Capesand Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (82)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en78
zh4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us68
cn10
gb2
id2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Capesand2
NjRAT1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined34
Content Management System6
Programming Language Software6
Smartphone Operating System4
Reporting Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined28
Microsoft4
Adobe4
Awpcp2
Zenhelpdesk2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Dnsmasq2
elliptic2
WordPress2
Awpcp Another WordPress Classifieds Plugin2
Portainer2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Adobe ColdFusion xml external entity reference6.96.6$0-$5k$0-$5kNot DefinedOfficial Fix0.002460.00CVE-2017-11286
2ThinkPad Compact USB Keyboard Driver unquoted search path6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2017-3751
3GNU binutils libbfd mach-o.c bfd_mach_o_read_symtab_strtab out-of-bounds write6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001120.00CVE-2017-12459
4GNU binutils libbfd section.c bfd_make_section_with_flags null pointer dereference5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000950.00CVE-2017-12457
5puppet Configuration File certificate validation5.95.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001130.00CVE-2014-3250
6Arris TG1682G ajax_managed_services.php Stored cross site scripting5.24.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001160.00CVE-2017-16836
7flatCore CMS Configuration cross-site request forgery6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.005880.00CVE-2017-7877
8mcart.xls Module mcart_xls_import.php sql injection7.17.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.004650.00CVE-2015-8356
9elFinder LocalVolumeDriver Connector elFinderVolumeLocalFileSystem.class.php _joinPath path traversal6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000630.02CVE-2023-35840
10Fuji Xerox ApeosPort-V 5070 PJL Command command injection8.57.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.010970.02CVE-2018-16709
11Virtual Programming VP-ASP Shopping Cart shopreviewlist.asp sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001870.04CVE-2004-2412
12Saskia Bruckner Saskias Shopsystem content.php path traversal7.37.1$0-$5k$0-$5kHighUnavailable0.004450.00CVE-2010-0957
13AeroCMS sql injection6.46.3$0-$5k$0-$5kNot DefinedNot Defined0.000850.00CVE-2022-38812
14SourceCodester Garage Management System manage_website.php unrestricted upload7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.001040.00CVE-2022-37184
15elliptic secp256k1 key.js cryptographic issues5.65.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001160.09CVE-2020-28498
16Sangoma NetBorder/Vega Session Controller Web Interface access control8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004980.00CVE-2017-17430
17Zenhelpdesk Zen Help Desk Login adminlogin.asp sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.001070.03CVE-2009-2604
18Apple iOS/iPadOS IOMobileFrameBuffer memory corruption7.87.5$25k-$100k$5k-$25kHighOfficial Fix0.002630.04CVE-2022-22587
19Todd Miller sudo sudoedit sudoers access control7.87.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000610.05CVE-2015-5602
20Oracle WebCenter Sites Advanced UI information disclosure8.68.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.006230.00CVE-2019-2578

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1107.167.244.67Capesand11/08/2019verifiedHigh
2XXX.XX.XX.XXXxxx.xxxxxxxxxxxxxxxxxxxxx.xxxXxxxxxxx11/08/2019verifiedHigh
3XXX.XXX.XXX.XXxxxxxxx11/08/2019verifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
10TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (38)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/etc/sudoerspredictiveMedium
2File/REBOOTSYSTEMpredictiveHigh
3File/src/helper.cpredictiveHigh
4File/uncpath/predictiveMedium
5FileactionHandler/ajax_managed_services.phppredictiveHigh
6Filexxxxx/xxxxx_xxx_xxxxxx.xxxpredictiveHigh
7Filexxxxxxxxxx.xxxpredictiveHigh
8Filexxx/xxxx-x.xpredictiveMedium
9Filexxxxxxxxxx.xxxpredictiveHigh
10Filexxxxxxx.xxxpredictiveMedium
11Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
12Filexxxxxxxx/xx/xxx.xxpredictiveHigh
13Filexxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxx.xxxpredictiveMedium
15Filexxxxx.xxxpredictiveMedium
16Filexxxxxxx.xxxpredictiveMedium
17Filexxxx_xxxx.xxxpredictiveHigh
18Filexxxxxx_xxxxxxx.xxxpredictiveHigh
19Filexxxxxx/xxxxxxx_xxxx.xxxpredictiveHigh
20Filexxxxxxxxxxxxx.xxxpredictiveHigh
21Filexxxxxx.xxxpredictiveMedium
22Filexxx.xpredictiveLow
23Filexxxxxxx.xpredictiveMedium
24Filexxxxxxxxxxxxxx.xxxpredictiveHigh
25Filexxxxxx.xxxpredictiveMedium
26Filexxx-xxxxx.xpredictiveMedium
27Libraryxxx/xxxxxxxxx/xxx.xpredictiveHigh
28ArgumentxxxxxpredictiveLow
29ArgumentxxxxxxpredictiveLow
30ArgumentxxxxxxxxxpredictiveMedium
31Argumentxxxx_xxpredictiveLow
32Argumentxxxxxx_xxxxxxx_xxxxxxpredictiveHigh
33ArgumentxxpredictiveLow
34ArgumentxxxxxxxxxxpredictiveMedium
35ArgumentxxxxxxxpredictiveLow
36ArgumentxxxxxxxpredictiveLow
37ArgumentxxxxxxxxpredictiveMedium
38Argumentxxx_xxxxxx_xxxxxxx_xx_xxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!