Kapeka Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (206)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en158
ru30
it8
de6
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us78
pl26
gb20
ru14
ch12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Kapeka4
Socks5 Systemz1
Sliver1
Charming Kitten1
Conti1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined60
Web Server16
Operating System14
Database Administration Software10
Content Management System8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined60
Microsoft22
Apache8
Cisco8
IBM6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

phpMyAdmin10
Microsoft Windows10
Apache HTTP Server8
Cisco NX-OS6
PHP4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.73CVE-2020-12440
2phpMyAdmin PMA_safeUnserialize deserialization9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.004330.00CVE-2016-9865
3phpMyAdmin cross site scripting3.53.4$0-$5k$0-$5kHighOfficial Fix0.003480.02CVE-2014-8958
4Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.03CVE-2008-2052
5PHP Safe Mode mail privileges management7.36.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.015350.00CVE-2002-0985
6Neet AirStream NAS1.1 Configuration Page cross-site request forgery7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001120.04CVE-2016-10862
7Alt-N MDaemon Worldclient injection4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.06CVE-2021-27182
8phpMyAdmin ArbitraryServerRegexp Reuse 7pk security9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.003660.04CVE-2016-6629
9phpMyAdmin Unserialization unserialize deserialization9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.009650.00CVE-2016-6620
10phpMyAdmin Central Column Query central_columns.lib.php sql injection9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.003220.00CVE-2016-5703
11phpMyAdmin Git Information GitRevision.php Remote Code Execution9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.001900.04CVE-2019-19617
12phpMyAdmin Redirect php weakness4.34.1$5k-$25k$0-$5kHighOfficial Fix0.002470.02CVE-2014-9219
13phpMyAdmin import.php cross site scripting4.34.1$5k-$25k$0-$5kHighOfficial Fix0.001500.02CVE-2014-1879
14ApolloTheme AP PageBuilder cross site scripting4.84.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000750.04CVE-2022-44897
15InfluxDB JWT Token handler.go improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.042370.00CVE-2019-20933
16Seltmann Content Management System index.php sql injection7.67.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.001390.00CVE-2022-47740
17Plohni Advanced Comment System Installation index.php code injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.009970.05CVE-2009-4623
18PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.05CVE-2015-4134
19PHP memory corruption5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.109590.02CVE-2014-9427
20D-Link DCS-936L info.cgi information disclosure6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.006210.04CVE-2018-18441

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
188.80.148.65Kapeka04/23/2024verifiedHigh
2XXX.XX.XXX.XXXxxxxx04/23/2024verifiedHigh
3XXX.XX.XXX.Xx.xxx.xx.xxx.xxxxxxxxx.xxxx.xxxXxxxxx04/23/2024verifiedHigh
4XXX.XXX.XXX.XXXxx-xxxx.xxxxxxxxxxxxx.xxxXxxxxx04/23/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
16TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (84)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/apply.cgipredictiveMedium
2File/common/info.cgipredictiveHigh
3File/filemanager/upload.phppredictiveHigh
4File/index.phppredictiveMedium
5File/redbin/rpwebutilities.exe/textpredictiveHigh
6File/servicespredictiveMedium
7File/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServletpredictiveHigh
8File/uncpath/predictiveMedium
9Fileadmin/product_category.php?rec=updatepredictiveHigh
10Filebug_report_page.phppredictiveHigh
11Filexxx/xxxxxxx.xxpredictiveHigh
12Filexxx.xxx?xxxxxx=xxxxxxxxxxxxx&xxx=xxpredictiveHigh
13Filexxxxxxx.xxxpredictiveMedium
14Filexxxxxxx.xxxpredictiveMedium
15Filexxxxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxxxx_xxxxx.xxxpredictiveHigh
17Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxxx.xxxpredictiveMedium
19Filexxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
20Filexxxxxxx.xxxpredictiveMedium
21Filexxx/xxxx/xxxx_xxxx.xpredictiveHigh
22Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xxpredictiveHigh
23Filexx/xxxxx/xxxxxx-xxxx.xpredictiveHigh
24Filexx/xxxx/xxxxxx.xpredictiveHigh
25Filexx/xxxx/xxxxx.xpredictiveHigh
26Filexxx_xxx.xxxpredictiveMedium
27Filexxxx.xxxpredictiveMedium
28Filexxx.xxxxxpredictiveMedium
29Filexxxx.xxxpredictiveMedium
30Filexxxxxx.xxxpredictiveMedium
31Filexxxxx.xxxpredictiveMedium
32Filexxxx_xxxx.xxxpredictiveHigh
33Filexxxxxx.xpredictiveMedium
34Filexxxxxx/xxxx.xpredictiveHigh
35Filexxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
36Filexxxxxxxxxxxxx.xxxpredictiveHigh
37Filexxxxxx.xxxpredictiveMedium
38Filexxxxxxx/xxxxxxxxxx/xxxx/xxxxxx.xxxpredictiveHigh
39Filexxxxxxx/xxxxxx%xxxxxxx/xxxxxx_xxx.xxx&xxxx=xxxxxxxxxxxxxxxxxx&xxxx=xpredictiveHigh
40Filexxx_xxxxx_xxxx.xpredictiveHigh
41Filexxxxxxxxxx.xxxpredictiveHigh
42Filexxxxxxxx.xxxpredictiveMedium
43Filexxxxxx_xxxxxx.xxpredictiveHigh
44Filexxxxxxxx/xxxxx/xxxxxxx.xxpredictiveHigh
45Filexxxxx.xxxpredictiveMedium
46Filexxxxxx.xxxpredictiveMedium
47Filexxxx.xxxpredictiveMedium
48Filexxxxxx/xxxxxxxxxx/xxx-xxxxx/xxx/xxxxxxx.xxxpredictiveHigh
49Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
50Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveHigh
51Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
52Filexxxx.xxpredictiveLow
53Libraryxxxxx.xxxpredictiveMedium
54Libraryxxxxxxxxx/xxxxxxx_xxxxxxx.xxx.xxxpredictiveHigh
55Libraryxxxxxx_xxx.xxx.xxxpredictiveHigh
56Argument${xxx}predictiveLow
57Argumentxxx_xxxxpredictiveMedium
58Argumentxxx_xxpredictiveLow
59Argumentxxx_xxxxpredictiveMedium
60ArgumentxxxxpredictiveLow
61Argumentxxxx_xxpredictiveLow
62ArgumentxxxxxxxxxxxpredictiveMedium
63ArgumentxxxxxxxpredictiveLow
64ArgumentxxxpredictiveLow
65ArgumentxxxxpredictiveLow
66Argumentxxxxxx_xxxx_xxxpredictiveHigh
67ArgumentxxpredictiveLow
68Argumentxxxx_xxpredictiveLow
69ArgumentxxxpredictiveLow
70Argumentx_xxpredictiveLow
71ArgumentxxxxxxxxxpredictiveMedium
72ArgumentxxxxxxxxpredictiveMedium
73Argumentxxxxx[x]predictiveMedium
74ArgumentxxxxxxxxpredictiveMedium
75ArgumentxxxxxxxpredictiveLow
76Argumentxxxx_xxxxxxpredictiveMedium
77Argumentxxxxxx_xxxxpredictiveMedium
78ArgumentxxxpredictiveLow
79ArgumentxxxxxxxxpredictiveMedium
80ArgumentxxxxxxxxpredictiveMedium
81ArgumentxxxxxxxxpredictiveMedium
82Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
83Input ValuexxxxxxxxpredictiveMedium
84Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!