3AM Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (35)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	26
ru	6
zh	4

Country

us	32
cn	4

Actors

LockBit	1
Cobalt Strike	1
UAC-0010	1
Scarab Ransomware	1
Phobos	1

Activities

Interest

Timeline

Type

Not Defined	14
Content Management System	2
WordPress Plugin	2
Network Camera Software	2

Vendor

Not Defined	10
Samsung	2
Xitex	2
Bitrix	2
Honeywell	2

Product

Samsung Memory Card & UFD Authentication Utility P ...	2
Xitex Xitex WebContent M1	2
Bitrix Site Manager	2
Honeywell ProWatch	2
Serendipity	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	LogicBoard CMS away.php redirect	6.3	6.1	$2k-$5k	$0-$1k	Not Defined	Unavailable	0.00000	3.98
2	Bitrix Site Manager redirect.php link following	5.3	4.7	$2k-$5k	$0-$1k	Unproven	Unavailable	0.00113	0.03	CVE-2008-2052
3	Serendipity exit.php privileges management	6.3	6.0	$2k-$5k	$0-$1k	Proof-of-Concept	Not Defined	0.00000	0.54
4	GetSimpleCMS index.php redirect	6.6	6.6	$1k-$2k	$0-$1k	Not Defined	Not Defined	0.00123	0.00	CVE-2019-9915
5	FLDS redir.php sql injection	7.3	7.3	$2k-$5k	$0-$1k	High	Unavailable	0.00203	0.00	CVE-2008-5928
6	Login and Logout Redirect Plugin redirect	3.5	3.4	$1k-$2k	$0-$1k	Not Defined	Not Defined	0.00046	0.03	CVE-2023-41648
7	WPMU Forminator Plugin unrestricted upload	4.3	4.1	$1k-$2k	$0-$1k	Not Defined	Official Fix	0.00045	0.25	CVE-2024-28890
8	Honeywell ProWatch permission assignment	7.5	7.4	$1k-$2k	$0-$1k	Not Defined	Official Fix	0.00042	0.03	CVE-2023-6179
9	SolusVM WHMCS resource injection	6.5	6.5	$1k-$2k	$0-$1k	Not Defined	Not Defined	0.00064	0.05	CVE-2022-42175
10	Openads adclick.php Remote Code Execution	7.3	6.9	$2k-$5k	$0-$1k	Proof-of-Concept	Not Defined	0.01871	0.69	CVE-2007-2046
11	MB connect line mymbCONNECT24/mbCONNECT24 redirect.php	6.2	6.2	$1k-$2k	$0-$1k	Not Defined	Official Fix	0.00084	0.04	CVE-2020-35560
12	WordPress AdServe adclick.php sql injection	7.3	6.6	$2k-$5k	$0-$1k	Proof-of-Concept	Official Fix	0.00073	0.15	CVE-2008-0507
13	Xitex Xitex WebContent M1 redirect.do cross site scripting	4.3	4.2	$1k-$2k	$0-$1k	High	Unavailable	0.00192	0.03	CVE-2008-1209
14	OpenX adclick.php redirect	5.3	4.7	$1k-$2k	$0-$1k	Unproven	Unavailable	0.00440	0.74	CVE-2014-2230
15	Samsung Memory Card & UFD Authentication Utility PC Software improper authentication	7.6	7.4	$1k-$2k	$0-$1k	Not Defined	Official Fix	0.00042	0.00	CVE-2023-41929
16	Crypto++ ECDSA Signature Generation FixedSizeAllocatorWithCleanup timing discrepancy	5.0	5.0	$0-$1k	$0-$1k	Not Defined	Official Fix	0.00046	0.00	CVE-2022-48570
17	AVM FRITZ!Box webcm os command injection	7.3	7.1	$2k-$5k	$0-$1k	High	Workaround	0.95895	0.03	CVE-2014-9727
18	grunt Package load code injection	5.8	5.2	$2k-$5k	$0-$1k	Not Defined	Official Fix	0.00851	0.07	CVE-2020-7729
19	Memcached process_bin_update integer overflow	9.0	8.9	$2k-$5k	$0-$1k	Not Defined	Official Fix	0.86732	0.03	CVE-2016-8705
20	AVTECH IP Camera/NVR/DVR PwdGrp.cgi command injection	9.8	9.2	$5k-$10k	$1k-$2k	High	Unavailable	0.00000	0.04

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Actor	Identified	Type	Confidence
1	85.159.229.62	3AM	10/11/2023	verified	High
2	XXX.XXX.X.XXX	Xxx	10/11/2023	verified	High
3	XXX.XX.XXX.X	Xxx	10/11/2023	verified	High

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
2	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	High
3	TXXXX	CAPEC-122	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
4	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
5	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
7	TXXXX	CAPEC-462	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
8	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/cgi-bin/supervisor/PwdGrp.cgi	predictive	High
2	File	/forum/away.php	predictive	High
3	File	adclick.php	predictive	Medium
4	File	xxxxx/xxxxx.xxx	predictive	High
5	File	xxx-xxx/xxxxx	predictive	High
6	File	xxxx.xxx	predictive	Medium
7	File	xxxxx.xxx	predictive	Medium
8	File	xxxxxxxx.xx	predictive	Medium
9	File	xxxxxxxx.xxx	predictive	Medium
10	Argument	xxxx	predictive	Low
11	Argument	xxxx	predictive	Low
12	Argument	xx	predictive	Low
13	Argument	xxxxxxxx	predictive	Medium
14	Argument	xxx	predictive	Low
15	Argument	xxx	predictive	Low
16	Argument	xxx:xxxx	predictive	Medium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!