WikiLoader Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (32)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

pl	32

Country

us	32

Actors

WikiLoader	1

Activities

Interest

Timeline

Type

Not Defined	14
Router Operating System	10
Anti-Malware Software	4
Content Management System	2
Reporting Software	2

Vendor

Cisco	10
Not Defined	4
Trend Micro	4
Panasonic	2
IBM	2

Product

Cisco RV016	10
Cisco RV042	10
Cisco RV042G	10
Cisco RV082	10
Cisco RV320	10

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow	7.2	6.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00221	0.00	CVE-2021-1348
2	Cisco IOS XR/NX-OS IPv6 Access Control List access control	6.9	6.6	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00129	0.00	CVE-2021-1389
3	Redwood Report2Web signIn.do cross site scripting	4.8	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00116	0.00	CVE-2021-26710
4	Electric Coin Company Zcashd Time Offset information disclosure	4.4	4.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00084	0.00	CVE-2020-8807
5	Linux Kernel VSOCK af_vsock.c race condition	6.0	5.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00042	0.03	CVE-2021-26708
6	Redwood Report2Web default.htm injection	5.8	5.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00158	0.00	CVE-2021-26711
7	typora cross site scripting	4.8	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00129	0.00	CVE-2020-18737
8	IBM PowerHA Discovery information disclosure	4.7	4.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00042	0.00	CVE-2020-4832
9	Gitea denial of service	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00217	0.00	CVE-2021-3382
10	Psyprax Firebird Database access control	7.2	6.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00065	0.00	CVE-2020-10552
11	Psyprax Lockscreen PPScreen.ini permission	5.9	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2020-10553
12	Psyprax Password inadequate encryption	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00168	0.00	CVE-2020-10554
13	Zulip Desktop shell.openItem Privilege Escalation	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00650	0.00	CVE-2020-10857
14	Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow	7.2	6.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00221	0.00	CVE-2021-1319
15	Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow	7.2	6.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00221	0.00	CVE-2021-1320
16	Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow	7.2	6.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00221	0.00	CVE-2021-1321
17	Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow	7.2	6.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00221	0.00	CVE-2021-1338
18	Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow	7.2	6.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00221	0.00	CVE-2021-1340
19	Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow	7.2	6.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00221	0.00	CVE-2021-1344
20	Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow	7.2	6.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00221	0.00	CVE-2021-1345

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	54.146.113.169	ec2-54-146-113-169.compute-1.amazonaws.com	WikiLoader		02/13/2024	verified	Medium

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	High
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
4	TXXXX	CAPEC-19	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
6	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
7	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
8	TXXXX.XXX	CAPEC-459	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
9	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
10	TXXXX	CAPEC-112	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	%PROGRAMDATA%\Psyprax32\PPScreen.ini	predictive	High
2	File	Auth/Manager.php	predictive	High
3	File	xxxx/xxxxxx_xxxx/xxxxxxx/xxxxxxx.xxx	predictive	High
4	File	xxx/xxx_xxxxx/xx_xxxxx.x	predictive	High
5	File	xxxxxx.xx	predictive	Medium
6	File	xxxxxxxxxx.xxx	predictive	High
7	Argument	xxxx	predictive	Low
8	Argument	xxxx	predictive	Low
9	Argument	xxxx	predictive	Low

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!