Sogu Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (103)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

zh54
en50

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn94
us10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Sogu3
Cobalt Strike3
Earth Preta2
Sliver1
PlugX1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined48
Operating System6
Database Software6
Content Management System6
Firewall Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined34
Apache8
SourceCodester6
Oracle6
Google4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Oracle MySQL Server6
SourceCodester Free Hospital Management System for ...4
Zen Cart4
Google Android4
Microsoft Windows4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1SourceCodester Doctors Appointment System login.php sql injection7.47.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.03CVE-2023-4219
2IBM Security Guardium Request os command injection9.29.2$5k-$25k$5k-$25kNot DefinedNot Defined0.000660.00CVE-2023-35893
3Piwigo pwg.users.php sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000880.03CVE-2022-26266
4Pluck Theme Upload unrestricted upload4.74.6$0-$5k$0-$5kNot DefinedNot Defined0.028930.05CVE-2022-26965
5Apache Struts ParameterInterceptor unknown vulnerability5.35.3$5k-$25k$0-$5kHighNot Defined0.084840.03CVE-2010-1870
6Synacor Zimbra Collaboration Memcache Command injection6.36.0$0-$5k$0-$5kHighOfficial Fix0.096650.04CVE-2022-27924
7AfterLogic Aurora/WebMail Pro DAV DAVServer.php pathname traversal7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.002900.02CVE-2021-26293
8Artifex MuJS heap-based overflow5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002210.00CVE-2021-45005
9tough-cookie Cookies prototype pollution7.97.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001070.09CVE-2023-26136
10Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.84
11SourceCodester Free Hospital Management System for Small Practices appointment.php sql injection7.57.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.001700.22CVE-2023-4440
12SourceCodester Free Hospital Management System for Small Practices appointment.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000900.03CVE-2023-4441
13PrestaShop sql injection8.08.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.838960.00CVE-2021-3110
14Sentry Invite Link access control5.05.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000630.06CVE-2022-23485
15Pydio Cells access control6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000630.00CVE-2021-41325
16Pydio Cells Parameter pathname traversal6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001170.00CVE-2021-41323
17Hikvision Hybrid SAN Messages access control8.28.2$0-$5k$0-$5kNot DefinedNot Defined0.002030.02CVE-2023-28808
18Red Hat redhat-sso-7 passwd privileges assignment6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000440.03CVE-2020-10695
19ExpressionEngine Control Panel Member Creation sql injection4.74.6$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2020-8242
20ThinkCMF addpost.html code injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.002720.00CVE-2019-7580

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
143.254.217.165Sogu07/13/2023verifiedHigh
2XX.XXX.XXX.XXXXxxx07/13/2023verifiedHigh
3XX.XXX.XXX.XXXxxx07/13/2023verifiedHigh
4XXX.XX.XX.XXxxx.xx.xx.xx.xxxxxx.xxxx.xxxXxxx07/13/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94, CWE-1321Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-466CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (46)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin.php?action=themeinstallpredictiveHigh
2File/admin/ajax/avatar.phppredictiveHigh
3File/admin/users.php?source=edit_user&id=1predictiveHigh
4File/etc/passwdpredictiveMedium
5File/htmlcode/html/indexdefault.asppredictiveHigh
6File/include/config.cache.phppredictiveHigh
7File/xxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
8Filexxxx.xxxpredictiveMedium
9Filexxxxxxxxxxx.xxxpredictiveHigh
10Filexxx\xxxxx\xxxxxxxxxx\xxxxxxxxxxxxxxx.xxxpredictiveHigh
11Filexxxxxxxx\xxxxx.xxxpredictiveHigh
12Filexxx/xxxxxxx.xxpredictiveHigh
13Filexxxxx.xxxpredictiveMedium
14Filexxx.xxxpredictiveLow
15Filexxxxxx.xxxpredictiveMedium
16Filexxxxxxxxx.xxxpredictiveHigh
17Filexxxx-xxxxxxxx-xxxxxx.xxxpredictiveHigh
18Filexxxxxxx\xxxxxxx\xxxxxxx_xxxxx.xxxpredictiveHigh
19Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
20Filexxxxxxxxx/xxxx_xxxxxxx.xxx.xxxpredictiveHigh
21Filexxxxx.xxxpredictiveMedium
22Filexxxxxxx/xxxx/xxxxx/xxxxxxxxxxx.xxxpredictiveHigh
23Filexxxx/xxxxxxxxx.xxxpredictiveHigh
24Filexxxxxx/xxxxx_xxxxxxxx/xxxxxxx.xxxxpredictiveHigh
25Filexxx.xxxxx.xxxpredictiveHigh
26Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
27Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
28Filexxxxxxxxxxxxx.xxxxpredictiveHigh
29Libraryxxx/xxxxxx/xxxxxxxxx/xxxxxxx.xxpredictiveHigh
30Argument$_xxxxxpredictiveLow
31ArgumentxxxpredictiveLow
32ArgumentxxxxxxpredictiveLow
33ArgumentxxxxxpredictiveLow
34ArgumentxxxxxpredictiveLow
35ArgumentxxxxxxxxxxpredictiveMedium
36ArgumentxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
37ArgumentxxxxxxpredictiveLow
38ArgumentxxxxxxpredictiveLow
39ArgumentxxpredictiveLow
40Argumentxx_xxxxxxxxpredictiveMedium
41ArgumentxxxxxxxpredictiveLow
42ArgumentxxxxxxxxxxxpredictiveMedium
43ArgumentxxxxxxxxpredictiveMedium
44ArgumentxxxxxxxxxpredictiveMedium
45Input Value..predictiveLow
46Input Value../predictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!