Baldr Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en858
zh40
de22
ru14
ar14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

nl992
us6
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

RedLine Stealer7
Domestic Kitten3
Mylobot2
Ursnif2
Charming Kitten2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined230
Operating System146
Firewall Software42
Content Management System40
Web Server30

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined222
Microsoft154
Cisco40
Apache28
F528

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows110
Linux Kernel28
F5 BIG-IP18
Apache HTTP Server16
Microsoft Exchange Server14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.65CVE-2020-12440
2Huawei ACXXXX/SXXXX SSH Packet input validation7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002460.07CVE-2014-8572
3Microsoft Windows WPAD access control8.07.9$25k-$100k$0-$5kHighOfficial Fix0.909620.03CVE-2016-3213
4Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.067840.00CVE-2021-34530
5Microsoft Windows Event Tracing Privilege Escalation7.36.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.05CVE-2021-34487
6Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.07CVE-2017-0055
7Cisco Secure Email and Web Manager Web-based Management Interface improper authentication9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.003370.02CVE-2022-20798
8nginx Log File link following7.87.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000920.05CVE-2016-1247
9Apache HTTP Server mod_rewrite redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.002580.05CVE-2020-1927
10Microsoft .NET Core/Visual Studio denial of service6.45.5$5k-$25k$0-$5kUnprovenOfficial Fix0.001920.09CVE-2021-26423
11Microsoft Windows TCP/IP Stack Privilege Escalation9.98.6$100k and more$5k-$25kUnprovenOfficial Fix0.021830.04CVE-2021-26424
12Microsoft Windows Event Tracing Privilege Escalation8.37.3$100k and more$5k-$25kUnprovenOfficial Fix0.004880.00CVE-2021-26425
13Microsoft Windows Bluetooth Driver Privilege Escalation8.37.3$100k and more$5k-$25kUnprovenOfficial Fix0.000430.00CVE-2021-34537
14Microsoft Dynamics 365 Privilege Escalation8.57.4$25k-$100k$0-$5kUnprovenOfficial Fix0.007360.00CVE-2021-34524
15Microsoft Windows Storage Spaces Controller Local Privilege Escalation7.86.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.04CVE-2021-34536
16Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.067840.03CVE-2021-34533
17Microsoft Windows Services for NFS ONCRPC XDR Driver information disclosure6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.011030.03CVE-2021-36926
18Microsoft ASP.NET Core/Visual Studio information disclosure4.94.3$5k-$25k$0-$5kUnprovenOfficial Fix0.000430.00CVE-2021-34532
19Microsoft Windows Services for NFS ONCRPC XDR Driver information disclosure6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.011030.00CVE-2021-36933
20Microsoft Windows Remote Desktop Client Remote Code Execution8.87.9$100k and more$5k-$25kProof-of-ConceptOfficial Fix0.064170.02CVE-2021-34535

IOC - Indicator of Compromise (129)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
11.23.82.72Baldr08/19/2019verifiedHigh
22.2.82.64Baldr08/19/2019verifiedHigh
32.12.51.56arennes-655-1-148-56.w2-12.abo.wanadoo.frBaldr08/19/2019verifiedHigh
43.95.29.25ec2-3-95-29-25.compute-1.amazonaws.comBaldr08/19/2019verifiedMedium
54.96.46.65Baldr08/19/2019verifiedHigh
65.8.88.198Baldr05/31/2021verifiedHigh
75.45.73.87Baldr05/31/2021verifiedHigh
85.188.60.7Baldr05/31/2021verifiedHigh
95.188.60.18Baldr05/31/2021verifiedHigh
105.188.60.24Baldr05/31/2021verifiedHigh
115.188.60.30Baldr05/31/2021verifiedHigh
125.188.60.54Baldr05/31/2021verifiedHigh
135.188.60.68Baldr05/31/2021verifiedHigh
145.188.60.74Baldr05/31/2021verifiedHigh
155.188.60.101Baldr05/31/2021verifiedHigh
165.188.60.115Baldr05/31/2021verifiedHigh
175.188.60.206Baldr05/31/2021verifiedHigh
185.188.231.96Baldr05/31/2021verifiedHigh
195.188.231.210Baldr05/31/2021verifiedHigh
2018.207.217.146ec2-18-207-217-146.compute-1.amazonaws.comBaldr05/31/2021verifiedMedium
2118.221.49.166ec2-18-221-49-166.us-east-2.compute.amazonaws.comBaldr05/31/2021verifiedMedium
2219.2.45.3Baldr08/19/2019verifiedHigh
2321.15.46.55Baldr08/19/2019verifiedHigh
2423.19.58.101Baldr05/31/2021verifiedHigh
2523.95.95.6123-95-95-61-host.colocrossing.comBaldr05/31/2021verifiedHigh
2623.254.217.112hwsrv-930282.hostwindsdns.comBaldr05/31/2021verifiedHigh
27XX.XXX.XXX.XXXxxxxx.xxxxxxxxxxxxx.xxxXxxxx05/31/2021verifiedHigh
28XX.XX.XXX.XXxx-xx-xxx-xx.xxxxxx.xxxxxxx-xxx.xxxXxxxx05/31/2021verifiedHigh
29XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxx.xxxXxxxx05/31/2021verifiedMedium
30XX.XX.XX.XXXxxxxxxxxx.xxxXxxxx05/31/2021verifiedHigh
31XX.XXX.XX.XXXXxxxx05/31/2021verifiedHigh
32XX.XX.XX.XXXxxx.xxxx.xxXxxxx05/31/2021verifiedHigh
33XX.XXX.XXX.XXXx.xx.xxxxxx.xxxxxxxxx.xxXxxxx05/31/2021verifiedHigh
34XX.XX.XX.XXXXxxxx05/31/2021verifiedHigh
35XX.XX.XXX.XXXxxx-xxx-xx-xx-.xxxxxxx-xxxXxxxx05/31/2021verifiedHigh
36XX.XXX.XX.XXXxx.xxx.xx.xxx.xxxxxx.xxxxxxxxx.xxxXxxxx05/31/2021verifiedHigh
37XX.XXX.XX.XXXxx.xxx.xx.xxx.xxxxxx.xxxxxxxxx.xxxXxxxx05/31/2021verifiedHigh
38XX.XXX.XX.XXXxx.xxx.xx.xxx.xxxxxx.xxxxxxxxx.xxxXxxxx05/31/2021verifiedHigh
39XX.XXX.XX.XXxx.xxx.xx.xx.xxxxxx.xxxxxxxxx.xxxXxxxx05/31/2021verifiedHigh
40XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxx.xxxxxxxxx.xxxXxxxx05/31/2021verifiedHigh
41XX.XXX.XXX.XXxx.xxx.xxx.xx.xxxxxx.xxxxxxxxx.xxxXxxxx05/31/2021verifiedHigh
42XX.XX.XX.XXxxxx08/19/2019verifiedHigh
43XX.XX.XXX.XXxxxxxxxx.xxx.xxXxxxx05/31/2021verifiedHigh
44XX.XX.XX.XXXXxxxx05/31/2021verifiedHigh
45XX.XX.XX.XXXxxxx05/31/2021verifiedHigh
46XX.XXX.XXX.Xxxx-xxxx.xxXxxxx05/31/2021verifiedHigh
47XX.XXX.XXX.XXXXxxxx05/31/2021verifiedHigh
48XX.XXX.XXX.XXXxxxxxx.xxxxxx.xxxxxXxxxx05/31/2021verifiedHigh
49XX.XXX.XX.XXXxxxx05/31/2021verifiedHigh
50XX.XXX.XX.XXXxxxx05/31/2021verifiedHigh
51XX.XXX.XX.XXXXxxxx05/31/2021verifiedHigh
52XX.XX.XXX.XXXxxxxxxxxxx.xxxxxxxx.xxxx.xxxXxxxx05/31/2021verifiedHigh
53XX.XX.XXX.XXXxxxxxxx.xxXxxxx05/31/2021verifiedHigh
54XX.XX.XXX.XXXXxxxx05/31/2021verifiedHigh
55XX.XX.XXX.XXXXxxxx05/31/2021verifiedHigh
56XX.XX.XXX.XXXXxxxx05/31/2021verifiedHigh
57XX.XX.XXX.XXXXxxxx05/31/2021verifiedHigh
58XX.XX.XXX.XXXXxxxx05/31/2021verifiedHigh
59XX.XX.XXX.XXXXxxxx05/31/2021verifiedHigh
60XX.XX.XXX.XXXXxxxx05/31/2021verifiedHigh
61XX.XX.XXX.XXXXxxxx05/31/2021verifiedHigh
62XX.XX.XXX.XXXXxxxx05/31/2021verifiedHigh
63XX.XXX.XXX.XXXxxxxxxxx.xxxxxxxxxxx.xxXxxxx05/31/2021verifiedHigh
64XX.XX.X.XXxx.xx.x.xx.xxxxxxx-xxxxx.xx.xxxx.xxxxx.xxXxxxx05/31/2021verifiedHigh
65XX.XX.X.XXxx.xx.x.xx.xxxxxxx-xxxxx.xx.xxxx.xxxxx.xxXxxxx05/31/2021verifiedHigh
66XX.XX.X.XXxx.xx.x.xx.xxxxxxx-xxxxx.xx.xxxx.xxxxx.xxXxxxx05/31/2021verifiedHigh
67XX.XX.X.XXxx.xx.x.xx.xxxxxxx-xxxxx.xx.xxxx.xxxxx.xxXxxxx05/31/2021verifiedHigh
68XX.XX.X.XXxx.xx.x.xx.xxxxxxx-xxxxx.xx.xxxx.xxxxx.xxXxxxx05/31/2021verifiedHigh
69XX.XX.X.XXxx.xx.x.xx.xxxxxxx-xxxxx.xx.xxxx.xxxxx.xxXxxxx05/31/2021verifiedHigh
70XX.XX.X.XXxx.xx.x.xx.xxxxxxx-xxxxx.xx.xxxx.xxxxx.xxXxxxx05/31/2021verifiedHigh
71XX.XX.X.XXxx.xx.x.xx.xxxxxxx-xxxxx.xx.xxxx.xxxxx.xxXxxxx05/31/2021verifiedHigh
72XX.XX.X.XXxx.xx.x.xx.xxxxxxx-xxxxx.xx.xxxx.xxxxx.xxXxxxx05/31/2021verifiedHigh
73XX.XX.X.XXxx.xx.x.xx.xxxxxxx-xxxxx.xx.xxxx.xxxxx.xxXxxxx05/31/2021verifiedHigh
74XX.XX.X.XXxx.xx.x.xx.xxxxxxx-xxxxx.xx.xxxx.xxxxx.xxXxxxx05/31/2021verifiedHigh
75XXX.XXX.XXX.XXXXxxxx05/31/2021verifiedHigh
76XXX.XXX.XX.XXXxxxx.x.xxxxxxxxx.xxXxxxx05/31/2021verifiedHigh
77XXX.XXX.XXX.XXXXxxxx05/31/2021verifiedHigh
78XXX.XXX.XXX.XXXXxxxx05/31/2021verifiedHigh
79XXX.XXX.X.XXXXxxxx05/31/2021verifiedHigh
80XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxx.xxxxxxxxx.xxxXxxxx05/31/2021verifiedHigh
81XXX.XX.XX.XXXXxxxx05/31/2021verifiedHigh
82XXX.XXX.XXX.XXXXxxxx05/31/2021verifiedHigh
83XXX.XXX.XXX.XXXxxxx05/31/2021verifiedHigh
84XXX.XXX.XX.XXxxxxxxx.xxxx.xxxxxxx.xxxXxxxx05/31/2021verifiedHigh
85XXX.XXX.XX.XXxxxx.xxxxxxx.xxxXxxxx05/31/2021verifiedHigh
86XXX.XXX.XXX.XXxxxxxx.xxxXxxxx05/31/2021verifiedHigh
87XXX.XXX.XXX.XXxxxxxxxx.xxxXxxxx05/31/2021verifiedHigh
88XXX.XXX.XXX.XXxxxxxxxx.xxxxxxx.xxxx.xxXxxxx05/31/2021verifiedHigh
89XXX.XXX.XXX.XXxxxxxxxxxxxxxx.xxxx.xxXxxxx05/31/2021verifiedHigh
90XXX.XXX.XXX.XXxxxxxxxxxxx.xxXxxxx05/31/2021verifiedHigh
91XXX.XXX.XXX.XXxxxxxxxxxx.xxxx.xxXxxxx05/31/2021verifiedHigh
92XXX.XXX.XXX.XXXxxxxxxxxx.xxxx.xxxx.xxXxxxx05/31/2021verifiedHigh
93XXX.XXX.XXX.XXXxxxx.xxxx.xxXxxxx05/31/2021verifiedHigh
94XXX.XXX.XXX.XXxxxxx.xxxxxxxxx.xxxXxxxx05/31/2021verifiedHigh
95XXX.XXX.XXX.XXxxxxxxxxx.xxXxxxx05/31/2021verifiedHigh
96XXX.XXX.XXX.XXxxxxxx.xxxXxxxx05/31/2021verifiedHigh
97XXX.XXX.XXX.XXxxxxxx.xxxxxxxxx.xxxXxxxx05/31/2021verifiedHigh
98XXX.XXX.XXX.XXxxxxxx.xxxxxxxxx.xxxXxxxx05/31/2021verifiedHigh
99XXX.XXX.XXX.XXxxx.xxxx.xxXxxxx05/31/2021verifiedHigh
100XXX.XXX.XXX.XXxxxx.xxxx.xxXxxxx05/31/2021verifiedHigh
101XXX.XXX.XXX.XXXxxx.xxxXxxxx05/31/2021verifiedHigh
102XXX.XXX.XXX.XXXxxxxxxxx.xxxx.xxXxxxx05/31/2021verifiedHigh
103XXX.XXX.XX.XXXxxxxxxxxx.xxx.xxxxxxxxxxxx.xxXxxxx05/31/2021verifiedHigh
104XXX.XXX.XXX.XXxxxxxxxx.xxxxxxxx.xxXxxxx05/31/2021verifiedHigh
105XXX.XXX.XX.XXxxxxxx.xxxXxxxx05/31/2021verifiedHigh
106XXX.XXX.XX.XXxxxxxx.xxxXxxxx05/31/2021verifiedHigh
107XXX.XXX.XX.XXxxxxxx.xxxXxxxx05/31/2021verifiedHigh
108XXX.XXX.XX.XXxxxxxxxx.xxxxxxxxx.xxxxXxxxx05/31/2021verifiedHigh
109XXX.XXX.XX.XXxx.xxxxxx.xxxxxxxxx.xxxxXxxxx05/31/2021verifiedHigh
110XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxx-xxxXxxxx05/31/2021verifiedHigh
111XXX.XXX.X.XXxxxx.xxxx.xxXxxxx05/31/2021verifiedHigh
112XXX.XXX.X.XXXxxxx.xxxx.xxXxxxx05/31/2021verifiedHigh
113XXX.XXX.X.XXXxxxx.xxxx.xxXxxxx05/31/2021verifiedHigh
114XXX.XXX.X.Xxxxxxxxxxxxxxxxxx.xxxXxxxx05/31/2021verifiedHigh
115XXX.XXX.X.XXXxxxxxxx.xxxx.xxxx.xxXxxxx05/31/2021verifiedHigh
116XXX.XXX.XX.XXXxxxxxxxxx.xxxxx.xxx.xxXxxxx05/31/2021verifiedHigh
117XXX.XXX.XXX.XXXxxxxxxxxx.xxxxx.xxx.xxXxxxx05/31/2021verifiedHigh
118XXX.XXX.XXX.XXxxxx05/31/2021verifiedHigh
119XXX.XXX.XXX.XXXxxxxxxx.xxxxxxx.xxXxxxx05/31/2021verifiedHigh
120XXX.XXX.XX.XXxxxxxx.xxxXxxxx05/31/2021verifiedHigh
121XXX.XX.XXX.XXXxxxx-xxx-xx-xxx-xxx.xxxxxxxxx.xxxXxxxx05/31/2021verifiedHigh
122XXX.XX.XXX.XXXxxxx05/31/2021verifiedHigh
123XXX.XX.XXX.XXXXxxxx05/31/2021verifiedHigh
124XXX.XX.XXX.XXxxxx.xxxx.xxXxxxx05/31/2021verifiedHigh
125XXX.XXX.XXX.XXxxx-xxxxxx.xxxxxx-xx-xxxxx.xxxXxxxx05/31/2021verifiedHigh
126XXX.XXX.XX.XXXxxxxx.xxxx-xxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxx05/31/2021verifiedHigh
127XXX.XX.XX.XXXxxxxx.xxxxxx.xxxXxxxx05/31/2021verifiedHigh
128XXX.XXX.XXX.XXXxxxx.xxxx.xxxx.xxxx.xxxxxx.xxxxxxxxxxxx.xxxXxxxx05/31/2021verifiedHigh
129XXX.X.XXX.XXXxxxx05/31/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
13TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
20TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
21TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (230)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.travis.ymlpredictiveMedium
2File/.envpredictiveLow
3File/admin.phppredictiveMedium
4File/admin/subnets/ripe-query.phppredictiveHigh
5File/apply.cgipredictiveMedium
6File/core/conditions/AbstractWrapper.javapredictiveHigh
7File/debug/pprofpredictiveMedium
8File/exportpredictiveLow
9File/file?action=download&filepredictiveHigh
10File/hardwarepredictiveMedium
11File/librarian/bookdetails.phppredictiveHigh
12File/medical/inventories.phppredictiveHigh
13File/monitoringpredictiveMedium
14File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
15File/plugin/LiveChat/getChat.json.phppredictiveHigh
16File/plugins/servlet/audit/resourcepredictiveHigh
17File/plugins/servlet/project-config/PROJECT/rolespredictiveHigh
18File/replicationpredictiveMedium
19File/RestAPIpredictiveMedium
20File/tmp/speedtest_urls.xmlpredictiveHigh
21File/tmp/zarafa-vacation-*predictiveHigh
22File/uncpath/predictiveMedium
23File/uploadpredictiveLow
24File/user/loader.php?api=1predictiveHigh
25File/var/log/nginxpredictiveHigh
26File/var/run/watchman.pidpredictiveHigh
27File/xxxxxx/xxxxxx.xxxxpredictiveHigh
28File/xx-xxxx/xxxxxx/x.x/xxxxx?xxxpredictiveHigh
29Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
30Filexxxxx-xxxx.xxx?xxxxxx=xxx_xxxxxxx xxxxx[x][xxx]predictiveHigh
31Filexxxxxxx.xxxpredictiveMedium
32Filexxxxxxx.xxxpredictiveMedium
33Filexxx/xxx/xxxx-xxxpredictiveHigh
34Filexxx/xx/xxxxxxpredictiveHigh
35Filexxxxx.xxxpredictiveMedium
36Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
37Filexxxx/xxxxxxx/xxx/xxxxxx_xxxx.xpredictiveHigh
38Filexxxx-xxxx.xpredictiveMedium
39Filexxxx/xxxxxxx.xxxpredictiveHigh
40Filex:\xxxxxxx xxxxx\xxxxxx xxxxx\xxx\xxxxxxx.xxxpredictiveHigh
41Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxpredictiveHigh
42Filexxxx.xxxpredictiveMedium
43Filexxx-xxx/xx.xxxpredictiveHigh
44Filexxx/xxxxxxx.xxpredictiveHigh
45Filexxxxx.xxxpredictiveMedium
46Filexxxxxx.xxxpredictiveMedium
47Filexxx_xxxxxx.xxxpredictiveHigh
48Filexxx.xxxpredictiveLow
49Filexxxxxx.xxxpredictiveMedium
50Filexxxxxxxx.xxpredictiveMedium
51Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictiveHigh
52Filex_xxxxxxpredictiveMedium
53Filexxxxxx.xxxpredictiveMedium
54Filexxxxxxx.xxxpredictiveMedium
55Filexxxxxxx/xxxxx/xxxxxx.xpredictiveHigh
56Filexxxxxxx/xxx/xxxxxxx/xxxx.xpredictiveHigh
57Filexxxxxxx/xxxx/xxxx_xxxxxxxxx_xxxxx.xpredictiveHigh
58Filexxxx_xxxxx.xxxpredictiveHigh
59Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xpredictiveHigh
60Filexxxxxxxx.xpredictiveMedium
61Filexxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
62Filexx/xxxxxxxxx.xpredictiveHigh
63Filexx/xxxxx.xpredictiveMedium
64Filexx/xxxxx/xxxxxxx.xpredictiveHigh
65Filexxxxx.xxxpredictiveMedium
66Filexxxxxxxxxx.xxpredictiveHigh
67Filexxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
68Filexxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
69Filexxxxx-xxxxx.xpredictiveHigh
70Filexxxxxx_xxxxx_xxxxxxx.xpredictiveHigh
71Filexxxxx-xxxxxxxxxx.xpredictiveHigh
72Filexxx/xxxxxx.xxxpredictiveHigh
73Filexxxxxxx/xxxx.xxxpredictiveHigh
74Filexxxxx.xxxpredictiveMedium
75Filexxxxx.xxx?xx=xxxxxxxx.xxxxxxpredictiveHigh
76Filexxxxx:/xxxxxxxx/xxxxxxxxxxxx.xxxxpredictiveHigh
77Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
78Filexxxx_xxxx.xxxpredictiveHigh
79Filexxxx_xxxxxx.xxpredictiveHigh
80Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
81Filexxxxxx/xxxxx/xxxxx_xxxxxx_xxxxxx.xpredictiveHigh
82Filexxxxxxx/xx_xxx.xpredictiveHigh
83Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
84Filexxxx.xxxpredictiveMedium
85Filexxxxx.xxxpredictiveMedium
86Filexxxxx.xxxpredictiveMedium
87Filexxxxxxxxxx/xxx.xpredictiveHigh
88Filexxxx.xpredictiveLow
89Filexxxx.xxxpredictiveMedium
90Filexxxxxx_xxxxx_xxxxxxx.xpredictiveHigh
91Filexxxxxxxxxxxxxxxx.xpredictiveHigh
92Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveHigh
93Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveHigh
94Filexxxx.xxxpredictiveMedium
95Filexxx_xxxxxxx.xpredictiveHigh
96Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
97Filexxx_xx.xpredictiveMedium
98Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
99Filexxxxxxxxx.xxx.xxxpredictiveHigh
100Filexxxxxxx.xxxpredictiveMedium
101Filexxxxxxxx.xxxxpredictiveHigh
102Filexxxxxxxxxxxx.xxxpredictiveHigh
103Filexxxxxxxxxxxxx.xxxxpredictiveHigh
104Filexxxxxx.xpredictiveMedium
105Filexxxxx.xxxpredictiveMedium
106Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
107Filexxxxxxxx.xxxpredictiveMedium
108Filexxxxxxx.xpredictiveMedium
109Filexxxxxxx.xxxpredictiveMedium
110Filexxxxxxx.xpredictiveMedium
111Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
112Filexxxx_xxx_xx.xpredictiveHigh
113Filexx_xxx.xpredictiveMedium
114Filexxx.xpredictiveLow
115Filexxxxxx.xpredictiveMedium
116Filexxxxx.xxxpredictiveMedium
117Filexxxx-xxxxxx.xpredictiveHigh
118Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
119Filexxxxxxx.xpredictiveMedium
120Filexxx/xxx_xxxxx.xpredictiveHigh
121Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
122Filexxxxxx.xxxpredictiveMedium
123Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxx.xxxpredictiveHigh
124Filexxxx.xxxxxxxxx.xxxpredictiveHigh
125Filexxxx_xxxx.xxxpredictiveHigh
126Filexxxxxx.xxxpredictiveMedium
127Filexxx.xxxpredictiveLow
128Filexxxxxx/xx/xxxx.xxxpredictiveHigh
129Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
130Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
131Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictiveHigh
132Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
133Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
134Filexx/xx/xxxxxpredictiveMedium
135Filexx_xxxxxxx.xpredictiveMedium
136File_xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
137File~/xxxx/xxx/xxxxxxx/xxxxxxxxxx/xxxxxx.xxxpredictiveHigh
138Libraryxxxxx/xxxxxxxxx/xxxx.xxxxxxxxx.xxxpredictiveHigh
139Libraryxxxxxxxxx.xxxpredictiveHigh
140Libraryxxxxxxxx.xxxpredictiveMedium
141Libraryxxxxxxxxxx/xxxxxxxx.xpredictiveHigh
142Libraryxxxxxxxx.xxxpredictiveMedium
143Libraryxxxxxxxxx.xxxpredictiveHigh
144Libraryxxxxxxxx.xxxpredictiveMedium
145Libraryxxxxxx.xxx.xxx.xxxpredictiveHigh
146Libraryxxxxxxxx.xxxpredictiveMedium
147Libraryxxxxxxxx.xxxpredictiveMedium
148Argument-xpredictiveLow
149Argumentxxxxxx_xxxxpredictiveMedium
150ArgumentxxxxxxxxpredictiveMedium
151ArgumentxxxpredictiveLow
152ArgumentxxxxxpredictiveLow
153Argumentxxx_xxpredictiveLow
154ArgumentxxxxxxxxxxxxxxxpredictiveHigh
155Argumentxxxx_xxpredictiveLow
156ArgumentxxxxxxpredictiveLow
157Argumentxxxxxxx xxxxpredictiveMedium
158ArgumentxxxxxxxxxxpredictiveMedium
159ArgumentxxxxxxxpredictiveLow
160Argumentxxxxxxx_xxxx->xxx($xxxxxxxx)predictiveHigh
161ArgumentxxxxxxxxxxxpredictiveMedium
162Argumentxxxxxx_xxxxpredictiveMedium
163Argumentxxxxxxxxx->xxxxxxxxxpredictiveHigh
164ArgumentxxpredictiveLow
165ArgumentxxpredictiveLow
166ArgumentxxxxxxxxxxxxxxpredictiveHigh
167ArgumentxxxxxxxpredictiveLow
168Argumentxxxxx[xxxxx][xx]predictiveHigh
169Argumentxxxx_xxxxxx_xxxxpredictiveHigh
170Argumentxxxx x xxxxpredictiveMedium
171Argumentxxxxxxxxx/xxxxxxxxxpredictiveHigh
172ArgumentxxxpredictiveLow
173Argumentxx_xxxxpredictiveLow
174ArgumentxxxxpredictiveLow
175ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveHigh
176ArgumentxxpredictiveLow
177Argumentxxxxxxx/xxxx/xxxxxxxxpredictiveHigh
178ArgumentxxxxxpredictiveLow
179Argumentxxxxx/xxxxxxpredictiveMedium
180ArgumentxxxxpredictiveLow
181Argumentxxxx_xxxxpredictiveMedium
182ArgumentxxxxxxxxpredictiveMedium
183ArgumentxxxxxxxxpredictiveMedium
184ArgumentxxxxxxxxpredictiveMedium
185ArgumentxxxxxxxxxpredictiveMedium
186Argumentxxx_xxxpredictiveLow
187ArgumentxxxxxxpredictiveLow
188ArgumentxxxxxxpredictiveLow
189Argumentxx_xxxxxxx_xxxxxxxpredictiveHigh
190ArgumentxxxxxxxxxxxxxpredictiveHigh
191ArgumentxxxxxpredictiveLow
192Argumentxxxxxxx_xxxpredictiveMedium
193ArgumentxxxxpredictiveLow
194ArgumentxxxxxxxpredictiveLow
195ArgumentxxxxxxpredictiveLow
196Argumentxxxxxxxx_xxxxxpredictiveHigh
197ArgumentxxxxxxpredictiveLow
198ArgumentxxxpredictiveLow
199ArgumentxxxxxxxxxxxxpredictiveMedium
200ArgumentxxxxxxpredictiveLow
201ArgumentxxxxxxxxxpredictiveMedium
202ArgumentxxxpredictiveLow
203ArgumentxxxxxxpredictiveLow
204ArgumentxxxpredictiveLow
205ArgumentxxxxpredictiveLow
206Argumentxxxxxxxx-xxxxxxxxpredictiveHigh
207ArgumentxxxpredictiveLow
208ArgumentxxxxpredictiveLow
209ArgumentxxxxxxxxpredictiveMedium
210ArgumentxxxxxxxpredictiveLow
211Argumentxxxx->xxxxxxxpredictiveHigh
212Argumentx-xxxxxxxxx-xxxpredictiveHigh
213ArgumentxxxpredictiveLow
214Argument\xxxxxx\predictiveMedium
215Argument_xxx_xxxxxxx_xxxxxxx_xxxxxxxxxxxxx_xxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxpredictiveHigh
216Argument_xxx_xxxxxxxxxxx_predictiveHigh
217Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh
218Input Value.%xx.../.%xx.../predictiveHigh
219Input Valuexxx xxxxxxxxpredictiveMedium
220Input ValuexxxxxxxxpredictiveMedium
221Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
222Input ValuexxxxxpredictiveLow
223Input Valuexxxxxxx_xxxxx.xxxxxxx_xxxxxxxpredictiveHigh
224Input Value\xpredictiveLow
225Input Value….//predictiveLow
226Pattern|xx|predictiveLow
227Network PortxxxxxpredictiveLow
228Network Portxx xxxxxxx xxx.xx.xx.xxpredictiveHigh
229Network Portxxx/xx (xxxxxx)predictiveHigh
230Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!