Typeframe Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (64)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en60
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

al44
us20

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Typeframe1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined14
Database Software10
Operating System6
File Transfer Software4
Web Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined28
Oracle6
Linux4
Microsoft4
Symantec2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel4
OTRS4
Oracle Database4
MongoDB2
Jetty2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Symantec Messaging Gateway Charting ChartStream.java doGet path traversal6.56.0$5k-$25k$0-$5kHighOfficial Fix0.962320.00CVE-2016-5312
2WordPress REST API class-wp-rest-posts-controller.php privileges management6.36.3$5k-$25k$5k-$25kNot DefinedOfficial Fix0.002780.04CVE-2019-20043
3Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.03CVE-2017-0055
4Eagle Speed USB Modem Software ZDServ privileges management5.34.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
5Billion Router 7700NR4 Telnet Service hard-coded credentials7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.00
6OTRS webscript.pl os command injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.002980.00CVE-2011-0456
7wpa_supplicant data processing7.87.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000640.00CVE-2016-4477
8Corebos csv injection5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.000560.00CVE-2023-48029
9VideoLAN VLC Media Player MKV File send heap-based overflow7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.002180.00CVE-2020-26664
10Microsoft Windows Kernel-Mode Driver win32k.sys memory corruption5.35.1$5k-$25k$0-$5kHighOfficial Fix0.001290.00CVE-2015-2546
11Check Point SmartConsole access control6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2020-6024
12vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002380.04CVE-2007-6138
13Apple Mac OS X Server Wiki Server cross site scripting4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.002630.04CVE-2009-2814
14PHP File Permission rename access control6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.003670.04CVE-2019-9637
15Microsoft Windows DNS Server Remote Code Execution9.88.5$100k and more$5k-$25kUnprovenOfficial Fix0.040640.04CVE-2021-26897
16BlackCat CMS ajax_save.php cross site scripting3.63.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001250.00CVE-2021-27237
17Elementor File Upload unrestricted upload8.68.6$0-$5k$0-$5kNot DefinedNot Defined0.001360.03CVE-2020-7055
18DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.55CVE-2010-0966
19Cacti cmd.php popen sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.018230.05CVE-2006-6799
20GuildFTPd memory corruption10.010.0$0-$5k$0-$5kHighNot Defined0.402970.00CVE-2008-4572

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Typeframe

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
159.90.93.97static.bb.knl.59.90.93.97.bsnl.inLazarusTypeframe12/17/2020verifiedHigh
280.91.118.45ip-80-91-118-45.net.abissnet.alLazarusTypeframe12/17/2020verifiedHigh
3XX.X.XXX.XXXxxxxxxxxxx.xxx.xxXxxxxxxxx03/27/2022verifiedHigh
4XX.XXX.XXX.XXXxxxx-xx-xxx-xxx-xxx.xxxxxxxx.xxx.xx.xxxXxxxxxxxx03/27/2022verifiedHigh
5XXX.XXX.XX.XXXXxxxxxxxx03/27/2022verifiedHigh
6XXX.XXX.XX.XXXxxxxxxxx03/27/2022verifiedHigh
7XXX.XXX.XXX.XXxxxxxxXxxxxxxxx12/17/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3TXXXXCAPEC-242CWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (31)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.procmailrcpredictiveMedium
2File/etc/sudoerspredictiveMedium
3File/uncpath/predictiveMedium
4Filebackend/preferences/ajax_save.phppredictiveHigh
5Filexxxxxxx.xxxpredictiveMedium
6Filexxx.xxxpredictiveLow
7Filexxx/xx/xxxxxxxxx/xxxxxxx/xxxxxxxxxxx.xxxxpredictiveHigh
8Filexxx.xxxpredictiveLow
9Filexxx/xxxxxx.xxxpredictiveHigh
10Filexxxxx.xxpredictiveMedium
11Filexx.xxxpredictiveLow
12Filexxx/xxxxxx.xpredictiveMedium
13FilexxxxxxpredictiveLow
14Filexxxxx.xxxpredictiveMedium
15Filexxxxxxxxx_xxxpredictiveHigh
16Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
17Filexxxxxxxxx.xxpredictiveMedium
18Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
19Libraryxxxxxx.xxxpredictiveMedium
20Libraryxxxxxxxxxxx.xxxpredictiveHigh
21ArgumentxxxxxxxxpredictiveMedium
22Argumentxxxxxxx xxxxpredictiveMedium
23ArgumentxxxxxxxxxxpredictiveMedium
24ArgumentxxxxxxxxpredictiveMedium
25Argumentxxxxxx_xxxxxxx_xxxxxxx/xxxxxx_xxxxxxx_xxxxpredictiveHigh
26ArgumentxxpredictiveLow
27ArgumentxxxxpredictiveLow
28Input Value../../xxx-xxx/xxxpredictiveHigh
29Input ValuexxxxxxxxpredictiveMedium
30Input Value\x\xpredictiveLow
31Network Portxxx/xx (xxxxxx)predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!