Beapy Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (180)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en140
zh36
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn98
us56
tr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Beapy4
Cobalt Strike2
Kimsuky1
Andariel1
APT291

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined58
Operating System18
Web Browser16
Router Operating System10
Content Management System8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined52
Google18
Oracle12
Microsoft12
Cisco8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome16
Microsoft Windows10
WordPress6
GitLab Enterprise Edition4
Linux Kernel4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1VMware vSphere Replication command injection6.76.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001820.05CVE-2021-21976
2Oracle MySQL Server InnoDB access control5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000980.00CVE-2018-3185
3Jenkins Queue authorization5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000540.02CVE-2021-21670
4NAS4Free exec.php code injection6.36.3$0-$5k$0-$5kHighNot Defined0.507360.04CVE-2013-3631
5Penta WAPPLES access control7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2022-35582
6Samba Kerberos Library/AD DC integer overflow5.04.8$0-$5k$0-$5kNot DefinedOfficial Fix0.004910.03CVE-2022-42898
7protobuf.js prototype pollution7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001290.00CVE-2023-36665
8Microsoft Windows Scripting Language Remote Code Execution8.88.5$25k-$100k$5k-$25kHighOfficial Fix0.186470.00CVE-2022-41128
9Apache Commons Text Variable Interpolation code injection8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.971500.04CVE-2022-42889
10Shirne CMS controller.php path traversal5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.006630.03CVE-2022-37299
11Acer Quick Access QAAdminAgent.exe untrusted search path6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000960.04CVE-2019-18670
12Advanced SystemCare Ultimate Driver Monitor_win7_x64.sys input validation7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.000420.02CVE-2018-9006
13Progress MOVEit Transfer REST API MOVEit.DMZ.WebApi.dll sql injection8.38.2$0-$5k$0-$5kNot DefinedOfficial Fix0.003570.02CVE-2019-16383
14BaserCMS ThemeFilesController.php cross site scripting6.75.9$0-$5k$0-$5kNot DefinedOfficial Fix0.009020.00CVE-2020-15159
15IBM Security Secret Server SSL Certificate Validator improper authentication3.13.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000670.00CVE-2020-4340
16Cisco Web Security Appliance API Framework Header Injection response splitting6.05.8$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000870.00CVE-2020-3117
17Cisco IOS XR DVMRP resource consumption6.96.8$5k-$25k$0-$5kHighOfficial Fix0.003260.00CVE-2020-3569
18Aruba CX Switch Cisco Discovery Protocol denial of service3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000990.00CVE-2020-7122
19Openexpert expert_wizard.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.02
20Jenkins Command Line Interface information disclosure5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.957790.00CVE-2024-23897

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
127.102.107.137Beapy04/30/2019verifiedHigh
227.102.130.126Beapy04/30/2019verifiedHigh
3123.129.254.12Beapy04/30/2019verifiedHigh
4XXX.XXX.XXX.XXXXxxxx04/30/2019verifiedHigh
5XXX.XXX.XXX.XXXXxxxx04/30/2019verifiedHigh
6XXX.XXX.XXX.XXXXxxxx04/30/2019verifiedHigh
7XXX.XXX.XXX.XXXXxxxx04/30/2019verifiedHigh
8XXX.XXX.XXX.XXXXxxxx04/30/2019verifiedHigh
9XXX.XXX.XXX.XXXXxxxx04/30/2019verifiedHigh
10XXX.XXX.XXX.XXXXxxxx04/30/2019verifiedHigh
11XXX.XX.X.XXXxxxx04/30/2019verifiedHigh
12XXX.XXX.XXX.XXXXxxxx04/30/2019verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-425Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94, CWE-1321Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
12TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (54)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/admin/index2.htmlpredictiveHigh
3File/cgi-bin/webprocpredictiveHigh
4File/crmeb/crmeb/services/UploadService.phppredictiveHigh
5File/envpredictiveLow
6File/expert_wizard.phppredictiveHigh
7File/x/predictiveLow
8File/xxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxxpredictiveHigh
9File/xxxxxxpredictiveLow
10File/xx/#/predictiveLow
11Filexxxxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
12Filexxxxxxx/xxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
13Filexxxxxxxxxxx\xxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
14Filexxxxxx.xxxpredictiveMedium
15Filexxxx.xpredictiveLow
16Filexxxxxxx/xxx/xxx/xxxxx.xpredictiveHigh
17Filexxxx.xxxxpredictiveMedium
18Filexxxx.xxxpredictiveMedium
19Filexxxxxxx.xxxpredictiveMedium
20Filexxxxxxx.xxxpredictiveMedium
21Filexxxxxxx-xxxxxxxxx>/xxxxxxxxxx/xxx-xxxpredictiveHigh
22Filexxxxxx/xxxxxx.xpredictiveHigh
23Filexxxx/xxxxxx.xxxpredictiveHigh
24Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
25Filexxxxxxxxxxxx.xxxpredictiveHigh
26Filexxxxx.xxxpredictiveMedium
27Filexxx/xxxx/xxxx/xxx.xxxxxxxx.xxxxxxx/xxxxxxx/xxx/xxxxxx.xxxxpredictiveHigh
28Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
30File_x_/xxxx/_x_/xxx/xxxxxx_xxxxxxxxxxxxxpredictiveHigh
31Libraryxxxxx.xxxpredictiveMedium
32Libraryxxxx.xxxpredictiveMedium
33Libraryxxxxxxx_xxxx_xxx.xxxpredictiveHigh
34Libraryxxxxxx.xxx.xxxxxx.xxxpredictiveHigh
35Libraryxxxxxxxxxxxxx.xxxpredictiveHigh
36Libraryxxxxx.xxxpredictiveMedium
37Argument-x/-xpredictiveLow
38Argumentxxxx_xxpredictiveLow
39ArgumentxxxxxxxpredictiveLow
40Argumentxxxxxxx xxxxpredictiveMedium
41ArgumentxxxxxxxpredictiveLow
42ArgumentxxxxxxxxpredictiveMedium
43ArgumentxxpredictiveLow
44ArgumentxxxxxxpredictiveLow
45Argumentxxxxxxxxxx[xxx][x]predictiveHigh
46ArgumentxxxxpredictiveLow
47ArgumentxxpredictiveLow
48ArgumentxxxpredictiveLow
49ArgumentxxxxxxxxpredictiveMedium
50Argumentxxxx->xxxxxxxpredictiveHigh
51Input Value..\predictiveLow
52Input Valuex'predictiveLow
53Network PortxxxxpredictiveLow
54Network PortxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!