Big Head Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (69)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en70

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

tr70

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Big Head1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined22
Programming Language Software12
Operating System8
Content Management System4
WordPress Plugin4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined30
Microsoft6
Linux4
Apple4
PHPGurukul2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

PHP6
Linux Kernel4
WordPress4
PHPGurukul Hospital Management System in PHP2
CKEditor42

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Google Chrome WebRTC heap-based overflow6.36.0$25k-$100k$5k-$25kHighOfficial Fix0.011520.00CVE-2022-2294
2nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.97CVE-2020-12440
3Telegram information disclosure4.94.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000480.00CVE-2021-27205
4Joget Workflow account_new input validation6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000910.03CVE-2019-14352
5KLog Server authenticate.php os command injection5.55.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.957120.04CVE-2020-35729
6Havelsan Dialogue ACL permission assignment8.38.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2024-3375
7Nagios XI monitoringwizard.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000430.08CVE-2024-24401
8Microsoft Windows code injection10.09.5$100k and more$0-$5kNot DefinedOfficial Fix0.855970.05CVE-2009-2512
9Python SimpleHTTPServer Module SimpleHTTPServer.py list_directory cross site scripting6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.004220.04CVE-2011-4940
10CKeditor Paste cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001230.03CVE-2018-17960
11CKEditor4 Advanced Content Filter cross site scripting5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.004480.04CVE-2021-41164
12OpenSSH improper authentication7.37.3$5k-$25k$5k-$25kNot DefinedNot Defined0.022410.02CVE-2010-4478
13MikroTik RouterOS Web Server out-of-bounds write6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2023-30800
14Microsoft .NET Framework Array Copy memory corruption7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.240980.05CVE-2015-2504
15CodeBard Patron Button and Widgets for Patreon Plugin cross site scripting5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2023-30491
16phpBB Error Message memberlist.php input validation5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.018030.03CVE-2006-2219
17WordPress REST API class-wp-rest-users-controller.php information disclosure5.35.1$5k-$25k$0-$5kFunctionalOfficial Fix0.874100.04CVE-2017-5487
18Ovidentia CMS index.php sql injection4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.07CVE-2021-29343
19Zoho ManageEngine Desktop Central MSP DLL dcinventory.exe uncontrolled search path7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.001020.05CVE-2020-9367
20Apple macOS Bluetooth memory corruption4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000570.00CVE-2022-42854

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
113.107.21.200Big Head08/10/2023verifiedHigh
220.99.133.109Big Head08/10/2023verifiedHigh
320.99.184.37Big Head08/10/2023verifiedHigh
423.41.86.106a23-41-86-106.deploy.static.akamaitechnologies.comBig Head08/10/2023verifiedHigh
5XX.XX.XX.XXXxxx-xx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh
6XX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh
7XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh
8XX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh
9XX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh
10XX.XXX.XX.XXxx.xx.xxx.xx.xxx.xxxx.xxxXxx Xxxx08/10/2023verifiedHigh
11XXX.XX.XXX.XXxxxx-xx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh
12XXX.XXX.XXX.XXXxxxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh
13XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx.xxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh
14XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx.xxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh
15XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx.xxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh
16XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx.xxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh
17XXX.XX.XXX.XXXxx-xxx-xx-xxx-xxx-xxx.xxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh
18XXX.XXX.X.XXxx Xxxx08/10/2023verifiedHigh
19XXX.XXX.XXX.XXXXxx Xxxx08/10/2023verifiedHigh
20XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxx Xxxx08/10/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (36)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/alumni/admin/ajax.php?action=save_settingspredictiveHigh
2File/cwp_{SESSION_HASH}/admin/loader_ajax.phppredictiveHigh
3Fileactions/authenticate.phppredictiveHigh
4Fileadmin/dashboard.phppredictiveHigh
5Filecollege_website/admin/ajax.php?action=loginpredictiveHigh
6Filexxxxxxxxxx/xxx.xxpredictiveHigh
7Filexxxxxxxxx/xxxxxxx/xxxx.xxxpredictiveHigh
8Filexxxxxxxxxxx.xxxpredictiveHigh
9Filexxxxxxxx/xxxxxxxx.xpredictiveHigh
10Filexxx/xxxxxxx.xxxpredictiveHigh
11Filexxxxxxx_xxxx_xxxxxx.xxxpredictiveHigh
12Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
13Filexxxxx.xxxpredictiveMedium
14Filexx/xxx/xxxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxx_xxxxx/_/xxxxxxx_xxxpredictiveHigh
15Filexxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxxx/xxxx/xxxx_xxxx.xxpredictiveHigh
17Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxx/xxxxxx/xx_xxxxxx.xpredictiveHigh
19Filexxxxxxxxxxxxxxxx.xxpredictiveHigh
20Filexxx/xxxxxxx.xpredictiveHigh
21Filexxxxxxxxx.xpredictiveMedium
22Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
23File\xxx\xxxxx_xxxxxxxxxxxx.xxxpredictiveHigh
24Libraryxxxxxxxx.xxxpredictiveMedium
25Argumentxxxxxxx xx/xxxxxxx xxxxpredictiveHigh
26ArgumentxxxxxxxxxxxpredictiveMedium
27ArgumentxxxxxxxxpredictiveMedium
28ArgumentxxpredictiveLow
29ArgumentxxxxxxxxxxxxxxxpredictiveHigh
30ArgumentxxxxxxxxxpredictiveMedium
31Argumentxxxx_xxxxxxxpredictiveMedium
32ArgumentxxxxpredictiveLow
33ArgumentxxxxpredictiveLow
34Input ValuexxxxxxxxpredictiveMedium
35Input Valuexxxx+x@!xxxx+predictiveHigh
36Pattern() {predictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!