BackdoorDiplomacy Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en692
zh180
de30
es20
ja20

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us350
cn298
de18
es16
ru14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

BackdoorDiplomacy9
Cobalt Strike4
Nanocore RAT1
RedLine Stealer1
QakBot1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined382
Router Operating System44
Content Management System42
Operating System40
WordPress Plugin38

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined302
Microsoft46
Google32
Qualcomm28
Cisco20

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Qualcomm Snapdragon Auto28
Qualcomm Snapdragon Industrial IOT28
Microsoft Windows26
Qualcomm Snapdragon Compute26
Qualcomm Snapdragon Consumer IOT26

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010758.55CVE-2006-6168
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.75CVE-2010-0966
3Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.79
4ALPACA improper authentication5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001100.08CVE-2021-3618
5nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.90CVE-2020-12440
6SolarWinds Network Performance Monitor deserialization9.89.8$0-$5k$0-$5kNot DefinedOfficial Fix0.691840.00CVE-2021-31474
7Huawei ACXXXX/SXXXX SSH Packet input validation7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002460.07CVE-2014-8572
8MantisBT cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.004820.05CVE-2014-9571
9Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.22CVE-2020-15906
10MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.63CVE-2007-0354
11jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
12Apple Mac OS X Server Wiki Server cross site scripting4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.002630.04CVE-2009-2814
13AMI Megarac API password recovery7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001870.04CVE-2022-26872
14Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.36
15vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001060.05CVE-2018-6200
16Phpsugar PHP Melody page_manager.php cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2017-15648
17TP-Link TL-WR902AC dm_fillObjByStr stack-based overflow6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.001720.01CVE-2022-25074
18Netgear WN604/WN802Tv2/WNAP210/WNAP320/WNDAP350/WNDAP360 boardDataWW.php command injection9.89.8$5k-$25k$0-$5kHighNot Defined0.973730.08CVE-2016-1555
19TRENDnet TV-IP110WN/TV-IP121WN network.cgi memory corruption8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002600.02CVE-2018-19240
20Hex-Rays SA IDA .NET Processor Module Remote Code Execution5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.00

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Middle East

IOC - Indicator of Compromise (26)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
123.83.224.17823.83.224.178.16clouds.comBackdoorDiplomacy06/11/2021verifiedHigh
223.106.140.20723.106.140.207.16clouds.comBackdoorDiplomacy06/11/2021verifiedHigh
323.228.203.130unassigned.psychz.netBackdoorDiplomacy06/11/2021verifiedHigh
423.247.47.252BackdoorDiplomacy06/11/2021verifiedHigh
543.225.126.179BackdoorDiplomacy06/11/2021verifiedHigh
643.251.105.139BackdoorDiplomacy06/11/2021verifiedHigh
7XX.XXX.XXX.XXXXxxxxxxxxxxxxxxxx06/11/2021verifiedHigh
8XX.XXX.XXX.XXXXxxxxxxxxxxxxxxxx06/11/2021verifiedHigh
9XX.XX.XXX.XXxx.xx.xxx.xx.xxxxx.xxxXxxxxxxxxxxxxxxxx06/11/2021verifiedMedium
10XX.XX.XXX.XXxx.xx.xxx.xx.xxxxx.xxxXxxxxxxxxxxxxxxxx06/11/2021verifiedMedium
11XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxxXxxxxx Xxxx12/17/2022verifiedHigh
12XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxx.xxxXxxxxxxxxxxxxxxxx06/11/2021verifiedMedium
13XX.XXX.XXX.XXxx.xxx.xxx.xx.xxxxx.xxxXxxxxxxxxxxxxxxxx06/11/2021verifiedMedium
14XXX.XXX.XX.XXXXxxxxxxxxxxxxxxxxXxxxxx Xxxx12/17/2022verifiedHigh
15XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxxXxxxxx Xxxx12/17/2022verifiedHigh
16XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxxXxxxxx Xxxx12/17/2022verifiedHigh
17XXX.XX.XXX.XXXxxxxxxxxxxxxxxxx06/11/2021verifiedHigh
18XXX.XX.XXX.XXXxxxxxxxxxxxxxxxxXxxxxx Xxxx12/17/2022verifiedHigh
19XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxxx06/11/2021verifiedHigh
20XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxxx06/11/2021verifiedHigh
21XXX.XX.XXX.XXXxxxxxxxxxxxxxxxxXxxxxx Xxxx12/17/2022verifiedHigh
22XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxxXxxxxx Xxxx12/17/2022verifiedHigh
23XXX.XXX.X.XXxxx.xxx.x.xx.xxxxx.xxxXxxxxxxxxxxxxxxxx06/11/2021verifiedMedium
24XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxxXxxxxx Xxxx12/17/2022verifiedHigh
25XXX.XXX.X.XXxxxxxxxxxxxxxx.xxxxxxx.xxXxxxxxxxxxxxxxxxx06/11/2021verifiedHigh
26XXX.XX.XX.XXxxx.xx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxxXxxxxx Xxxx12/17/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (26)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23, CWE-24, CWE-425Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6T1068CAPEC-104CWE-250, CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-1CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-492CWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
14TXXXXCAPEC-108CWE-XX, CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-466CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-154CWE-XXXXxxxxxxxxxxxpredictiveHigh
20TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
21TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
22TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
23TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
24TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
25TXXXX.XXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
26TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (390)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/act/ActDao.xmlpredictiveHigh
3File/administrator/components/table_manager/predictiveHigh
4File/ajax.php?action=read_msgpredictiveHigh
5File/ajax/networking/get_netcfg.phppredictiveHigh
6File/api/clusters/local/topics/{topic}/messagespredictiveHigh
7File/api/gen/clients/{language}predictiveHigh
8File/API/infopredictiveMedium
9File/app/options.pypredictiveHigh
10File/bin/httpdpredictiveMedium
11File/cgi-bin/wapopenpredictiveHigh
12File/ci_spms/admin/categorypredictiveHigh
13File/ci_spms/admin/search/searching/predictiveHigh
14File/classes/Master.php?f=delete_appointmentpredictiveHigh
15File/classes/Master.php?f=delete_trainpredictiveHigh
16File/concat?/%2557EB-INF/web.xmlpredictiveHigh
17File/Content/Template/root/reverse-shell.aspxpredictiveHigh
18File/ctcprotocol/ProtocolpredictiveHigh
19File/dashboard/menu-list.phppredictiveHigh
20File/data/removepredictiveMedium
21File/debug/pprofpredictiveMedium
22File/ebics-server/ebics.aspxpredictiveHigh
23File/ffos/classes/Master.php?f=save_categorypredictiveHigh
24File/filemanager/upload/droppredictiveHigh
25File/forum/away.phppredictiveHigh
26File/goform/net\_Web\_get_valuepredictiveHigh
27File/goforms/rlminfopredictiveHigh
28File/GponForm/usb_restore_Form?script/predictiveHigh
29File/group1/uploapredictiveHigh
30File/hedwig.cgipredictiveMedium
31File/HNAP1predictiveLow
32File/HNAP1/SetClientInfopredictiveHigh
33File/index.php/newsletter/subscriber/new/predictiveHigh
34File/Items/*/RemoteImages/DownloadpredictiveHigh
35File/manage/IPSetup.phppredictiveHigh
36File/menu.htmlpredictiveMedium
37File/mkshop/Men/profile.phppredictiveHigh
38File/modules/profile/index.phppredictiveHigh
39File/nagiosxi/admin/banner_message-ajaxhelper.phppredictiveHigh
40File/navigate/navigate_download.phppredictiveHigh
41File/novel/bookSetting/listpredictiveHigh
42File/ocwbs/admin/?page=user/manage_userpredictiveHigh
43File/ofrs/admin/?page=user/manage_userpredictiveHigh
44File/out.phppredictiveMedium
45File/password.htmlpredictiveHigh
46File/xxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
47File/xxx_xxxxxx/xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
48File/xxxxxxpredictiveLow
49File/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxx/predictiveHigh
50File/xxx/xxxxxx/xxxxxxxxpredictiveHigh
51File/xxxxxxxx-xxxx/xxxxxxxx_xxxx.xxxpredictiveHigh
52File/xxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
53File/xxxxxxxxx//../predictiveHigh
54File/xxxx/xxx/x/xxxxxxpredictiveHigh
55File/xxxxxxx/xxxx_xxxxxxpredictiveHigh
56File/xxxxxx/xxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
57File/xxxx.xxxpredictiveMedium
58File/xxxxxxxx-xxxx/xxx/xxxxx/xxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
59File/xxx/xxxx/xxxxxxxxxxxxxxpredictiveHigh
60File/xxxpredictiveLow
61File/xxxxxxx/predictiveMedium
62File/xxxxxxxx_xxxxx/?x=xxxx_xxxxxxxpredictiveHigh
63File/xxxx/?xxxx=xx_xxxxxxxxpredictiveHigh
64File/xxxx/xxxxx/?xxxx=xxxxpredictiveHigh
65File/xx-xxxxpredictiveMedium
66Filex.xxx.xxx\xxxx\xxxxxxxx.xxxpredictiveHigh
67Filexxx.xxxpredictiveLow
68Filexxxxxxx.xxxpredictiveMedium
69Filexxxxx/?xxxx=xxxxxxxpredictiveHigh
70Filexxxxx/xxx.xxxpredictiveHigh
71Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
72Filexxxxx/xx_xxxxxxxx.xxxpredictiveHigh
73Filexxxxx/xxxx-xxxxx.xxxpredictiveHigh
74Filexxxxx/xxxxx.xxxpredictiveHigh
75Filexxxxx/xxxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
76Filexxxxx/xxxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
77Filexxxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
78Filexxxxx/xxxxxxxx.xxxxpredictiveHigh
79Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
80Filexxxx_xxxxxxx.xxxpredictiveHigh
81Filexxx/xxx/xxxxxpredictiveHigh
82Filexxx/xxxxxxxxxxx/xxxx/xxxxxxxx_xxxxxxxxxx.xxpredictiveHigh
83Filexxxxxx/xxxxxxxxx.xxpredictiveHigh
84Filexxxxxxxxxxxxxx.xxxpredictiveHigh
85Filexxxx.xxx_xxxxx_xxxx_xxxx-xxxx.xxxpredictiveHigh
86Filexxxx/xxxxxpredictiveMedium
87Filexxxxxxx.xxpredictiveMedium
88Filexxxxxx.xxxxpredictiveMedium
89Filexxxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxxpredictiveHigh
90Filexxx_xxxxxxxxx.xxxpredictiveHigh
91Filexxxxxxxxx.xxxpredictiveHigh
92Filexx_xxxx.xxxpredictiveMedium
93Filexxxxxxxxxx_xxxxx.xxxpredictiveHigh
94Filexxx.xxxxpredictiveMedium
95Filexxxxx.xxxpredictiveMedium
96Filexx.xxxxxx.xxxx.xxxx.xxxxxxx.xxxxpredictiveHigh
97Filexxxxxx/xxx.xpredictiveMedium
98Filexxxx_xxxxxxxx/xx.xxxpredictiveHigh
99Filexxxx_xxxx.xxxpredictiveHigh
100Filexxxxxxxxxxx.xpredictiveHigh
101Filexxxxxxx.xxxxxxxx.xxxpredictiveHigh
102Filexxxx.xxpredictiveLow
103Filex_xxxxxxpredictiveMedium
104Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
105Filexx.xxxpredictiveLow
106Filexxxxxxx.xxxxx.xxxpredictiveHigh
107Filexxxxxxxxxxxx.xxxpredictiveHigh
108Filexxxx_xxxx.xxxpredictiveHigh
109Filexxxxxxxx_xxxxx_xxxxxxxxx.xxxpredictiveHigh
110Filexxxx-xxxxxxx.xxxpredictiveHigh
111Filexxxxxxxx.xxxpredictiveMedium
112Filexxxxx.xxxpredictiveMedium
113Filexxxxxxx.xxxpredictiveMedium
114Filexxxx-xxxxx.xpredictiveMedium
115Filexxxx.xpredictiveLow
116Filexxxx.xxxpredictiveMedium
117Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
118Filexxxxxx_xxxxxxx.xxxpredictiveHigh
119Filexxxxxxxx.xxxxpredictiveHigh
120Filexx_xxxx.xxxpredictiveMedium
121Filexxxxxxxxx.xxx.xxxpredictiveHigh
122Filexxxxxxxxxx.xxxpredictiveHigh
123Filexxxxx.xxxpredictiveMedium
124Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
125Filexxxx.xxxpredictiveMedium
126Filexxxxxxxx/xxxx_xxxxpredictiveHigh
127Filexxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
128Filexxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
129Filexxxxx/xxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
130Filexxxx.xxxpredictiveMedium
131Filexxxx-xxxx.xxpredictiveMedium
132Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
133Filexxxx.xxpredictiveLow
134Filexxxxxxxxxxxxxx.xxxpredictiveHigh
135Filexxx/xxxxxx.xxxpredictiveHigh
136Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
137Filexxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
138Filexxxxx.xxxxpredictiveMedium
139Filexxxxx.xxpredictiveMedium
140Filexxxxx.xxxpredictiveMedium
141Filexxxxx_xxxxxx_xxxxxxxxxx.xxxpredictiveHigh
142Filexxxxxxx.xpredictiveMedium
143Filexxxxxxxx/xx/xxxx_xxxxxx.xxpredictiveHigh
144Filexxxxx.xxxpredictiveMedium
145Filexxx.xpredictiveLow
146Filexxxx.xxxpredictiveMedium
147Filexxxx_xxxx.xxxpredictiveHigh
148Filexxx_xxxxxx_xxxxxx.xxpredictiveHigh
149Filexxxx.xpredictiveLow
150Filexxxxxxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
151Filexxxxxx/xxxxxx/xxxxxx-xx.xpredictiveHigh
152Filexxxxxxxxxxxx/xxxxxx_xxxxx.xxpredictiveHigh
153Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
154Filexxxx/xxxxxxxx/xxxxxx_xxxxxxxx.xpredictiveHigh
155Filexxxxxxxxxxxx_xxx.xxpredictiveHigh
156Filexxxxx.xxxpredictiveMedium
157Filexxxxx.xxxpredictiveMedium
158Filexxxxx/predictiveLow
159Filexxxxx_xxxpredictiveMedium
160Filexxxxx/xxxxxxxx/xxxxxxxx.xxpredictiveHigh
161Filexxxxxxx.xxxpredictiveMedium
162Filexxx_xxxxxx.xpredictiveMedium
163Filexxx_xxxxx.xpredictiveMedium
164Filexxxxxx/xxxxxx.xxxpredictiveHigh
165Filexxxxxxxx.xxpredictiveMedium
166Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
167Filexx-xxxxxxx.xxxpredictiveHigh
168Filexxx_xx/xxx_xx_xxxxxx.xpredictiveHigh
169Filexxxxxxx.xxxpredictiveMedium
170Filexxxx.xxxpredictiveMedium
171Filexxxx_xxxx.xxxpredictiveHigh
172Filexxxxxxxxx.xxxpredictiveHigh
173Filexxxxxx.xxxpredictiveMedium
174Filexxxxx.xxxx_xxxx.xxxpredictiveHigh
175Filexxxx_xxxxxxx.xxxpredictiveHigh
176Filexxx_xxxxxx.xxpredictiveHigh
177Filexxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
178Filexxxxxxxxx.xxx.xxxpredictiveHigh
179Filexxx/xxxxxx_xxxx.xxxpredictiveHigh
180Filexxxxx/xxxxxxxx/xxx/xxx_xxxxx.xxxpredictiveHigh
181Filexxxxxxxx.xxxpredictiveMedium
182Filexxxxxxxxx.xxxpredictiveHigh
183Filexxxxxxx/xxx/xxxxxxx/xxxxxx/xxxx-xxxxxxxxxx/<xxxxxx>/xx.xxxpredictiveHigh
184Filexxxx.xxxpredictiveMedium
185Filexxxxxxx.xxxpredictiveMedium
186Filexxxxxxxx.xxxpredictiveMedium
187Filexxxxxxxxxxxxxx.xxxpredictiveHigh
188Filexxxxx-xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
189Filexxxx.xxxpredictiveMedium
190Filexxxxx.xxxpredictiveMedium
191Filexxxxxxxxxx.xxxpredictiveHigh
192Filexxxxxxxx.xxxpredictiveMedium
193Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
194Filexxxxxx.xpredictiveMedium
195Filexxxxxxx.xpredictiveMedium
196Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
197Filexxxxxx/xxxxxxxx.xxxpredictiveHigh
198Filexxxxxx_xxx_xxxxxx.xxxpredictiveHigh
199Filexxxx.xxxpredictiveMedium
200Filexxxx.xxxpredictiveMedium
201Filexxxx/xxxxx.xxxpredictiveHigh
202Filexxxx/xxxx.xxxpredictiveHigh
203Filexxxx_xxxx.xxxpredictiveHigh
204Filexxxxxxx.xxxpredictiveMedium
205Filexxx/xxxxxxx/xxx_xxxx.xpredictiveHigh
206Filexx_xxxx/xxxx_xxxx.xpredictiveHigh
207Filexx_xxxx/xxxxxxxxxxxxxxxx.xpredictiveHigh
208Filexxx_xxxxx.xpredictiveMedium
209Filexxxxxxx.xxxpredictiveMedium
210Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
211Filexxxxxxxx.xxxpredictiveMedium
212Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
213Filexxxxxxx.xxxpredictiveMedium
214Filexxxx/xxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
215Filexxxx-xxxxx.xxxpredictiveHigh
216Filexxxx-xxxxxxxx.xxxpredictiveHigh
217Filexxxxx/xxxx_xxxxx.xpredictiveHigh
218Filexxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
219FilexxxxxxxxxpredictiveMedium
220Filexxxxxxx_xxxxx.xxxpredictiveHigh
221Filexxxx.xxxxpredictiveMedium
222Filexxxxxxxxx.xxxpredictiveHigh
223Filexxxxx.xxxpredictiveMedium
224Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
225Filexxxx\xxxxxxxxxx\xxxxxxx_xxxxxxxxx.xxxpredictiveHigh
226Filexxxxx.xpredictiveLow
227Filexxxx-xxxxx-xxxxxxx.xxxpredictiveHigh
228Filexxxxx.xxxpredictiveMedium
229Filexx/xxxxx/xxxxxxxx/xxxxxxxxxx-xxxx?xxxxxxxxx_xxxxxxxxx_xxxxxx[][xxxxxxxx]predictiveHigh
230Filexxx/xxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
231Filexxxxxxx-xxxx.xxxpredictiveHigh
232Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
233Filexxxxxx.xxxpredictiveMedium
234Filexxxxxx.xxxxpredictiveMedium
235File\xxxxx\xxxxxxxxxx\xxxxxxxx.xxxpredictiveHigh
236File~/xxxxx/xxxxx-xxxxxxx-xxxxx-xxxxx.xxxpredictiveHigh
237File~/xxxxxx/xxxx/xxxxxxxx-xxxx.xxxpredictiveHigh
238File~/xxxxxxxx-xxxxxxxx.xxxpredictiveHigh
239File~/xxxxxxxx/xxxxx/xxxxx-xx-xxxxxx-xxxxx-xxxx-xxxx.xxxpredictiveHigh
240File~/xxxxxx-xxxxx-xxxxxxx.xxxpredictiveHigh
241Libraryxxxxxx.xxxpredictiveMedium
242Libraryxxxx/xxx/xxxxxx.xxxpredictiveHigh
243Libraryxxxxx.xxxpredictiveMedium
244Libraryxxx/xxxxxxx.xxpredictiveHigh
245Libraryxxxxxxx/xxxxxxxx.xxxpredictiveHigh
246Libraryxxx/xxx/xxx/xxxxxx/xxxxx/xxxxxxxxx.xxxxx.xxxpredictiveHigh
247Argument$_xxxxxx['xxx_xxxx']predictiveHigh
248Argument?xxxxxxpredictiveLow
249Argumentxx_xxxxx_xxx_xxxxpredictiveHigh
250ArgumentxxxxxpredictiveLow
251Argumentxxxxx_xxxxxxxxpredictiveHigh
252ArgumentxxxpredictiveLow
253Argumentxxxx(xxxx_xxxx)predictiveHigh
254ArgumentxxxxxpredictiveLow
255Argumentxxx_xxxxx_xxxxpredictiveHigh
256ArgumentxxxxxxxxpredictiveMedium
257Argumentxxxxxxx_xxpredictiveMedium
258Argumentxxxxxxxxxx_xxxxpredictiveHigh
259ArgumentxxxpredictiveLow
260ArgumentxxxxxxxxxxpredictiveMedium
261Argumentxxxx_xxpredictiveLow
262ArgumentxxxxxxpredictiveLow
263ArgumentxxxxxxxpredictiveLow
264Argumentxxxxxxx-xxxxxxpredictiveHigh
265Argumentxxxxxxx-xxxxxxxx-xxxxxxpredictiveHigh
266Argumentxxxxx_xxpredictiveMedium
267Argumentxxxx_xxxxxpredictiveMedium
268Argumentxxxxx$xxxxxxxxxxxxxx$xxxxxxxxxxxpredictiveHigh
269ArgumentxxxxpredictiveLow
270Argumentxxxx_xxxxpredictiveMedium
271ArgumentxxxxxxxxxxxpredictiveMedium
272ArgumentxxxxpredictiveLow
273Argumentxxxx_xxxxxx=xxxxpredictiveHigh
274ArgumentxxxxxpredictiveLow
275ArgumentxxxxxxpredictiveLow
276ArgumentxxxxpredictiveLow
277ArgumentxxxxxxxxxxpredictiveMedium
278ArgumentxxxxxxxxpredictiveMedium
279ArgumentxxxxxxxxpredictiveMedium
280ArgumentxxxxxxxxxxxxxxxpredictiveHigh
281ArgumentxxxxxpredictiveLow
282Argumentxxxxx xxxx/xxxx xxxxpredictiveHigh
283ArgumentxxxxpredictiveLow
284Argumentxxxxxxxx_xxxxxxxpredictiveHigh
285ArgumentxxxxpredictiveLow
286ArgumentxxxxxxxxxxxxxxpredictiveHigh
287ArgumentxxpredictiveLow
288ArgumentxxpredictiveLow
289Argumentxx/xxxxxpredictiveMedium
290Argumentxx_xxxxxxxxpredictiveMedium
291ArgumentxxxxxpredictiveLow
292ArgumentxxxxxxxxpredictiveMedium
293ArgumentxxxxxxpredictiveLow
294ArgumentxxxxpredictiveLow
295Argumentxxxx/xxx_xxxxxxxxxpredictiveHigh
296Argumentxxxxxxxx_xxxpredictiveMedium
297ArgumentxxxxpredictiveLow
298ArgumentxxxxxxxxxxpredictiveMedium
299ArgumentxxxxxxxxpredictiveMedium
300ArgumentxxxpredictiveLow
301ArgumentxxxxxxxpredictiveLow
302ArgumentxxxpredictiveLow
303ArgumentxxxxpredictiveLow
304Argumentxxxx/xxxxxxxxxxxpredictiveHigh
305Argumentxxxxxxx/xxxxxxxpredictiveHigh
306ArgumentxxxxxxxxpredictiveMedium
307Argumentxx_xxpredictiveLow
308Argumentxxxxxx xxxxxxpredictiveHigh
309ArgumentxxxxxxxxxxxpredictiveMedium
310Argumentxxxxx_xxpredictiveMedium
311ArgumentxxxxxxxxxxpredictiveMedium
312ArgumentxxxxpredictiveLow
313ArgumentxxxxxxpredictiveLow
314ArgumentxxxxxxpredictiveLow
315Argumentxxxxxxxx/xxxxxxpredictiveHigh
316Argumentxxxx_xxxxpredictiveMedium
317Argumentxxxx_xxxxxpredictiveMedium
318ArgumentxxxpredictiveLow
319ArgumentxxxxxxpredictiveLow
320ArgumentxxxxxxxxpredictiveMedium
321ArgumentxxxxpredictiveLow
322ArgumentxxxxxxxxpredictiveMedium
323ArgumentxxxxxxxxxpredictiveMedium
324ArgumentxxxxxxxpredictiveLow
325Argumentxxx_xxxxxx_xxxxpredictiveHigh
326ArgumentxxxxxxxxpredictiveMedium
327Argumentxx_xxxx_xxxxxx/xx_xxxxx_xxxxxpredictiveHigh
328Argumentxxxxxxx xxxxxpredictiveHigh
329ArgumentxxxxxpredictiveLow
330ArgumentxxxxxxpredictiveLow
331Argumentxxxxx-xxxxxxxxxxxxxpredictiveHigh
332Argumentxxxxx_xxxxxxpredictiveMedium
333Argumentxxxxxxxx_xxpredictiveMedium
334ArgumentxxxxxxxpredictiveLow
335ArgumentxxxxxxxxxxpredictiveMedium
336ArgumentxxxxxxxxxxxxxxpredictiveHigh
337ArgumentxxxxxxxxxxpredictiveMedium
338ArgumentxxxxxxpredictiveLow
339ArgumentxxxxxxxxxxxxxxxpredictiveHigh
340Argumentxxxxxx/xxxxxx/xxxpredictiveHigh
341ArgumentxxxxxxpredictiveLow
342ArgumentxxxxpredictiveLow
343Argumentxxxxxx_xxxxxxpredictiveHigh
344ArgumentxxxxxxxxxxpredictiveMedium
345ArgumentxxxxxxxpredictiveLow
346Argumentxxxxxxxx[xxxx xxxxxxx][xxxxxxxxxxxxxxxxxx]predictiveHigh
347ArgumentxxxxxxxxxxxpredictiveMedium
348Argumentxxxx_xxxxxpredictiveMedium
349Argumentxxxx_xxxpredictiveMedium
350ArgumentxxxxpredictiveLow
351ArgumentxxxxxxxpredictiveLow
352ArgumentxxxxxxxxpredictiveMedium
353ArgumentxxxxxxpredictiveLow
354ArgumentxxxxxxxxxpredictiveMedium
355ArgumentxxxpredictiveLow
356ArgumentxxxpredictiveLow
357ArgumentxxxpredictiveLow
358ArgumentxxxxxpredictiveLow
359Argumentxxxxxx/xxxxxxxx/xxxx/xxxpredictiveHigh
360Argumentxxxx_xx[]predictiveMedium
361ArgumentxxxpredictiveLow
362ArgumentxxxpredictiveLow
363ArgumentxxxxpredictiveLow
364Argumentxxxx-xxxxxpredictiveMedium
365ArgumentxxxxxxpredictiveLow
366ArgumentxxxxxxxxpredictiveMedium
367ArgumentxxxxxxxxxxxxpredictiveMedium
368ArgumentxxxpredictiveLow
369Argumentxxxxxxx_xxxxpredictiveMedium
370ArgumentxxxxxxxxpredictiveMedium
371Argumentx-xxxxxxxxx-xxxpredictiveHigh
372Argumentx-xxxxxxxxx-xxxxxxpredictiveHigh
373Argument_xxxx[_xxx_xxxx_xxxxpredictiveHigh
374Argument__xxxxxxxxxxxxxpredictiveHigh
375Argument__xxxxxxxxxpredictiveMedium
376Input Value"><xxxxxx>xxxxx("xxx")</xxxxxx>predictiveHigh
377Input Value'"><xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveHigh
378Input Value../predictiveLow
379Input Value../..predictiveLow
380Input Value../../../../xxxxxx/xxxxxx/xxxxxx/xxxxxx.xxxxxx-x.xxxpredictiveHigh
381Input Value../../../../xxxxx_xxxxx.xxxpredictiveHigh
382Input Valuexxx' xxx xxxxx(x) xxx 'xxxx'='xxxxpredictiveHigh
383Input Value<xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveHigh
384Input Valuexxxxx%'/**/xxx/**/(xxxxxx/**/xxxx/**/xxxx/**/(xxxxxx(xxxxx(x)))xxxx)/**/xxx/**/'xxxx%'='xxxxpredictiveHigh
385Input Valuex=xpredictiveLow
386Pattern|xx xx xx|predictiveMedium
387Network PortxxxxxpredictiveLow
388Network Portxxx/xxxxpredictiveMedium
389Network Portxxx/xxxxxpredictiveMedium
390Network Portxxx/xxx (xxx)predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!