Python Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (46)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en42
zh4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us10
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Python5
Beapy1
Tsunami1
FickerStealer1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined12
Continuous Integration Software10
Virtualization Software2
Android App Software2
Programming Language Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined18
VMware2
Ubi2
Vmware2
INEX2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Jenkins10
Advanced SystemCare Ultimate2
VMware vSphere Replication2
Ubi Uplay PC2
Vmware Spring for GraphQL2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.22CVE-2007-0529
2VMware vSphere Replication command injection6.76.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001820.05CVE-2021-21976
3Oracle MySQL Server InnoDB access control5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000980.00CVE-2018-3185
4Jenkins Queue authorization5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000540.02CVE-2021-21670
5NAS4Free exec.php code injection6.36.3$0-$5k$0-$5kHighNot Defined0.507360.04CVE-2013-3631
6Acer Quick Access QAAdminAgent.exe untrusted search path6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000960.04CVE-2019-18670
7Advanced SystemCare Ultimate Driver Monitor_win7_x64.sys input validation7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.000420.02CVE-2018-9006
8PeaZip Library dragdropfilesdll.dll uncontrolled search path6.16.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.03CVE-2023-6891
9Microsoft Windows Pragmatic General Multicast Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.009450.00CVE-2023-36397
10Vmware Spring for GraphQL information disclosure3.53.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000630.00CVE-2023-34047
11Jenkins Caption Parameter ExpandableDetailsNote cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000900.00CVE-2023-43495
12Jenkins Temporary Directory permission7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.000550.03CVE-2023-43496
13Jenkins Stapler Web Framework permission6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.000500.00CVE-2023-43497
14Jenkins MultipartFormDataParser permission6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000500.02CVE-2023-43498
15Jenkins Build Variable permission3.93.9$0-$5k$0-$5kNot DefinedNot Defined0.000440.02CVE-2023-43494
16SHIRASAGI path traversal7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001030.00CVE-2023-39448
17Artica Pandora FMS File Manager .htaccess unrestricted upload5.55.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000910.00CVE-2021-36697
18INEX IPX-Manager list.foil.php cross site scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000630.13CVE-2022-4559
19OTFCC otfccdump+0x6c08a6 heap-based overflow6.06.0$0-$5k$0-$5kNot DefinedNot Defined0.000650.00CVE-2022-35043
20Unisoc S8000 Sensor Driver out-of-bounds write5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2022-39126

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
123.21.126.66ec2-23-21-126-66.compute-1.amazonaws.comPython07/24/2021verifiedMedium
245.79.77.20li1176-20.members.linode.comPython04/13/2022verifiedHigh
354.221.253.252ec2-54-221-253-252.compute-1.amazonaws.comPython07/24/2021verifiedMedium
454.225.66.103ec2-54-225-66-103.compute-1.amazonaws.comPython07/24/2021verifiedMedium
554.225.220.115ec2-54-225-220-115.compute-1.amazonaws.comPython07/24/2021verifiedMedium
6XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxx07/24/2021verifiedMedium
7XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxx07/24/2021verifiedMedium
8XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxx07/24/2021verifiedMedium
9XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxx07/24/2021verifiedMedium
10XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxx07/24/2021verifiedMedium
11XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxx07/24/2021verifiedMedium
12XX.XX.XXX.XXxx.xxXxxxxx04/13/2022verifiedHigh
13XXX.XX.X.XXXxxxxx04/13/2022verifiedHigh
14XXX.XXX.XXX.XXXXxxxxx07/24/2021verifiedHigh
15XXX.XXX.XXX.XXXXxxxxx07/24/2021verifiedHigh
16XXX.XXX.XXX.XXXXxxxxx07/24/2021verifiedHigh
17XXX.XXX.XXX.XXXXxxxxx07/24/2021verifiedHigh
18XXX.XXX.XXX.XXXXxxxxx07/24/2021verifiedHigh
19XXX.XXX.XXX.XXXXxxxxx07/24/2021verifiedHigh
20XXX.XXX.XXX.XXXXxxxxx07/24/2021verifiedHigh
21XXX.XX.XXX.XXXxxxxx10/31/2022verifiedHigh
22XXX.XXX.XXX.Xxxx.xxxx.xxxXxxxxx10/31/2022verifiedHigh
23XXX.XXX.XXX.XXxxx.xxxx.xxxXxxxxx10/31/2022verifiedHigh
24XXX.XXX.XXX.XXxxx.xxxx.xxxXxxxxx10/31/2022verifiedHigh
25XXX.XXX.XXX.XXXxxx.xxxx.xxxXxxxxx10/31/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
11TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/api/v1/bait/setpredictiveHigh
3File/release-x64/otfccdump+0x6b0b2cpredictiveHigh
4File/xxxxxxx-xxx/xxxxxxxxx+xxxxxxxxpredictiveHigh
5Filexxxx.xxxpredictiveMedium
6Filexxxxx.xxxxpredictiveMedium
7Filexxxxxxxxxxxx.xxxpredictiveHigh
8Filexxxxxxx.xxpredictiveMedium
9Filexxxxxxxxx/xxxxx/xxxxxxxx/xxxx.xxxx.xxxpredictiveHigh
10Libraryxxxxxxxxxxxxxxxx.xxxpredictiveHigh
11Libraryxxxxx.xxxpredictiveMedium
12Libraryxxxxxxx_xxxx_xxx.xxxpredictiveHigh
13Libraryxxxxx.xxxpredictiveMedium
14ArgumentxxxxpredictiveLow
15ArgumentxxxxxxxpredictiveLow

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!