Cyber Av3ngers Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (362)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en346
de12
ar2
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us220
ir104
gb4
ru2
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cyber Av3ngers2
OilRig1
Mount Locker1
MuddyWater1
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined98
Chip Software28
Operating System22
Web Server14
Firewall Software12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined76
Qualcomm30
Microsoft28
Google16
Intel12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Qualcomm Snapdragon Auto28
Qualcomm Snapdragon Compute28
Qualcomm Snapdragon Connectivity28
Qualcomm Snapdragon Consumer IOT28
Qualcomm Snapdragon Industrial IOT28

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.26
2nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.86CVE-2020-12440
3woo-variation-swatches Plugin cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000760.02CVE-2019-14774
4vldPersonals index.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001670.00CVE-2014-9005
5Couchbase Sync Gateway Sync Document cleartext storage2.62.6$0-$5k$0-$5kNot DefinedNot Defined0.000650.02CVE-2021-43963
6BusyBox netstat Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.011320.03CVE-2022-28391
7Google Chrome TabStrip heap-based overflow7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.010480.00CVE-2021-21159
8DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027331.22CVE-2007-1167
9VMware vRealize Operations JMX RMI Service input validation8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.008940.04CVE-2020-3943
10vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001220.07CVE-2018-6200
11Alt-N MDaemon Worldclient injection4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.06CVE-2021-27182
12Moodle Lesson Question Import path traversal6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.002930.02CVE-2022-35650
13Flask-RESTX Regular Expression email_regex resource consumption6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.005470.04CVE-2021-32838
14Couchbase Sync Gateway REST API sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.004150.04CVE-2019-9039
15SkaDate Skadate Online Dating Software featured_list.php path traversal5.35.3$0-$5k$0-$5kHighUnavailable0.014160.00CVE-2007-5299
16WordPress WP_Query sql injection6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.935360.04CVE-2022-21661
17vldPersonals index.php cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001550.04CVE-2014-9004
18IBM Lotus Mobile Connect Connection Manager improper authentication5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.03CVE-2010-4591
19Google Chrome WebAudio heap-based overflow7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.007670.00CVE-2021-21160
20Qualcomm Snapdragon Auto DL ROHC Packet Decompression buffer overflow7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.002080.00CVE-2020-11144

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1178.162.227.180Cyber Av3ngers12/14/2023verifiedHigh
2XXX.XXX.XXX.XXXXxxxx Xxxxxxxx12/14/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23, CWE-37Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-0CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-0CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
17TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-0CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (102)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/index.phppredictiveHigh
2File/bdswebui/assignusers/predictiveHigh
3File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
4File/forum/away.phppredictiveHigh
5File/GetCSSashx/?CP=%2fwebconfigpredictiveHigh
6File/horde/util/go.phppredictiveHigh
7File/login.htmlpredictiveMedium
8File/uir/predictiveLow
9File/uncpath/predictiveMedium
10Fileactions.hsppredictiveMedium
11Fileadclick.phppredictiveMedium
12Fileadd_edit_user.asppredictiveHigh
13Filexxxxx/xxxxxxxxx/predictiveHigh
14Filexxxxx/xxxxx.xxxpredictiveHigh
15Filexxx/xxpredictiveLow
16Filexxxxxxx/xxxxxxxxxxx.xpredictiveHigh
17Filexxxxx_xxxx.xpredictiveMedium
18Filexxxxxxx=xxxxxxxxxx&xxxx=xxxx&xxxxxxxxxxxxx=/predictiveHigh
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxxxx.xxxpredictiveMedium
21Filexxxxxxx/xxxx/xxxxxx.xpredictiveHigh
22Filexxxxxxx/xxx/xxxxxx/xxx-xxxxx-xxxxxxx.xpredictiveHigh
23Filexxxxxxx/xxx/xxx.xpredictiveHigh
24Filexxxxxxxx.xpredictiveMedium
25Filexxxx/xxxxxxxxxx/xxxxxx-xxxxx.xpredictiveHigh
26Filexxx_xx/xxx/xxx/xxxxxx_xxxxxxx.xxxpredictiveHigh
27Filexxxx.xxxpredictiveMedium
28Filexxxx.xpredictiveLow
29Filexxx/xxxx/xxxx_xxxxxx.xpredictiveHigh
30Filexxxxxxxx_xxxx.xxxpredictiveHigh
31Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxxxx.xxxxpredictiveHigh
33Filexxxxxxxxx.xxxpredictiveHigh
34Filexxxx.xxxpredictiveMedium
35Filexxxx.xxxpredictiveMedium
36Filexxxxxxxxx/xxxxxx/xxxxxxx.xxxpredictiveHigh
37Filex/xpredictiveLow
38Filexxx/xxxxxx.xxxpredictiveHigh
39Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
40Filexxxxx.xxxpredictiveMedium
41Filexx-xxx.xpredictiveMedium
42Filexx_xxxxx/xxx_xxxx.xpredictiveHigh
43Filexxxxxxxxxxxx/xxxxxx_xxxxx.xxpredictiveHigh
44Filexxxxx.xxxpredictiveMedium
45Filexxxxx.xxxxpredictiveMedium
46Filexxxxx.xxxpredictiveMedium
47Filexxx/xxx_xxx/xxxxxx/xxx_xxxxx.xpredictiveHigh
48Filexxx/xxxxxxxxx/xxxxx_xxxx.xpredictiveHigh
49Filexxx_xxxx.xpredictiveMedium
50Filexxxxxxxxx.xxxpredictiveHigh
51Filexxxxx.xxxpredictiveMedium
52Filexxxxxxxx.xxpredictiveMedium
53Filexxxxxxxxxx.xxxpredictiveHigh
54Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
55Filex/xxxxx.xxxpredictiveMedium
56Filexxx_xxxx.xpredictiveMedium
57Filexxx.xxxpredictiveLow
58Filexxxx.xpredictiveLow
59Filexx-xxxxx/xxxxx.xxxpredictiveHigh
60Filexx-xxxxx/xxxxx.xxx?xxxx=xxx-xxxxxxxxx-xxxxxxxx-xxxxxxxxpredictiveHigh
61Filexx-xxxx.xxxpredictiveMedium
62Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
63Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
64Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
65Filexx-xxxxxxxxxxx.xxxpredictiveHigh
66Library/xxx/xxxx/xxxxx.x/xx-xxxx-xxxxxxx.xxxxxpredictiveHigh
67Libraryxxxxxx.xxxpredictiveMedium
68Argumentxxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:predictiveHigh
69ArgumentxxxxxxxxpredictiveMedium
70Argumentxxxx/xxxxpredictiveMedium
71Argumentxxxxx$xxxxxxxxxxxxxx$xxxxxxxxxxxpredictiveHigh
72ArgumentxxxxpredictiveLow
73ArgumentxxxxpredictiveLow
74ArgumentxxxxxxxxxpredictiveMedium
75Argumentxxxxxx_xxxxxx_xxxxxpredictiveHigh
76Argumentxxxx_xxpredictiveLow
77ArgumentxxxxxxxpredictiveLow
78ArgumentxxxxpredictiveLow
79ArgumentxxxxxxxxpredictiveMedium
80ArgumentxxpredictiveLow
81ArgumentxxxxxxxxxpredictiveMedium
82ArgumentxxxxxpredictiveLow
83Argumentxxx_xxxxx_xxxxxxxxpredictiveHigh
84Argumentxxx_xxxxxxxxpredictiveMedium
85ArgumentxxxxxxxxpredictiveMedium
86Argumentx_xxxxxxxxpredictiveMedium
87ArgumentxxxxxxxxpredictiveMedium
88ArgumentxxxxxxxxxpredictiveMedium
89ArgumentxxxxxxxxxpredictiveMedium
90Argumentxxx-xxxxxxxxxx-xxxxpredictiveHigh
91Argumentxxxxxxxx/xxxxxxpredictiveHigh
92ArgumentxxxpredictiveLow
93ArgumentxxxpredictiveLow
94ArgumentxxxxxxxxpredictiveMedium
95Argumentxxxx_xxpredictiveLow
96Argumentxxxx_xxxxpredictiveMedium
97Input Valuex">[xxx/xxxxxx=xxxxx(x)]predictiveHigh
98Input Valuexxxxxxx-xxxxxxxxxxx: xxxx-xxxx; xxxx="xx"[\x][\x][\x]predictiveHigh
99Input Valuexxxx://xxx.xxxxxx.xxxpredictiveHigh
100Pattern|xx|xx|xx|predictiveMedium
101Network Portxxx/xx (xxx)predictiveMedium
102Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!