DeimosC2 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (35)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en30
fr4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn16
us14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

DeimosC24
Cobalt Strike2
Raccoon1
Conti1
SideWinder1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined10
Content Management System6
WordPress Plugin4
Programming Language Software2
Web Browser2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined12
Synology2
Mozilla2
Peplink2
CeNova/Night OWL/Novo/Pulnix/QSee/Securus2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

TYPO34
PHP2
Synology Video Station2
Mozilla Firefox2
Mondula Multi Step Form Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.00CVE-2019-13275
2RoundCube Webmail Email Message rcube_string_replacer.php linkref_addindex cross site scripting3.53.4$0-$5k$0-$5kHighOfficial Fix0.006120.04CVE-2020-35730
3Peplink Balance Cookie admin.cgi sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.014570.02CVE-2017-8835
4Winn Winn GuestBook addPost cross site scripting4.34.1$0-$5k$0-$5kHighOfficial Fix0.003360.00CVE-2011-5026
5MikroTik RouterOS Winbox/HTTP Interface privileges management7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000550.08CVE-2023-30799
6Meteor Slides Plugin cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000560.00CVE-2022-4486
7Node.js Pathname Validator access control7.47.1$0-$5k$0-$5kHighOfficial Fix0.966840.03CVE-2017-14849
8Linux Kernel TLB mremap.c use after free5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000770.00CVE-2022-41222
9Linux Kernel rmap.c anon_vma use after free5.95.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.04CVE-2022-42703
10Mozilla Firefox Block Reflow resource management5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.447010.00CVE-2008-2798
11SEMCMS Ant_Check.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001970.04CVE-2022-2726
12TCL LinkHub Mesh Wifi MS1G Network confctl_set_master_wlan access control8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000860.03CVE-2022-27185
13Discy Theme POST Request discy_update_options access control6.46.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000580.00CVE-2022-1323
14SourceCodester Simple Student Information System manage_course.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.004250.08CVE-2022-2722
15ONLYOFFICE Document Server WebSocket API sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001740.00CVE-2020-11537
16PHP PDO Driver Extension fetch out-of-bounds5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.003790.00CVE-2021-21704
17Microsoft Windows stack-based overflow7.36.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.885090.00CVE-2005-0416
18TYPO3 Login Handling redirect6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000800.02CVE-2021-21338
19TYPO3 Backend information disclosure5.45.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001010.02CVE-2010-3664
20Magento sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.099120.03CVE-2019-7139

IOC - Indicator of Compromise (15)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.101.4.196hvilica.ru.4.101.5.in-addr.arpaDeimosC210/09/2023verifiedHigh
25.101.5.196DeimosC210/09/2023verifiedHigh
35.181.156.1375-181-156-137.mivocloud.comDeimosC212/19/2023verifiedHigh
4X.XXX.XXX.XXXXxxxxxxx10/26/2023verifiedHigh
5XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xx-xxxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx10/09/2023verifiedMedium
6XX.XXX.XX.Xxxx-xx-xxx-xx-x.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxx10/23/2023verifiedMedium
7XX.XX.XXX.XXXxxxxxxx04/24/2024verifiedHigh
8XX.XX.XXX.XXXXxxxxxxx03/04/2024verifiedHigh
9XXX.XX.XX.XXXXxxxxxxx04/24/2024verifiedHigh
10XXX.XXX.XX.XXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxx04/24/2024verifiedHigh
11XXX.XXX.XXX.XXXxxxxxxx10/12/2023verifiedHigh
12XXX.XXX.XX.XXXXxxxxxxx12/27/2023verifiedHigh
13XXX.XX.XX.XXXXxxxxxxx04/24/2024verifiedHigh
14XXX.XX.XXX.XXXXxxxxxxx04/24/2024verifiedHigh
15XXX.XXX.XX.XXXxxxxxxx12/24/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
2T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
3TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1FileAnt_Check.phppredictiveHigh
2Filecgi-bin/MANGA/admin.cgipredictiveHigh
3Filedownload.rsppredictiveMedium
4Filexx/xx-xx.xpredictiveMedium
5Filexxxxxx_xxxxxx.xxxpredictiveHigh
6Filexx/xxxxxx.xpredictiveMedium
7Filexx/xxxx.xpredictiveMedium
8Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictiveHigh
9Filexxxxxxxx.xxxpredictiveMedium
10Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
11ArgumentxxxxxpredictiveLow
12ArgumentxxxpredictiveLow
13ArgumentxxxxxpredictiveLow
14Argumentxx_xxxx [xx][x]/xx_xxxx [xx][x]/xx_xxxx [xx][x]/xx_xxxx [xx][x]/xxxxxpredictiveHigh
15ArgumentxxpredictiveLow
16ArgumentxxxxpredictiveLow
17Argumentxxxxxxxx_xxxxxxxxpredictiveHigh

References (14)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!