Zardoor Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (39)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en34
it4
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us32
ru4
cn2
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Zardoor6
Gamaredon2
Bashlite1
Chafer1
Rhadamanthys1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined24
Content Management System4
Smartphone Operating System2
Firewall Software2
Groupware Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined10
Huawei4
Famatech2
Apple2
Marvell2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Huawei B593-u124
Huawei B593-s224
Famatech Remote Administrator2
Apple iOS2
Devilz Clanportal2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2Cisco IOS XE Web UI Remote Code Execution9.99.7$25k-$100k$5k-$25kHighOfficial Fix0.873280.04CVE-2023-20198
3amauric tarteaucitron.js cross site scripting4.54.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2023-3620
4MikroTik RouterOS RSC File export command injection6.76.6$0-$5k$0-$5kNot DefinedWorkaround0.001520.02CVE-2021-27221
5Roundcube SVG Document rcube_washtml.php cross site scripting5.35.2$0-$5k$0-$5kHighOfficial Fix0.006800.05CVE-2023-5631
6PHPizabi index.php path traversal6.55.7$0-$5k$0-$5kUnprovenUnavailable0.008260.05CVE-2008-3723
7SAP Business One SMB Shared Folder access control8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.03CVE-2023-31403
8Check Point Harmony Endpoint/ZoneAlarm Extreme Security permission assignment6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2023-28134
9OTRS OpenSSL SSL_get_verify_result certificate validation7.27.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000610.02CVE-2023-5422
10FireEye Malware Analysis System PCAP File send_pcap_file sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.000000.00
11SolarWinds Orion sql injection6.76.6$0-$5k$0-$5kNot DefinedOfficial Fix0.012930.00CVE-2021-35234
12TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.0107510.00CVE-2006-6168
13Marvell 88W8688 Parrot Faurecia Automotive FC6050W out-of-bounds write8.07.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.003650.00CVE-2019-13582
14PHPOutsourcing IdeaBox include.php code injection7.36.4$0-$5k$0-$5kUnprovenUnavailable0.174100.04CVE-2008-5199
15Media-products Eros Webkatalog start.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.001190.00CVE-2010-0964
16Open Design Alliance Drawings SDK DGN File out-of-bounds write5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000800.00CVE-2021-32952
17Apple iOS Racoon Configuration File format string9.88.8$100k and more$5k-$25kProof-of-ConceptOfficial Fix0.011300.00CVE-2012-0646
18Microsoft Exchange Server Privilege Escalation9.58.2$25k-$100k$0-$5kUnprovenOfficial Fix0.003040.00CVE-2021-26427
19Server LDAP Server permission5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.006840.00CVE-2019-3824
20hostapd/wpa_supplicant EAP-pwd eap_server_pwd.c null pointer dereference4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.016080.00CVE-2019-11555

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
170.34.194.18570.34.194.185.vultrusercontent.comZardoor02/09/2024verifiedHigh
270.34.195.22170.34.195.221.vultrusercontent.comZardoor02/09/2024verifiedHigh
370.34.208.19770.34.208.197.vultrusercontent.comZardoor02/09/2024verifiedHigh
4XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx02/09/2024verifiedHigh
5XXX.XXX.XX.XXXxxxxxx02/09/2024verifiedHigh
6XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx02/09/2024verifiedHigh
7XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx02/09/2024verifiedHigh
8XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx02/09/2024verifiedHigh
9XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx02/09/2024verifiedHigh
10XXX.XX.XXX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxx02/09/2024verifiedHigh
11XXX.XX.X.XXXxxx.xx.x.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx02/09/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-19CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (23)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/exportpredictiveLow
2File/forum/away.phppredictiveHigh
3File/inc/HTTPClient.phppredictiveHigh
4Fileadd_comment.phppredictiveHigh
5Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
6Filexxx_xxxxxx/xxx_xxxxxx_xxx.xpredictiveHigh
7Filexxxxxxxx/xxxxxxxxxpredictiveHigh
8Filexxx/xxxxxx.xxxpredictiveHigh
9Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
10Filexxxxxxx.xxxpredictiveMedium
11Filexxxxx.xxxpredictiveMedium
12Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
13Filexxxxxxxx_xxxx.xxxpredictiveHigh
14Filexxxx_xxxx_xxxxpredictiveHigh
15Filexxxxx.xxxpredictiveMedium
16Filexxxx-xxxxxxxx.xxxpredictiveHigh
17Libraryxxxxxxx/xxx/xxxxxxxxx/xxxxx_xxxxxxx.xxxpredictiveHigh
18ArgumentxxxxxxxxpredictiveMedium
19Argumentxx_xxpredictiveLow
20ArgumentxxxxpredictiveLow
21ArgumentxxxxxxxxpredictiveMedium
22ArgumentxxpredictiveLow
23ArgumentxxxxxxxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!