Avos Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (66)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en54
fr10
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

fr10
ru6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

AvosLocker1
Tofsee1
Amadey1
RedLine Stealer1
RedLine1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined22
Enterprise Resource Planning Software2
Operating System2
Router Operating System2
Customer Relationship Management System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined12
HP4
Sapplica2
GESIO2
Microsoft2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

HP SAN4
HP iQ4
Sapplica Sentrifugo2
GESIO ERP2
Microsoft Windows2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1HP SAN/iQ hydra.exe credentials management4.33.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.002830.00CVE-2012-4362
2Hydra HTTP Header read.c process_header_end null pointer dereference6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.001170.02CVE-2019-17502
3IW Guestbook badwords_edit.asp sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
4Hydra authentication replay5.65.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000990.00CVE-2020-5300
5OmniSecure AddUrlShield index.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.02
6ORY Hydra error Reflected cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000970.00CVE-2019-8400
7PHPGurukul Hospital Management System dashboard.php access control5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.006610.02CVE-2020-35745
8HP SAN/iQ Login hydra.exe memory corruption10.09.5$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.466430.00CVE-2011-4157
9HP LeftHand Virtual SAN Appliance hydra memory corruption10.09.5$25k-$100k$0-$5kHighOfficial Fix0.784010.00CVE-2013-2343
10Coinsoft Technologies phpCOIN db.php file inclusion7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.076060.00CVE-2005-4211
11Coinsoft Technologies phpCOIN db.php path traversal5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.038770.02CVE-2005-4212
12Ilohamail cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.06
13Small CRM cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000520.00CVE-2023-44075
14Intern Record System controller.php cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2022-40348
15Sitekit CMS registration-form.html cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
16Microsoft Windows Backup Service Privilege Escalation7.77.1$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.003810.04CVE-2023-21752
17SunHater KCFinder upload.php cross site scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.001310.09CVE-2019-14315
18Canto Cumulus login server-side request forgery8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.002830.00CVE-2022-40305
19IW Guestbook messages_edit.asp sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
20CKEditor Clipboard Package code injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001630.03CVE-2021-32809

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.136.230.191Avos07/29/2022verifiedHigh
2XXX.XXX.XXX.XXXXxxx07/29/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3TXXXXCAPEC-242CWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cwc/loginpredictiveMedium
2File/intern/controller.phppredictiveHigh
3File/iwguestbook/admin/badwords_edit.asppredictiveHigh
4File/iwguestbook/admin/messages_edit.asppredictiveHigh
5Filexxxxx/xxxxxxxxx.xxxpredictiveHigh
6Filexxxxx.xxxpredictiveMedium
7Filexxxx_xxxxxxxx/xx.xxxpredictiveHigh
8Filexxxxx.xxxpredictiveMedium
9Filexxxxx.xxxpredictiveMedium
10Filexxxxx.xxx/xxxxxxxxxxxxx/xxxpredictiveHigh
11Filexxxxxx/xxxxxxxxx/xxxxxpredictiveHigh
12Filexxxx.xpredictiveLow
13Filexxxxxxxxxxxx-xxxx.xxxxpredictiveHigh
14Filexxxxxx.xxxpredictiveMedium
15Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
16ArgumentxxxxxxxpredictiveLow
17ArgumentxxxxxxpredictiveLow
18ArgumentxxxxxxxxxxxxxxxpredictiveHigh
19ArgumentxxxxxxxxxpredictiveMedium
20Argumentxxxxxxx-xxxxxxpredictiveHigh
21Argumentxxxxx_xxxxpredictiveMedium
22Argumentxxxxxx$xxxxxpredictiveMedium
23ArgumentxxpredictiveLow
24ArgumentxxxxxpredictiveLow
25Argumentxxxx/xxxxxpredictiveMedium
26Argumentxxxx_xxpredictiveLow
27ArgumentxxxxxxpredictiveLow
28Argument_xxxx[_xxx_xxxx_xxxxpredictiveHigh
29Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!