Syrian Electronic Army Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (313)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en292
es8
ar4
de2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us172
cn86
ir26
et6
kr6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Syrian Electronic Army2
NSA1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined72
Operating System22
Content Management System18
Smartphone Operating System12
WordPress Plugin12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined64
Microsoft36
Oracle18
Cisco14
Adobe12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows14
Microsoft Office10
Apache HTTP Server8
WordPress8
Microsoft Internet Explorer6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Microsoft Windows SMB input validation7.77.5$25k-$100k$0-$5kHighOfficial Fix0.974270.00CVE-2017-0144
2Cisco IOS NTP Interface Queue input validation7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.005630.00CVE-2016-1478
3Microsoft Word/Office/Outlook RTF Document memory corruption10.09.6$5k-$25k$0-$5kHighOfficial Fix0.614450.00CVE-2014-1761
4Peplink Balance Cookie admin.cgi sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.014570.02CVE-2017-8835
5vsftpd deny_file unknown vulnerability3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003120.09CVE-2015-1419
6Citrix Netscaler SD-WAN Session ID Cookie input validation9.89.6$5k-$25k$0-$5kHighOfficial Fix0.961680.00CVE-2017-6316
7Saxum Picker sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.002820.03CVE-2018-7178
8Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.16CVE-2017-0055
9TVT Dvr Firmware path traversal7.57.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.153910.05CVE-2013-6023
10D-Link IP Cameras rtpd.cgi insecure inherited permissions9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.917520.00CVE-2013-1599
11Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.16CVE-2014-4078
12Linksys WVC11B main.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.015690.04CVE-2004-2508
13Yiiframework code injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.005540.00CVE-2014-4672
14RealNetworks RealServer Port 7070 Service denial of service7.57.3$0-$5k$0-$5kNot DefinedWorkaround0.021160.16CVE-2000-0272
15phpMyAdmin grab_globals.lib.php path traversal4.84.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.023340.11CVE-2005-3299
16Huawei SXXXX XML Parser input validation3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000560.03CVE-2017-15346
17WordPress Installation functions.php is_blog_installed access control8.07.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.024210.04CVE-2020-28037
18Plupload plupload.flash.swf cross site scripting6.15.9$0-$5k$0-$5kNot DefinedOfficial Fix0.010190.03CVE-2016-4566
19Telerik Progress UI for ASP.NET AJAX Telerik.Web.UI inadequate encryption8.58.4$0-$5k$0-$5kHighOfficial Fix0.081370.05CVE-2017-11317
20WordPress Password Reset wp-login.php mail password recovery6.15.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.028270.06CVE-2017-8295

IOC - Indicator of Compromise (39)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
131.8.47.7h31-8-47-7.dyn.bashtel.ruSyrian Electronic Army01/01/2021verifiedHigh
231.8.48.7h31-8-48-7.dyn.bashtel.ruSyrian Electronic Army01/01/2021verifiedHigh
331.9.48.1Syrian Electronic Army01/01/2021verifiedHigh
431.9.48.7Syrian Electronic Army01/01/2021verifiedHigh
531.9.48.11Syrian Electronic Army01/01/2021verifiedHigh
631.9.48.84Syrian Electronic Army01/01/2021verifiedHigh
731.9.48.119Syrian Electronic Army01/01/2021verifiedHigh
831.9.48.141Syrian Electronic Army01/01/2021verifiedHigh
9XX.X.XX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
10XX.X.XX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
11XX.X.XX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
12XX.XX.XX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
13XX.XX.XXX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
14XX.XX.XXX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
15XX.XXX.XXX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
16XX.XXX.XXX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
17XX.XXX.XXX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
18XX.XXX.XXX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
19XX.X.XX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
20XX.XX.XX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
21XX.X.XX.XXxxxxx.xx.x.xx.xx.xxxxxxx.xxXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
22XX.XXX.XXX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
23XX.XXX.XXX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
24XX.XXX.XXX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
25XX.XXX.XXX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
26XX.XXX.XXX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
27XX.XXX.XXX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
28XXX.XX.X.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
29XXX.XX.XX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
30XXX.XX.XXX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
31XXX.XX.XXX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
32XXX.XX.XXX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
33XXX.XX.XXX.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
34XXX.XX.XXX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
35XXX.XX.XXX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
36XXX.XXX.XXX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
37XXX.XXX.XXX.XXXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
38XXX.XX.XXX.XXxxxx.xxx-xxxxx.xxxxxxxx.xxxx.xxXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh
39XXX.X.X.XXXxxxxx Xxxxxxxxxx Xxxx01/01/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-120CWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx XxxxxxxxpredictiveHigh
12TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
13TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
14TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (107)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/.ssh/authorized_keys2predictiveHigh
2File/anony/mjpg.cgipredictiveHigh
3File/forms/doLoginpredictiveHigh
4File/html/device-idpredictiveHigh
5File/uncpath/predictiveMedium
6Filea2dp_aac_decoder.ccpredictiveHigh
7Fileactbar3.ocxpredictiveMedium
8Fileadclick.phppredictiveMedium
9Fileadmin.phppredictiveMedium
10Fileadmin/users/addpredictiveHigh
11Fileadministrator/components/com_media/helpers/media.phppredictiveHigh
12Fileajax-actions.phppredictiveHigh
13Filexxxxxxxxxxx/xxxxxxxxxx.xxpredictiveHigh
14Filexxxxx.xxxpredictiveMedium
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxxxxxxxx.xxxpredictiveHigh
17Filexxxxxx.xxxpredictiveMedium
18Filexxx-xxx/xxxxx/xxxxx.xxxpredictiveHigh
19Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
20Filexxxxxxxxxxxx.xxxxpredictiveHigh
21Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
22Filexxxxxxx/xxxx/xxxx/xxxx.xpredictiveHigh
23Filexxxxxxx.xxxpredictiveMedium
24Filexxxx/xxxxxxxxxx/xxxxxx-xxxxxxx.xpredictiveHigh
25Filexxx/xxxx/xxxxxx/xxxxxx_xxxxxxx.xpredictiveHigh
26Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xxpredictiveHigh
27Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
28Filexx/xxx/xxx-xxxx.xpredictiveHigh
29Filexxxxx.xxx.xxxpredictiveHigh
30Filexxxxx.xxxpredictiveMedium
31Filexxxxxxxxx.xxxpredictiveHigh
32Filexxxxxx.xpredictiveMedium
33Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveHigh
34Filexxxx.xxxpredictiveMedium
35Filexxx_xxx_xxxxxx.xpredictiveHigh
36Filexxx_xxxxx_xxxx.xpredictiveHigh
37Filexxxxx.xxxpredictiveMedium
38Filexxxxx.xxxpredictiveMedium
39Filexxx/xxxxxx/xx_xxxxxx.xpredictiveHigh
40Filexxx.xxxpredictiveLow
41Filexxxxxxxx.xxxxx.xxxpredictiveHigh
42Filexxxxx_xxx.xxxpredictiveHigh
43Filexxxxxxx.xxxpredictiveMedium
44Filexxxxxxx_xxxx.xxxpredictiveHigh
45Filexxxxxxx.xpredictiveMedium
46Filexxxxx/xxxxx.xxxpredictiveHigh
47Filexxxxxxxxxxxxxxxx.xxpredictiveHigh
48Filexxxxxx.xxxpredictiveMedium
49Filexxxx.xxxpredictiveMedium
50Filexxx/xxxxxxxx.xpredictiveHigh
51Filexxxxxxxxx.xxxpredictiveHigh
52Filexxxxxxx.xxxpredictiveMedium
53Filexxx/xxx/xxx-xxx/xxxx.xxxpredictiveHigh
54Filexxx.xxxpredictiveLow
55Filexx-xxxxx/xxxxx.xxxpredictiveHigh
56Filexx-xxxxx/xxxx.xxxpredictiveHigh
57Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
58Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
59Filexx-xxxxx.xxxpredictiveMedium
60Library/xxx/xxxxx/xxxxxxxxx.xxpredictiveHigh
61Libraryxxxxxx.xxxpredictiveMedium
62Libraryxxxxx.xxxpredictiveMedium
63Libraryxxxxx.xxxpredictiveMedium
64Libraryxxxxxx.xxxpredictiveMedium
65Libraryxxxxxxxxxx/xxxxxx_xxxxxxxxx.xpredictiveHigh
66Libraryxxxxxxxx.xxxpredictiveMedium
67Libraryxxxxxxxxxxxxxxxx.xxxpredictiveHigh
68Libraryxxxxxxxxxxxxxx.xxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveHigh
69Libraryxxxxxx.xxxpredictiveMedium
70Libraryxxxxxx.xxxpredictiveMedium
71Argument$xxxxpredictiveLow
72ArgumentxxxxxpredictiveLow
73ArgumentxxxxxxxxxxpredictiveMedium
74Argumentxxxxxxxxxx_xxxxpredictiveHigh
75Argumentxxx_xxpredictiveLow
76ArgumentxxxxxxxpredictiveLow
77ArgumentxxxxxxxxxxpredictiveMedium
78Argumentxxxx/xxxx/xxxxxxxxxpredictiveHigh
79ArgumentxxxxxpredictiveLow
80ArgumentxxxxxpredictiveLow
81Argumentxxxxx xxxxpredictiveMedium
82Argumentxxxx_xxxxxx[xxxxx]predictiveHigh
83ArgumentxxxxpredictiveLow
84ArgumentxxxxxxxpredictiveLow
85ArgumentxxxxpredictiveLow
86ArgumentxxpredictiveLow
87Argumentxxxxxxx_xxxxpredictiveMedium
88Argumentx_xxxxxx_xxxxx_xxxxpredictiveHigh
89Argumentxxxx_xxxxpredictiveMedium
90Argumentxxxxxxxx_xxpredictiveMedium
91ArgumentxxxxxxxxpredictiveMedium
92ArgumentxxxxxxpredictiveLow
93ArgumentxxxxxxxpredictiveLow
94ArgumentxxxpredictiveLow
95ArgumentxxxxpredictiveLow
96ArgumentxxxxpredictiveLow
97ArgumentxxxxxpredictiveLow
98Argumentxx_xxxx_xxxpredictiveMedium
99Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
100ArgumentxxxxxxxxxxxxpredictiveMedium
101Pattern|xx|xx|xx|predictiveMedium
102Network PortxxxxpredictiveLow
103Network Portxxx/xxxx (xxxxx)predictiveHigh
104Network Portxxx/xxxxpredictiveMedium
105Network Portxxx/xxx (xxx)predictiveHigh
106Network Portxxx/xxx (xxxx)predictiveHigh
107Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!