OriginLogger Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (3)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

OriginLogger2
BazarLoader1
Cobalt Strike1
Lazarus1
BumbleBee1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Mail Client Software2
Not Defined2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

GNU2
Actiontec2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

GNU Mailman2
Actiontec WCB6200Q2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Atmail CSV cross-site request forgery6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000750.00CVE-2017-9517
2GNU Mailman Admin Login Page/Pipermail Index Summary cross site scripting6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.014800.03CVE-2002-0388
3Actiontec WCB6200Q Admin Login Cookie session fixiation6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.001860.03CVE-2018-10252

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
123.106.223.46OriginLogger09/20/2022verifiedHigh
2XX.XXX.XXX.XXXxxxxxxxxxxx09/20/2022verifiedHigh
3XX.XXX.XXX.XXXxxxxxxxxxxx09/20/2022verifiedHigh
4XX.XXX.XXX.XXXxxxxxxxxxxx09/20/2022verifiedHigh
5XXX.XX.XXX.XXxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxxxxxx09/20/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (1)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CAPEC-18CWE-80Cross Site ScriptingpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!