India Police Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (193)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	168
es	12
zh	8
ru	2
fr	2

Country

us	108
cn	28
ag	8
ru	6
nl	6

Actors

India Police	10
Cobalt Strike	3
PrivateLoader	2
Mirai	2
YaBucks	1

Activities

Interest

Timeline

Type

Not Defined	64
Operating System	16
Content Management System	14
Smartphone Operating System	6
File Transfer Software	6

Vendor

Not Defined	56
Microsoft	20
Oracle	6
Google	4
GL.iNet	4

Product

Microsoft Windows	12
Oracle GlassFish Server	6
WordPress	6
Google Android	4
Drupal	4

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Microsoft IIS IP/Domain Restriction access control	6.5	5.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00817	0.20	CVE-2014-4078
2	Adiscon LogAnalyzer Login Button Referer Field login.php cross site scripting	5.2	4.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00204	0.00	CVE-2018-19877
3	Apple iOS IOMobileFramebuffer memory corruption	8.3	8.1	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00167	0.02	CVE-2016-4654
4	Sunny WebBox cross-site request forgery	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00150	0.02	CVE-2019-13529
5	Bitrix Site Manager Vote Module Remote Code Execution	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00668	0.05	CVE-2022-27228
6	WordPress Password Reset wp-login.php mail password recovery	6.1	5.8	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.02827	0.05	CVE-2017-8295
7	Jalios JCMS ajaxPortal.jsp cross site scripting	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00128	0.04	CVE-2020-15497
8	XiongMai uc-httpd memory corruption	8.5	8.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02201	0.00	CVE-2018-10088
9	Websense Forcepoint User ID Service Port 5001 unrestricted upload	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.14481	0.02	CVE-2019-6139
10	F5 BIG-IP Configuration Utility path traversal	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.03343	0.00	CVE-2015-4040
11	WordPress WP_Query class-wp-query.php sql injection	8.5	8.4	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00318	0.00	CVE-2017-5611
12	Microsoft Windows Remote Desktop Service code injection	10.0	9.0	$100k and more	$0-$5k	High	Official Fix	0.78895	0.08	CVE-2012-0002
13	Kentico CMS os command injection	6.7	6.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00422	0.00	CVE-2018-7046
14	Drei 3Kundenzone X.509 Certificate cryptographic issues	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00049	0.00	CVE-2014-5828
15	vsftpd deny_file unknown vulnerability	3.7	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00312	0.05	CVE-2015-1419
16	Totolink A7100RU HTTP POST Request main buffer overflow	9.8	9.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00060	0.00	CVE-2023-7095
17	D-Link DCS-936L info.cgi information disclosure	6.4	6.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00621	0.05	CVE-2018-18441
18	SMA Solar Sunny WebBox hard-coded credentials	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00568	0.00	CVE-2015-3964
19	Microsoft Windows HTML Remote Code Execution	5.8	5.7	$25k-$100k	$25k-$100k	High	Official Fix	0.49119	0.00	CVE-2023-36884
20	Maxprint Maxlink 1200G Diagnostic Tool os command injection	7.1	7.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00103	0.00	CVE-2023-36143

Campaigns (1)

These are the campaigns that can be associated with the actor:

Spyware

IOC - Indicator of Compromise (44)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	5.1.82.106	5-1-82-106.static.creoline.net	India Police	Spyware	06/28/2022	verified	High
2	8.5.1.33		India Police	Spyware	06/28/2022	verified	High
3	8.5.1.49		India Police	Spyware	06/28/2022	verified	High
4	34.246.254.156	ec2-34-246-254-156.eu-west-1.compute.amazonaws.com	India Police	Spyware	06/28/2022	verified	Medium
5	36.86.63.182		India Police	Spyware	06/28/2022	verified	High
6	52.4.209.250	ec2-52-4-209-250.compute-1.amazonaws.com	India Police	Spyware	06/28/2022	verified	Medium
7	54.210.47.225	ec2-54-210-47-225.compute-1.amazonaws.com	India Police	Spyware	06/28/2022	verified	Medium
8	64.15.205.100		India Police	Spyware	06/28/2022	verified	High
9	64.15.205.101		India Police	Spyware	06/28/2022	verified	High
10	XX.XXX.XXX.XX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
11	XX.XXX.XXX.XX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
12	XX.XX.XXX.XXX	xxxx.xxxxxxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
13	XX.X.XXX.XXX	xxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
14	XX.XXX.XX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
15	XX.XXX.XXX.XX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
16	XXX.XXX.XXX.XXX	xxx-x.xxxxxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
17	XXX.XXX.XXX.X		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
18	XXX.XXX.XX.XXX	xxx-xxx-xx-xxx.xxxxxx-xx-xxxxxxxxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
19	XXX.X.XXX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
20	XXX.X.XXX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
21	XXX.XXX.XX.XXX	xxx-xxxxx.xxxxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
22	XXX.XXX.XX.XXX	xxx.xx.xxx.xxx.xx.xxxxxxxxxxxxxxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	Medium
23	XXX.XX.XXX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
24	XXX.XXX.XX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
25	XXX.XX.XXX.XX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
26	XXX.XX.XXX.XXX	xxx.xxxxxxxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
27	XXX.XXX.XX.XXX	xxx-xxx-xx-xxx.xxxx-xxxxx.xx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
28	XXX.XXX.XX.XX	xxxxxxxxx.xxxxxxxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
29	XXX.XXX.XX.XX	xxxxxxxxx.xxxxxxxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
30	XXX.XXX.XXX.XX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
31	XXX.XX.XXX.XXX	xxx.xx.xxx.xxx.xxxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
32	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xxxxxx.xxxxxxxxxxxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
33	XXX.XXX.XXX.XX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
34	XXX.XX.XXX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
35	XXX.XX.XXX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
36	XXX.XX.XXX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
37	XXX.XX.XXX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
38	XXX.XXX.XX.XX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
39	XXX.XX.XX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
40	XXX.XX.XX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
41	XXX.XX.XXX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
42	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
43	XXX.XXX.XXX.XXX		Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High
44	XXX.XX.XX.XXX	xxx.xxxxx.xxx	Xxxxx Xxxxxx	Xxxxxxx	06/28/2022	verified	High

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	High
3	T1059	CAPEC-137	CWE-88, CWE-94	Argument Injection	predictive	High
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
6	TXXXX	CAPEC-150	CWE-XXX	Xxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxx	predictive	High
7	TXXXX.XXX	CAPEC-16	CWE-XXX, CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	High
8	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
9	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
10	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
11	TXXXX	CAPEC-50	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
12	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
13	TXXXX.XXX	CAPEC-	CWE-XX	Xxxxxxxxxxxxx	predictive	High
14	TXXXX	CAPEC-20	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High
15	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (103)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	%PROGRAMDATA%\Razer Chroma\SDK\Apps	predictive	High
2	File	.htaccess	predictive	Medium
3	File	/cgi-bin/cstecgi.cgi?action=login	predictive	High
4	File	/cgi-bin/webviewer_login_page	predictive	High
5	File	/common/info.cgi	predictive	High
6	File	/mgmt/tm/util/bash	predictive	High
7	File	/recordings/index.php	predictive	High
8	File	/uncpath/	predictive	Medium
9	File	/webssh	predictive	Low
10	File	add_vhost.php	predictive	High
11	File	admin-ajax.php	predictive	High
12	File	xxx/xx	predictive	Low
13	File	xxxxx/xxxxxxx/xxxxxxxxxxxxx	predictive	High
14	File	xxxxxxxxxxxx.xxxx	predictive	High
15	File	xxxxxxxx.xxx	predictive	Medium
16	File	xxx-xxx/xxxxx/xxxxx.xxx	predictive	High
17	File	xxxxx/xxxxxxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
18	File	xxxxx.xxxxxxxxx.xxx	predictive	High
19	File	xxxxxx/xxxxx.x	predictive	High
20	File	xxxx/xxxxxxxxxxxxxx.xxx	predictive	High
21	File	xxxxxxxxxxxxx.xxxx	predictive	High
22	File	xxx/xxxx/xxxx.x	predictive	High
23	File	xxxxxxxxxxxx.xxx	predictive	High
24	File	xxxxxxxx_xxx	predictive	Medium
25	File	xxxxxxxxx/xxxx-xxxxxxx-xxx.xxx	predictive	High
26	File	xxxxx.xxx	predictive	Medium
27	File	xxxx_xxxx.x	predictive	Medium
28	File	xxxxx.xxx	predictive	Medium
29	File	xxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx	predictive	High
30	File	xxxx.xxx	predictive	Medium
31	File	xxxx_xxxx.xxx	predictive	High
32	File	xxxxx/xxxxxx/xxxxxxxxxx.xxx	predictive	High
33	File	xx/xxx/xxxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxx_xxxxx/_/xxxxxxx_xxx	predictive	High
34	File	xxxxx.xxx	predictive	Medium
35	File	xxxxxxx/	predictive	Medium
36	File	xxxxxxxx.x	predictive	Medium
37	File	xxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxx.xxxx_xxxxxx.xxx/xxxx_xxxxxx.xxx	predictive	High
38	File	xxxxxxx\xxxxxxxxx\xxxxxxx.xxx	predictive	High
39	File	xxx/xxxxxxxxx/xxxxxxxxx_xxxxx.x	predictive	High
40	File	xxxx.xxx	predictive	Medium
41	File	xxxx_xxx_xxxxxxx.x	predictive	High
42	File	xxxxxxxxxx.xxx.xxx	predictive	High
43	File	xxxxxxx.xxx	predictive	Medium
44	File	xxxxx_xxx.xxx	predictive	High
45	File	xxx.x	predictive	Low
46	File	xxxxxxxx.xxx	predictive	Medium
47	File	xxxxxxxx.xx	predictive	Medium
48	File	xxxxxx.xxxx	predictive	Medium
49	File	xxxxxx_xxxxxxx.xxx	predictive	High
50	File	xxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxx	predictive	High
51	File	xxx%xxxxx-xxxxxxxxxxxxx+xxxxxxx/xxxxxxx+xxxxx+xxxx/	predictive	High
52	File	xxxxx/xxxxxx.x	predictive	High
53	File	xxxx.x	predictive	Low
54	File	xxxx/xxxxxxxx/xxxxxxxx.xxxx	predictive	High
55	File	xxxxxxxx.xxx	predictive	Medium
56	File	xxxxx/xxxxxxxx	predictive	High
57	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	High
58	File	xx-xxxxx.xxx	predictive	Medium
59	File	xx/xx/xxxxx	predictive	Medium
60	File	xxxxxxxxxxxxx.xx	predictive	High
61	Library	xxxxxxxx_xxxxxxxxx.xxx.xxx	predictive	High
62	Library	xxx/xxxxxxxxx.xxx	predictive	High
63	Library	xxxxxx	predictive	Low
64	Argument	--xxx	predictive	Low
65	Argument	xxxxxxx xx/xxxxxxx xxxx	predictive	High
66	Argument	xxxxxx	predictive	Low
67	Argument	xxxxxx	predictive	Low
68	Argument	xxxxx	predictive	Low
69	Argument	xxxxxxxxxx	predictive	Medium
70	Argument	xxx[xxxxxx][xxxxxxxxx]	predictive	High
71	Argument	xxx	predictive	Low
72	Argument	xxx	predictive	Low
73	Argument	xxxx_xx	predictive	Low
74	Argument	xxxxxx	predictive	Low
75	Argument	xxxxx	predictive	Low
76	Argument	xxxxxxxx	predictive	Medium
77	Argument	xxxx	predictive	Low
78	Argument	xxxxxxxxx	predictive	Medium
79	Argument	xxxx	predictive	Low
80	Argument	xx	predictive	Low
81	Argument	xxxxxx	predictive	Low
82	Argument	xxxxxxx	predictive	Low
83	Argument	xxxx_xxxxxx_xx	predictive	High
84	Argument	xxxxx	predictive	Low
85	Argument	xxxxx_xxxxxxxx	predictive	High
86	Argument	xxx	predictive	Low
87	Argument	xxxxxxxx	predictive	Medium
88	Argument	xxxxxxxx	predictive	Medium
89	Argument	xxxxxxxxx	predictive	Medium
90	Argument	xxx	predictive	Low
91	Argument	xxxxx	predictive	Low
92	Argument	xxxx	predictive	Low
93	Argument	xxxxxx	predictive	Low
94	Argument	xxxxxxxx	predictive	Medium
95	Argument	xxxxxx_xxxxxxxx	predictive	High
96	Argument	_xxxxxxx	predictive	Medium
97	Input Value	%xx	predictive	Low
98	Input Value	'>[xxx]	predictive	Low
99	Input Value	xxx.xxxx.%xxx.%xxx	predictive	High
100	Input Value	</xxxxxx><xxxxxx>xxxxx(x)</xxxxxx>	predictive	High
101	Input Value	xxxxx	predictive	Low
102	Pattern	\|xx xx xx xx\|	predictive	High
103	Network Port	xxx/xxxx (xxx)	predictive	High

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!