Delf Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (15)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

pl14
en2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us14
cn2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Delf2
Lazarus1
LokiBot1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined8
WordPress Plugin6
Programming Tool Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
Mike Rooijackers4
AccessPress2
Apache2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

KaiOS6
Mike Rooijackers Recall Products4
path-parse Package2
AccessPress Themes WP Floating Menu2
Apache Struts2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1path-parse Package Regular Expression splitPathRe denial of service5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002810.00CVE-2021-23343
2Mike Rooijackers Recall Products admin.php Stored cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2020-25380
3Apache Struts File Upload permissions6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.132190.00CVE-2019-0233
4Ericsson RX8200 Reflected cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000780.00CVE-2020-22158
5SoftradeWeb SNC WP SMART CRM cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2020-25375
6AccessPress Themes WP Floating Menu cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2020-25378
7Mike Rooijackers Recall Products sql injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001090.00CVE-2020-25379
8KaiOS Email Application cross site scripting5.25.2$0-$5kCalculatingNot DefinedNot Defined0.001050.00CVE-2019-14756
9KaiOS Contacts Application cross site scripting5.25.2$0-$5kCalculatingNot DefinedNot Defined0.000660.00CVE-2019-14757
10KaiOS File Manager cross site scripting5.25.2$0-$5kCalculatingNot DefinedNot Defined0.000660.00CVE-2019-14758
11KaiOS Radio Application injection4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000520.00CVE-2019-14759
12KaiOS Recorder Application injection4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000560.00CVE-2019-14760
13KaiOS Note Application injection4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000560.00CVE-2019-14761
14Cacti Utility api_poller.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.004220.02CVE-2013-1434
15Tubeace Tube Ace sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001430.00CVE-2012-1029

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
150.63.202.36ip-50-63-202-36.ip.secureserver.netDelf04/08/2022verifiedHigh
252.5.103.164ec2-52-5-103-164.compute-1.amazonaws.comDelf04/08/2022verifiedMedium
3XX.XX.XXX.XXXxxx-xx-xx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxx04/08/2022verifiedMedium
4XX.XX.XXX.XXxx-xx-xxx-xx.xxx.xxx.xxXxxx04/08/2022verifiedHigh
5XXX.XX.X.XXXXxxx04/08/2022verifiedHigh
6XXX.XXX.XXX.XXXXxxx04/08/2022verifiedHigh
7XXX.XXX.XXX.XXxx-xxx-xxx-xxx-xx.xx.xxxxxxxxxxxx.xxxXxxx04/08/2022verifiedHigh
8XXX.XX.XXX.XXXxxxxxxxxxxx.xxxxxxxxx.xxxXxxx04/08/2022verifiedHigh
9XXX.XXX.XX.XXXxxx04/08/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
2TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
3TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
4TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileadmin.phppredictiveMedium
2Fileapi_poller.phppredictiveHigh
3Argumentxxxxxxxx xxxx/xxx xxxx/xxxxx xxxx/xxxxxxx/xxxx/xxxxx/xxxxxx/xxxxx xx xxxxx/xxx xxxx/xxx xxxxxx/xxxx xxxx/xxx/xxxxx/xxxxxpredictiveHigh
4ArgumentxxpredictiveLow
5Argumentxxxxxxxxxxxx[]predictiveHigh
6Argumentxxxx/xxxxxxxx+xxpredictiveHigh
7Argumentxxxxxx xxxxxxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!