Curious Serpens Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (15)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

zh12
ru2
en2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn14
us2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

BianLian1
Cobalt Strike1
Raccoon1
Meduza Stealer1
Quasar RAT1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined8
Bug Tracking Software2
Hosting Control Software2
WordPress Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined4
Extreme2
GitLab2
Dialogic2
Apache2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Extreme EXOS2
GitLab Community Edition2
GitLab Enterprise Edition2
Dialogic PowerMedia XMS2
Apache Airflow2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1All-in-One WP Migration Plugin class-ai1wm-backups.php path traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000970.04CVE-2022-1476
2SonicWALL SMA1000 HTTP Connection access control6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.002380.03CVE-2022-22282
3Omeka Classic cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001100.00CVE-2021-26799
4AgileConfig JWT Secret hard-coded key7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.003290.00CVE-2022-35540
5Apache Airflow UI code injection7.17.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.389440.02CVE-2022-40127
6Support Board Plugin sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002110.05CVE-2021-24741
7GitLab Project Import permission assignment8.78.6$0-$5k$0-$5kNot DefinedOfficial Fix0.634360.04CVE-2022-2185
8GitLab Community Edition/Enterprise Edition Runner Registration Token information disclosure7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.032780.04CVE-2022-0735
9Git Plugin Build authorization6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.011560.03CVE-2022-36883
10Z-BlogPHP action_crawler.php server-side request forgery8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.003190.05CVE-2022-40357
11Dialogic PowerMedia XMS Administrative Console default.db Password credentials management6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.06CVE-2018-11634
12Extreme EXOS File information disclosure3.43.4$0-$5k$0-$5kNot DefinedNot Defined0.000440.04CVE-2017-14327
13Plesk Onyx Reflected cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001510.04CVE-2020-11584
14Twothink App.php code injection8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.006390.04CVE-2020-17952

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
164.52.80.30Curious Serpens04/02/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-19CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/var/www/xms/xmsdb/default.dbpredictiveHigh
2Filezb_users/plugin/UEditor/php/action_crawler.phppredictiveHigh
3Library/xxxxxxx/xxxxx/xxx.xxxpredictiveHigh
4Library~/xxx/xxxxx/xxxxx-xxxxx-xxxxxxx.xxxpredictiveHigh
5Argumentxxx_xxpredictiveLow
6ArgumentxxxxxxpredictiveLow
7Argumentxxxxxx_xxxx/xxxxxxxxxx/xxxx_xx/xxxxxxxxxxxx_xx/xxxxxxxxxxxx_xxxxxx_xxxx/xxxxxxxxx_xxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!