Coldriver Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en12
ru4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us10
lv6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

FIN71
FTP Info Stealer1
RecordBreaker1
Black Basta1
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined8
Router Operating System2
Application Server Software2
Web Browser2
Network Encryption Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined6
Telesquare2
Cisco2
SourceCodester2
Oracle2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Telesquare SDT-CW3B12
Cisco IOS XE2
Grafana2
SourceCodester Simple Membership System2
IdeaBox2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Telesquare SDT-CW3B1 os command injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.955670.07CVE-2021-46422
2IdeaBox generformlib_date.php privileges management7.36.1$0-$5k$0-$5kUnprovenOfficial Fix0.000000.02
3PHPOutsourcing IdeaBox include.php code injection7.36.4$0-$5k$0-$5kUnprovenUnavailable0.174100.04CVE-2008-5199
4SourceCodester Simple Membership System club_edit_query.php sql injection6.76.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.06CVE-2023-4844
5Oracle WebLogic Server WebLogic Console unknown vulnerability5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.001790.06CVE-2013-1504
6ClearSwift MAILsweeper denial of service7.56.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.126040.03CVE-2006-3215
7OpenSSL DTLS CBC Encryption cryptographic issues5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.004850.02CVE-2011-4108
8McAfee E-Mail Gateway Attachment memory corruption7.57.5$25k-$100k$5k-$25kNot DefinedNot Defined0.000000.00
9Microsoft Windows Bind Filter Driver information disclosure4.94.3$25k-$100k$0-$5kUnprovenOfficial Fix0.000430.00CVE-2021-40468
10Cisco IOS XE AAA uninitialized pointer9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.002320.00CVE-2021-1619
11Google Chrome V8 type confusion6.36.0$25k-$100k$5k-$25kHighOfficial Fix0.020490.00CVE-2022-1364
12Dahua IP Camera/PTZ Dome Camera password recovery5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.002360.04CVE-2021-33046
13Grafana api_jsonrpc.php source code4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.157270.08CVE-2022-26148
14Grafana Enterprise Dashboard permission6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000990.00CVE-2021-27962
15Grafana Query Editor cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000580.04CVE-2018-1000816

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.133.216.15vm1959787.stark-industries.solutionsColdriver01/19/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
2T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-122CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (6)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileapi_jsonrpc.phppredictiveHigh
2Fileclub_edit_query.phppredictiveHigh
3Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
4Filexxxxxxx.xxxpredictiveMedium
5Argumentxxxx_xxpredictiveLow
6ArgumentxxxxxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!