Fileless Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (349)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en342
fr4
de2
ko2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

is322
us8
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Fileless3
BianLian1
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined120
Operating System56
Banking Software18
WordPress Plugin18
Smartphone Operating System10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Microsoft68
Not Defined66
Oracle24
D-Link14
Optergy12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows54
D-Link DCS-113014
Optergy Proton12
Optergy Enterprise12
Shekar Endoscope10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1UNCTAD ASYCUDA World Java RMI Server inadequate encryption8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.004270.00CVE-2020-9761
2Microsoft Windows Hyper-V Network Switch input validation5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2019-0714
3Microsoft Windows Hyper-V Network Switch input validation5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2019-0715
4Microsoft Windows DHCP Server memory corruption9.89.4$100k and more$25k-$100kNot DefinedOfficial Fix0.060820.02CVE-2019-1213
5Microsoft Windows Bluetooth cryptographic issues8.07.9$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001050.02CVE-2019-9506
6Microsoft Windows memory corruption5.85.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.002030.00CVE-2019-0716
7Microsoft Windows Hyper-V Network Switch input validation5.95.7$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000430.02CVE-2019-0717
8Microsoft Edge information disclosure5.04.8$25k-$100k$0-$5kNot DefinedOfficial Fix0.024810.00CVE-2019-1030
9Microsoft Windows Hyper-V Network Switch input validation5.95.7$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000430.00CVE-2019-0723
10Microsoft Windows Hyper-V Network Switch input validation5.95.7$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000430.00CVE-2019-0718
11JetBrains YouTrack Plugin Template injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.007700.00CVE-2019-10100
12Joomla CMS LDAP Authentication Password ldap injection7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.010390.04CVE-2017-14596
13Microsoft Windows JET Database Engine memory corruption7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.019120.00CVE-2019-1146
14Microsoft Windows JET Database Engine memory corruption7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.019120.02CVE-2019-1147
15Microsoft Windows Graphics Component information disclosure4.84.8$25k-$100k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2019-1148
16Microsoft Windows Graphics Component information disclosure4.84.8$25k-$100k$0-$5kNot DefinedOfficial Fix0.000430.02CVE-2019-1153
17Microsoft Windows Graphics Component information disclosure4.84.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000690.04CVE-2019-1154
18Microsoft Windows JET Database Engine memory corruption7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.019120.02CVE-2019-1156
19Microsoft Windows JET Database Engine memory corruption7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.019120.00CVE-2019-1155
20Microsoft Windows JET Database Engine memory corruption7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.019120.00CVE-2019-1157

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
193.95.228.97timestechnologies.orgFileless07/30/2022verifiedHigh
2162.0.224.144people-role.quarantine-pnap-vlan51.web-hosting.comFileless07/30/2022verifiedHigh
3XXX.XX.XXX.Xxx-xxxxx.xxxxxx.xxxXxxxxxxx07/30/2022verifiedHigh
4XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxx07/30/2022verifiedHigh
5XXX.XXX.XXX.XXxxxxxx.xxxxxxxx.xxxXxxxxxxx07/30/2022verifiedHigh
6XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxx07/30/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (64)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/acms/classes/Master.php?f=delete_cargopredictiveHigh
2File/domains/listpredictiveHigh
3File/sbinpredictiveLow
4File/sbin/orthruspredictiveHigh
5File/sbin/rtspdpredictiveMedium
6File/var/www/video/mp4tspredictiveHigh
7Fileadmin/listMailConfigurationpredictiveHigh
8Fileapply.cgipredictiveMedium
9Filexxxxxx/xxx.xpredictiveMedium
10Filexxxxxx/xx.xpredictiveMedium
11Filexxxxxx/xxxx.xpredictiveHigh
12Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
13Filexxxxxx/xxxx_xxxxxxxx.xxxpredictiveHigh
14Filexxxxx_xxxxx.xxx_xxxpredictiveHigh
15Filexxxx_xxxxxxx.xxxpredictiveHigh
16Filexxxxx.xpredictiveLow
17Filexxxxxxx.xxxxpredictiveMedium
18Filexxxx_xxx.xpredictiveMedium
19Filexxxx/xxxxxxxxxx.xxpredictiveHigh
20Filexxxxxxx/xxx.xxxpredictiveHigh
21Filexxxx.xxxpredictiveMedium
22Filexxxxx.xxxpredictiveMedium
23Filexx/xxxxxx.xxxxxxxxxxx.xxpredictiveHigh
24Filexxxxxxxxxxxx.xxpredictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexx-xxxxx/xxxx-xxxx.xxxpredictiveHigh
27Filexxxxxxxxx.xxxpredictiveHigh
28Filexxxxxxxxxx.xxpredictiveHigh
29Filexxx_xxx.xxx?xxx=xxx.xxx.x.x&xxxx=xx&xxxx=xxxpredictiveHigh
30Filexxx/xxx/xxx/xxxxxxx/xxxxxxxx/xxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
31Filexxxxxxxx.xxxpredictiveMedium
32Filexxxxx_xxxxx.xxxpredictiveHigh
33Filexxxxxx.xxxpredictiveMedium
34Filexxxxxxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxxx/xxxxxxx/xxxxxxxxxxxpredictiveHigh
36Filexxxxx-xx.xxxpredictiveMedium
37Libraryxxxxxx.xxxpredictiveMedium
38Libraryxxxxxxxxxxx.xxxpredictiveHigh
39Libraryxxxx.xxxpredictiveMedium
40Libraryxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
41Libraryxxxxxx.xxxpredictiveMedium
42Libraryxxxxx.xxxpredictiveMedium
43Libraryxxxxxxx.xxxpredictiveMedium
44Libraryxxxx.xxxpredictiveMedium
45Libraryxxxxxxxxxxxxxx.xxxpredictiveHigh
46Libraryxxxxxxxx.xxxpredictiveMedium
47Libraryxxxxxx.xxxpredictiveMedium
48Libraryxxxxxxx.xxxpredictiveMedium
49Argument-xpredictiveLow
50ArgumentxxxxpredictiveLow
51ArgumentxxxxxxxxpredictiveMedium
52Argumentxxxx-xxxx-xxxxxxxxpredictiveHigh
53Argumentxx_xxxxxxpredictiveMedium
54ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
55ArgumentxxxxxxxpredictiveLow
56ArgumentxxxpredictiveLow
57ArgumentxxxxxxxxxxxxxxpredictiveHigh
58Argumentxxx_xxxxpredictiveMedium
59ArgumentxxxxxxxxxxpredictiveMedium
60ArgumentxxxpredictiveLow
61ArgumentxxxxxxxxxxxxxxxpredictiveHigh
62Network Portxxx/xx (xxx)predictiveMedium
63Network Portxxx/xxxxxpredictiveMedium
64Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!