Coronavirus scams Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (93)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en60
fr30
de2
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

fr42
us32
cn6
de4
bd2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Coronavirus scams2
ArcaneDoor1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined44
Operating System6
Web Server6
Content Management System4
Groupware Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined34
Microsoft10
HCL6
Apache4
Cisco4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows4
WordPress4
Apache HTTP Server4
HCL Domino4
Cisco Small Business RV0164

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Collabora Online cross site scripting4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.00CVE-2023-31145
2Insyde InsydeH2O UEFI DXE Driver stack-based overflow6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.00CVE-2021-42059
3nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.75CVE-2020-12440
4OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.42CVE-2016-6210
5Voltronic Power ViewPower Pro getMacAddressByIp command injection9.89.5$0-$5k$0-$5kNot DefinedNot Defined0.000700.05CVE-2023-51572
6Microsoft Outlook Remote Code Execution8.07.3$5k-$25k$0-$5kUnprovenOfficial Fix0.133590.05CVE-2023-33131
7Microsoft Excel Local Privilege Escalation7.06.4$0-$5k$0-$5kUnprovenOfficial Fix0.002980.05CVE-2023-33137
8LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.97
9SourceCodester Life Insurance Management System POST Parameter insertNominee.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.05CVE-2023-3165
10Apple iOS/iPadOS IOMobileFrameBuffer memory corruption7.87.5$25k-$100k$5k-$25kHighOfficial Fix0.002360.00CVE-2021-30883
11GNU wget FTP path traversal5.14.9$0-$5k$0-$5kHighOfficial Fix0.078150.04CVE-2014-4877
12Fortinet FortiOS/FortiProxy FortiGate SSL-VPN heap-based overflow9.89.6$25k-$100k$25k-$100kHighOfficial Fix0.154070.05CVE-2023-27997
13SunHater KCFinder upload.php cross site scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.001310.09CVE-2019-14315
14Grafana Email Invite input validation6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001560.00CVE-2022-39306
15Linux Kernel IGB Driver igb_main.c igb_set_rx_buffer_len buffer overflow7.67.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000500.04CVE-2023-45871
16Kubernetes ingress-nginx API command injection7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002370.06CVE-2023-5043
17Microsoft Exchange Server Privilege Escalation8.37.6$25k-$100k$5k-$25kUnprovenOfficial Fix0.000800.04CVE-2023-36745
18Web Based Quiz System welcome.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000880.00CVE-2022-32991
19Harbor improper authentication6.96.8$0-$5k$0-$5kNot DefinedNot Defined0.020740.05CVE-2022-46463
20Exim AUTH out-of-bounds write9.89.5$0-$5k$0-$5kNot DefinedNot Defined0.000750.04CVE-2023-42115

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
16.43.51.17Coronavirus scams04/05/2020verifiedHigh
2XX.XXX.XXX.XXXxxxxxxxxxx Xxxxx03/07/2020verifiedHigh
3XXX.XX.XX.XXXxxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxxx Xxxxx04/05/2020verifiedHigh
4XXX.XXX.X.XXXXxxxxxxxxxx Xxxxx03/07/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (47)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/adminlogin.asppredictiveHigh
3File/api/baskets/{name}predictiveHigh
4File/calendar/minimizer/index.phppredictiveHigh
5File/forum/away.phppredictiveHigh
6File/uncpath/predictiveMedium
7File/xx-xxxx/xxxxxx/x.x/xxxxx?xxxpredictiveHigh
8Filexxxxxxx.xxxpredictiveMedium
9Filexxx_xxxxx.xxxpredictiveHigh
10Filexxx.xxx?xxx=xxxxx_xxxxpredictiveHigh
11Filexxxxxxx/xxx/xxxxxxxx/xxxxx/xxx/xxx_xxxx.xpredictiveHigh
12Filexxxx_xxxx.xxxpredictiveHigh
13Filexx/xx_xxxxx.xpredictiveHigh
14Filexxxx.xxxpredictiveMedium
15Filexxx/xxxxxx.xxxpredictiveHigh
16Filexxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxxxxxx/xxx.xpredictiveHigh
18Filexxxxx_xxxxxx.xxxpredictiveHigh
19Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
20Filexxx/xxx_xxxpredictiveMedium
21Filexxxxxx.xxxpredictiveMedium
22Filexxx/xxxxxxxx/xxx_xxx.xpredictiveHigh
23Filexxx/xxxxx_xxxxx/xx_xxxxxxx.xpredictiveHigh
24Filexxxxxx.xxxpredictiveMedium
25Filexxxxxxx.xxxpredictiveMedium
26Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
27Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
28ArgumentxxxxxxxpredictiveLow
29Argumentxxxxxx_xxxxpredictiveMedium
30ArgumentxxxxxxxxpredictiveMedium
31Argumentxxxxx_xxxxpredictiveMedium
32ArgumentxxxxxxxxxxxxxxxpredictiveHigh
33ArgumentxxxxxxxxxxxpredictiveMedium
34Argumentxxxx/xxxxpredictiveMedium
35ArgumentxxxxpredictiveLow
36ArgumentxxxpredictiveLow
37ArgumentxxpredictiveLow
38Argumentxxxxxxx_xxpredictiveMedium
39ArgumentxxxxxxxxpredictiveMedium
40ArgumentxxxxxxxxpredictiveMedium
41Argumentxxxxxx_xxpredictiveMedium
42ArgumentxxxpredictiveLow
43Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
44Argument_xxxxxxx_xxxxpredictiveHigh
45Input Value'xx''='predictiveLow
46Input Value..predictiveLow
47Pattern|xx xx|predictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!