Satan Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (229)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en180
zh40
pl4
ru2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

la224
gb2
us2
cn2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike11
Ave Maria8
RedLine Stealer7
AsyncRAT6
UAC-00504

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined90
Content Management System20
Groupware Software12
Operating System12
WordPress Plugin10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined88
Microsoft18
Apache6
Revive4
Linux4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Exchange Server6
Microsoft Windows6
Revive Adserver4
DedeCMS4
Apache Airflow4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010755.56CVE-2006-6168
2Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.25CVE-2020-15906
3LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.02
4DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.27CVE-2010-0966
5Drupal Sanitization API cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.04CVE-2020-13672
6LiteSpeed Cache Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000510.00CVE-2023-4372
7WebTitan Appliance Extensions Persistent cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
8ipTIME NAS-I Bulletin Manage unrestricted upload7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.009880.05CVE-2020-7847
9request-baskets API Request {name} server-side request forgery6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.081090.05CVE-2023-27163
10PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.019600.04CVE-2007-1287
11nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.98CVE-2020-12440
12Microsoft Windows Scripting Engine Remote Code Execution5.95.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.377400.00CVE-2021-34480
13DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd resource injection4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.002050.00CVE-2022-41479
14Basilix Webmail login.php3 command injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.07
15JoomlaTune Com Jcomments admin.jcomments.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004890.00CVE-2010-5048
16Microsoft Office Remote Code Execution7.06.1$5k-$25k$0-$5kUnprovenOfficial Fix0.001990.00CVE-2023-21735
17Alt-N MDaemon Worldclient injection4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.04CVE-2021-27182
18CouchCMS mysql2i.func.php Path information disclosure3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.002410.02CVE-2019-1010042
19Esri ArcGIS Server sql injection8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001230.04CVE-2021-29114
20Kind Editor File Upload upload_json.php access control5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.00CVE-2017-1002024

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
16.43.51.17Satan05/21/2019verifiedHigh
245.124.132.119Satan06/15/2018verifiedHigh
3XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxXxxxx05/21/2019verifiedHigh
4XXX.XX.XXX.XXXxxxxxx.xxx.xxXxxxx05/21/2019verifiedHigh
5XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxXxxxx05/21/2019verifiedHigh
6XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxXxxxx05/21/2019verifiedHigh

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-24Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-112CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
19TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (126)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/dl_sendmail.phppredictiveHigh
2File/adminPage/conf/reloadpredictiveHigh
3File/api/baskets/{name}predictiveHigh
4File/api/v2/cli/commandspredictiveHigh
5File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictiveHigh
6File/DXR.axdpredictiveMedium
7File/forum/away.phppredictiveHigh
8File/mfsNotice/pagepredictiveHigh
9File/novel/bookSetting/listpredictiveHigh
10File/novel/userFeedback/listpredictiveHigh
11File/owa/auth/logon.aspxpredictiveHigh
12File/spip.phppredictiveMedium
13File/var/WEB-GUI/cgi-bin/telnet.cgipredictiveHigh
14File/x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3predictiveHigh
15File/xx/xxxxx.xxxpredictiveHigh
16Filexxxxxxx.xxxpredictiveMedium
17Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
18Filexxxxxxxxxxx/xxxxxxx/xxxxx/xxxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
19Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxx.xxxpredictiveMedium
21Filexx_xxxx_xx_xxxx_xxxx.xxxpredictiveHigh
22Filexxxx_xxxxxxx.xxxpredictiveHigh
23Filexxxxx.xxxpredictiveMedium
24Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictiveHigh
25Filexxxxx-xxxxxxx.xxxpredictiveHigh
26Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
27Filexxxxxxxxxx\xxxx.xxxpredictiveHigh
28Filexxxxxxxxxxx.xxxpredictiveHigh
29Filexxxx-xxxxxx.xxxpredictiveHigh
30Filexxxxxxxxxxx.xxxxx.xxxpredictiveHigh
31Filexxxx.xxxpredictiveMedium
32Filexxxxx_xxxx.xxxpredictiveHigh
33Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
34Filexxx/xxxxxx.xxxpredictiveHigh
35Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveHigh
36Filexxxxx.xxxxpredictiveMedium
37Filexxxxx.xxxpredictiveMedium
38Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
39Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictiveHigh
40Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHigh
41Filexxxx_xxxxxxx.xxxpredictiveHigh
42Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveHigh
43Filexxxxx.xxxxpredictiveMedium
44Filexxxxx.xxxpredictiveMedium
45Filexxxx.xxxxpredictiveMedium
46Filexx_xxxx.xpredictiveMedium
47Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveHigh
48Filexxxxxxx_xxxx.xxxpredictiveHigh
49Filexxxxxx.xxxpredictiveMedium
50Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
51Filexxxxxxx.xxxpredictiveMedium
52Filexxxxx-xxxxxxx.xxxpredictiveHigh
53Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHigh
54Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
55Filexxxx_xxxxx.xxxxpredictiveHigh
56Filexxxxxxxxxx_xxxx.xxxpredictiveHigh
57Filexxx/xxxx/xxxxpredictiveHigh
58Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
59Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
60Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
61Filexxxx_xxxxxx.xxpredictiveHigh
62Filexxxx-xxxxx.xxxpredictiveHigh
63Filexxxx-xxxxxxxx.xxxpredictiveHigh
64Filexxxxxx_xxxxx.xxxpredictiveHigh
65Filexxxxxx.xxxpredictiveMedium
66Filexxxxxxx-xxxxx.xxxpredictiveHigh
67Filexxxx_xxxxx.xxxpredictiveHigh
68Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
69Filexxxx.xxxpredictiveMedium
70Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
71Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
72Filexxxx.xxxpredictiveMedium
73File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveHigh
74File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
75Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictiveHigh
76Argumentxxx_xxxpredictiveLow
77ArgumentxxxxpredictiveLow
78ArgumentxxxxxxxxxpredictiveMedium
79ArgumentxxxxxxxxpredictiveMedium
80Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictiveHigh
81Argumentxxxxx_xxxxpredictiveMedium
82Argumentxxxx_xxx_xxxxpredictiveHigh
83ArgumentxxxxxxxxxxpredictiveMedium
84ArgumentxxxpredictiveLow
85ArgumentxxxxxxxxxxxxxxxpredictiveHigh
86ArgumentxxxxpredictiveLow
87Argumentxxxxxxxxx_xxxxxxpredictiveHigh
88ArgumentxxxxxxxxxpredictiveMedium
89Argumentxx_xxxxxxxpredictiveMedium
90ArgumentxxxxpredictiveLow
91ArgumentxxxxxxxxpredictiveMedium
92ArgumentxxxxxpredictiveLow
93Argumentxxxxxx_xxxxxpredictiveMedium
94Argumentxx_xxpredictiveLow
95Argumentxxxxxxx[xxxxxxx]predictiveHigh
96ArgumentxxxxxxxpredictiveLow
97ArgumentxxxxxxpredictiveLow
98ArgumentxxxxxpredictiveLow
99ArgumentxxpredictiveLow
100ArgumentxxxpredictiveLow
101ArgumentxxxxpredictiveLow
102ArgumentxxxxpredictiveLow
103Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictiveHigh
104ArgumentxxxxxxxxpredictiveMedium
105Argumentxxxxxx/xxxxx/xxxxpredictiveHigh
106ArgumentxxxxxxxpredictiveLow
107ArgumentxxxxpredictiveLow
108ArgumentxxxxpredictiveLow
109Argumentxxxxxx_xxxxxxpredictiveHigh
110Argumentxxxxxxxx_xxpredictiveMedium
111Argumentxxxxxx_xxxxxpredictiveMedium
112Argumentxxxx_xxxxpredictiveMedium
113ArgumentxxxxpredictiveLow
114ArgumentxxxxxxpredictiveLow
115ArgumentxxxxxxxpredictiveLow
116ArgumentxxxpredictiveLow
117Argumentxxx_xxpredictiveLow
118ArgumentxxxxxpredictiveLow
119ArgumentxxxpredictiveLow
120ArgumentxxxxxxxxpredictiveMedium
121Argument\xxxx\xxxxpredictiveMedium
122Argument_xxx_xxxxxxxxxxx_predictiveHigh
123Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
124Input ValuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
125Pattern|xx xx xx xx|predictiveHigh
126Network PortxxxxxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!