Not Petya Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (132)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en116
pl6
ko2
ru2
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us112
ru8
pl2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Not Petya2
Remcos1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined44
Content Management System20
File Transfer Software6
Web Server6
WordPress Plugin6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined52
Apache6
FileZilla4
Microsoft4
E-Blah2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache HTTP Server6
ZenPhoto4
GetSimpleCMS2
E-Blah Platinum2
Drupal2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.44CVE-2020-15906
2SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.53CVE-2022-28959
3LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.33
4DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.77CVE-2010-0966
5Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.49
6MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.93CVE-2007-0354
7TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010759.18CVE-2006-6168
8DUware DUdownload detail.asp sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.002540.03CVE-2006-6367
9Grandstream GAC2500/GXP2200/GVC3202/GXV3275/GXV3240 memory corruption8.58.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.918940.04CVE-2019-10655
10Canon Imagerunner 5000i denial of service7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.011100.00CVE-2004-2166
11jforum cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001170.04CVE-2012-5337
12Pivotal RabbitMQ password access control7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003430.00CVE-2016-9877
13Adminer server-side request forgery8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.006790.03CVE-2018-7667
14logwatch logwatch.pl input validation9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.051510.03CVE-2011-1018
15Microsoft Windows access control7.87.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.002260.00CVE-2017-0165
16DZOIC Handshakes index.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001070.07CVE-2008-2781
17Qt-cute QuickTalk guestbook qtg_msg_view.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.002690.00CVE-2007-3538
18KENT-WEB ACCESS REPORT Web Access cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001460.00CVE-2012-5176
19WP-ViperGB Plugin remove_query_arg cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000660.05CVE-2015-9356
20Phpsugar PHP Melody page_manager.php cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2017-15648

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1159.148.186.214whattimeisnow.netNot Petya12/24/2017verifiedHigh
2XXX.XX.XXX.XXXxxxxxxxxx.xx-xxx-xx-xxx.xxXxx Xxxxx12/24/2017verifiedHigh

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (88)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/forum/away.phppredictiveHigh
3File/manager?action=getlogcatpredictiveHigh
4File/spip.phppredictiveMedium
5File/tmppredictiveLow
6Fileadmin/admin.phppredictiveHigh
7Fileadmin/conf_users_edit.phppredictiveHigh
8Fileadmin/developer/predictiveHigh
9Fileadmin/index.phppredictiveHigh
10Fileadmin/ueditor/uploadFilepredictiveHigh
11Filexxxxxxxxxxx/xxxxxxxxxx.xxpredictiveHigh
12Filexxx.xxxpredictiveLow
13Filexxxxxxx.xxpredictiveMedium
14Filexxxxx.xxxpredictiveMedium
15Filexxx.xxxpredictiveLow
16Filexxx.xxxpredictiveLow
17Filexxxx/xxxxxxxx.xxpredictiveHigh
18Filexxxxxx.xxpredictiveMedium
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxxxxx.xxxpredictiveMedium
21Filexxxxxx.xxxpredictiveMedium
22Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
23Filexxxxx.xxxpredictiveMedium
24Filexxxxxxxx.xxxpredictiveMedium
25Filexxxxx_xxxxxxxx.xxxpredictiveHigh
26Filexxxx/xxxxxxx.xpredictiveHigh
27Filexxx/xxxxxx.xxxpredictiveHigh
28Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
29Filexxxxxxxx/xxxxxxx.xxxpredictiveHigh
30Filexxxxx.xxxpredictiveMedium
31Filexxxxxxxxxxx/xxxxxxx.xpredictiveHigh
32Filexxxxx.xxxpredictiveMedium
33Filexxxxxxxx.xxpredictiveMedium
34Filexxx.xxxpredictiveLow
35Filexxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
36Filexxxxxxx/xxxxxxx_xxxxxxx_xxxxxxx/xxxxxxx.xxxxxx.xxxxxxx_xxxxxxx_xxxxxxx.xxxpredictiveHigh
37Filexxxxxx.xxx/xxxx_xxxx_xxxx.xxxpredictiveHigh
38Filexxxx_xxxxxxx.xxxpredictiveHigh
39Filexxxxxxx.xxxpredictiveMedium
40Filexxxxxxxx.xpredictiveMedium
41Filexxx_xxx_xxxx.xxxpredictiveHigh
42Filexxxx_xxxx.xxxpredictiveHigh
43Filexxxxxxxx.xxxpredictiveMedium
44Filexxx.xxxpredictiveLow
45Filexxxxxxxx.xxxpredictiveMedium
46Filexxxxxx.xxxpredictiveMedium
47Filexxx_xxxxx.xxxpredictiveHigh
48Filexxxxxxxx/xxxxxxxxxxx.xxpredictiveHigh
49Filexxxx-xxxxx.xxxpredictiveHigh
50Filexxxx-xxxxxxxx.xxxpredictiveHigh
51Filexxxxxxxx/xxxxxxxxpredictiveHigh
52FilexxxxxxxpredictiveLow
53ArgumentxxxxxxxpredictiveLow
54Argumentxxxxxxx_xxxxxxx_xxxxxpredictiveHigh
55ArgumentxxxxxxxxpredictiveMedium
56ArgumentxxxxxxpredictiveLow
57ArgumentxxxxxxxpredictiveLow
58ArgumentxxxpredictiveLow
59Argumentxxx_xxxxpredictiveMedium
60Argumentxxxx/xxxx/xxxxxxxxxpredictiveHigh
61ArgumentxxxxpredictiveLow
62ArgumentxxxxxpredictiveLow
63ArgumentxxxxxxxxxpredictiveMedium
64ArgumentxxxxpredictiveLow
65ArgumentxxpredictiveLow
66Argumentxx[]predictiveLow
67ArgumentxxxxpredictiveLow
68ArgumentxxxxxxpredictiveLow
69ArgumentxxxxxpredictiveLow
70ArgumentxxxxxxxpredictiveLow
71ArgumentxxxxxxxxxxxxpredictiveMedium
72Argumentxxxxxxx/xxxxxx_xxpredictiveHigh
73Argumentx_xxxxxx_xxxxx_xxxxpredictiveHigh
74Argumentxxxx_xxxxxpredictiveMedium
75ArgumentxxxxxxxxpredictiveMedium
76ArgumentxxxxxxxxpredictiveMedium
77ArgumentxxxxxxxxpredictiveMedium
78ArgumentxxxxpredictiveLow
79ArgumentxxxxxxpredictiveLow
80Argumentxxxxxx[xxxx]predictiveMedium
81ArgumentxxxxxpredictiveLow
82ArgumentxxxxpredictiveLow
83ArgumentxxxxxxxxpredictiveMedium
84Argumentx-xxxxxxxxx-xxxpredictiveHigh
85Input Value../predictiveLow
86Input Value<xxx xxx=x xxxxxxx=xxxxx('xxx') />predictiveHigh
87Input Valuexxxx.xxx::$xxxxpredictiveHigh
88Network Portxxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!