Vulturi Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (569)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en568
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us500

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Vulturi2
Cobalt Strike1
Remcos1
Nanocore RAT1
Ave Maria1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined188
Web Browser38
Operating System34
Programming Language Software32
Messaging Software30

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined154
Oracle70
Google30
Cisco28
Apple20

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome26
Oracle Java SE22
Moodle18
Pidgin18
Linux Kernel18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.02CVE-2017-5611
2Litespeed Technologies OpenLiteSpeed Web Server Dashboard command injection7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000600.02CVE-2022-0073
3LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.46
4Twiki statistics cross site scripting5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.001530.03CVE-2018-20212
5SolarWinds Serv-U FTP Server Web Management Interface Reflected cross site scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.002110.00CVE-2018-19934
6Nextcloud Server access control6.96.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000700.00CVE-2023-30539
7Dropbear svr-auth.c recv_msg_userauth_request User information disclosure5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.003020.00CVE-2018-15599
8libX11 XListExtensions ListExt.c input validation6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.009980.00CVE-2018-14598
9Google Chrome protection mechanism5.55.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001310.00CVE-2022-2160
10Google Chrome File System API protection mechanism5.55.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.005410.00CVE-2022-2162
11Google Chrome WebApp Provider use after free5.55.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.004040.00CVE-2022-2161
12Google Chrome Extensions API Privilege Escalation5.55.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001310.00CVE-2022-2164
13Google Chrome Cast UI/Toolbar use after free6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.002850.03CVE-2022-2163
14Google Chrome URL Format Remote Code Execution6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.003860.00CVE-2022-2165
15cifs-utils krb5 CIFS File System privileges assignment5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000900.00CVE-2021-20208
16Apple Safari WebKit CSP access control6.96.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.003450.00CVE-2017-2419
17Zoho ManageEngine ServiceDesk Plus access control6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.006340.00CVE-2019-12252
18Apache Tomcat JSP File unrestricted upload7.77.5$5k-$25k$0-$5kHighOfficial Fix0.975330.03CVE-2017-12617
19Oracle MySQL Server Installing resource consumption6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.008060.00CVE-2018-0739
20PrestaShop Error Message information disclosure5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001970.00CVE-2011-3796

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
134.69.68.209209.68.69.34.bc.googleusercontent.comVulturi03/15/2022verifiedMedium
2103.114.104.36Vulturi03/26/2022verifiedHigh
3XXX.XXX.XXX.XXxxx-xxxxxxxxxx.xxx-xxxxx.xxxXxxxxxx03/15/2022verifiedHigh
4XXX.XX.XX.XXXxxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx03/15/2022verifiedHigh
5XXX.XXX.XX.XXXxxxxxx04/12/2022verifiedHigh
6XXX.X.XX.XXXxxx-x-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxx03/15/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Path TraversalpredictiveHigh
2T1059CWE-94Argument InjectionpredictiveHigh
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4T1068CWE-264, CWE-266, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
5TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (171)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/admin/customers.phppredictiveHigh
3File/admin/user/UserAdmin.dopredictiveHigh
4File/cgi-bin/changepw.cgipredictiveHigh
5File/cgi-bin/dhcp.cgipredictiveHigh
6File/cgi-bin/hosts.cgipredictiveHigh
7File/cgi-bin/hotspot-changepw.cgipredictiveHigh
8File/cgi-bin/proxyconfig.cgipredictiveHigh
9File/cgi-bin/testcgipredictiveHigh
10File/cgi-bin/webprocpredictiveHigh
11File/cocoon/statuspredictiveHigh
12File/dana/nc/ncrun.cgipredictiveHigh
13File/enterprise/www/student.phppredictiveHigh
14File/forum/away.phppredictiveHigh
15File/groups/31-twitter-basicspredictiveHigh
16File/oscommerce/admin/administrators.phppredictiveHigh
17File/oscommerce/admin/countries.phppredictiveHigh
18File/oscommerce/admin/currencies.phppredictiveHigh
19File/oscommerce/admin/orders_status.phppredictiveHigh
20Fileadmin.comms.phppredictiveHigh
21Fileadmin/configure.phppredictiveHigh
22Fileadmin/install.phppredictiveHigh
23Filexxxxxxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
24Filexxxxxxxx_xxxxxxxx_xxxxxxx.xxxpredictiveHigh
25Filexxxxxxxxxxxxxx.xxxpredictiveHigh
26Filexxxxx.xxxpredictiveMedium
27Filexxxx/xxxxxx.xpredictiveHigh
28Filexxx/xxxxxxxxxxpredictiveHigh
29Filexxxxxxxx.xpredictiveMedium
30Filexxxxxxxxx.xxxpredictiveHigh
31Filexxxxxxxx.xxxpredictiveMedium
32Filexxxxxx/xxx.xpredictiveMedium
33Filexxxxxxxxxx.xxxpredictiveHigh
34Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
35Filexxxx/xxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
36Filexxxxxxx.xxxxpredictiveMedium
37Filexxxxxxxxx.xxxpredictiveHigh
38Filexxxx-xxxxx.xxpredictiveHigh
39Filexxxxxxxx.xxxpredictiveMedium
40Filexxxxxxxx_xxxx.xxxpredictiveHigh
41Filexxxxxxx/xxxxxxxxxx/xxx/xxxx/xx_xxxx.xpredictiveHigh
42Filexxxxxxx/xxx/xxxxxxxx/xxxxxxxx/xxxxxxxxx/xxxxxxxx/xxxxxxxx.xpredictiveHigh
43Filexxxxxxx/xxxx/xxxxxx/xxxxxx_xxx.xpredictiveHigh
44Filexxxxx.xxxpredictiveMedium
45Filexxxx_xx_xxxx.xxxpredictiveHigh
46Filexxxxxxxxxx.xxxpredictiveHigh
47Filexxxxxxxxxx.xxxpredictiveHigh
48Filexxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
49Filexx/xxxxxxxxx/xxxx_xx.xpredictiveHigh
50Filexxxxxx.xxpredictiveMedium
51Filexxxxx_xxxxxxx.xxxpredictiveHigh
52Filexxxxxxxx.xxxpredictiveMedium
53Filexxxxxxxx.xxxpredictiveMedium
54Filexxxxxxx/xxx/xxx.xpredictiveHigh
55Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
56Filexxxxx.xxxpredictiveMedium
57Filexxxxxxx.xxxpredictiveMedium
58Filexxxxxxx.xxpredictiveMedium
59Filexxxxxx.xxxpredictiveMedium
60Filexxxxxx.x++predictiveMedium
61Filexxxxxxxxxx/xxxxxxxxx.xpredictiveHigh
62Filexxxxxxx.xpredictiveMedium
63Filexxxxxxxxxx/xxxx.xpredictiveHigh
64Filexxxxxxxxxx/xxxx.xpredictiveHigh
65Filexxxxxxxxxx.xpredictiveMedium
66Filexxxx_xxx.xxxxxpredictiveHigh
67Filexx_xxxxpredictiveLow
68Filexxxx/xxxxxxx.xpredictiveHigh
69Filexxxx/xxxxxxx_xxxx.xpredictiveHigh
70Filexxxx.xpredictiveLow
71Filexxx.xxxpredictiveLow
72Filexxxxxxx/xxxxxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
73Filexxxxxxx/xxxxx/xxxx.xxxpredictiveHigh
74Filexxx.xpredictiveLow
75Filexxxx.xxxpredictiveMedium
76Filexxx_xxxxx.xpredictiveMedium
77Filexxxxxxxx.xxxpredictiveMedium
78Filexxxx.xpredictiveLow
79Filexxxxxxxx.xpredictiveMedium
80Filexxxxxxxxx.xxxpredictiveHigh
81Filexxxxx_xxxxxxxxx.xxxpredictiveHigh
82Filexxxxxxxx_xxxxxxx.xxxpredictiveHigh
83Filexxxxxxx.xxxpredictiveMedium
84Filexxx/xxxxxx.xpredictiveMedium
85Filexxxxxxxx.xx?xxxxxxxxxxxx=xxxxxxxx&xxxx=x-xxxx&xxxxxxxx=xxxxxxxxxx&xxpredictiveHigh
86Filexxxxxxxx/xxxx/xxxx.xpredictiveHigh
87Filexxxx_xxxx_xxxxpredictiveHigh
88Filexxx_xxxx.xxxpredictiveMedium
89Filexxx_xxxxxx.xxxpredictiveHigh
90Filexxx-xxxx.xpredictiveMedium
91Filexxxxxxxxxxxx/xxxxxx/xxxxxxx.xxxxpredictiveHigh
92Filexx-xxxxx/xxxxx.xxxpredictiveHigh
93Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
94Filexx-xxxx.xxxpredictiveMedium
95Filexxxx_xxxx_xxxxxxx.xxxpredictiveHigh
96Libraryxxx/xxxxxxx/xxxxx/xxxx_xxxxx_xxxxxx.xxxpredictiveHigh
97Libraryxxx/xxx.xxpredictiveMedium
98Libraryxxx/xxxxxxx/xxxxxx/xxxxx.xxxxxxx.xxxpredictiveHigh
99Libraryxxx/xxxxx/xxxxxxxx.xxxpredictiveHigh
100Libraryxxxxxxxxxx.xxxpredictiveHigh
101Libraryxxxxxxx.xxx.xx.xxxpredictiveHigh
102Argument--xxxxxxxxpredictiveMedium
103Argument-x/-x/-x/-x/-xpredictiveHigh
104Argument:$xxxxpredictiveLow
105Argumentxxxx_xxxxpredictiveMedium
106Argumentxxxx_xxxxxxxpredictiveMedium
107Argumentxxxx_xxxxpredictiveMedium
108ArgumentxxxxxpredictiveLow
109ArgumentxxpredictiveLow
110ArgumentxxxxxxpredictiveLow
111ArgumentxxxpredictiveLow
112ArgumentxxxxxxxxpredictiveMedium
113Argumentxxxxxxxx_xxpredictiveMedium
114ArgumentxxxxpredictiveLow
115ArgumentxxxxxxxpredictiveLow
116ArgumentxxxxxxxpredictiveLow
117ArgumentxxxxxxxpredictiveLow
118ArgumentxxxxxxxxxxpredictiveMedium
119Argumentxxxxxxx_xxxxpredictiveMedium
120Argumentxxxxxxx_xxxx_xxpredictiveHigh
121ArgumentxxxxxxxxxxxpredictiveMedium
122Argumentxx_xxpredictiveLow
123Argumentxxxxxxxxx->xxxxxxxxxpredictiveHigh
124ArgumentxxxxxpredictiveLow
125ArgumentxxxxpredictiveLow
126Argumentxxxxxx[x][xxxxx]predictiveHigh
127ArgumentxxxxxxpredictiveLow
128Argumentx_xxxxxxxxpredictiveMedium
129ArgumentxxxxpredictiveLow
130ArgumentxxpredictiveLow
131Argumentxxxxx_xxxxpredictiveMedium
132ArgumentxxxxxxxxpredictiveMedium
133Argumentxxxx_xxxxxxpredictiveMedium
134ArgumentxxxxxxxxpredictiveMedium
135ArgumentxxxxpredictiveLow
136Argumentxxxx/xxx_xxxxxx/xxxxpredictiveHigh
137Argumentxxxx/xxxpredictiveMedium
138Argumentxxx_xxxxxxpredictiveMedium
139ArgumentxxxxxxxxxxpredictiveMedium
140ArgumentxxxxpredictiveLow
141ArgumentxxxxxxxpredictiveLow
142ArgumentxxxxxxxxxpredictiveMedium
143ArgumentxxxxxxxpredictiveLow
144ArgumentxxxxxxxxxxxpredictiveMedium
145Argumentxxxxx_xxxxpredictiveMedium
146ArgumentxxxxxxpredictiveLow
147Argumentxxxxxxxx_xxxpredictiveMedium
148Argumentxxxx-xxxxx[xxxxxxxxx]predictiveHigh
149ArgumentxxxxxxpredictiveLow
150ArgumentxxxxxxxpredictiveLow
151ArgumentxxxxpredictiveLow
152ArgumentxxxxxxxxpredictiveMedium
153ArgumentxxxxxpredictiveLow
154ArgumentxxxxpredictiveLow
155Argumentxxxxxxxxx_xxxxxxxxxxxxpredictiveHigh
156ArgumentxxxxpredictiveLow
157ArgumentxxxxxxxxxpredictiveMedium
158ArgumentxxxpredictiveLow
159ArgumentxxxpredictiveLow
160ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveHigh
161Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
162Argumentxxxx_xxpredictiveLow
163ArgumentxxxxpredictiveLow
164ArgumentxxxxpredictiveLow
165Input Value"><xxx xxx=""" xxxxxxx=xxxxx('xxxx')>predictiveHigh
166Input Value%xx%xx%xxxxxxxx%xxxxxxx%xxxxxxxxxx.xxxxxx%xx%xx/xxxxxx%xx%xxxxx%xxxxxxx=%xxxpredictiveHigh
167Input Valuex%xx%xx%xxxx%xxxxxxpredictiveHigh
168Input Valuexx+/*!xxxxx*/xxxxxx+x,x,x,x,x,x,xxxxxxxx,x,x,xx,xx,xx+xxxx+xxxxx--predictiveHigh
169Network Portxxx/xxxxpredictiveMedium
170Network Portxxx/xxxxpredictiveMedium
171Network Portxxx/xxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!