Earth Krahang Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (268)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en182
zh70
ja4
pl2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn138
us100
id6
gb6
ar2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Earth Krahang8
Cobalt Strike5
Azorult2
Kimsuky1
DanaBot1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined86
Content Management System34
Groupware Software10
Application Server Software8
Web Server8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined82
Microsoft16
Apache12
VMware8
Pivotal4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress10
Apache HTTP Server6
Pivotal Spring Framework4
Adobe Connect4
CKFinder4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.37CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
3PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.20CVE-2007-0529
4SOGo SAML Assertion signature verification6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002530.00CVE-2021-33054
5Iij SmartKey One-Time Password information disclosure5.05.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001290.03CVE-2022-41986
6FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.002030.03CVE-2008-5928
7Magicblack Maccms10 Template Upload unrestricted upload5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.004570.04CVE-2020-21359
8OpenSSL c_rehash os command injection5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.106490.03CVE-2022-1292
9PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.17CVE-2015-4134
10LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000001.38
11jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.00CVE-2019-7550
12Cisco ASA WebVPN Login Page logon.html cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001920.03CVE-2014-2120
13Apache HTTP Server HTTP/2 Request request smuggling6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.006060.04CVE-2020-9490
14Synology VPN Plus Server Remote Desktop out-of-bounds write9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000780.02CVE-2022-43931
15Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.26CVE-2017-0055
16Telesquare SDT-CW3B1 os command injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.955670.07CVE-2021-46422
17muhttpd URL request.c do_request information disclosure4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.303080.04CVE-2022-31793
18Indexu suggest_category.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
19wp-polls Plugin sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001380.00CVE-2015-9352
20Plexus-utils Double Quote command injection8.58.1$0-$5k$0-$5kNot DefinedOfficial Fix0.003950.05CVE-2017-1000487

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
123.106.122.5Earth Krahang03/25/2024verifiedHigh
223.106.122.46Earth Krahang03/25/2024verifiedHigh
323.106.124.152Earth Krahang03/25/2024verifiedHigh
4XX.XX.XX.XXxx.xx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxx Xxxxxxx03/25/2024verifiedHigh
5XX.XX.XXX.XXxx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxx Xxxxxxx03/25/2024verifiedHigh
6XX.X.XX.XXXxxxx Xxxxxxx03/25/2024verifiedHigh
7XX.X.XX.XXXxxxx Xxxxxxx03/25/2024verifiedHigh
8XX.X.XX.XXXxxxx Xxxxxxx03/25/2024verifiedHigh
9XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxx.xxXxxxx Xxxxxxx03/25/2024verifiedHigh
10XXX.XX.X.XXXxxx-xx-x-xxx.xxx.xxXxxxx Xxxxxxx03/25/2024verifiedHigh
11XXX.XXX.XXX.XXxx.xxx-xxx-xxx.xxxx.xxxxxxxxxxx.xxxXxxxx Xxxxxxx03/25/2024verifiedHigh
12XXX.XXX.XX.Xxxx.xxx.xx.x.xxxxxxxxxxxxxxxx.xxxXxxxx Xxxxxxx03/25/2024verifiedHigh
13XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxx Xxxxxxx03/25/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-35Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
12TXXXXCAPEC-1CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
13TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
19TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (99)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/admin/index.phppredictiveHigh
3File/administrator/components/table_manager/predictiveHigh
4File/crmeb/app/admin/controller/store/CopyTaobao.phppredictiveHigh
5File/filemanager/php/connector.phppredictiveHigh
6File/forum/away.phppredictiveHigh
7File/lab.htmlpredictiveMedium
8File/languages/index.phppredictiveHigh
9File/objects/getSpiritsFromVideo.phppredictiveHigh
10File/public/login.htmpredictiveHigh
11File/servicespredictiveMedium
12File/uncpath/predictiveMedium
13File/xxx/xxx/xxxxpredictiveHigh
14File/xxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
15Filexxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
16Filexxxxxxx.xxxpredictiveMedium
17Filexxxxx/xxxxx/xxxxxxxxx.xxxxpredictiveHigh
18Filexxxxx.xxxpredictiveMedium
19Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxxxxxx.xxxpredictiveMedium
21Filexxxxxxxxxx/xxxxxxx.xxxxpredictiveHigh
22Filexxxxxxxxx.xxxpredictiveHigh
23Filex_xxxxxxpredictiveMedium
24Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
25Filexxxxxx.xxxpredictiveMedium
26Filexxxx.xxxpredictiveMedium
27Filexxxxxxxxx.xxx.xxxpredictiveHigh
28Filexxxx.xxxpredictiveMedium
29Filexxxxxxxxx.xxxpredictiveHigh
30Filexxxxxxxxx.xxxpredictiveHigh
31Filex-xxxx.xxxpredictiveMedium
32Filexxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxx/x?xxxxxxxxxxxxxxx=xpredictiveHigh
33Filexxx/xxxxxx.xxxpredictiveHigh
34Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
35Filexxxxx.xxxxpredictiveMedium
36Filexxxxx.xxxpredictiveMedium
37Filexxxxx/predictiveLow
38Filexxxxx_xxx.xxxpredictiveHigh
39Filexxxxxxxxxxx.xxxpredictiveHigh
40Filexxxxxxx/xxxxx/xx_xxxxxx.xpredictiveHigh
41Filexxxxxx.xxxxpredictiveMedium
42Filexxxxx.xxxpredictiveMedium
43Filexxxxxxxx.xxpredictiveMedium
44Filexxxxxxxxxx.xxxpredictiveHigh
45Filexxxxx/xx/xxxxxxxxx/predictiveHigh
46Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
47Filexxxxxxxx_xxxx.xxxpredictiveHigh
48Filexxxxxxx.xpredictiveMedium
49Filexxxxxx_xxx_xxxxxx.xxxpredictiveHigh
50Filexxxxx.xxxpredictiveMedium
51Filexxxxxxx_xxxxxxxx.xxxpredictiveHigh
52Filexxxxxxxxx/xxxxxxxx/xxx/xxxxxx/xxx.xxxpredictiveHigh
53Filexxxxxx.xxxpredictiveMedium
54Filexxx.xxxpredictiveLow
55Filexx-xxxxxxxx/xx-xxxxxxxxx.xxxpredictiveHigh
56Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
57Filexx-xxxxx.xxxpredictiveMedium
58Filexx-xxxx.xxxpredictiveMedium
59Filexxxx.xxpredictiveLow
60File\xxx_xxx.xxxpredictiveMedium
61File\xxxxxxx\xxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
62Libraryxxxxxxxxxxx.xxxpredictiveHigh
63Libraryxxxxxxxx.xxxpredictiveMedium
64Libraryxxxxxxxxx.xxpredictiveMedium
65Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveHigh
66ArgumentxxxxxxpredictiveLow
67ArgumentxxxxxxxxxpredictiveMedium
68ArgumentxxxxxxxxpredictiveMedium
69Argumentxxxx_xxpredictiveLow
70ArgumentxxxxxxxxxxxxxxxpredictiveHigh
71ArgumentxxxxxxxpredictiveLow
72Argumentxxxx_xxxxxpredictiveMedium
73ArgumentxxpredictiveLow
74Argumentxxxxx->xxxxpredictiveMedium
75Argumentxxxxx_xxxpredictiveMedium
76ArgumentxxxxpredictiveLow
77Argumentxxxxxx/xxxxpredictiveMedium
78ArgumentxxxxxxpredictiveLow
79ArgumentxxxxxxxxxpredictiveMedium
80ArgumentxxpredictiveLow
81ArgumentxxxxxxxxxxxxpredictiveMedium
82Argumentxxxxx_xxpredictiveMedium
83Argumentxxxx_xxxxpredictiveMedium
84ArgumentxxxxxpredictiveLow
85ArgumentxxxxxxpredictiveLow
86Argumentxxxxxxx xxxxpredictiveMedium
87ArgumentxxxxxpredictiveLow
88Argumentxxxx_xxxxxpredictiveMedium
89ArgumentxxxxxxxxxpredictiveMedium
90ArgumentxxxpredictiveLow
91Argumentxxxxxxxx/xxxxpredictiveHigh
92Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
93ArgumentxxxxxpredictiveLow
94ArgumentxxxxxxpredictiveLow
95Argumentxxxx->xxxxxxxpredictiveHigh
96Input Value'xx''='predictiveLow
97Input Valuexxxx:xxxxxxpredictiveMedium
98Input Value[]xxxxxx{}/x["xxx"]predictiveHigh
99Network Portxxx/xx (xxx)predictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!