CloudEyE Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (65)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en20
sv16
de6
ru4
pl4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

sv16
us14
de6
ru4
pl4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Remcos2
Cobalt Strike2
RedLine Stealer2
AsyncRAT2
Quasar RAT2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined32
SCADA Software8
Operating System4
Programming Language Software4
Hardware Driver Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined16
Microsoft8
Schneider Electric8
Apache2
TOTOLINK2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Cryptocat4
Schneider Electric Modicon M340 CPU4
Schneider Electric Modicon M580 CPU4
PHP4
Apache Traffic Server2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Schneider Electric EcoStruxure Control Expert Modbus password recovery8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002010.03CVE-2022-37300
2Schneider Electric Andover Continuum Code Generation code injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.023290.03CVE-2020-7480
3Schneider Electric Andover Continuum Web Server cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000780.04CVE-2020-7482
4BigTree CMS File Upload unrestricted upload8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001510.03CVE-2017-7695
5Schneider Electric MiCOM S1 Studio Configuration File access control7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000520.02CVE-2013-0687
6Alstom MiCOM S1 Studio access control7.87.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2013-2786
7Lithium CMS Stored path traversal6.56.1$0-$5k$0-$5kFunctionalUnavailable0.017180.00CVE-2006-5731
8TOTOLINK EX200 GET Parameter downloadFlile.cgi command injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.320890.00CVE-2021-43711
9Enthrallweb eCars types.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.003480.02CVE-2006-6803
10Hotjar Plugin cross site scripting2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2023-1259
11Schneider Electric Modicon MC80 Modbus TCP Protocol integer underflow7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000780.02CVE-2022-37301
12PHP cgi_main.c input validation7.37.0$25k-$100k$0-$5kHighOfficial Fix0.973630.17CVE-2012-1823
13Intel Ethernet Diagnostic Driver input validation6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2021-0135
14Schneider Electric EcoStruxure Operator Terminal Expert Project Conversion type conversion7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2022-41668
15AVEVA Plant SCADA/Telemetry Server improper authorization9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001750.00CVE-2023-1256
16PHP strspn numeric error7.36.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.258250.00CVE-2007-2872
17PDF Viewer Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.00CVE-2023-0033
18Microsoft HEVC Video Extensions Remote Code Execution8.37.3$25k-$100k$0-$5kUnprovenOfficial Fix0.030360.00CVE-2021-41360
19Cisco Web Security Appliance Traffic Monitor 7pk security7.47.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001430.00CVE-2018-0353
20tinyexr tinyexr.h ReadChannelInfo memory corruption8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002010.00CVE-2018-12064

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
185.209.176.46CloudEyE12/15/2023verifiedHigh
2XX.XXX.X.XXXXxxxxxxx04/26/2024verifiedHigh
3XXX.XX.XXX.XXXXxxxxxxx07/03/2023verifiedHigh
4XXX.XXX.XX.XXXXxxxxxxx09/21/2023verifiedHigh
5XXX.XXX.XXX.XXXxxxxxxx12/22/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileassetmanager.asppredictiveHigh
2Filecryptocat.jspredictiveMedium
3FiledownloadFlile.cgipredictiveHigh
4Filegames.phppredictiveMedium
5Filexxxxx.xxxpredictiveMedium
6Filexxxxxxx/xxxxx.xpredictiveHigh
7Filexxxxxxxx.xxxpredictiveMedium
8Filexxxxxxxx.xpredictiveMedium
9Filexxxx/xxx/xxx_xxxx.xpredictiveHigh
10Filexxxxxxx.xxpredictiveMedium
11Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxx.xpredictiveMedium
13Filexxxxx.xxxpredictiveMedium
14Libraryxxxxxx.xxxpredictiveMedium
15Argument$_xxxxxx['xxxxx_xxxxxx']predictiveHigh
16Argument-xpredictiveLow
17ArgumentxxxxxpredictiveLow
18ArgumentxxxxxxxxxpredictiveMedium
19Argumentxxxxx_xxxxxxxxpredictiveHigh
20ArgumentxxpredictiveLow
21ArgumentxxxxxxpredictiveLow
22ArgumentxxxxpredictiveLow
23ArgumentxxxxxxxpredictiveLow
24Argumentxxxxxxxx[xxxx]predictiveHigh
25ArgumentxxxxpredictiveLow
26Argumentxxxx_xxpredictiveLow
27ArgumentxxxxxpredictiveLow
28Input Value-xpredictiveLow
29Input Valuexxx.xxx[xxxxx]predictiveHigh
30Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!