Sofacy Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (160)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en142
de12
es4
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ch56
us54
tr6
nl4
ar4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Sofacy8
APT283
Raccoon2
Vidar2
Sliver2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined46
Content Management System14
Operating System12
Router Operating System8
Smartphone Operating System8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined60
Microsoft10
IBM8
DragonByte6
Linux6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress8
phpMyAdmin6
Linux Kernel6
Microsoft Windows4
Drupal4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Backdoor.Win32.Tiny.c Service Port 7778 backdoor7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.04
2Linux Kernel NILFS File System inode.c security_inode_alloc use after free8.38.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2022-2978
3SourceCodester Simple and Nice Shopping Cart Script profile.php unrestricted upload6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000980.08CVE-2022-2909
4Crow HTTP Pipelining use after free8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.007770.04CVE-2022-38667
5mySCADA myPRO command injection9.29.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001050.03CVE-2022-2234
6GNU Bash Environment Variable variables.c Shellshock os command injection9.89.6$25k-$100k$0-$5kHighOfficial Fix0.975590.00CVE-2014-6271
7WordPress Editor information disclosure4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.006560.04CVE-2021-29450
8AnyMacro AnyMacro Mail System path traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002480.02CVE-2011-2468
9phpMyAdmin Configuration File setup.php code injection7.37.0$5k-$25k$0-$5kHighOfficial Fix0.805860.05CVE-2009-1151
10WordPress class-wp-customize-widgets.php privileges management7.36.4$5k-$25k$0-$5kUnprovenOfficial Fix0.071580.03CVE-2014-5203
11Zeus Zeus Web Server memory corruption10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.169460.00CVE-2010-0359
12Ruijie RG-UAC commit.php os command injection4.74.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.08CVE-2024-4504
13OpenSSL c_rehash os command injection5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.106490.07CVE-2022-1292
14Tenda AX1803 getIptvInfo stack-based overflow7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.000870.02CVE-2023-51969
15ownCloud graphapi GetPhpInfo.php information disclosure7.67.5$0-$5k$0-$5kHighOfficial Fix0.867370.00CVE-2023-49103
16Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.006680.08CVE-2022-27228
17Git Plugin Build authorization6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.011560.08CVE-2022-36883
18Cisco RV340/RV340W/RV345/RV345P unrestricted upload7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.340030.04CVE-2023-20073
19Microsoft Word wwlib Remote Code Execution8.07.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.453520.00CVE-2023-21716
20ampache sql injection5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000720.00CVE-2023-0771

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
11.6.3.8Sofacy12/22/2020verifiedHigh
223.0.0.185a23-0-0-185.deploy.static.akamaitechnologies.comSofacy12/23/2020verifiedHigh
340.112.210.240Sofacy12/23/2020verifiedHigh
4XX.XXX.XXX.XXXxxxxx.xxxxxxxxxxx.xxxXxxxxxXxxxxxx08/29/2021verifiedHigh
5XX.XX.XX.XXXxxxxx12/23/2020verifiedHigh
6XX.XX.XX.XXXXxxxxx12/23/2020verifiedHigh
7XX.XXX.XX.XXXxxxxxxxxxxxxxxxx.xxxXxxxxxXxxxxxx08/29/2021verifiedHigh
8XX.XXX.XXX.XXXXxxxxxXxxxxxx08/29/2021verifiedHigh
9XX.XXX.XX.XXxxxxxx-xx.xxxxxxxx.xxXxxxxxXxxxxxxxxxxxx12/23/2020verifiedHigh
10XXX.XX.XX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxxx12/22/2020verifiedHigh
11XXX.XX.XX.XXXxxxx-xxxxx.xxxxxxx.xxxxXxxxxx12/22/2020verifiedHigh
12XXX.XXX.XX.XXXxxxxxxx.xxxx-xxxxxx.xxxXxxxxx12/22/2020verifiedHigh
13XXX.XXX.XXX.XXxxxxxxxxxxxxx.xxxXxxxxx12/22/2020verifiedHigh
14XXX.XXX.XXX.XXXXxxxxx12/22/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-1CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
13TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
17TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-20CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (82)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.procmailrcpredictiveMedium
2File/dashboard/updatelogo.phppredictiveHigh
3File/etc/openshift/server_priv.pempredictiveHigh
4File/files.md5predictiveMedium
5File/index.phppredictiveMedium
6File/info/headerspredictiveHigh
7File/mkshop/Men/profile.phppredictiveHigh
8File/Noxen-master/users.phppredictiveHigh
9File/uncpath/predictiveMedium
10File/xxxx/xxxxxxxx/xxxxxxxxxx/xxxxxx.xxxpredictiveHigh
11Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
12Filexxxxxxx/xxxx.xxxpredictiveHigh
13Filexxxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
15Filexx/xxxxxx_xxx.xxxpredictiveHigh
16Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
17Filexxx.xxx?xxx=xxxxx_xxxxpredictiveHigh
18Filexxxxxxxx/xxxxpredictiveHigh
19Filex_xxxxxxpredictiveMedium
20Filexx.xpredictiveLow
21Filexxxxx.xxxpredictiveMedium
22Filexxxxxxxxxx.xxxpredictiveHigh
23Filexxxxxx.xpredictiveMedium
24Filexxxxxxxx.xxxpredictiveMedium
25Filexxxxxxxxxx.xxxpredictiveHigh
26Filexxxx_xxxx.xpredictiveMedium
27Filexxxxx.xxxpredictiveMedium
28Filexxxxxx.xxxpredictiveMedium
29Filexxxxx.xpredictiveLow
30Filexxxxxxxxxx.xxxpredictiveHigh
31Filexxxxx_xxxxxxx.xxxpredictiveHigh
32Filexxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxxpredictiveHigh
33Filexxxx.xxxpredictiveMedium
34Filexxxxx.xxxpredictiveMedium
35Filexxxxx/xxxxx-xxxx-xxxxxxxx.xxxpredictiveHigh
36Filexxxx.xxx.xxxxxxxxxxpredictiveHigh
37Filexxxxxxxxx/xxxxx/xxxxxx.xxxxpredictiveHigh
38Filexxxxxx/xxxx.xxxpredictiveHigh
39Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
40Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
41Filexxxxxxxxx.xpredictiveMedium
42Filexxxxxxx.xxxpredictiveMedium
43Filexx-xxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxx.xxxpredictiveHigh
44Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
45Filexxxxxx.xxxpredictiveMedium
46Filexx_xxxxxxx.xpredictiveMedium
47Libraryxxxxxxxxx/xxx-xxxxxx/xxxxxxxx.xxxpredictiveHigh
48Libraryxxxxx.xxxpredictiveMedium
49ArgumentxxxxpredictiveLow
50ArgumentxxxxxxxxxpredictiveMedium
51Argumentxxxx/xxxxpredictiveMedium
52Argumentxxxxxx_xxxx_xxxxxxxxpredictiveHigh
53ArgumentxxxxpredictiveLow
54Argumentxxx_xxxx/xxx_xxxxxxxpredictiveHigh
55ArgumentxxxxxxpredictiveLow
56ArgumentxxxxxxxxxxxpredictiveMedium
57Argumentxxxx_xxpredictiveLow
58ArgumentxxxxpredictiveLow
59Argumentxxx_xxpredictiveLow
60ArgumentxxxxxxxxpredictiveMedium
61Argumentxxxxxxx[xxxxx]/xxxxxxx[xxxxxxxxxxx]predictiveHigh
62Argumentxxxx_xxxxpredictiveMedium
63Argumentxxxx_xx/xxxxx_xxpredictiveHigh
64ArgumentxxxxxxpredictiveLow
65ArgumentxxxxxxxxxxxxpredictiveMedium
66ArgumentxxxxxxpredictiveLow
67Argumentxxxxxx_xxpredictiveMedium
68ArgumentxxxxxpredictiveLow
69ArgumentxxxxpredictiveLow
70Argumentxxxxxx_xxpredictiveMedium
71ArgumentxxxpredictiveLow
72ArgumentxxxxxxxxpredictiveMedium
73ArgumentxxxxxxxpredictiveLow
74ArgumentxxxxpredictiveLow
75Argumentxxxxx/xxxxxpredictiveMedium
76Argument_xxxxpredictiveLow
77Input Value"><xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveHigh
78Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
79Input Valuexxx=/&xxxpredictiveMedium
80Pattern() {predictiveLow
81Network Portxxx/xxxx (xxx)predictiveHigh
82Network Portxxx/xxxxpredictiveMedium

References (6)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!