Cerberus Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (7)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	8

Country

us	4
cn	2

Actors

LokiBot	1
Cerberus	1

Activities

Interest

Timeline

Type

Not Defined	8

Vendor

Not Defined	6
Eaton	2

Product

Open Webmail	2
QuickEStore	2
ampleShop	2
Eaton 5P 850	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Open Webmail vacation.pl read_list_from_file privileges management	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03282	0.00	CVE-2004-2284
2	PHP curl/gd information disclosure	5.3	4.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00078	0.00	CVE-2005-3054
3	Cisco Unified Communications Manager SIP input validation	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00905	0.00	CVE-2012-3949
4	Dazzlindonna PostEcards sendcard.cfm sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00248	0.04	CVE-2008-5559
5	ampleShop category.cfm sql injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00621	0.02	CVE-2006-2038
6	QuickEStore checkout.cfm sql injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.00
7	Eaton 5P 850 cross site scripting	4.1	4.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00058	0.00	CVE-2020-7915

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	1.5.0.9		Cerberus	11/19/2019	verified	High
2	XX.XXX.XXX.XXX	xxxxxx-xxxxxxx.xxxxx.xx	Xxxxxxxx	02/10/2022	verified	High
3	XXX.XXX.XX.XXX		Xxxxxxxx	11/19/2019	verified	High

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	High
2	TXXXX	CAPEC-122	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
3	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	category.cfm	predictive	Medium
2	File	checkout.cfm	predictive	Medium
3	File	xxxxxxxx.xxx	predictive	Medium
4	File	xxxxxxxx.xx	predictive	Medium
5	Argument	xxx	predictive	Low
6	Argument	xxx	predictive	Low
7	Argument	xxxx	predictive	Low
8	Argument	xxxxxxxx	predictive	Medium
9	Argument	xxxxxxxxx xxx	predictive	High

References (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!