LeetHozer Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (198)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en176
zh12
fr6
es2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us92
cn56
ce6
de2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike13
NetSupportManager RAT11
Raccoon10
RecordBreaker9
SideWinder8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined86
WordPress Plugin12
Content Management System10
Firewall Software10
Programming Language Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined56
Microsoft16
Comcast10
Computrols4
Intel4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

MantisBT6
Comcast MX011ANM6
WordPress4
Microsoft Exchange Server4
Computrols CBAS4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.04CVE-2013-5033
2Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001120.03CVE-2021-3056
3WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.07CVE-2022-21664
4VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.00CVE-2019-13275
5Linksys WRT54GL Web Management Interface SysInfo1.htm information disclosure4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.07CVE-2024-1406
6Teclib GLPI unlock_tasks.php sql injection8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.121490.04CVE-2019-10232
7Sophos Firewall User Portal/Webadmin improper authentication8.58.5$0-$5k$0-$5kHighNot Defined0.974340.00CVE-2022-1040
8CutePHP CuteNews unrestricted upload7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.021070.08CVE-2019-11447
9WordPress Object injection5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.004320.04CVE-2022-21663
10Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.3$25k-$100k$0-$5kHighOfficial Fix0.070840.04CVE-2022-26923
11QNAP QTS Media Library access control8.58.2$0-$5k$0-$5kHighOfficial Fix0.015750.03CVE-2017-13067
12RoundCube Webmail rcube_plugin_api.php path traversal8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.011630.00CVE-2020-12640
13Samurai Build File util.c canonpath out-of-bounds write6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000850.00CVE-2019-19795
14Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
15Phpsugar PHP Melody page_manager.php cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2017-15648
16Simple and Beautiful Shopping Cart System uploadera.php unrestricted upload7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001700.04CVE-2023-1558
17RealNetworks RealServer Port 7070 Service denial of service7.57.3$0-$5k$0-$5kNot DefinedWorkaround0.021160.08CVE-2000-0272
18Microsoft Windows Themes information disclosure5.95.6$25k-$100k$5k-$25kUnprovenOfficial Fix0.001280.04CVE-2024-21320
19Royal Elementor Addons and Templates Plugin unrestricted upload8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.967230.03CVE-2023-5360
20Hikvision Intercom Broadcasting System ping.php os command injection7.57.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.901600.21CVE-2023-6895

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
137.49.226.171LeetHozer02/11/2022verifiedHigh
264.225.64.58LeetHozer02/11/2022verifiedHigh
3XXX.XXX.XXX.XXXXxxxxxxxx02/11/2022verifiedHigh
4XXX.XXX.XX.XXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxx02/11/2022verifiedHigh
5XXX.XXX.XX.XXXxxxxx.xxxxxxx.xxxXxxxxxxxx02/11/2022verifiedHigh
6XXX.XXX.XX.XXXXxxxxxxxx02/11/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (91)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/RecordingList/DownloadRecord?file=predictiveHigh
2File/apply.cgipredictiveMedium
3File/php/ping.phppredictiveHigh
4File/rapi/read_urlpredictiveHigh
5File/scripts/unlock_tasks.phppredictiveHigh
6File/SysInfo1.htmpredictiveHigh
7File/sysinfo_json.cgipredictiveHigh
8File/system/user/modules/mod_users/controller.phppredictiveHigh
9File/wp-admin/admin-post.php?es_skip=1&option_namepredictiveHigh
10FileAjaxFileUploadHandler.axdpredictiveHigh
11Filexxxxxxx/xxxx.xxxpredictiveHigh
12Filexxxxxx/xxx.xpredictiveMedium
13Filexxxxxxxxx.xxx.xxxpredictiveHigh
14Filexxxxx/xxxxx.xxxpredictiveHigh
15Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxx_xxxxx.xxxpredictiveHigh
17Filexxxxx.xxxpredictiveMedium
18Filexxxxxx.xxxpredictiveMedium
19Filexx/xx-xx.xpredictiveMedium
20Filexxx/xxxx_xxxx.xpredictiveHigh
21Filexxxxxx/xxxxxxxxxxxpredictiveHigh
22Filexxxx_xxxxxx.xpredictiveHigh
23Filexxxx/xxxxxxx.xpredictiveHigh
24Filexxx/xxxxxx.xxxpredictiveHigh
25Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
26Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveHigh
27Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
28Filexxxxxxxxxx.xxxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
31Filexxx/xxx.xxxpredictiveMedium
32Filexxxx_xxxxxxx.xxxpredictiveHigh
33Filexxxxxx.xpredictiveMedium
34Filexxxx.xxxpredictiveMedium
35Filexxxxx.xxxpredictiveMedium
36Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
37Filexxxxx_xxxxxx_xxx.xxxpredictiveHigh
38Filexxxxxxxx.xxxpredictiveMedium
39Filexxxx.xxxpredictiveMedium
40Filexxxxx/xxxxx.xxxpredictiveHigh
41Filexxxxxxxx.xxxpredictiveMedium
42Filexxxx-xxxxx.xxxpredictiveHigh
43Filexxxxxxxxx.xxxpredictiveHigh
44Filexxxxxxxxx.xxxpredictiveHigh
45Filexxxx.xpredictiveLow
46FilexxxxxxxxxxpredictiveMedium
47Filexxxx_xxx_xxx_xxxx.xxxpredictiveHigh
48Filexxxxxxx/xxxxx.xxxpredictiveHigh
49Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
50ArgumentxxxxxxpredictiveLow
51Argumentxxxxxxx_xxxxpredictiveMedium
52Argumentxxxxxx_xxxxpredictiveMedium
53ArgumentxxxxxxxxpredictiveMedium
54ArgumentxxxpredictiveLow
55ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
56ArgumentxxxxxpredictiveLow
57Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
58Argumentxxxxxx_xxpredictiveMedium
59ArgumentxxxpredictiveLow
60ArgumentxxxxxxpredictiveLow
61ArgumentxxxxxxpredictiveLow
62ArgumentxxxxpredictiveLow
63ArgumentxxxxpredictiveLow
64ArgumentxxpredictiveLow
65Argumentxxxxx_xxxxpredictiveMedium
66Argumentxxxxxxxx[xx]predictiveMedium
67ArgumentxxxxxxxpredictiveLow
68Argumentxxxxxxxx_xxxxpredictiveHigh
69Argumentxxx_xxxxpredictiveMedium
70Argumentxxxx_xxxxxpredictiveMedium
71ArgumentxxxxxxxxpredictiveMedium
72Argumentxxxx_xxpredictiveLow
73Argumentxxxxxxx/xxxxxpredictiveHigh
74Argumentxxxxxx_xxxpredictiveMedium
75Argumentxxxx_xxpredictiveLow
76Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
77ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
78Argumentxxxx_xxpredictiveLow
79ArgumentxxxpredictiveLow
80ArgumentxxxxpredictiveLow
81ArgumentxxxxxxxxpredictiveMedium
82Argumentxxxx/xx/xxxx/xxxpredictiveHigh
83Input Value.%xx.../.%xx.../predictiveHigh
84Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
85Input Valuexxxxxxx -xxxpredictiveMedium
86Input ValuexxxxxxxxxxpredictiveMedium
87Network PortxxxxpredictiveLow
88Network PortxxxxpredictiveLow
89Network Portxxxx xxxxpredictiveMedium
90Network Portxxx/xxxpredictiveLow
91Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!