Boostwrite and RDFSniffer Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en16
sv6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us12
ru6
cn2
se2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

IcedID1
Gootkit1
ISFB1
Gozi1
SharkBot1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined10
Network Camera Software6
Peer-to-Peer Software2
Cloud Software2
Groupware Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined2
CeNova/Night OWL/Novo/Pulnix/QSee/Securus2
Shenzhen Hichip Vision Technology2
Dahua2
Tiandy2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Go Doc Dot Org2
CeNova/Night OWL/Novo/Pulnix/QSee/Securus DVR2
Shenzhen Hichip Vision Technology V62
Shenzhen Hichip Vision Technology V72
Shenzhen Hichip Vision Technology V82

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Microsoft Exchange Server Mail memory corruption8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.383280.00CVE-2018-8302
2Delta Electronics ASDA-Soft Project File out-of-bounds write7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000690.00CVE-2022-1403
3Fujitsu ETERNUS CentricStor CS8000 grel.php grel_finfo os command injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.007310.00CVE-2022-31795
4Oracle WebLogic Server Web Container information disclosure7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.962870.02CVE-2022-21371
5Palo Alto PAN-OS Web Interface os command injection8.07.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001280.05CVE-2021-3058
6Schneider Electric EcoStruxure Building Operation WebStation Web Page Generation cross site scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000780.00CVE-2020-28210
7Tiandy IP Cameras Service Port 3001 information disclosure6.45.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.005810.02CVE-2017-15236
8Shenzhen Hichip Vision Technology V20 P2P Service buffer overflow8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.006270.04CVE-2020-9527
9Shenzhen Hichip Vision Technology V20 privileges management8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.001710.03CVE-2020-9529
10ANNKE SP1 HD Wireless Camera SSID cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000870.02CVE-2017-18483
11Mobotix IP Network Camera cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
12CeNova/Night OWL/Novo/Pulnix/QSee/Securus DVR download.rsp Credentials credentials management7.57.4$0-$5k$0-$5kNot DefinedWorkaround0.005510.00CVE-2018-10676
13Dahua Web P2P Key information disclosure4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000440.04CVE-2020-9501
14AVTECH IP Camera/NVR/DVR PwdGrp.cgi command injection9.89.2$5k-$25k$0-$5kHighUnavailable0.000000.04
15Microsoft Exchange Server deserialization8.07.9$5k-$25k$0-$5kHighOfficial Fix0.971510.06CVE-2020-0688
16Apple iCloud Foundation state issue4.44.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2020-10002
17Go Doc Dot Org Package path traversal8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.013260.03CVE-2018-12976
18Symantec Messaging Gateway server-side request forgery7.37.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000830.00CVE-2019-18379
19Cisco Embedded Device X.509 Certificate certificate validation5.75.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.003380.00CVE-2015-6358
20Orpak SiteOmat OrCU code injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005710.02CVE-2017-14853

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1109.230.199.227reserved07.theonlygreeting.comBoostwrite and RDFSniffer10/10/2019verifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
2Filedownload.rsppredictiveMedium
3Filexxxx.xxxpredictiveMedium
4Argumentxxx_xxxxx_xxxx_xxxxxxxpredictiveHigh
5Argumentxxxx/xx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!