Sandworm Team Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en278
de84
it80
ar80
es78

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

de82
it80
ar80
es78
cn70

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Rhadamanthys1
Raccoon1
LaplasClipper1
Mirai1
TrickBot1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined84
E-Commerce Management Software8
Content Management System6
Operating System4
Appointment Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Tenda46
Not Defined26
Kashipara8
Linux4
PHPGurukul4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Tenda W15E10
Tenda i2110
Kashipara Online Furniture Shopping Ecommerce Webs ...8
Tenda AX18066
Tenda 4G3006

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1SourceCodester Simple Subscription Website view_application.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000451.20CVE-2024-4093
2Tenda W15E formQOSRuleDel stack-based overflow8.88.5$0-$5k$0-$5kNot DefinedNot Defined0.000451.03CVE-2024-4121
3EZVIZ CS-C6-21WFR-8 Davinci Application certificate validation3.73.6$0-$5k$0-$5kNot DefinedNot Defined0.000451.03CVE-2024-4063
4Tenda 4G300 sub_4279CC stack-based overflow8.88.5$0-$5k$0-$5kNot DefinedNot Defined0.000451.20CVE-2024-4169
5PHPGurukul Doctor Appointment Management System appointment-bwdates-reports-details.php cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000451.23CVE-2024-4293
6Techkshetra Info Solutions Savsoft Quiz Category Page editCategory cross site scripting2.42.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.94CVE-2024-4256
7Tenda AX1806 execCommand R7WebsSecurityHandler stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.94CVE-2024-4237
8Tenda W15E DelPortMapping formDelPortMapping stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.82CVE-2024-4117
9idcCMS cross-site request forgery4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.70CVE-2024-4172
10Tenda i22 formSetUrlFilterRule stack-based overflow8.88.5$0-$5k$0-$5kNot DefinedNot Defined0.000450.70CVE-2024-4252
11Ruijie RG-UAC gre_edit_commit.php os command injection4.74.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.94CVE-2024-4255
12Tenda AC8 SetRebootTimer formSetRebootTimer stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.73CVE-2024-4065
13Tenda W15E SetSysTimeCfg formSetSysTime stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.85CVE-2024-4126
14PHPGurukul Doctor Appointment Management System view-appointment-detail.php resource injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.82CVE-2024-4294
15Keenetic KN-1010/KN-1410/KN-1711/KN-1810/KN-1910 Version Data version.js information disclosure5.34.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.000450.74CVE-2024-4022
16Tenda 4G300 sub_41E858 stack-based overflow8.88.5$0-$5k$0-$5kNot DefinedNot Defined0.000451.00CVE-2024-4166
17Tenda W15E SetPortMapping formSetPortMapping stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.73CVE-2024-4123
18Tenda AX1806 SetRebootTimer formSetRebootTimer stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.58CVE-2024-4239
19Tenda W9 DhcpSetSer fromDhcpSetSer stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.62CVE-2024-4244

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (43)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.9.32.230static.230.32.9.5.clients.your-server.deSandworm TeamBlackEnergy12/20/2020verifiedHigh
25.61.38.31Sandworm TeamBlackEnergy01/01/2021verifiedHigh
35.79.80.166Sandworm TeamBlackEnergy01/01/2021verifiedHigh
45.133.8.46d8046.artnet.gda.plSandworm Team12/20/2020verifiedHigh
55.149.254.114mail1.auditoriavanzada.infoSandworm TeamBlackEnergy12/20/2020verifiedHigh
65.255.87.39Sandworm TeamBlackEnergy01/01/2021verifiedHigh
731.210.111.154.Sandworm TeamBlackEnergy12/20/2020verifiedHigh
837.220.34.56Sandworm TeamBlackEnergy01/01/2021verifiedHigh
945.56.93.83li895-83.members.linode.comSandworm TeamUkraine04/20/2023verifiedHigh
10XX.XX.XX.XXXxx-xx.xxx.xx.xx.xxxxxx.xxxxxXxxxxxxx XxxxXxxxxxx04/20/2023verifiedHigh
11XX.XXX.XX.XXxx-xxxxx.xxxx.xxXxxxxxxx XxxxXxxxxxx04/20/2023verifiedHigh
12XX.X.XX.XXXxxxxxx.xxx.xx.x.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
13XX.XXX.XXX.XXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
14XX.XXX.XXX.XXxxxx.xxxxxx-xxxxx.xxxXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
15XX.XX.XXX.XXXxxx-xx-xx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxx Xxxx06/27/2022verifiedMedium
16XX.XX.XX.XXXxxxxxx.xxx.xx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
17XX.XXX.XXX.XXXxxxxxxxxxxx.xxxXxxxxxxx Xxxx12/20/2020verifiedHigh
18XX.XXX.XXX.XXXxxxxxxx Xxxx12/20/2020verifiedHigh
19XX.XXX.XXX.XXxxxxxxxxx.xxXxxxxxxx Xxxx12/20/2020verifiedHigh
20XX.XX.XXX.XXXx-xx.xx.xxx.xxx.xxxxxx.xxXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
21XX.XX.XX.XXXXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
22XX.XXX.XX.XXxxxxx.xxxxxxxxxxxx.xxXxxxxxxx XxxxXxxxxxxxxxx12/20/2020verifiedHigh
23XX.XXX.XXX.XXXXxxxxxxx XxxxXxxxxxx04/15/2022verifiedHigh
24XX.XXX.XXX.XXXxxx.xxxx-xxxxx.xxXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
25XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxxxxx Xxxx12/20/2020verifiedHigh
26XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xxxx.xxxxxxxxxx.xxxXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
27XX.XXX.XX.Xxxxxxx-x.xx.xxx.xx.xxxxxx.xxxXxxxxxxx Xxxx12/20/2020verifiedHigh
28XX.XXX.XXX.XXXxxxxxx-xxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
29XX.XXX.XXX.XXXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
30XX.XXX.XX.XXXxxxxx.xxxxxxx.xxXxxxxxxx Xxxx03/31/2022verifiedHigh
31XXX.XX.XXX.XXxxxxxxx Xxxx03/31/2022verifiedHigh
32XXX.XXX.XXX.XXXXxxxxxxx XxxxXxxxxxx04/20/2023verifiedHigh
33XXX.XXX.XXX.XXxxxxxxx.xxxxx.xxXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
34XXX.XXX.XXX.XXXXxxxxxxx Xxxx12/20/2020verifiedHigh
35XXX.X.XX.XXxxxxxxx XxxxXxxxxxxxxxx12/20/2020verifiedHigh
36XXX.XX.XXX.XXXxxxxxxxx.xx-xxx-xx-xxx.xxXxxxxxxx Xxxx12/20/2020verifiedHigh
37XXX.XXX.XX.XXxx.xxxxxxxxxxxxxx.xxxXxxxxxxx XxxxXxxxxxx04/20/2023verifiedHigh
38XXX.XX.X.XXxxxxxx.xx.x.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxx XxxxXxxxxxxxxxx12/20/2020verifiedHigh
39XXX.XXX.XXX.XXxxxxx.xxx.xxXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
40XXX.XXX.XXX.XXxxxxxx.xxxxxxxxxxxxxxx.xx.xxXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
41XXX.XX.XXX.XXxxxxx.xx.xxxxxxxxxxx.xxXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
42XXX.XXX.XX.XXXxxxxxxx XxxxXxxxxxx04/15/2022verifiedHigh
43XXX.XXX.XXX.XXXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-24Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-112CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (121)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/admin_cl.php?mudi=revPwdpredictiveHigh
2File/adminPage/conf/reloadpredictiveHigh
3File/cgi-bin/koha/opac-MARCdetail.plpredictiveHigh
4File/debug/pprofpredictiveMedium
5File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictiveHigh
6File/doctor/view-appointment-detail.phppredictiveHigh
7File/goform/AddDnsForwardpredictiveHigh
8File/goform/addIpMacBindpredictiveHigh
9File/goform/AdvSetMacMtuWanpredictiveHigh
10File/goform/DelDhcpRulepredictiveHigh
11File/goform/delIpMacBindpredictiveHigh
12File/goform/DelPortMappingpredictiveHigh
13File/goform/DhcpSetSepredictiveHigh
14File/goform/DhcpSetSerpredictiveHigh
15File/goform/execCommandpredictiveHigh
16File/goform/modifyDhcpRulepredictiveHigh
17File/xxxxxx/xxxxxxxxxxxxxxxpredictiveHigh
18File/xxxxxx/xxxxxxxxxxxxxxxxxxxxxpredictiveHigh
19File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
20File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
21File/xxxxxx/xxxxxxxxxxpredictiveHigh
22File/xxxxxx/xxxxxxxxxxxpredictiveHigh
23File/xxxxxx/xxxxxxxxxpredictiveHigh
24File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
25File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
26File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
27File/xxxxxx/xxxxxxxxxxxxxxxxxxpredictiveHigh
28File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
29File/xxxxxx/xxxxxxxxxxxxxpredictiveHigh
30File/xxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
31File/xxxxxx/xxxxxxxxxxxpredictiveHigh
32File/xxxxxx/xxxxxxxxxxxpredictiveHigh
33File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
34File/xxxxx.xxx?x=xxxxx&x=xxxxx&x=xxxxxxx_xxxxpredictiveHigh
35File/xxxxxxxxx/xxxxpredictiveHigh
36File/xxxxxxxxxxxxx.xxpredictiveHigh
37File/xxxxxx/xxxxx.xxx/xxxxx/xxxxxxxxxxxxpredictiveHigh
38File/xxxxxxx.xxpredictiveMedium
39File/xxxx/xxxxxxx xxxxxx/xxx/xxx_xxxx_xxxxxx.xxxpredictiveHigh
40File/xxx/xxxxxxxxxxx.xxxpredictiveHigh
41File/x_xxxxxx_xxxxxxxx_xxxxxxx/xxxxx/xxxxxx/xxxx?x=x.x.x-x-xxxxxxxpredictiveHigh
42Filexxx/xxxxxxxx/xxxpredictiveHigh
43Filexxx/xxxx/xxxxxxxxx/xxxxxxx.xxxpredictiveHigh
44Filexxxxxxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx.xxxpredictiveHigh
45Filexxxxxx.xxxpredictiveMedium
46Filexxxxx/xxxxxxx/xxxxxxxxxxxxx.xxpredictiveHigh
47Filexxxxx.xxxpredictiveMedium
48Filexxxxx.xxxpredictiveMedium
49Filexxxx.xxxxpredictiveMedium
50Filexxxxxxxx.xxxpredictiveMedium
51Filexxxxxxxx.xxxpredictiveMedium
52Filexxxxxx.xxxpredictiveMedium
53Filexxxxxxxxxxxx.xxxpredictiveHigh
54Filexxxxxxxxxx_xxxx.xxxpredictiveHigh
55Filexxxxxx_xxxxx.xxxpredictiveHigh
56Filexxxx_xxxxxxxxxxx.xxxpredictiveHigh
57ArgumentxxxxxxxxxxxxpredictiveMedium
58ArgumentxxxxxxxxxxxxxpredictiveHigh
59Argumentxxxxxxxx_xxxxpredictiveHigh
60ArgumentxxxxxpredictiveLow
61Argumentxxxxxxx_xxpredictiveMedium
62ArgumentxxxxxxxxxxxxpredictiveMedium
63ArgumentxxxxxxxxxxpredictiveMedium
64ArgumentxxxxxxxpredictiveLow
65Argumentxxxxxxxxxxx/xxxxxxxxx/xxxxxx/xxxxxxxx/xxxxxxxxxxxxx/xxxxxxxx/xxxxxxxxpredictiveHigh
66ArgumentxxxxxxxxxxxxxxpredictiveHigh
67ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
68ArgumentxxxxxxpredictiveLow
69Argumentxxxxxx/xxxxx/xxxxxxpredictiveHigh
70ArgumentxxxxpredictiveLow
71ArgumentxxxxxpredictiveLow
72Argumentxxxxxxxx/xxxxxxpredictiveHigh
73Argumentxx/xxxxpredictiveLow
74ArgumentxxxxxxxpredictiveLow
75ArgumentxxxxxxxxxxpredictiveMedium
76ArgumentxxxxxxpredictiveLow
77ArgumentxxpredictiveLow
78ArgumentxxxpredictiveLow
79ArgumentxxxxxxxxxxxxxxpredictiveHigh
80ArgumentxxxxxxxxxxxxxpredictiveHigh
81Argumentxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
82ArgumentxxxxpredictiveLow
83ArgumentxxxxpredictiveLow
84ArgumentxxxxxpredictiveLow
85ArgumentxxxxxxxxxxpredictiveMedium
86Argumentxx_xxxxxx_xxxxxxxxxxxxpredictiveHigh
87ArgumentxxxxpredictiveLow
88Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictiveHigh
89ArgumentxxxxxxxxpredictiveMedium
90ArgumentxxxxpredictiveLow
91ArgumentxxxxxxxxpredictiveMedium
92ArgumentxxxxxpredictiveLow
93ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
94Argumentxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
95ArgumentxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
96ArgumentxxxpredictiveLow
97ArgumentxxxxxxpredictiveLow
98ArgumentxxxxxxxxpredictiveMedium
99ArgumentxxxxxxxpredictiveLow
100ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
101ArgumentxxxxxxxxpredictiveMedium
102ArgumentxxxxxxxxxxpredictiveMedium
103ArgumentxxxxxxxxpredictiveMedium
104Argumentxxxxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxpredictiveHigh
105ArgumentxxxxxxxxxxxxpredictiveMedium
106ArgumentxxxpredictiveLow
107ArgumentxxxxxxxxxpredictiveMedium
108ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
109ArgumentxxxxxxpredictiveLow
110ArgumentxxxxpredictiveLow
111ArgumentxxxxxxxxxxpredictiveMedium
112ArgumentxxxxxxxxxpredictiveMedium
113ArgumentxxxxxxxpredictiveLow
114Argumentxxxxxx/xxxxxxxx/xxxxxxxxx/xxx/xxxxxxxxxxx/xxxxxxxxxxpredictiveHigh
115Argumentxxxx/xxxxx/xxx/xxxx/xxxxxx/xxxxxxpredictiveHigh
116Input Value../predictiveLow
117Input Valuex"><xxxx>predictiveMedium
118Input ValuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
119Input Value><xxxxxx>xxxxx('xxx')</xxxxxx>predictiveHigh
120Input ValuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
121Network PortxxxxxpredictiveLow

References (10)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!