DNSBirthday Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (240)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en132
es76
de14
sv8
fr6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us178
ru58
fr2
io2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

DNSBirthday3
LokiBot1
GRU1
LeetHozer1
Kuluoz1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined20
Cloud Software4
Project Management Software4
Bug Tracking Software4
Social Network Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined16
SourceCodester4
Cisco4
Mikrobi2
Facebook2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

MantisBT4
Mikrobi Babel2
Facebook WhatsApp2
Facebook WhatsApp Business2
Facebook WhatsApp Desktop2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2Void Contact Form 7 Widget for Elementor Page Builder Plugin void_cf7_opt_in_user_data_track cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000630.00CVE-2022-47166
3Facebook WhatsApp/WhatsApp Business/WhatsApp Desktop RTCP Flag Parser out-of-bounds6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001380.02CVE-2021-24043
4Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit cross site scripting3.23.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001270.00CVE-2018-25085
5Cisco IOS/IOS XE/Meraki/NX-OS/Small Business Switch IPv6 RA Guard/ARP Inspection authentication spoofing5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000620.04CVE-2021-27853
6Linux Kernel FXSAVE x87 Register cryptographic issues4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001010.04CVE-2006-1056
7SourceCodester Free and Open Source Inventory Management System Add Supplier cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.05CVE-2023-46450
8Cisco Common Services Platform Collector Web-based Management Interface cross site scripting5.25.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001360.00CVE-2022-20671
9Netentsec NS-ASG Application Security Gateway list_addr_fwresource_ip.php sql injection5.55.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000610.04CVE-2023-5681
10Tesla Model 3 Mobile App Phone Key Authentication authentication spoofing6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000470.00CVE-2022-37709
11Contec FXA3200 Wireless LAN Manager Interface mnt_cmd.cgi permission8.48.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.00CVE-2022-36158
12ramank775 Chat Server Access Token Validator this.authProvider.verifyAccessKey improper authentication8.28.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001930.00CVE-2022-31013
13Xoops URL Filter index.php redirect6.66.4$0-$5k$0-$5kNot DefinedNot Defined0.000620.04CVE-2017-12138
14MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.64CVE-2007-0354
15Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System login.aspx sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.04CVE-2023-5828
16SourceCodester Free Hospital Management System for Small Practices Parameter doctors.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.00CVE-2023-5587
17Sangfor Next-Gen Application Firewall HTTP POST Request login.cgi os command injection9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.046630.00CVE-2023-30806
18Dienstleistung, Entwicklung & Vertrieb GmbH cashIT Serving Solutions HTTP Endpoint routine9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.012290.00CVE-2023-3656
19SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002200.04CVE-2023-2090
20SourceCodester Food Ordering Management System POST Parameter router.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001700.04CVE-2022-3332

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1176.31.106.50ns392559.ip-176-31-106.euDNSBirthday05/31/2021verifiedHigh
2XXX.XXX.XXX.XXxxx-xxxx-xxxxxx.xxxxxxxx.xxxXxxxxxxxxxx05/31/2021verifiedHigh
3XXX.XXX.XX.XXXxxxxxxxxxx05/31/2021verifiedHigh
4XXX.XXX.XX.XXXxxxxxxxxxx05/31/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (47)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/list_addr_fwresource_ip.phppredictiveHigh
2File/admin/maintenance/view_designation.phppredictiveHigh
3File/cgi-bin/login.cgipredictiveHigh
4File/forum/away.phppredictiveHigh
5File/modules/profile/index.phppredictiveHigh
6File/probe?targetpredictiveHigh
7File/xxxxxxxxx.xxxxpredictiveHigh
8File/xxxxxxxx/xxx.xxxpredictiveHigh
9File/xxx/xxx/xx/xxx_xxx.xxxpredictiveHigh
10File/xx/xxxxx/xxxxxxx.xxxpredictiveHigh
11Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxx.xxxpredictiveMedium
13Filexxxx.xxxpredictiveMedium
14Filexxx-xxxxxx-xxx.xpredictiveHigh
15Filexxx-xxxxx.xxxpredictiveHigh
16Filexxx/xxxxxx.xxxpredictiveHigh
17Filexxxxx.xxxpredictiveMedium
18Filexxxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxx.xxxxpredictiveMedium
20Filexxxxx_xxxxxx_xxx.xxxpredictiveHigh
21Filexxxxx.xxxpredictiveMedium
22Filexxxxxxxx.xxxpredictiveMedium
23Filexxxxxxxxxx.xxxpredictiveHigh
24Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
25Filexxxxxx.xxxpredictiveMedium
26Filexxxxxxxxxxxxxxxxxxx.xxx/xxxxxxxx_xxxxx_xxxx_xxxxxxxx_xxxxxxxxxx.xxxpredictiveHigh
27Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
28Filexxxx-xxx-xxxxx-xxxxx.xxxpredictiveHigh
29Filexxxx.xxxpredictiveMedium
30Filexxxx_xxx_xxx_xxxx.xxxpredictiveHigh
31Libraryxxxxxxxx.xxxpredictiveMedium
32Argumentxxxxx xxxx xxxxpredictiveHigh
33ArgumentxxxxxxxxpredictiveMedium
34ArgumentxxxpredictiveLow
35Argumentxxxx_xxxxxxpredictiveMedium
36ArgumentxxxxpredictiveLow
37ArgumentxxpredictiveLow
38Argumentxxxxxxxx_xxxxpredictiveHigh
39ArgumentxxxxxxpredictiveLow
40Argumentxxxxxxx_xxpredictiveMedium
41ArgumentxxxxxxxxxxxxpredictiveMedium
42ArgumentxxxxxxpredictiveLow
43ArgumentxxxxxxxxxxxpredictiveMedium
44ArgumentxxxxpredictiveLow
45ArgumentxxxpredictiveLow
46ArgumentxxxxxxxxpredictiveMedium
47Input ValuexxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!