Prometei Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (191)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	188
sv	2
de	2

Country

us	190
id	2

Actors

Prometei	2
Dridex	1

Activities

Interest

Timeline

Type

Not Defined	32
Communications System	6
Operating System	6
Programming Language Software	4
Forum Software	2

Vendor

Not Defined	16
Google	4
Asterisk	4
Apple	4
SourceCodester	4

Product

Asterisk PBX	4
Grandstream Gxv Device	4
Solare Solar-Log	2
YaBB	2
Openads	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	LogicBoard CMS away.php redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	2.01
2	FLDS redir.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00203	0.15	CVE-2008-5928
3	vBulletin redirector.php	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00106	0.03	CVE-2018-6200
4	Vunet VU Web Visitor Analyst redir.asp sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Workaround	0.00119	0.03	CVE-2010-2338
5	Bitrix Site Manager redirect.php link following	5.3	4.7	$0-$5k	$0-$5k	Unproven	Unavailable	0.00113	0.04	CVE-2008-2052
6	Openads adclick.php Remote Code Execution	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01871	0.18	CVE-2007-2046
7	MGB OpenSource Guestbook email.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01302	0.62	CVE-2007-0354
8	GetSimpleCMS index.php redirect	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00123	0.00	CVE-2019-9915
9	OpenX adclick.php redirect	5.3	4.7	$0-$5k	$0-$5k	Unproven	Unavailable	0.00440	0.15	CVE-2014-2230
10	phpPgAds adclick.php unknown vulnerability	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00317	0.22	CVE-2005-3791
11	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.48	CVE-2010-0966
12	Sangoma FreePBX/PBXact restapps Privilege Escalation	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00756	0.00	CVE-2020-10666
13	Issabel PBX Create New Rate cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00054	0.03	CVE-2021-34190
14	Issabel PBX cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00058	0.00	CVE-2021-46558
15	DZCP deV!L`z Clanportal browser.php information disclosure	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02733	0.22	CVE-2007-1167
16	My Link Trader out.php sql injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.05
17	WordPress AdServe adclick.php sql injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00073	0.07	CVE-2008-0507
18	PHPWind goto.php redirect	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00348	0.11	CVE-2015-4134
19	Asterisk PBX SIP Invite res_pjsip_session denial of service	4.8	4.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00114	0.00	CVE-2020-28327
20	Tiki Admin Password tiki-login.php improper authentication	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00936	2.42	CVE-2020-15906

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	23.148.145.237	henhariden.info	Prometei	03/23/2023	verified	High
2	69.84.240.57		Prometei	03/23/2023	verified	High
3	103.40.123.34	ip-34.123.40.jogjaringan.net.id	Prometei	03/23/2023	verified	High
4	XXX.XX.XXX.XX	xx.xxx.xx.xx-xxxx.xxxx	Xxxxxxxx	03/23/2023	verified	High
5	XXX.XXX.XXX.XXX		Xxxxxxxx	03/23/2023	verified	High
6	XXX.XXX.XXX.XXX		Xxxxxxxx	03/23/2023	verified	High
7	XXX.XX.XXX.XX		Xxxxxxxx	03/23/2023	verified	High
8	XXX.XX.XX.XX	xxxxxx.xxxxxxxxxxxxx.xxx	Xxxxxxxx	01/08/2024	verified	High
9	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxx	Xxxxxxxx	03/23/2023	verified	High
10	XXX.XXX.XX.XX	xxxxxx.xxx-xxx-xx-xx.xxxx.xxx	Xxxxxxxx	03/23/2023	verified	High
11	XXX.XXX.XXX.XXX		Xxxxxxxx	03/23/2023	verified	High

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
2	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	High
3	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
4	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
5	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
7	TXXXX	CAPEC-49	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
8	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
9	TXXXX.XXX	CAPEC-112	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	High

IOA - Indicator of Attack (53)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/admin/inquiries/view_details.php	predictive	High
2	File	/admin/maintenance/view_designation.php	predictive	High
3	File	/cgi-bin/touchlist_sync.cgi	predictive	High
4	File	/forum/away.php	predictive	High
5	File	/LogoStore/search.php	predictive	High
6	File	/mhds/clinic/view_details.php	predictive	High
7	File	/newsDia.php	predictive	Medium
8	File	/out.php	predictive	Medium
9	File	/xxxxxxxx-xxxxxxx.xxx	predictive	High
10	File	/xxxxxxx/xxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	High
11	File	xxxxxxx.xxx	predictive	Medium
12	File	xxxxx/xxxxxx.xxx	predictive	High
13	File	xxxxx/xxxx_xxxxx_xxxx.xxx	predictive	High
14	File	xxxxx/xxxxx.xxx	predictive	High
15	File	xxxxxxxx_xxxxxxxxxxxxxxxxx.xxx	predictive	High
16	File	xxxxx.xxx	predictive	Medium
17	File	xxxx.xxx	predictive	Medium
18	File	xxxx.xxx	predictive	Medium
19	File	xxx/xxxxxx.xxx	predictive	High
20	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	High
21	File	xxxxx.xxx?xxxx=xxxxxxx_xxxxx	predictive	High
22	File	xxxxxxx/xxx.xxx	predictive	High
23	File	xxxxxxxxxxxxxxxxxx.xxxx	predictive	High
24	File	xxxx.xxx	predictive	Medium
25	File	xxxxx.xxx	predictive	Medium
26	File	xxxxx.xxx	predictive	Medium
27	File	xxxxxxxx.xxx	predictive	Medium
28	File	xxxxxxxxxx.xxx	predictive	High
29	File	xxxx-xxxxxxxxxx.xxx	predictive	High
30	File	xxxx-xxxxx.xxx	predictive	High
31	File	xxxxx/xxxxxxxx_xxxxxx/xxxxxx_xxxxxxxx_xxxxx.xxx	predictive	High
32	File	xxxxxxx.xxx	predictive	Medium
33	File	xxxx.xx	predictive	Low
34	Argument	xxxxxxxx	predictive	Medium
35	Argument	xxxxxxxx	predictive	Medium
36	Argument	xxxxx	predictive	Low
37	Argument	xxx	predictive	Low
38	Argument	xxxxxxxxxxx	predictive	Medium
39	Argument	xxxx	predictive	Low
40	Argument	xxxx	predictive	Low
41	Argument	xxxx	predictive	Low
42	Argument	xx	predictive	Low
43	Argument	xxxxxxxxx	predictive	Medium
44	Argument	xx	predictive	Low
45	Argument	xxxx/xxxxxx	predictive	Medium
46	Argument	xxxxxxxx	predictive	Medium
47	Argument	xxxxx	predictive	Low
48	Argument	xxxxxxxx	predictive	Medium
49	Argument	xxx	predictive	Low
50	Argument	xxx	predictive	Low
51	Argument	xxxxxxxx/xxxxxxxx	predictive	High
52	Input Value	xxxx' xxxxx xxx xxxxxx xxxxxx(xxxxxx('xxxxx','xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'),'xxxxx'),xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx-- xxxx&xxxxxx=	predictive	High
53	Pattern	\|xx\|	predictive	Low

References (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Might our Artificial Intelligence support you?

Check our Alexa App!