ENT11 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (279)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en202
pl36
de12
es10
zh8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us226
ru18
cn16
de6
pl4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

MuddyWater6
ENT116
Mirai5
TrickBot3
RedLine Stealer3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined88
Content Management System14
Operating System8
Image Processing Software6
Programming Language Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined74
Microsoft14
Cisco6
IBM4
Koha4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
phpMyAdmin4
Microsoft Office4
Gallery4
ImageMagick4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.60CVE-2010-0966
3TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010758.21CVE-2006-6168
4PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.32CVE-2007-0529
5Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009363.17CVE-2020-15906
6LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000004.13
7AWStats awstats.pl Path information disclosure5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001830.16CVE-2018-10245
8vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001060.05CVE-2018-6200
9SourceCodester Online Flight Booking Management System POST Parameter review_search.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001340.08CVE-2023-0283
10D-Link IP Cameras lums.cgi information disclosure4.84.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.725050.00CVE-2013-1601
11PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.24CVE-2015-4134
12Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.04CVE-2017-0055
13Citrix NetScaler ADC/NetScaler Gateway OpenID openid-configuration ns_aaa_oauthrp_send_openid_config CitrixBleed memory corruption8.38.2$25k-$100k$0-$5kHighOfficial Fix0.966680.08CVE-2023-4966
14deV!Lz deV!L z Clanportal Gamebase Addon index.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.000640.11CVE-2012-0905
15YaPIG view.php cross site scripting6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.024280.04CVE-2005-4799
16Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000002.04
17Vunet VU Web Visitor Analyst redir.asp sql injection7.37.1$0-$5k$0-$5kHighWorkaround0.001190.04CVE-2010-2338
18D-Link DCS Authentication improper authentication6.45.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.042040.02CVE-2013-1603
19ISC BIND Recursion information disclosure5.86.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.005530.00CVE-2018-5738
20FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.002030.16CVE-2008-5928

IOC - Indicator of Compromise (34)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
123.94.7.9unsupervised.etcharb.comENT1102/16/2024verifiedHigh
223.94.7.134landau.etcharb.comENT1102/16/2024verifiedHigh
323.94.24.7623-94-24-76-host.colocrossing.comENT1102/16/2024verifiedHigh
423.94.24.7723-94-24-77-host.colocrossing.comENT1102/16/2024verifiedHigh
523.94.24.7823-94-24-78-host.colocrossing.comENT1102/16/2024verifiedHigh
623.95.8.14923-95-8-149-host.colocrossing.comENT1102/16/2024verifiedHigh
737.187.204.27smtp1.hosterdaddy.comENT1102/16/2024verifiedHigh
8XX.XXX.XX.XXXxxxxxxxxxxx.xxx.xxxxx.xxxXxxxx02/16/2024verifiedHigh
9XX.XXX.XX.XXXxxxx.xxxxxxxxxxxx.xxXxxxx02/16/2024verifiedHigh
10XX.XX.XXX.XXxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
11XX.X.XXX.XXXxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
12XX.X.XXX.XXXxxxxxxxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
13XXX.XXX.XX.XXXxxxxxxxx.xxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
14XXX.XXX.XXX.XXxxx-xxx-xxx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
15XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
16XXX.XXX.XX.XXxxx-xxx-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
17XXX.XXX.XX.XXXxxxxxxxxxx.xxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
18XXX.XXX.XX.XXXxxxxxxx.xxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
19XXX.XXX.XXX.XXxxxxx.xxxxxxx.xxxxXxxxx02/16/2024verifiedHigh
20XXX.XXX.XXX.XXxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
21XXX.XXX.XXX.XXxxxxxxxxxxx.xxx.xxxxx.xxxXxxxx02/16/2024verifiedHigh
22XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
23XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
24XXX.XX.XX.XXxxxx02/16/2024verifiedHigh
25XXX.XX.XXX.XXXXxxxx02/16/2024verifiedHigh
26XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
27XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
28XXX.XXX.XX.XXxxxx02/16/2024verifiedHigh
29XXX.XXX.XX.XXxxx-xxx-xx-xx.xxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
30XXX.X.XXX.XXXxxxxx.xxxxxxx.xxxXxxxx02/16/2024verifiedHigh
31XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
32XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
33XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
34XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (134)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/koha/acqui/supplier.pl?op=enterpredictiveHigh
2File/cgi-bin/system_mgr.cgipredictiveHigh
3File/downloadpredictiveMedium
4File/forum/away.phppredictiveHigh
5File/include/helpers/upload.helper.phppredictiveHigh
6File/oauth/idp/.well-known/openid-configurationpredictiveHigh
7File/opt/IBM/es/lib/libffq.cryptionjni.sopredictiveHigh
8File/PROD_ar/twbkwbis.P_FirstMenupredictiveHigh
9File/rom-0predictiveLow
10File/spip.phppredictiveMedium
11File/uncpath/predictiveMedium
12File/WWW//app/admin/controller/admincontroller.phppredictiveHigh
13Fileadclick.phppredictiveMedium
14Fileadd_comment.phppredictiveHigh
15Fileadmin/cmsWebFile/list.html?path=../predictiveHigh
16FileadminBanned.phppredictiveHigh
17Fileadministrator/components/com_media/helpers/media.phppredictiveHigh
18Filexxxxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxx_xxxxxx.xxxpredictiveHigh
20Filexxxxxxx.xxpredictiveMedium
21Filexxxxx.xxxpredictiveMedium
22Filexxxxxxxx.xxxpredictiveMedium
23Filexxxxxx/xxxxxxx.xpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxx/xxxxxx-xxxxxxx.xxxpredictiveHigh
26Filexxxxxx/xxx.xpredictiveMedium
27Filexxxxxxx.xxxpredictiveMedium
28Filexxxxxxxxxx\xxxx.xxxpredictiveHigh
29Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
30Filexxx.xpredictiveLow
31Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveHigh
32Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
33Filexxxxxx.xxxpredictiveMedium
34Filexxxx.xxxpredictiveMedium
35Filexxxxxxxxx.xxxpredictiveHigh
36Filexxx/xxxxxx.xxxpredictiveHigh
37Filexxxxxxx/xxxxxxx.xxxpredictiveHigh
38Filexxxxx.xxxxpredictiveMedium
39Filexxxxx.xxxpredictiveMedium
40Filexxx_xxxxxxxxx.xxxpredictiveHigh
41Filexxxxxxxxx.xxxpredictiveHigh
42Filexxxxx.xxxxpredictiveMedium
43Filexxxxx.xxxpredictiveMedium
44Filexxx_xxxxxx.xpredictiveMedium
45Filexxxxxxxx.xxxpredictiveMedium
46Filexxxxxxxxxx.xxxpredictiveHigh
47Filexx-xxxxx/xxxx-xxxx.xxxpredictiveHigh
48Filexx/xxxx.xxxpredictiveMedium
49Filexxx/xxx_xxx_xxxxxxx.xpredictiveHigh
50Filexxxxxxx/xxx.xxxpredictiveHigh
51Filexxx_xxxx.xxxpredictiveMedium
52Filexxxx.xxxpredictiveMedium
53Filexxxxxxx.xxxpredictiveMedium
54Filexxxx.xxxpredictiveMedium
55Filexxxxx.xxxpredictiveMedium
56Filexxxxx.xxxpredictiveMedium
57Filexxxxxxxx.xxxpredictiveMedium
58Filexxxxxxxxxx.xxxpredictiveHigh
59Filexxxxxxxx.xxxpredictiveMedium
60Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
61Filexxxxxxxxxxxx_xxxxxxxx.xxxpredictiveHigh
62Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
63Filexxxxxx_xxxxxx.xxxpredictiveHigh
64Filexxxxxxxx.xxxpredictiveMedium
65Filexxxx-xxxxxx.xpredictiveHigh
66Filexxxxxxxxxxxxxx.xxxpredictiveHigh
67Filexxxxxxxx_xxxxxxxxx.xxxpredictiveHigh
68Filexxxxxxx/xxxx/xxx_xxx.xxxpredictiveHigh
69Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
70Filexxxxxxx_xxxxxxxx.xxxpredictiveHigh
71Filexxxxxxxx.xxxxpredictiveHigh
72Filexxxx-xxxxxxxx.xxxpredictiveHigh
73Filexxxx-xxxxx.xxxpredictiveHigh
74Filexxxx-xxxxxxxx.xxxpredictiveHigh
75Filexxxx_xxxx.xpredictiveMedium
76Filexxxx/xxx-xxx.xxxpredictiveHigh
77Filexxxx.xxxpredictiveMedium
78Filexxxxxxx/xxxxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
79Libraryxxxxxxxxx/xxx-xxxxxx/xxxxxxxx.xxxpredictiveHigh
80Libraryxxx/xxx/xx/xxx/xxxxxx.xxxxxxxxxxx.xxpredictiveHigh
81ArgumentxxxxxxxxxxpredictiveMedium
82ArgumentxxxxxxxxxxxpredictiveMedium
83ArgumentxxxxxxpredictiveLow
84ArgumentxxxxxxxxpredictiveMedium
85ArgumentxxxxpredictiveLow
86ArgumentxxxxxxpredictiveLow
87ArgumentxxxpredictiveLow
88ArgumentxxxxxxxxxpredictiveMedium
89ArgumentxxxxxxxxxxpredictiveMedium
90ArgumentxxxpredictiveLow
91ArgumentxxxxxxxxxxxxxpredictiveHigh
92ArgumentxxxxxxpredictiveLow
93ArgumentxxxxxxxpredictiveLow
94Argumentxxxxx[]predictiveLow
95Argumentxxxxx_xxxpredictiveMedium
96ArgumentxxxxxxxxpredictiveMedium
97Argumentxxxxxxxxx/xxxxxxpredictiveHigh
98Argumentxx_xxxxxxpredictiveMedium
99ArgumentxxxxxxpredictiveLow
100Argumentxxxxxxxxxxxxxx[xxxxxxxxxxxxxxxxxx]predictiveHigh
101Argumentxxxxxxx[xx_xxx_xxxx]predictiveHigh
102ArgumentxxxxpredictiveLow
103Argumentxxxx_xxxxxpredictiveMedium
104ArgumentxxpredictiveLow
105ArgumentxxxxpredictiveLow
106ArgumentxxxxxxpredictiveLow
107Argumentxxxx_xxxxpredictiveMedium
108ArgumentxxxxxxxxxpredictiveMedium
109ArgumentxxxxpredictiveLow
110ArgumentxxpredictiveLow
111ArgumentxxpredictiveLow
112ArgumentxxxxpredictiveLow
113ArgumentxxxxxxxxpredictiveMedium
114ArgumentxxxxxxxxpredictiveMedium
115ArgumentxxxxpredictiveLow
116Argumentxxxx_xxxxpredictiveMedium
117Argumentxxxxx_xxxx_xxxxpredictiveHigh
118Argumentxxxx/xxxxxpredictiveMedium
119ArgumentxxxxxxpredictiveLow
120ArgumentxxxxxxpredictiveLow
121ArgumentxxxxxxxxxxxpredictiveMedium
122ArgumentxxxpredictiveLow
123ArgumentxxxxxpredictiveLow
124ArgumentxxxxxxxxxpredictiveMedium
125Argumentxx_xxxx_xxxpredictiveMedium
126ArgumentxxxpredictiveLow
127ArgumentxxxxpredictiveLow
128Argumentxxxx_xxpredictiveLow
129ArgumentxxxxxxxxxpredictiveMedium
130Input Value..predictiveLow
131Input Value|<xxxxxxx>predictiveMedium
132Patternxxxxxxx-xxxxxxxxxxx|xx| xxxx-xxxxpredictiveHigh
133Pattern|xx|xx|xx|predictiveMedium
134Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!