SpyAgent Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (31)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	30
de	2

Country

co	24
cn	2
gb	2

Actors

Cobalt Strike	3
SpyAgent	3
TrickBot	2
Remcos	2
BumbleBee	2

Activities

Interest

Timeline

Type

Not Defined	12
Domain Name Software	2
Server Management Software	2
Operating System	2
Virtualization Software	2

Vendor

Not Defined	6
Interspire	4
Sonus	2
ISC	2
VMware	2

Product

Interspire Email Marketer	4
Sales	2
Company Management System	2
Sonus SBC 1000	2
Sonus SBC 2000	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Interspire Email Marketer Dynamiccontenttags.php sql injection	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00087	0.07	CVE-2018-19551
2	Sales / Company Management System member_order.php sql injection	8.5	8.5	$0-$5k	Calculating	Not Defined	Not Defined	0.00172	0.00	CVE-2018-19925
3	Interspire Email Marketer Dynamiccontenttags.php sql injection	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00087	0.00	CVE-2018-19549
4	VMware vCenter Server/Cloud Foundation vSphere Client Privilege Escalation	8.0	7.9	$5k-$25k	$0-$5k	High	Official Fix	0.97299	0.03	CVE-2021-21972
5	Advanced Comment System admin.php sql injection	8.5	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00230	0.04	CVE-2018-18619
6	Interspire Email Marketer Dynamiccontenttags.php sql injection	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00087	0.02	CVE-2018-19553
7	IBM Security Identity Manager heap-based overflow	6.4	6.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00071	0.00	CVE-2021-20494
8	Void Aural Rec Monitor svc-login.php sql injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.51506	0.00	CVE-2021-25899
9	SolarWinds Advanced Monitoring Agent privileges management	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2020-13912
10	Mitsubishi Electric MELSEC iQ-F FX5U(C) ARP Packet Remote Code Execution	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00176	0.00	CVE-2020-5665
11	Sonus SBC 1000/SBC 2000/SBC SWe Lite Web Interface path traversal	6.4	6.4	$0-$5k	Calculating	Not Defined	Not Defined	0.00172	0.02	CVE-2018-11543
12	Sonus SBC 1000/SBC 2000/SBC SWe Lite Web Interface access control	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00245	0.03	CVE-2018-11541
13	Softing Industrial Automation heap-based overflow	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00544	0.00	CVE-2020-14524
14	ISC BIND QNAME denial of service	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00737	0.04	CVE-2020-8621
15	MetalGenix GeniXCMS User.class.php sql injection	8.5	8.0	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00219	0.02	CVE-2015-3933
16	Interspire Email Marketer Dynamiccontenttags.php sql injection	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00087	0.02	CVE-2018-19552
17	Microsoft Office RTF memory corruption	7.0	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.10418	0.00	CVE-2018-0797
18	Microsoft Windows OpenType Font Parser memory corruption	7.6	7.5	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.04046	0.00	CVE-2019-1456
19	STDU Viewer xps File memory corruption	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.00	CVE-2017-14574
20	WordPress Static Query information disclosure	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01557	0.00	CVE-2019-17671

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	23.19.227.217		SpyAgent	04/08/2024	verified	High
2	XX.XX.XXX.XXX		Xxxxxxxx	04/08/2024	verified	High
3	XXX.XX.XXX.XX	xxxxxx-xxx-xx-xxx-xx.xxxxxxxxx.xx	Xxxxxxxx	04/08/2024	verified	High

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
3	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
4	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	Dynamiccontenttags.php	predictive	High
2	File	internal/advanced_comment_system/admin.php	predictive	High
3	File	member/member_order.php	predictive	High
4	File	xxx-xxxxx.xxx	predictive	High
5	Library	xxx/xxx/xxxx.xxxxx.xxx	predictive	High
6	Argument	xxxxxxx[]	predictive	Medium
7	Argument	xxxxx/xxxxxx	predictive	Medium
8	Argument	xx	predictive	Low
9	Argument	xxxx	predictive	Low
10	Argument	xxxxxx	predictive	Low
11	Argument	xxxxxxxxx	predictive	Medium
12	Argument	xxxx/x_xxxxx	predictive	Medium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!