Skygofree Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (93)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en70
it22
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

it92
us2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Skygofree1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Smartphone Operating System50
Web Browser6
Operating System4
Hardware Driver Software4
File Transfer Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Google48
Apple8
Linux4
Not Defined4
Samsung4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android44
Google Chrome4
Linux Kernel4
Apple iOS4
ProFTPD2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Google Android ihevcd_fmt_conv.c ihevcd_fmt_conv out-of-bounds write7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000650.00CVE-2017-13277
2Google Chrome v8 code injection7.57.1$25k-$100k$0-$5kProof-of-ConceptNot Defined0.235640.02CVE-2016-9651
3Google Android System access control8.07.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.009260.00CVE-2017-13208
4Google Android Linux File System access control6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001870.02CVE-2017-0750
5ARM Mali GPU Kernel Driver use after free7.16.8$0-$5k$0-$5kHighOfficial Fix0.006260.04CVE-2021-28663
6Apple iOS WebKit memory corruption7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.008250.00CVE-2018-4214
7Apple Safari WebKit memory corruption7.57.4$5k-$25k$0-$5kHighOfficial Fix0.017600.00CVE-2018-4233
8Google Android tpdec_asc.cpp CProgramConfig_ReadHeightExt memory corruption7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001390.00CVE-2017-13276
9Google Android wl_cfg80211.c wl_get_assoc_ies out-of-bounds write8.58.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001050.00CVE-2017-13292
10Google Android Kernel Audio Driver access control6.56.3$25k-$100k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2017-13245
11Google Android Mediaserver memory corruption9.99.6$100k and more$5k-$25kNot DefinedOfficial Fix0.001480.02CVE-2016-2428
12Google Android System Server access control7.57.2$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.005190.00CVE-2016-6707
13Microsoft Office memory corruption7.87.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.607730.00CVE-2016-3313
14Linux Kernel THP Mapcount Check huge_memory.c __split_huge_pmd race condition6.26.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000800.04CVE-2020-29368
15Apple iOS/iPadOS Kernel type confusion7.87.5$25k-$100k$5k-$25kHighOfficial Fix0.001920.00CVE-2020-27932
16Google Android Binder Driver binder_poll use after free6.56.4$5k-$25k$0-$5kHighOfficial Fix0.003000.00CVE-2019-2215
17Samsung Exynos fimg2d Driver IOCTL input validation4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2016-9278
18Apache NetBeans Proxy Auto-Config command injection8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.004160.00CVE-2018-17191
19Google Android payload_metadata.cc ParsePayloadHeader out-of-bounds write8.58.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001290.00CVE-2018-9556
20Google Android l2c_fcr.cc l2c_lcc_proc_pdu out-of-bounds write8.07.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000630.00CVE-2018-9555

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
154.67.109.199ec2-54-67-109-199.us-west-1.compute.amazonaws.comSkygofree01/19/2018verifiedMedium
2XX.X.XXX.XXxxxx-xx-x-xxx-xx.xxxxxxxx.xxxxxxxxxxxxx.xxXxxxxxxxx01/19/2018verifiedHigh
3XXX.XXX.XX.XXXxxxxxx.xxxxx.xxxxxx.xxXxxxxxxxx01/19/2018verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (24)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1FileAudioSource.cpppredictiveHigh
2Fileavrc_pars_tg.ccpredictiveHigh
3Filecore.cpredictiveLow
4Filexxxx/xxx/xxxxxxx/xxxxxxxx/xxxxxx.xxxpredictiveHigh
5Filexxxxxxx/xxxxxxxx/xxx/xxx_xxx/xxx_xxx_xxx.xpredictiveHigh
6Filexxxxxxxxxxxx.xxxpredictiveHigh
7Filexx/xxxxxxx.xpredictiveMedium
8Filexxxxxx_xxx_xxxx.xpredictiveHigh
9Filexxxxxx_xxxx_xxxxx_xxxxx_xxxx.xpredictiveHigh
10Filexxxxxx.xpredictiveMedium
11Filexxx_xxx.xxpredictiveMedium
12Filexxxxxxxxxxx/xxx.xpredictiveHigh
13Filexxxxxxxx.xxpredictiveMedium
14Filexxx_xxxx.xxxpredictiveMedium
15Filexxxxxxxxx.xxpredictiveMedium
16Filexx/xxxx_xxxxxx.xpredictiveHigh
17Filexx/xxxxxx.xpredictiveMedium
18Filexxxxxxx/xxxxx/xxxxxxx/xxxx.xxxpredictiveHigh
19Filexxx_xxx.xpredictiveMedium
20Filexxxxxxx_xxxxxxxx.xxpredictiveHigh
21Filexxxxxxxxxxxxxxxx.xxpredictiveHigh
22Filexxxxx_xxx.xxxpredictiveHigh
23Filexx_xxxxxxxx.xpredictiveHigh
24ArgumentxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!