxx Xxxxx01/16/2023verifiedHigh
138XXX.XXX.X.XXXXxxxx Xxxxx04/08/2024verifiedHigh
139XXX.XXX.XX.XXXxxxxxxx.xxxxxxxxxx.xxxXxxxx Xxxxx04/28/2024verifiedHigh
140XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxx Xxxxx05/05/2022verifiedHigh
141XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx Xxxxx05/05/2022verifiedHigh
142XXX.XX.XXX.XXxxx.xxxxxxxx.xxxXxxxx Xxxxx06/12/2022verifiedHigh
143XXX.XX.XXX.XXXxxx.xxxxxxxx.xxxxxxxxxxx.xxxXxxxx Xxxxx03/04/2022verifiedHigh
144XXX.XX.XXX.XXXxxx.xxxxxxxx.xxxxxxxxxxx.xxxXxxxx Xxxxx06/12/2022verifiedHigh
145XXX.XXX.XX.XXXxxxxxx.xxxxxxxxxxxx.xxxXxxxx Xxxxx03/22/2023verifiedHigh
146XXX.XXX.XXX.XXXXxxxx Xxxxx04/02/2024verifiedHigh
147XXX.XXX.XXX.XXXxxxx Xxxxx12/22/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-1CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-120CWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx XxxxxxxxpredictiveHigh
15TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
17TXXXXCAPEC-464CWE-XXXXxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxxxxxxxxx Xx Xx Xxxxxxxxxxxx XxxxxpredictiveHigh
18TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
20TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
21TXXXX.XXXCAPEC-59CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
22TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (333)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/api/admin/system/store/order/listpredictiveHigh
3File/cgi-bin/wapopenpredictiveHigh
4File/csms/?page=contact_uspredictiveHigh
5File/etc/ajenti/config.ymlpredictiveHigh
6File/etc/gsissh/sshd_configpredictiveHigh
7File/forum/away.phppredictiveHigh
8File/goform/telnetpredictiveHigh
9File/modules/profile/index.phppredictiveHigh
10File/out.phppredictiveMedium
11File/rom-0predictiveLow
12File/tmp/phpglibccheckpredictiveHigh
13File/uncpath/predictiveMedium
14File/uploadpredictiveLow
15File/var/tmp/sess_*predictiveHigh
16Fileaction.phppredictiveMedium
17Fileactionphp/download.File.phppredictiveHigh
18Fileadd_comment.phppredictiveHigh
19Fileadmin.php3predictiveMedium
20Fileadmin.php?m=backup&c=backup&a=dobackpredictiveHigh
21Fileadmin/admin.phppredictiveHigh
22Fileadmin/content.phppredictiveHigh
23Fileadmin/index.php?id=users/action=edit/user_id=1predictiveHigh
24Fileadmin/memberviewdetails.phppredictiveHigh
25Fileadmin_gallery.php3predictiveHigh
26Fileaffich.phppredictiveMedium
27Fileagent/Core/Controller/SendRequest.cpppredictiveHigh
28Fileajax/telemetry.phppredictiveHigh
29FileakeyActivationLogin.dopredictiveHigh
30Filealbum_portal.phppredictiveHigh
31Fileapache-auth.confpredictiveHigh
32Fileaskapache-firefox-adsense.phppredictiveHigh
33Fileattachment.cgipredictiveHigh
34Fileblueprints/sections/edit/1predictiveHigh
35Fileboaform/admin/formPingpredictiveHigh
36Filebooks.phppredictiveMedium
37Filecart_add.phppredictiveMedium
38FileCFS.cpredictiveLow
39Filechecktransferstatus.phppredictiveHigh
40Filecheckuser.phppredictiveHigh
41Fileclass.SystemAction.phppredictiveHigh
42Fileclientarea.phppredictiveHigh
43Filecollectivite.class.phppredictiveHigh
44Filecom_android_bluetooth_btservice_AdapterService.cpppredictiveHigh
45FilecontactpredictiveLow
46Filexxxxxxx.xpredictiveMedium
47Filexxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
48Filexxx-xxx/xxxxxxxxxxxxx.xxxpredictiveHigh
49Filexx_xxxx.xpredictiveMedium
50Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
51Filexxxxx_xxxxxxx_xxxx.xxxpredictiveHigh
52Filexxxxxxxxxxxxx/xxxxxx/xxxx.xxxpredictiveHigh
53Filexxxxxxx_xxxx.xxxpredictiveHigh
54Filexxxxxxxx.xxxpredictiveMedium
55Filexxxxxxxxxxxxxxxx.xpredictiveHigh
56Filexxxxxxxx-xxxx.xxxpredictiveHigh
57Filexxxxxxxx.xxxpredictiveMedium
58Filex/xxxxxx/xxxxxxxx.xxxpredictiveHigh
59Filexxxxxxxx.xxxpredictiveMedium
60Filexxxxx.xxxpredictiveMedium
61Filexxxxxxx-xxxxxxx/xxxx/xxxxxx/xxxxxxxx/xxx/xxxxxxxxx/xxxxxx.xxpredictiveHigh
62Filexxxxx.xxxpredictiveMedium
63Filexxx/xxxx/xxxx_xxxxxx.xpredictiveHigh
64Filexxx/xxxxxxxx/xxx.xpredictiveHigh
65Filexxxx.xxxpredictiveMedium
66Filexxxxxxxxxx/xxx.xxpredictiveHigh
67Filexxxxxxxxx/xx/xxxxxxxxxxxx.xxxpredictiveHigh
68Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
69Filexxxxxxxx.xxxpredictiveMedium
70Filexxxxxxxx/xxxx_xxxxxxxx.xxxpredictiveHigh
71Filexxxxxxxxxxxxxx.xxxpredictiveHigh
72Filexxxxxxxxxx.xxxpredictiveHigh
73Filexxxxxxx.xxxpredictiveMedium
74Filexxxxxxxxx.xxxpredictiveHigh
75Filexxxxxxxxx.xxpredictiveMedium
76Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
77Filexxxx-xxxxxxx.xpredictiveHigh
78Filexxxxxx/xxxxxxpredictiveHigh
79Filexxxxxx_xx.xpredictiveMedium
80Filexx/xxx/xxxxx.xpredictiveHigh
81Filexxxxx.xxxpredictiveMedium
82Filexxxxxxxxxxxxxx.xxxpredictiveHigh
83Filexxxxxxx.xxxpredictiveMedium
84Filexxx/xxxxxx.xxxpredictiveHigh
85Filexxxxx.xxxpredictiveMedium
86Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
87Filexxxxx_xx.xxxpredictiveMedium
88Filexxxxxxxx.xxxpredictiveMedium
89Filexxxx_xxxx.xxxpredictiveHigh
90Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveHigh
91Filexxx/xxxxxxxxxx/xxxxxxxxx.xxpredictiveHigh
92Filexxxxxx.xpredictiveMedium
93Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveHigh
94Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
95Filexxxxxxxxx.xxxpredictiveHigh
96Filexxxxx.xxxxpredictiveMedium
97Filexxxxx.xxxpredictiveMedium
98Filexxx.xpredictiveLow
99Filexxxxx_xxxxxxxxxx_xxxx.xpredictiveHigh
100Filexxxx.xxxpredictiveMedium
101Filexxxxxxxx.xxx.xpredictiveHigh
102Filexxxxxxxxxx.xxxpredictiveHigh
103Filexxxxx/__xxxx_xxxx.xxxpredictiveHigh
104Filexxxxxxxx.xxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxpredictiveHigh
105Filexxxxxx_xxxxxx.xxxpredictiveHigh
106Filexxx/xxxx/xxxx_xxxxxx.xpredictiveHigh
107Filexxxx_xxxx.xxxpredictiveHigh
108Filexxx_xxxxxxxx.xpredictiveHigh
109Filexxxx/xxxxx/xxxxxxx/xxxxxxxx.xxpredictiveHigh
110Filexxxxxxx.xxxpredictiveMedium
111Filexxxxx.xxxpredictiveMedium
112Filexxx_xxxx.xxxpredictiveMedium
113Filexxxxxxx_xxxxxxxxx.xpredictiveHigh
114Filexxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxxx.xxxxpredictiveHigh
115Filexxxxxxxxxxxx.xxxpredictiveHigh
116Filexxxxxx.xxxpredictiveMedium
117Filexxxxxx/xxxxxxx-xxx-xxxpredictiveHigh
118Filexxxxxx.xxxpredictiveMedium
119Filexxxxxxxxxx.xxx.xxxpredictiveHigh
120FilexxxpredictiveLow
121Filexxxxx_xxxxxx.xxxpredictiveHigh
122Filexxxxxx.xxxpredictiveMedium
123Filexxxx_xxx.xxxpredictiveMedium
124Filexxxxxxx.xxxpredictiveMedium
125Filexxxxxxxxxx.xxxpredictiveHigh
126Filexxxxxx/xxxxx.xxxpredictiveHigh
127Filexxx_xxxxxx.xxxpredictiveHigh
128Filexxxx.xxxpredictiveMedium
129Filexxxxx.xxxpredictiveMedium
130Filexxxxx.xxxpredictiveMedium
131Filexxxxxxxx.xxxpredictiveMedium
132Filexxxxxxxxxxxx.xxxpredictiveHigh
133Filexxxxxxxx_xxxx.xxxpredictiveHigh
134Filexxxxxx.xxxpredictiveMedium
135Filexxxxx.xxxpredictiveMedium
136Filexx_xxxx.xpredictiveMedium
137Filexxxx/xxxxxxxxxxxxxx/xxxx_xxxxxxx.xpredictiveHigh
138Filexxxxx.xxxpredictiveMedium
139Filexxxxxx.xxxpredictiveMedium
140Filexxxxxxxxx.xxxpredictiveHigh
141Filexxxx-xxxxxx.xpredictiveHigh
142Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
143Filexxxxxxxxxxxxx.xxxpredictiveHigh
144Filexxxxx.xxxpredictiveMedium
145Filexxxxx_xxxxx.xxxpredictiveHigh
146Filexxxxxxxxxxxx.xxxpredictiveHigh
147Filexxxxxxxxx.xxxpredictiveHigh
148Filexxxxx.xpredictiveLow
149Filex/xxxxx.xxxpredictiveMedium
150Filexxx_xxx.xpredictiveMedium
151Filexxxx-xxxxxxxx.xxxpredictiveHigh
152Filexxx.xxxpredictiveLow
153Filexxxxx/xxxxxxxx.xxxpredictiveHigh
154Filexxxxx_xxxxx.xxxxpredictiveHigh
155Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
156Filexxxxxxxxx.xxpredictiveMedium
157Filexxxxx_xx.xxxpredictiveMedium
158Filexxxx_xx_xxxx.xxxpredictiveHigh
159Filexxx.xxxpredictiveLow
160Filexxx.xxxpredictiveLow
161Filexxxxxxxx/xxxxx/xxxxx.xxxpredictiveHigh
162Filexxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxxpredictiveHigh
163Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
164Filexx-xxxxx.xxxpredictiveMedium
165Filexxx/xx_xxx.xxxpredictiveHigh
166Filexxxx.xxpredictiveLow
167File\xxxxxxx\xxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
168File~/xxx-xxx-xxxxxx.xxxpredictiveHigh
169Libraryxxxxxxxx/xxxxxxx/xxxxxxxx/xxx/xxxx/xxxx/xxxxxx/xxx/xxxxxx/xxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxx/xxxxxxxx_xxxxxxxxxxxxxxxx.xxxxpredictiveHigh
170Libraryxxxxxx[xxxxxx_xxxxpredictiveHigh
171Libraryxxxxxx.xxxpredictiveMedium
172Libraryxxxxxxx.xxxpredictiveMedium
173Libraryxxxxxx.xxxpredictiveMedium
174Libraryxxxxxx.xxxpredictiveMedium
175Libraryxxxxxxx-xxxxxxx/xxx/xxxx/xxxx/xxx/xxxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxxx.xxxxpredictiveHigh
176Libraryxxxxxx.xxxpredictiveMedium
177Libraryxxxxx.xxxpredictiveMedium
178Libraryxxxxxx.xxxpredictiveMedium
179Libraryxxx.xxxpredictiveLow
180Libraryxxx/xxx/xxx.xxxx.xxxpredictiveHigh
181Libraryxxxxxxxx/xxx/xx.xxxpredictiveHigh
182Libraryxxx/xxxxxx/xxxxxxxx.xxpredictiveHigh
183Libraryxxx/xxxxxx/xxxxxxx/xxxxxxxxx.xxpredictiveHigh
184Libraryxxx/xxxxxx/xxxxxxx/xxxxx.xxpredictiveHigh
185Libraryxxx/xxxxxx/xxx/xxxxxxxxxxx_xxxxxxxxx.xxpredictiveHigh
186Libraryxxx/x.xpredictiveLow
187Libraryxxx/xxxxxxx/xxxxx.xxpredictiveHigh
188Libraryxxx/xxxxxxx.xxpredictiveHigh
189Libraryxxxxxxxx.xxxpredictiveMedium
190Libraryxxx.xxxpredictiveLow
191Libraryxxxxxxxxx.x.x.xxx.xxxpredictiveHigh
192Libraryxxxxxxxx.xxxpredictiveMedium
193Libraryxxxxxx.xxxpredictiveMedium
194Libraryxxxxxx.xxxpredictiveMedium
195Libraryxxxxxxxxxx.xxxpredictiveHigh
196Libraryxxxxxxxxxx.xxxpredictiveHigh
197Libraryxxxx.xxxpredictiveMedium
198Libraryxxxxxx.xxxpredictiveMedium
199Libraryxxxxxxxx.xxxpredictiveMedium
200Libraryxxxxxxxx.xxxpredictiveMedium
201Libraryxxxxxxxx.xxxpredictiveMedium
202Libraryxxxxxxxx.xxxpredictiveMedium
203Libraryxxxxxx.xxxpredictiveMedium
204Argument$xxxxxxxpredictiveMedium
205Argument$x_xxxxxx[xxxxxxxx]predictiveHigh
206ArgumentxxxxxxxxxxxxpredictiveMedium
207ArgumentxxxxxxpredictiveLow
208Argumentxxxxx_xxxpredictiveMedium
209ArgumentxxxxxpredictiveLow
210ArgumentxxxxxxxxpredictiveMedium
211ArgumentxxxxxpredictiveLow
212Argumentxxxxxx_xxxxpredictiveMedium
213ArgumentxxxxxxxxxpredictiveMedium
214ArgumentxxxxpredictiveLow
215ArgumentxxxxxxxxpredictiveMedium
216ArgumentxxxxpredictiveLow
217ArgumentxxxxxpredictiveLow
218ArgumentxxxxxxpredictiveLow
219ArgumentxxxpredictiveLow
220ArgumentxxxxxpredictiveLow
221Argumentxxx_xxpredictiveLow
222Argumentxxxx_xxpredictiveLow
223ArgumentxxxxxxxpredictiveLow
224ArgumentxxxxxxpredictiveLow
225Argumentxxxxxx/xxxxxxxpredictiveHigh
226Argumentxxxxxx[xxxxxx_xxxx]predictiveHigh
227ArgumentxxxxxxxpredictiveLow
228ArgumentxxxxxxxxxxpredictiveMedium
229Argumentxxxxxx_xxpredictiveMedium
230ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
231Argumentxxxx_xxxpredictiveMedium
232ArgumentxxxxxxxxxxxpredictiveMedium
233Argumentxxxx xx xxxxxxxpredictiveHigh
234ArgumentxxxxxxxxpredictiveMedium
235Argumentxxx_xxxxpredictiveMedium
236Argumentxxx_xxxxpredictiveMedium
237ArgumentxxxxxxxpredictiveLow
238ArgumentxxxxxpredictiveLow
239Argumentxxx[xxxxxxx]predictiveMedium
240ArgumentxxxxxxxpredictiveLow
241ArgumentxxxxxpredictiveLow
242Argumentxxxxx_xxpredictiveMedium
243ArgumentxxxxpredictiveLow
244ArgumentxxxxxxxxxxpredictiveMedium
245Argumentxxx_xxxxx_xxpredictiveMedium
246ArgumentxxxxxpredictiveLow
247Argumentxxxxxxxxx/xx/xxxxxxxxpredictiveHigh
248Argumentxxxx=xxxxxxpredictiveMedium
249ArgumentxxxxxxpredictiveLow
250Argumentx_xxxxxxxxpredictiveMedium
251Argumentxxx-xxx-xxxxpredictiveMedium
252ArgumentxxxxpredictiveLow
253Argumentxxx_xxxxxxxxxpredictiveHigh
254Argumentxxx_xxxxxxpredictiveMedium
255ArgumentxxpredictiveLow
256Argumentxxxxx_xxxx/xxxxxx/xxxxxpredictiveHigh
257ArgumentxxxxxpredictiveLow
258ArgumentxxxxxxpredictiveLow
259Argumentxxxx_xxpredictiveLow
260Argumentxx_xxxxxpredictiveMedium
261ArgumentxxxpredictiveLow
262ArgumentxxxxxxxpredictiveLow
263ArgumentxxxxxxxxpredictiveMedium
264ArgumentxxxxxxxxxxxxxxpredictiveHigh
265ArgumentxxxxxxxxxxpredictiveMedium
266Argumentxxxxxxxxxxxx_xxxxxxpredictiveHigh
267ArgumentxxxxxxxxxpredictiveMedium
268ArgumentxxxpredictiveLow
269ArgumentxxxxxpredictiveLow
270ArgumentxxxxxxpredictiveLow
271ArgumentxxxxxxxxpredictiveMedium
272ArgumentxxxxxxxxxxxpredictiveMedium
273ArgumentxxxpredictiveLow
274ArgumentxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
275Argumentx-xxxpredictiveLow
276ArgumentxxxxpredictiveLow
277Argumentxxxx/xxxxxxxxxx xxxxx/xxxxxpredictiveHigh
278ArgumentxxxpredictiveLow
279Argumentxxxxx xxxxxxpredictiveMedium
280ArgumentxxxxxxxxxpredictiveMedium
281ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
282ArgumentxxpredictiveLow
283ArgumentxxxxpredictiveLow
284ArgumentxxxxpredictiveLow
285Argumentxxxx_xxxx_xxxxxxxpredictiveHigh
286ArgumentxxxxxpredictiveLow
287ArgumentxxxxxxxxpredictiveMedium
288ArgumentxxxxpredictiveLow
289Argumentxxxx_xxpredictiveLow
290ArgumentxxxxxxxxxpredictiveMedium
291Argumentxxxxx_xxxx_xxxxpredictiveHigh
292Argumentxxxx_xxpredictiveLow
293ArgumentxxxxxxxxpredictiveMedium
294ArgumentxxxxxpredictiveLow
295ArgumentxxxxxxxxpredictiveMedium
296ArgumentxxxxxxxpredictiveLow
297ArgumentxxxxxxpredictiveLow
298ArgumentxxxxxpredictiveLow
299Argumentxxxxxx/xxxxxpredictiveMedium
300ArgumentxxxxxxpredictiveLow
301Argumentxxxxxxx_xxxxxpredictiveHigh
302ArgumentxxxxxxxpredictiveLow
303Argumentxxxxxxx_xxxxpredictiveMedium
304ArgumentxxxxxxxpredictiveLow
305ArgumentxxxxxxxxxpredictiveMedium
306Argumentxxxx/xxxxxx/xxxxxxx/xxxxxxxxxxpredictiveHigh
307ArgumentxxxpredictiveLow
308Argumentxxxxxxx[]predictiveMedium
309ArgumentxxxxxxxxxxxxpredictiveMedium
310ArgumentxxxpredictiveLow
311Argumentxx_xxxxpredictiveLow
312ArgumentxxxxxxxxpredictiveMedium
313ArgumentxxxxxxxxxxxpredictiveMedium
314ArgumentxxxpredictiveLow
315ArgumentxxxxpredictiveLow
316ArgumentxxxxxxxxpredictiveMedium
317Argumentxxxxxxxx/xxxxpredictiveHigh
318ArgumentxxxxpredictiveLow
319ArgumentxxxxpredictiveLow
320ArgumentxxxxpredictiveLow
321ArgumentxxxxxpredictiveLow
322ArgumentxxxpredictiveLow
323ArgumentxxpredictiveLow
324Input Value.%xx.../.%xx.../predictiveHigh
325Input Value../predictiveLow
326Input Value../..predictiveLow
327Input Value/xx *predictiveLow
328Input Valuex\"><xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
329Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx);</xxxxxx>predictiveHigh
330Input Valuex' xxxxx xxxxx(x) xxx 'xxxx'='xxxxpredictiveHigh
331Input Valuexxxxxxxx.+xxxpredictiveHigh
332Input Value…/.predictiveLow
333Network Portxxx xxxxxx xxxxpredictiveHigh

References (47)

The following list contains external sources which discuss the actor and the associated activities:

Samples (2)

The following list contains associated samples:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!