Sauron Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

es146
de108
it94
ja88
ar84

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

es146
de108
it94
ar84
pt80

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Unknown1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined60
WordPress Plugin6
E-Commerce Management Software6
Appointment Software4
Remote Access Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Tenda46
Not Defined8
Kashipara6
PHPGurukul4
SourceCodester2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Tenda W15E14
Tenda i216
Tenda W96
Tenda AX18066
Kashipara Online Furniture Shopping Ecommerce Webs ...6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Tenda AC8 SetRebootTimer formSetRebootTimer stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000451.35CVE-2024-4065
2Tenda W15E DelPortMapping formDelPortMapping stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000451.16CVE-2024-4117
3Techkshetra Info Solutions Savsoft Quiz Category Page editCategory cross site scripting2.42.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000451.09CVE-2024-4256
4Tenda W9 wifiSSIDset formwrlSSIDset stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000451.09CVE-2024-4243
5PHPGurukul Doctor Appointment Management System appointment-bwdates-reports-details.php cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000451.43CVE-2024-4293
6idcCMS cross-site request forgery4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000451.16CVE-2024-4172
7Tenda 4G300 sub_4279CC stack-based overflow8.88.5$0-$5k$0-$5kNot DefinedNot Defined0.000451.39CVE-2024-4169
8Tenda W9 DhcpSetSer fromDhcpSetSer stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.94CVE-2024-4244
9Tenda AC8 execCommand R7WebsSecurityHandler stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000451.09CVE-2024-4064
10Tenda AX1806 SetRebootTimer formSetRebootTimer stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.90CVE-2024-4239
11Tenda i21 DhcpSetSe fromDhcpSetSer stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.86CVE-2024-4251
12EZVIZ CS-C6-21WFR-8 Davinci Application certificate validation3.73.6$0-$5k$0-$5kNot DefinedNot Defined0.000451.31CVE-2024-4063
13PHPGurukul Doctor Appointment Management System view-appointment-detail.php resource injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000451.17CVE-2024-4294
14Tenda W15E formQOSRuleDel stack-based overflow8.88.5$0-$5k$0-$5kNot DefinedNot Defined0.000451.27CVE-2024-4121
15Tenda AX1806 execCommand R7WebsSecurityHandler stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000451.16CVE-2024-4237
16Tenda W15E SetRemoteWebManage formSetRemoteWebManage stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000451.24CVE-2024-4124
17cyanomiko dcnnt-py Notification notifications.py main command injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.86CVE-2023-1000
18SourceCodester Simple Subscription Website view_application.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000451.27CVE-2024-4093
19Tenda i21 wifiSSIDget formwrlSSIDget stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.83CVE-2024-4249
20Tenda W15E SetSysTimeCfg formSetSysTime stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000451.01CVE-2024-4126

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
137.252.125.88Sauron12/23/2020verifiedHigh
266.228.52.133li294-133.members.linode.comSauron12/23/2020verifiedHigh
3XX.XXX.XXX.XXxxxx-xxxxxxx-xxxxx-xx-xxx-xxx-xx.xxxxxx.xxxXxxxxx12/23/2020verifiedHigh
4XX.XXX.XX.XXXXxxxxx12/23/2020verifiedHigh
5XXX.X.XXX.XXXxxxxxx.xxx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx12/23/2020verifiedHigh
6XXX.XXX.XX.XXX.Xxxxxx12/23/2020verifiedHigh
7XXX.XX.XX.XXXxxxxxxx-xx-xx-xxx.xxxxxx.xxxxxxx.xxXxxxxx12/23/2020verifiedHigh
8XXX.XXX.XX.XXxxxxxxx.xxxXxxxxx12/23/2020verifiedHigh
9XXX.XXX.XXX.XXXXxxxxx12/23/2020verifiedHigh
10XXX.XXX.XXX.XXXxxxxxxxxxxxxx.xxxxxxxxxx.xxxxXxxxxx12/23/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
2T1202CAPEC-136CWE-77, CWE-78Command Shell in Externally Accessible DirectorypredictiveHigh
3TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (92)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/admin_cl.php?mudi=revPwdpredictiveHigh
2File/cgi-bin/koha/opac-MARCdetail.plpredictiveHigh
3File/doctor/view-appointment-detail.phppredictiveHigh
4File/goform/AddDnsForwardpredictiveHigh
5File/goform/addIpMacBindpredictiveHigh
6File/goform/AdvSetMacMtuWanpredictiveHigh
7File/goform/DelDhcpRulepredictiveHigh
8File/goform/DelPortMappingpredictiveHigh
9File/goform/DhcpSetSepredictiveHigh
10File/goform/DhcpSetSerpredictiveHigh
11File/goform/execCommandpredictiveHigh
12File/goform/modifyDhcpRulepredictiveHigh
13File/goform/modifyIpMacBindpredictiveHigh
14File/xxxxxx/xxxxxxxxxxxxxxxxxxxxxpredictiveHigh
15File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
16File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
17File/xxxxxx/xxxxxxxxxxpredictiveHigh
18File/xxxxxx/xxxxxxxxxxxpredictiveHigh
19File/xxxxxx/xxxxxxxxxpredictiveHigh
20File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
21File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
22File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
23File/xxxxxx/xxxxxxxxxxxxxxxxxxpredictiveHigh
24File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
25File/xxxxxx/xxxxxxxxxxxxxpredictiveHigh
26File/xxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
27File/xxxxxx/xxxxxxxxxxxpredictiveHigh
28File/xxxxxx/xxxxxxxxxxxpredictiveHigh
29File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
30File/xxxxxxxxxxxxx.xxpredictiveHigh
31File/xxxxxx/xxxxx.xxx/xxxxx/xxxxxxxxxxxxpredictiveHigh
32File/xxxxxxx.xxpredictiveMedium
33File/xxxx/xxxxxxx xxxxxx/xxx/xxx_xxxx_xxxxxx.xxxpredictiveHigh
34File/xxx/xxxxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx.xxxpredictiveHigh
36Filexxxxx/xxxxxxx/xxxxxxxxxxxxx.xxpredictiveHigh
37Filexxxxxx/xxxxxx/xxx/xxxxxxxxxxx/xx.xxpredictiveHigh
38Filexxxxx.xxxpredictiveMedium
39Filexxxxxxxx.xxxpredictiveMedium
40Filexxxxxxxx.xxxpredictiveMedium
41Filexxxxxx.xxxpredictiveMedium
42Filexxxxxxxxxxxx.xxxpredictiveHigh
43Filexxxx_xxxxxxxxxxx.xxxpredictiveHigh
44ArgumentxxxxxxxxxxxxpredictiveMedium
45ArgumentxxxxxxxxxxxxxpredictiveHigh
46Argumentxxxxxxxx_xxxxpredictiveHigh
47ArgumentxxxxxxxxxxxxpredictiveMedium
48ArgumentxxxxxxxxxxpredictiveMedium
49ArgumentxxxxxxxpredictiveLow
50Argumentxxxxxxxxxxx/xxxxxxxxx/xxxxxx/xxxxxxxx/xxxxxxxxxxxxx/xxxxxxxx/xxxxxxxxpredictiveHigh
51ArgumentxxxxxxxxxxxxxxpredictiveHigh
52ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
53ArgumentxxxxxxpredictiveLow
54Argumentxxxxxx/xxxxx/xxxxxxpredictiveHigh
55ArgumentxxxxxxxxpredictiveMedium
56Argumentxxxxxxxx/xxxxxxpredictiveHigh
57Argumentxx/xxxxpredictiveLow
58ArgumentxxxxxxxxxxpredictiveMedium
59ArgumentxxpredictiveLow
60ArgumentxxpredictiveLow
61ArgumentxxxxxxxxxxxxxpredictiveHigh
62Argumentxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
63ArgumentxxxxpredictiveLow
64ArgumentxxxxpredictiveLow
65ArgumentxxxxxpredictiveLow
66ArgumentxxxxxxxxxxpredictiveMedium
67ArgumentxxxxpredictiveLow
68ArgumentxxxxpredictiveLow
69ArgumentxxxxxxxxpredictiveMedium
70ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
71Argumentxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
72ArgumentxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
73ArgumentxxxpredictiveLow
74ArgumentxxxxxxpredictiveLow
75ArgumentxxxxxxxxpredictiveMedium
76ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
77ArgumentxxxxxxxxpredictiveMedium
78ArgumentxxxxxxxxxxpredictiveMedium
79ArgumentxxxxxxxxpredictiveMedium
80Argumentxxxxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxpredictiveHigh
81ArgumentxxxxxxxxxxxxpredictiveMedium
82ArgumentxxxxxxxxxpredictiveMedium
83ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
84ArgumentxxxxpredictiveLow
85ArgumentxxxxxxxxxxpredictiveMedium
86ArgumentxxxxxxxxxpredictiveMedium
87ArgumentxxxxxxxpredictiveLow
88Argumentxxxxxx/xxxxxxxx/xxxxxxxxx/xxx/xxxxxxxxxxx/xxxxxxxxxxpredictiveHigh
89Argumentxxxx/xxxxx/xxx/xxxx/xxxxxx/xxxxxxpredictiveHigh
90Input Valuex"><xxxx>predictiveMedium
91Input ValuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
92Input Value><xxxxxx>xxxxx('xxx')</xxxxxx>predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!