Scar Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en14
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us8
ru6
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Scar2
TA5051
Cobalt Strike1
RedLine Stealer1
Raccoon1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined6
Operating System2
Content Management System2
Router Operating System2
File Compression Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined4
Genymotion2
Linux2
TP-LINK2
HelpSystems2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Genymotion Desktop2
Linux Kernel2
Joomla2
systemd2
TP-LINK TL-WR740N2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1nginx HTTP/2 resource consumption6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.096990.04CVE-2018-16843
2Microsoft Windows Runtime Remote Code Execution8.17.7$25k-$100k$5k-$25kHighOfficial Fix0.400280.00CVE-2022-21971
3Joomla Usergroup Table input validation4.64.6$5k-$25k$5k-$25kNot DefinedNot Defined0.001030.00CVE-2021-26036
4Bitrix24 Web Application Firewall cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001130.07CVE-2020-13483
5Linux Kernel Netfilter x_tables.c out-of-bounds write8.88.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.002560.04CVE-2021-22555
6Linux Kernel ptrace.c access control7.87.6$5k-$25k$0-$5kHighOfficial Fix0.000520.00CVE-2019-13272
7HelpSystems Cobalt Strike Server Screenshot readCountedBytes Hotcobalt denial of service3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002800.05CVE-2021-36798
8Cisco ASA/Firepower Threat Defense Network Address Translation security check5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.001110.00CVE-2021-34790
9systemd unit-name.c alloca allocation of resources6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.02CVE-2021-33910
10Hikvision Product Message command injection5.55.5$0-$5k$0-$5kHighNot Defined0.974850.03CVE-2021-36260
11RARLAB WinRAR memory corruption10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.004690.00CVE-2008-7144
12TP-LINK TL-WR740N Firmware Local Privilege Escalation5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000000.04
13TP-LINK TL-WR841N Web Service buffer overflow8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.022230.04CVE-2019-17147
14Genymotion Desktop Clipboard information disclosure4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.005940.00CVE-2021-27549
15Oracle Database Server OJVM access control9.99.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.001650.00CVE-2017-10202

IOC - Indicator of Compromise (27)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
135.186.232.167167.232.186.35.bc.googleusercontent.comScar05/06/2022verifiedMedium
252.85.151.4server-52-85-151-4.iad89.r.cloudfront.netScar07/17/2021verifiedHigh
352.85.151.59server-52-85-151-59.iad89.r.cloudfront.netScar07/17/2021verifiedHigh
464.186.131.47Scar04/12/2022verifiedHigh
567.228.31.225e1.1f.e443.ip4.static.sl-reverse.comScar04/12/2022verifiedHigh
672.21.81.240Scar05/05/2022verifiedHigh
7XX.XXX.XXX.XXxxxxxx.xx-xxx-xxx-xx.xxxxxxx.xxxx-xxxxxx.xxXxxx07/17/2021verifiedHigh
8XX.XXX.XXX.XXXXxxx07/17/2021verifiedHigh
9XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxxXxxx07/17/2021verifiedHigh
10XX.XX.XXX.XXXxxxxxx-xx-xx-xxx-xxx.xxxxx.x.xxxxxxxxxx.xxxXxxx07/17/2021verifiedHigh
11XXX.XXX.XX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxx05/05/2022verifiedHigh
12XXX.XXX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxx05/06/2022verifiedHigh
13XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxx05/06/2022verifiedHigh
14XXX.XXX.XXX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxx05/05/2022verifiedHigh
15XXX.XXX.XX.XXxx-xx-xxx.xxxxx.xxxXxxx05/06/2022verifiedHigh
16XXX.XXX.XX.XXXxx-xx-xxxx.xxxxx.xxxXxxx05/06/2022verifiedHigh
17XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxx05/06/2022verifiedHigh
18XXX.XXX.X.XXXxxx07/17/2021verifiedHigh
19XXX.XXX.X.XXxxxxxx.xxxxxxxxxxx.xxxXxxx07/17/2021verifiedHigh
20XXX.XXX.XXX.XXXXxxx04/12/2022verifiedHigh
21XXX.XX.XX.XXXxx-xx.xxxxxxxxxx.xxxXxxx05/06/2022verifiedHigh
22XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxx05/06/2022verifiedHigh
23XXX.XXX.XXX.XXxxxx.xxxxx.xxxXxxx05/05/2022verifiedHigh
24XXX.XXX.XXX.XXxxxx.xxxxx.xxxXxxx05/05/2022verifiedHigh
25XXX.XX.XXX.XXXxxx.xxxxx.xxx.xxXxxx05/05/2022verifiedHigh
26XXX.XX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxx05/06/2022verifiedHigh
27XXX.XX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxx05/06/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
2TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
3TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
5TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Filebasic/unit-name.cpredictiveHigh
2Filecomponents/bitrix/mobileapp.list/ajax.php/predictiveHigh
3Filexxxxxx/xxxxxx.xpredictiveHigh
4Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveHigh
5Argumentxxxxx[xxxxx][xx]predictiveHigh

References (5)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!