DePriMon Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (270)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en240
zh10
es8
de6
fr6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us150
cn60
ce4
br4
ru4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike12
NetSupportManager RAT11
Raccoon9
SideWinder8
RecordBreaker8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined92
Content Management System18
Groupware Software12
Firewall Software12
WordPress Plugin12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined82
Microsoft16
IBM14
Huawei6
QNAP6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Exchange Server6
QNAP QTS6
cPanel6
F5 BIG-IP4
asith-eranga ISIC Tour Booking4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.54CVE-2010-0966
2Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.04CVE-2013-5033
3Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001120.03CVE-2021-3056
4WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.06CVE-2022-21664
5VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.00CVE-2019-13275
6OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.27CVE-2016-6210
7Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
8DeDeCMS list.php sql injection7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.005900.00CVE-2011-5200
9Linksys WRT54GL Web Management Interface SysInfo1.htm information disclosure4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.04CVE-2024-1406
10Teclib GLPI unlock_tasks.php sql injection8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.121490.04CVE-2019-10232
11Sophos Firewall User Portal/Webadmin improper authentication8.58.5$0-$5k$0-$5kHighNot Defined0.974340.00CVE-2022-1040
12CutePHP CuteNews unrestricted upload7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.021070.08CVE-2019-11447
13WordPress Object injection5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.004320.03CVE-2022-21663
14Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.3$25k-$100k$0-$5kHighOfficial Fix0.070840.00CVE-2022-26923
15QNAP QTS Media Library access control8.58.2$0-$5k$0-$5kHighOfficial Fix0.015750.03CVE-2017-13067
16Veritas NetBackup pbx_exchange Process access control8.36.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.003560.04CVE-2017-6407
17XenForo privileges management8.67.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.04
18Simple and Beautiful Shopping Cart System uploadera.php unrestricted upload7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001700.00CVE-2023-1558
19RealNetworks RealServer Port 7070 Service denial of service7.57.3$0-$5k$0-$5kNot DefinedWorkaround0.021160.18CVE-2000-0272
20Microsoft Windows Themes information disclosure5.95.6$25k-$100k$5k-$25kUnprovenOfficial Fix0.001280.04CVE-2024-21320

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.226.168.124124.168.226.5.techserverdns.comDePriMon05/31/2021verifiedHigh
246.151.212.201call3.viber-marketing.netDePriMon05/31/2021verifiedHigh
3XX.XXX.XXX.XXXxxxx-xx-xxx-xxx-xxx.xxxxxxxxx.xxxXxxxxxxx05/31/2021verifiedHigh
4XX.XXX.XXX.XXxxxxx.xxxxxxxxxxx.xxxXxxxxxxx05/31/2021verifiedHigh
5XXX.XX.XX.XXxxxxxx.xxxxxxxx.xxx.xxXxxxxxxx05/31/2021verifiedHigh
6XXX.XX.XX.XXXXxxxxxxx05/31/2021verifiedHigh
7XXX.XXX.XX.XXxx-xxxx.xxxxxxxxx.xxxXxxxxxxx05/31/2021verifiedHigh
8XXX.XXX.XX.XXXXxxxxxxx05/31/2021verifiedHigh
9XXX.X.XXX.XXXXxxxxxxx05/31/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (115)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/api/RecordingList/DownloadRecord?file=predictiveHigh
3File/apply.cgipredictiveMedium
4File/apply/index.phppredictiveHigh
5File/include/file.phppredictiveHigh
6File/netflow/jspui/editProfile.jsppredictiveHigh
7File/php/ping.phppredictiveHigh
8File/rapi/read_urlpredictiveHigh
9File/scripts/unlock_tasks.phppredictiveHigh
10File/SysInfo1.htmpredictiveHigh
11File/sysinfo_json.cgipredictiveHigh
12File/system/user/modules/mod_users/controller.phppredictiveHigh
13File/wp-admin/admin-post.php?es_skip=1&option_namepredictiveHigh
14Filexxxxx/xxxxxx_xxxxxx_xxxxxxx/xxxxx-xxx-xxxxx.xxxpredictiveHigh
15Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
16Filexxxxxxx/xxxx.xxxpredictiveHigh
17Filexxx-xxx/xxxxx_xxx_xxxpredictiveHigh
18Filexxxxx/xxxxx/xxxxx_xxxx.xxxpredictiveHigh
19Filexxxxxx/xxx.xpredictiveMedium
20Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
21Filexxxxxxxxx.xxx.xxxpredictiveHigh
22Filexxxxx/xxxxx.xxxpredictiveHigh
23Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
24Filexxxx_xxxxx.xxxpredictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexx/xx-xx.xpredictiveMedium
27Filexxx/xxxx_xxxx.xpredictiveHigh
28Filexxxxxx/xxxxxxxxxxxpredictiveHigh
29Filexxxx_xxxxxx.xpredictiveHigh
30Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
31Filexxxx/xxxxxxx.xpredictiveHigh
32Filexxx/xxxxxx.xxxpredictiveHigh
33Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
34Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
35Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveHigh
36Filexxxxxxxx/xxxxxxx.xxxpredictiveHigh
37Filexxxxx.xxxpredictiveMedium
38Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
39Filexxxxxxxxxx.xxxpredictiveHigh
40Filexxxxxx.xpredictiveMedium
41Filexxxxxxxxxx.xxxpredictiveHigh
42Filexxxxxx_xxxx_xxxxxxx.xxxpredictiveHigh
43Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
44Filexxxxx.xxxpredictiveMedium
45Filexxxx.xxxpredictiveMedium
46Filexx.xpredictiveLow
47Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
48Filexxx/xxx.xxxpredictiveMedium
49Filexxx/xxxxxx.xpredictiveMedium
50Filexxx%xx.xxxpredictiveMedium
51Filexxxxxx.xpredictiveMedium
52Filexxxx.xxxpredictiveMedium
53Filexxxxx.xxxpredictiveMedium
54Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
55Filexxx.xxxpredictiveLow
56Filexxxxxxxx.xxxpredictiveMedium
57Filexxxx.xxxpredictiveMedium
58Filexxxxx/xxxxx.xxxpredictiveHigh
59Filexxxxx.xxxpredictiveMedium
60Filexxxxxxxx.xxxpredictiveMedium
61Filexxxxxxxxx.xxxpredictiveHigh
62Filexxxxxxxxx.xxxpredictiveHigh
63Filexxxxxxxx.xxpredictiveMedium
64FilexxxxxxxxxxpredictiveMedium
65Filexxxxxxx/xxxxx.xxxpredictiveHigh
66Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
67Libraryxxxxx.xxxpredictiveMedium
68Libraryxxxxxxx.xxxpredictiveMedium
69ArgumentxxxxpredictiveLow
70ArgumentxxxxxxpredictiveLow
71Argumentxxxxxxx_xxxxpredictiveMedium
72ArgumentxxxxxpredictiveLow
73Argumentxxxxxx_xxxxpredictiveMedium
74ArgumentxxxxxxxxpredictiveMedium
75ArgumentxxxpredictiveLow
76ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
77ArgumentxxxxxpredictiveLow
78Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
79Argumentxxxxxx_xxpredictiveMedium
80ArgumentxxxxpredictiveLow
81ArgumentxxxxxxxxpredictiveMedium
82ArgumentxxxxxxpredictiveLow
83ArgumentxxxxpredictiveLow
84ArgumentxxxxxxxxxpredictiveMedium
85ArgumentxxxxpredictiveLow
86ArgumentxxpredictiveLow
87Argumentxxxxxxxx[xx]predictiveMedium
88ArgumentxxxpredictiveLow
89ArgumentxxxxxxxpredictiveLow
90Argumentxxx_xxxxpredictiveMedium
91ArgumentxxxxxxxxpredictiveMedium
92Argumentxxxxxxx/xxxxxpredictiveHigh
93ArgumentxxxxxxxxxxpredictiveMedium
94Argumentxxxxxx_xxxpredictiveMedium
95Argumentxxxxxxxxx/xxxpredictiveHigh
96Argumentxxxx_xxpredictiveLow
97Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
98ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
99Argumentxxxx_xxpredictiveLow
100ArgumentxxxpredictiveLow
101ArgumentxxxxpredictiveLow
102ArgumentxxxxxxxxpredictiveMedium
103ArgumentxxxxxxxxpredictiveMedium
104Argumentxxxx/xx/xxxx/xxxpredictiveHigh
105Input Value.%xx.../.%xx.../predictiveHigh
106Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
107Input Valuexxxxxxx -xxxpredictiveMedium
108Input ValuexxxxxxxxxxpredictiveMedium
109Network PortxxxxpredictiveLow
110Network PortxxxxpredictiveLow
111Network Portxxxx xxxxpredictiveMedium
112Network Portxxx/xxxpredictiveLow
113Network Portxxx/xxxpredictiveLow
114Network Portxxx/xxxxpredictiveMedium
115Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!