Lyceum Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en764
zh136
ru22
ar16
ja14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us348
cn224
gb34
es18
ru14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Lyceum4
Cobalt Strike2
QakBot1
Nanocore RAT1
RedLine Stealer1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined362
Operating System60
Router Operating System34
Chip Software28
Content Management System24

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined256
Microsoft38
Apple30
Apache24
SourceCodester22

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows24
Qualcomm Snapdragon Auto20
Qualcomm Snapdragon Compute20
Qualcomm Snapdragon Industrial IOT20
Linux Kernel18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010757.06CVE-2006-6168
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.71CVE-2010-0966
3Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.71
4ALPACA improper authentication5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001100.06CVE-2021-3618
5SolarWinds Network Performance Monitor deserialization9.89.8$0-$5k$0-$5kNot DefinedOfficial Fix0.691840.08CVE-2021-31474
6nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.62CVE-2020-12440
7Huawei ACXXXX/SXXXX SSH Packet input validation7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002460.07CVE-2014-8572
8Trend Micro Maximum Security Secure Erase link following5.45.4$5k-$25k$5k-$25kNot DefinedNot Defined0.000450.00CVE-2022-30687
9Arista EOS credentials management5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000740.00CVE-2021-28509
10Roncoo Education File pic unrestricted upload5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.002500.00CVE-2022-29632
11Linglong Cookie access control5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.002380.00CVE-2022-29633
12Archer Platform SSO ADFS access control9.79.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.04CVE-2022-30584
13Archer Platform REST API authorization5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001060.00CVE-2022-30585
14Arista EOS credentials management5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.000740.00CVE-2021-28508
15Apple macOS state issue5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000630.05CVE-2022-26691
16Apple iOS/iPadOS Kernel memory corruption7.87.5$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000820.00CVE-2022-22672
17Apple macOS Kernel memory corruption7.87.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000820.00CVE-2022-22672
18Apple macOS XPC Services API permission4.44.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000500.04CVE-2022-22676
19Apple macOS File System race condition3.63.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000510.00CVE-2022-26690
20MantisBT cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.004820.05CVE-2014-9571

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • DanBot

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
162.113.196.37aeroplan-redirect.onlineLyceumDanBot03/28/2022verifiedHigh
262.113.207.181LyceumDanBot03/28/2022verifiedHigh
375.87.185.45cpe-75-87-185-45.kc.res.rr.comLyceumDanBot03/28/2022verifiedHigh
4XX.XXX.XXX.XXXXxxxxx03/31/2022verifiedHigh
5XXX.XXX.XX.XXxxxxxxxxxx.xxxxxx.xxxXxxxxxXxxxxx03/28/2022verifiedHigh
6XXX.XXX.XX.XXXxxxxx03/31/2022verifiedHigh
7XXX.XXX.XXX.XXXxxxxxXxxxxx03/28/2022verifiedHigh
8XXX.XXX.XXX.XXXxxxxxXxxxxx03/28/2022verifiedHigh
9XXX.XX.XXX.XXXxxxxx.xxxxxxxxxxxxxx.xxxxXxxxxxXxxxxx03/28/2022verifiedHigh
10XXX.XXX.XXX.XXxxxx.xx-xxx-xxx-xxx.xxXxxxxxXxxxxx03/28/2022verifiedHigh
11XXX.XXX.XXX.XXXxxxxxxxx-xxxxxxx.xxxxxxxxxxxx.xxxXxxxxx03/31/2022verifiedHigh
12XXX.XX.XXX.XXXXxxxxxXxxxxx03/28/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (25)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23, CWE-24, CWE-425Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-1CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-492CWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
14TXXXXCAPEC-108CWE-XX, CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-466CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-154CWE-XXXXxxxxxxxxxxxpredictiveHigh
20TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
21TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
22TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
23TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
24TXXXX.XXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
25TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (356)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/act/ActDao.xmlpredictiveHigh
3File/admin/login.phppredictiveHigh
4File/admin/return_add.phppredictiveHigh
5File/ajax.php?action=read_msgpredictiveHigh
6File/api/clusters/local/topics/{topic}/messagespredictiveHigh
7File/api/gen/clients/{language}predictiveHigh
8File/app/options.pypredictiveHigh
9File/apply/index.phppredictiveHigh
10File/bin/httpdpredictiveMedium
11File/cgi-bin/wapopenpredictiveHigh
12File/ci_spms/admin/categorypredictiveHigh
13File/ci_spms/admin/search/searching/predictiveHigh
14File/classes/Master.php?f=delete_appointmentpredictiveHigh
15File/classes/Master.php?f=delete_trainpredictiveHigh
16File/Content/Template/root/reverse-shell.aspxpredictiveHigh
17File/course/api/upload/picpredictiveHigh
18File/ctcprotocol/ProtocolpredictiveHigh
19File/dashboard/menu-list.phppredictiveHigh
20File/data/removepredictiveMedium
21File/debug/pprofpredictiveMedium
22File/ebics-server/ebics.aspxpredictiveHigh
23File/emap/devicePoint_addImgIco?hasSubsystem=truepredictiveHigh
24File/ffos/classes/Master.php?f=save_categorypredictiveHigh
25File/forum/away.phppredictiveHigh
26File/goform/execCommandpredictiveHigh
27File/goform/net\_Web\_get_valuepredictiveHigh
28File/goforms/rlminfopredictiveHigh
29File/GponForm/usb_restore_Form?script/predictiveHigh
30File/group1/uploapredictiveHigh
31File/hedwig.cgipredictiveMedium
32File/HNAP1predictiveLow
33File/HNAP1/SetClientInfopredictiveHigh
34File/include/file.phppredictiveHigh
35File/Items/*/RemoteImages/DownloadpredictiveHigh
36File/manage/IPSetup.phppredictiveHigh
37File/menu.htmlpredictiveMedium
38File/modules/profile/index.phppredictiveHigh
39File/nagiosxi/admin/banner_message-ajaxhelper.phppredictiveHigh
40File/navigate/navigate_download.phppredictiveHigh
41File/ocwbs/admin/?page=user/manage_userpredictiveHigh
42File/ofrs/admin/?page=user/manage_userpredictiveHigh
43File/xxx.xxxpredictiveMedium
44File/xxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
45File/xxx_xxxxxx/xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
46File/xxxxxxpredictiveLow
47File/xxx/xxxxx.xxxpredictiveHigh
48File/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxx/predictiveHigh
49File/xxx/xxxxxx/xxxxxxxxpredictiveHigh
50File/xxxxxxxx-xxxx/xxxxxxxx_xxxx.xxxpredictiveHigh
51File/xxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
52File/xxxxxxxxx//../predictiveHigh
53File/xxxxxx/xxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
54File/xxxx.xxxpredictiveMedium
55File/xxxxxxxx-xxxx/xxx/xxxxx/xxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
56File/xxx/xxxx/xxxxxxxxxxxxxxpredictiveHigh
57File/xxxpredictiveLow
58File/xxxxxxxx_xxxxx/?x=xxxx_xxxxxxxpredictiveHigh
59File/xxxx/?xxxx=xx_xxxxxxxxpredictiveHigh
60File/xx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
61File/xx-xxxxpredictiveMedium
62Filexxx.xxxpredictiveLow
63Filexxxxxxx.xxxpredictiveMedium
64Filexxxxx/?xxxx=xxxxxxxpredictiveHigh
65Filexxxxx/xxx.xxxpredictiveHigh
66Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
67Filexxxxx/xx_xxxxxxxx.xxxpredictiveHigh
68Filexxxxx/xxxx-xxxxx.xxxpredictiveHigh
69Filexxxxx/xxxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
70Filexxxxx/xxxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
71Filexxxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
72Filexxxxx/xxxxxxxx.xxxxpredictiveHigh
73Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
74Filexxxxx_xxxxx.xxxpredictiveHigh
75Filexxxx_xxxxxxx.xxxpredictiveHigh
76Filexxx/xxx/xxxxxpredictiveHigh
77Filexxxxxxxxxxxxxx.xxxpredictiveHigh
78Filexxxx.xxx_xxxxx_xxxx_xxxx-xxxx.xxxpredictiveHigh
79Filexxxx.xxxpredictiveMedium
80Filexxxx/xxxxxpredictiveMedium
81Filexxxxxx.xxxxpredictiveMedium
82Filexxxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxxpredictiveHigh
83Filexxx_xxxxxxxxx.xxxpredictiveHigh
84Filexxxxxxxxx.xxxpredictiveHigh
85Filexx_xxxx.xxxpredictiveMedium
86Filexxxxxxxxxx_xxxxx.xxxpredictiveHigh
87Filexxxxx.xxxpredictiveMedium
88Filexx.xxxxxx.xxxx.xxxx.xxxxxxx.xxxxpredictiveHigh
89Filexxxxxx/xxx.xpredictiveMedium
90Filexxxx_xxxxxxxx/xx.xxxpredictiveHigh
91Filexxxx_xxxx.xxxpredictiveHigh
92Filexxxxxxx.xxxxxxxx.xxxpredictiveHigh
93Filexxxx.xxpredictiveLow
94Filexxxxxxxxxx.xxxpredictiveHigh
95Filex_xxxxxxpredictiveMedium
96Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
97Filexx.xxxpredictiveLow
98Filexxxxxxxxxxxx.xxxpredictiveHigh
99Filexxxxxxxxxx.xxxpredictiveHigh
100Filexxxx_xxxx.xxxpredictiveHigh
101Filexxxxxxxx_xxxxx_xxxxxxxxx.xxxpredictiveHigh
102Filexxxxxxx/xxxx/xxxxx/xxxxx_xxxx.xpredictiveHigh
103Filexxxxxxxx.xxxpredictiveMedium
104Filexxxxx.xxxpredictiveMedium
105Filexxxxxxx.xxxpredictiveMedium
106Filexxxx-xxxxx.xpredictiveMedium
107Filexxxx.xpredictiveLow
108Filexxxx.xxxpredictiveMedium
109Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
110Filexx_xxxx.xxxpredictiveMedium
111Filexxxxxxxxx.xxx.xxxpredictiveHigh
112Filexxxxxxxxxx.xxxpredictiveHigh
113Filexxxxx.xxxpredictiveMedium
114Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
115Filexxxx.xxxpredictiveMedium
116Filexxxxxxxx/xxxx_xxxxpredictiveHigh
117Filexxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
118Filexxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
119Filexxxxx/xxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
120Filexxxx.xxxpredictiveMedium
121Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
122Filexxxx.xxpredictiveLow
123Filexxxxxxxxxxxxxx.xxxpredictiveHigh
124Filexxx/xxxxxx.xxxpredictiveHigh
125Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
126Filexxxxx.xxxxpredictiveMedium
127Filexxxxx.xxpredictiveMedium
128Filexxxxx.xxxpredictiveMedium
129Filexxxxx_xxxxxx_xxxxxxxxxx.xxxpredictiveHigh
130Filexxxxxxx.xpredictiveMedium
131Filexxxxxxxx/xx/xxxx_xxxxxx.xxpredictiveHigh
132Filexxxxx.xxxpredictiveMedium
133Filexxx.xpredictiveLow
134Filexxxx.xxxpredictiveMedium
135Filexxxx_xxxx.xxxpredictiveHigh
136Filexxx_xxxxxx_xxxxxx.xxpredictiveHigh
137Filexxxx.xpredictiveLow
138Filexxxxxx/xxxxxx/xxxxxx-xx.xpredictiveHigh
139Filexxx_xxx.xxpredictiveMedium
140Filexxxxxxxxxxxx/xxxxxx_xxxxx.xxpredictiveHigh
141Filexxxx/xxxxxxxx/xxxxxx_xxxxxxxx.xpredictiveHigh
142Filexxxxx.xxxpredictiveMedium
143Filexxxxx.xxxpredictiveMedium
144Filexxxxx/predictiveLow
145Filexxxxx_xxxpredictiveMedium
146Filexxxxx/xxxxxxxx/xxxxxxxx.xxpredictiveHigh
147Filexxx_xxxxx.xpredictiveMedium
148Filexxxxxx/xxxxxx.xxxpredictiveHigh
149Filexxxxxxxx.xxpredictiveMedium
150Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
151Filexxx_xx/xxx_xx_xxxxxx.xpredictiveHigh
152Filexxxxxxx.xxxpredictiveMedium
153Filexxxx_xxxx.xxxpredictiveHigh
154Filexxxxxxxxx.xxxpredictiveHigh
155Filexxxxxx.xxxpredictiveMedium
156Filexxxxx.xxxx_xxxx.xxxpredictiveHigh
157Filexxxx_xxxxxxx.xxxpredictiveHigh
158Filexxx_xxxxxx.xxpredictiveHigh
159Filexxxxxxxxx.xxx.xxxpredictiveHigh
160Filexxx/xxxxxx_xxxx.xxxpredictiveHigh
161Filexxxxx/xxxxxxxx/xxx/xxx_xxxxx.xxxpredictiveHigh
162Filexxxxxxxx.xxxpredictiveMedium
163Filexxxxxxxxx.xxxpredictiveHigh
164Filexxxxxxx/xxx/xxxxxxx/xxxxxx/xxxx-xxxxxxxxxx/<xxxxxx>/xx.xxxpredictiveHigh
165Filexxxx.xxxpredictiveMedium
166Filexxxxxxxx.xxxpredictiveMedium
167Filexxxxxxxxxxxxxx.xxxpredictiveHigh
168Filexxxxx-xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
169Filexxxx.xxxpredictiveMedium
170Filexxxxx.xxxpredictiveMedium
171Filexxxxxxxxxx.xxxpredictiveHigh
172Filexxxxxxxx.xxxpredictiveMedium
173Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
174Filexxxxxx.xpredictiveMedium
175Filexxxxxx_xxxxxx.xxxpredictiveHigh
176Filexxxxxx/xxxxxxxx.xxxpredictiveHigh
177Filexxxx.xxxpredictiveMedium
178Filexxxx.xxxpredictiveMedium
179Filexxxx/xxxxx.xxxpredictiveHigh
180Filexxxx/xxxx.xxxpredictiveHigh
181Filexxxx_xxxx.xxxpredictiveHigh
182Filexxxxxxx.xxxpredictiveMedium
183Filexxxxxxx.xxxpredictiveMedium
184Filexxx_xxxxx.xxpredictiveMedium
185Filexx_xxxx/xxxx_xxxx.xpredictiveHigh
186Filexx_xxxx/xxxxxxxxxxxxxxxx.xpredictiveHigh
187Filexxx_xxxxx.xpredictiveMedium
188Filexxxxxxx.xxxpredictiveMedium
189Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
190Filexxxxxxxx.xxxpredictiveMedium
191Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
192Filexxxxxxx.xxxpredictiveMedium
193Filexxxx-xxxxx.xxxpredictiveHigh
194Filexxxx-xxxxxxxx.xxxpredictiveHigh
195Filexxxxx/xxxx_xxxxx.xpredictiveHigh
196Filexxxxx/xxxx-xxxxxx.xpredictiveHigh
197Filexxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
198FilexxxxxxxxxpredictiveMedium
199Filexxxxxxx_xxxxx.xxxpredictiveHigh
200Filexxxxxx.xxxpredictiveMedium
201Filexxxx.xxxxpredictiveMedium
202Filexxxx.xxxpredictiveMedium
203Filexxxxxxxxx.xxxpredictiveHigh
204Filexxxxx.xxxpredictiveMedium
205Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
206Filexxxx\xxxxxxxxxx\xxxxxxx_xxxxxxxxx.xxxpredictiveHigh
207Filexxxxx.xpredictiveLow
208Filexxxx-xxxxx-xxxxxxx.xxxpredictiveHigh
209Filexxxxx.xxxpredictiveMedium
210Filexxx/xxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
211Filexxxxxxx-xxxx.xxxpredictiveHigh
212Filexx-xxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
213Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
214Filexxxxxx.xxxxpredictiveMedium
215File\xxxxx\xxxxxxxxxx\xxxxxxxx.xxxpredictiveHigh
216File~/xxxxxxxx-xxxxxxxx.xxxpredictiveHigh
217File~/xxxxxx-xxxxx-xxxxxxx.xxxpredictiveHigh
218Libraryxxxx/xxx/xxxxxx.xxxpredictiveHigh
219Libraryxxxxx.xxxpredictiveMedium
220Libraryxxx/xxxxxxx.xxpredictiveHigh
221Libraryxxxxxxx/xxxxxxxx.xxxpredictiveHigh
222Libraryxxx/xxx/xxx/xxxxxx/xxxxx/xxxxxxxxx.xxxxx.xxxpredictiveHigh
223Argument$_xxxxxx['xxx_xxxx']predictiveHigh
224Argument?xxxxxxpredictiveLow
225Argumentxx_xxxxx_xxx_xxxxpredictiveHigh
226ArgumentxxxxxpredictiveLow
227Argumentxxxxx_xxxxxxxxpredictiveHigh
228ArgumentxxxpredictiveLow
229Argumentxxxx(xxxx_xxxx)predictiveHigh
230ArgumentxxxxxpredictiveLow
231ArgumentxxxxxxxxpredictiveMedium
232Argumentxxxxxxx_xxpredictiveMedium
233Argumentxxxxxxxxxx_xxxxpredictiveHigh
234Argumentxxx_xxxpredictiveLow
235ArgumentxxxpredictiveLow
236ArgumentxxxxxxxxxxpredictiveMedium
237ArgumentxxxxxxxxpredictiveMedium
238Argumentxxxx_xxpredictiveLow
239ArgumentxxxxxxxpredictiveLow
240Argumentxxxxxxx-xxxxxxpredictiveHigh
241Argumentxxxxxxx-xxxxxxxx-xxxxxxpredictiveHigh
242Argumentxxxxx_xxpredictiveMedium
243ArgumentxxxxpredictiveLow
244Argumentxxxx_xxxxpredictiveMedium
245ArgumentxxxxxxpredictiveLow
246ArgumentxxxxxxxxxxxpredictiveMedium
247ArgumentxxxxpredictiveLow
248Argumentxxxx_xxxxxx=xxxxpredictiveHigh
249ArgumentxxxxxpredictiveLow
250ArgumentxxxxxxxxxxpredictiveMedium
251ArgumentxxxxxxpredictiveLow
252ArgumentxxxxpredictiveLow
253ArgumentxxxxxxxxxxpredictiveMedium
254ArgumentxxxxxxxxpredictiveMedium
255ArgumentxxxxxxxxpredictiveMedium
256ArgumentxxxxxxxxxxxxxxxpredictiveHigh
257ArgumentxxxxxpredictiveLow
258ArgumentxxxxpredictiveLow
259ArgumentxxxxpredictiveLow
260ArgumentxxxxxxxxxxxxxxpredictiveHigh
261ArgumentxxpredictiveLow
262ArgumentxxpredictiveLow
263Argumentxx/xxxxxpredictiveMedium
264Argumentxx_xxxxxxxxpredictiveMedium
265ArgumentxxxxxxxxpredictiveMedium
266ArgumentxxxxxxpredictiveLow
267ArgumentxxxxpredictiveLow
268Argumentxxxx/xxx_xxxxxxxxxpredictiveHigh
269Argumentxxxxxxxx_xxxpredictiveMedium
270ArgumentxxxxpredictiveLow
271ArgumentxxxxxxxxxxpredictiveMedium
272ArgumentxxxxxxxxpredictiveMedium
273ArgumentxxxpredictiveLow
274ArgumentxxxpredictiveLow
275ArgumentxxpredictiveLow
276Argumentxxxx/xxxxxxxxxxxpredictiveHigh
277Argumentxxxxxxx/xxxxxxxpredictiveHigh
278ArgumentxxxxxxxxpredictiveMedium
279Argumentxx_xxpredictiveLow
280Argumentxxxxxx xxxxxxpredictiveHigh
281ArgumentxxxxxxxxxxpredictiveMedium
282ArgumentxxxxpredictiveLow
283ArgumentxxxxxxpredictiveLow
284ArgumentxxxxxxpredictiveLow
285Argumentxxxxxxxx/xxxxxxpredictiveHigh
286Argumentxxxx_xxxxxpredictiveMedium
287ArgumentxxxpredictiveLow
288ArgumentxxxxxxxxpredictiveMedium
289ArgumentxxxxpredictiveLow
290ArgumentxxxxxxxxpredictiveMedium
291ArgumentxxxxxxxxxpredictiveMedium
292Argumentxxx_xxxxxx_xxxxpredictiveHigh
293ArgumentxxxxxxxxpredictiveMedium
294Argumentxxxxxxx xxxxxpredictiveHigh
295ArgumentxxxxxxpredictiveLow
296Argumentxxxxx_xxxxxxpredictiveMedium
297Argumentxxxxxxxx_xxpredictiveMedium
298ArgumentxxxxxxxpredictiveLow
299ArgumentxxxxxxxxxxpredictiveMedium
300ArgumentxxxxxxxxxxxxxxpredictiveHigh
301ArgumentxxxxxxxxpredictiveMedium
302ArgumentxxxxxxxxxxpredictiveMedium
303ArgumentxxxxxxpredictiveLow
304ArgumentxxxxxxxxxxxxxxxpredictiveHigh
305Argumentxxxxxx/xxxxxx/xxxpredictiveHigh
306ArgumentxxxxxxpredictiveLow
307Argumentxxxxxx_xxxxxxpredictiveHigh
308ArgumentxxxxxxxxxxpredictiveMedium
309ArgumentxxxxxxxpredictiveLow
310Argumentxxxxxxxx[xxxx xxxxxxx][xxxxxxxxxxxxxxxxxx]predictiveHigh
311ArgumentxxxxxxxxxxxpredictiveMedium
312Argumentxxxx_xxxxxpredictiveMedium
313ArgumentxxxxxxxpredictiveLow
314ArgumentxxxxxxxpredictiveLow
315ArgumentxxxxxxxxpredictiveMedium
316ArgumentxxxxxxpredictiveLow
317ArgumentxxxpredictiveLow
318ArgumentxxxpredictiveLow
319ArgumentxxxpredictiveLow
320ArgumentxxxxxpredictiveLow
321ArgumentxxxxxxxxxpredictiveMedium
322Argumentxxxx_xx[]predictiveMedium
323Argumentxxxxx/xxxxxxxxpredictiveHigh
324ArgumentxxxxxxpredictiveLow
325ArgumentxxxpredictiveLow
326ArgumentxxxpredictiveLow
327ArgumentxxxxpredictiveLow
328Argumentxxxx-xxxxxpredictiveMedium
329ArgumentxxxxxxpredictiveLow
330ArgumentxxxxxxxxpredictiveMedium
331Argumentxxxxxxxx/xxxxxxpredictiveHigh
332ArgumentxxxxxxxxxxxxpredictiveMedium
333Argumentxxxx_xxxxpredictiveMedium
334ArgumentxxxpredictiveLow
335Argumentxxxxxxx_xxxxpredictiveMedium
336ArgumentxxxxxxxxpredictiveMedium
337Argumentx-xxxxxxxxx-xxxpredictiveHigh
338Argumentx-xxxxxxxxx-xxxxxxpredictiveHigh
339Argument_xxxx[_xxx_xxxx_xxxxpredictiveHigh
340Argument__xxxxxxxxxxxxxpredictiveHigh
341Argument__xxxxxxxxxpredictiveMedium
342Input Value"><xxxxxx>xxxxx("xxx")</xxxxxx>predictiveHigh
343Input Value'"><xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveHigh
344Input Value../predictiveLow
345Input Value../..predictiveLow
346Input Value../../../../xxxxxx/xxxxxx/xxxxxx/xxxxxx.xxxxxx-x.xxxpredictiveHigh
347Input Value../../../../xxxxx_xxxxx.xxxpredictiveHigh
348Input Valuexxx' xxx xxxxx(x) xxx 'xxxx'='xxxxpredictiveHigh
349Input Valuexxxxx' xx 'x'='xpredictiveHigh
350Input Valuex=xpredictiveLow
351Pattern|xx xx xx|predictiveMedium
352Network PortxxxxxpredictiveLow
353Network PortxxxpredictiveLow
354Network Portxxx/xxxxpredictiveMedium
355Network Portxxx/xxxxxpredictiveMedium
356Network Portxxx/xxx (xxx)predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!