Eking Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (356)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en352
zh4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

es320
us24
cn8
mx2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Eking4
Remcos1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined118
Operating System30
Web Browser16
Firewall Software14
Smartphone Operating System14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Apple36
Not Defined24
Apache24
Dell22
Adobe16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apple macOS20
Dell BIOS20
Apple iOS12
Google Chrome12
Adobe Acrobat Reader10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Microsoft Windows PostScript Printer Driver Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.022190.00CVE-2023-24929
2SAS User Management Module cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000930.03CVE-2023-24724
3Samba LDAP Attribute permission4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.002670.02CVE-2023-0225
4Apple macOS Intel Graphics Driver out-of-bounds4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000590.00CVE-2022-32936
5Apache Pulsar HTTPS Connection certificate validation4.84.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000660.00CVE-2022-33683
6Ivanti Avalanche EnterpriseServer GetSettings improper authentication7.47.2$0-$5k$0-$5kNot DefinedOfficial Fix0.016270.00CVE-2023-28126
7Nginx NJS njs_function.h njs_function_frame memory corruption6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000550.00CVE-2023-27727
8Nginx NJS njs_vmcode.c njs_vmcode_return memory corruption6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000670.05CVE-2023-27729
9Fortinet FortiAnalyzer/FortiManager GUI Report Template Image exposure of resource4.24.2$0-$5k$0-$5kNot DefinedNot Defined0.001290.07CVE-2022-26121
10Ivanti Pulse Connect Secure Header request smuggling5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000540.07CVE-2022-21826
11Linux Kernel ccp-ops.c ccp_run_aes_gcm_cmd memory leak6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.07CVE-2021-3764
12Google Android ActivityManager information disclosure3.33.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2022-20315
13Google Go XML Document Decoder.Skip recursion6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.001870.00CVE-2022-28131
14Elementor Website Builder Plugin get_image_alt cross site scripting4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000450.03CVE-2024-0506
15Google Chrome Skia integer overflow7.97.8$25k-$100k$5k-$25kHighOfficial Fix0.052080.09CVE-2023-6345
16Autodesk AutoCAD X_B File out-of-bounds7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000550.00CVE-2023-27912
17ServiceNow Tokyo cross site scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.025640.02CVE-2022-39048
18Apache Fineract Template server-side request forgery6.86.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000970.04CVE-2023-25195
19Bosch B420 improper authentication7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000560.04CVE-2022-47648
20Telegram Web cross site scripting4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000750.04CVE-2022-43363

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Government Organizations

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.62.170.237EkingGovernment Organizations06/08/2023verifiedHigh
2XXX.XXX.XX.XXXxxxxxx.xxxxxxxx.xxxXxxxxXxxxxxxxxx Xxxxxxxxxxxxx06/08/2023verifiedHigh
3XXX.XX.XX.XXXxxxxXxxxxxxxxx Xxxxxxxxxxxxx06/08/2023verifiedHigh
4XXX.XXX.XX.XXXXxxxxXxxxxxxxxx Xxxxxxxxxxxxx06/08/2023verifiedHigh
5XXX.XXX.XXX.XXXXxxxxXxxxxxxxxx Xxxxxxxxxxxxx06/08/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23, CWE-36Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXXxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxx Xx X Xxxxxxxx XxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-102CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-154CWE-XXXXxxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-68CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh
18TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/sales/manage_sale.phppredictiveHigh
2File/authenticationendpoint/login.dopredictiveHigh
3File/carbon/mediation_secure_vault/properties/ajaxprocessor.jsppredictiveHigh
4File/carbon/ndatasource/validateconnection/ajaxprocessor.jsppredictiveHigh
5File/confirmpredictiveMedium
6File/DesignTools/CssEditor.aspxpredictiveHigh
7File/etc/config/lucipredictiveHigh
8File/net/nfc/netlink.cpredictiveHigh
9File/xxxpredictiveLow
10File/xxxxxxx/predictiveMedium
11Filexxx/xxxxxxxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxx.xxxxxxxx.xxxxxxx.xxx.xxx.xxxxxxxxxxxxxpredictiveHigh
13Filexxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxxx.xxxpredictiveMedium
15Filexxxxxxx/xxxxxx/xxx/xxx-xxx.xpredictiveHigh
16Filexxxxxxx/xxx/xxxxxxxx/xxxxxxx/xxxxxxxx/xxxxxxxx_xxxxx.xpredictiveHigh
17Filexx/xxxx/xxxxxxx.xpredictiveHigh
18Filexxxxxxx/xxx-xxxxxxx/xxx.xpredictiveHigh
19Filexxxxx.xxxpredictiveMedium
20Filexxxxx.xpredictiveLow
21Filexxx/xxx.xpredictiveMedium
22Filexxxxxx.xpredictiveMedium
23Filexxxxxxx/xxxxxxx/xxxxx/xxxxxxx.xxxpredictiveHigh
24Filexxxxxxx/xxxx/xxxxxxxx.xxxxx_xxxxxxxxxxx.xxxpredictiveHigh
25Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
26Filexxx/xxxx/xx_xxxx.xpredictiveHigh
27Filexxx/xxxxxxxx/xxxx-xxx.xpredictiveHigh
28Filexxxx.xxxxxx.xxpredictiveHigh
29Filexxx/xxx_xx.xpredictiveMedium
30Filexxxxxxxxxxxxx.xxxpredictiveHigh
31Filexxxx.xxxpredictiveMedium
32Filexxxxxxx.xxxpredictiveMedium
33Filex/xxxxx/xxxxxxx/xxxxxpredictiveHigh
34Filexxx/xxx_xxxxxxxx.xpredictiveHigh
35Filexxx/xxx_xxxxxx.xpredictiveHigh
36Filexxxxxx_xxxxxxx.xxxpredictiveHigh
37Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
38File_xxxxxxxxx.xxxpredictiveHigh
39Libraryxxx/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
40Libraryxxxxxxxx.xxxpredictiveMedium
41Argumentxxxxxxxxx xxxxxpredictiveHigh
42Argumentxxxxxxx-xxxxxxpredictiveHigh
43ArgumentxxxxpredictiveLow
44Argumentxxxxxxx xxxxpredictiveMedium
45ArgumentxxxxxxxxxxxpredictiveMedium
46ArgumentxxxxxxpredictiveLow
47Argumentxxxxxxx_xxxxxpredictiveHigh
48ArgumentxxxxxxxxpredictiveMedium
49Argumentxx_xxxx_xx/xx_xxxx_xxpredictiveHigh
50ArgumentxxpredictiveLow
51ArgumentxxxxxxxpredictiveLow
52ArgumentxxxxxxxxxxxxxpredictiveHigh
53Argumentxx_xxxxxxpredictiveMedium
54ArgumentxxxxpredictiveLow
55Argumentxxx_xxxxxx_xxxxxxxxpredictiveHigh
56ArgumentxxxxxxpredictiveLow
57Argumentxxxx_xxxx_xxxxpredictiveHigh
58ArgumentxxxxxxxpredictiveLow
59ArgumentxxxpredictiveLow
60ArgumentxxxxxxxxxxxxpredictiveMedium
61ArgumentxxxxxpredictiveLow
62Argumentxxxx xxxxxxxxpredictiveHigh
63Input Value<xxx xxx=x xxxxxxx=xxxxx(xxxxxxxx.xxxxxx)>predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!