Elephant Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (450)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en426
ru16
sv4
fr2
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us80
tr40
ru20
cn8
gb4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Elephant3
Raccoon2
RedLine Stealer2
Cobalt Strike2
Pawn Storm1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined166
Chip Software28
Database Software26
Bug Tracking Software20
Document Reader Software20

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined102
Oracle100
Qualcomm28
Foxit22
GitLab18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Qualcomm Snapdragon Mobile26
Qualcomm Snapdragon Auto22
Qualcomm Snapdragon Consumer IOT20
Qualcomm Snapdragon Industrial IOT20
GitLab Enterprise Edition18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd resource injection4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.001830.00CVE-2022-41479
2TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010757.35CVE-2006-6168
3Redis heap-based overflow7.27.0$0-$5k$0-$5kNot DefinedOfficial Fix0.007500.00CVE-2023-41056
4Zabbix SAML authentication spoofing8.28.2$0-$5k$0-$5kHighNot Defined0.971860.00CVE-2022-23131
5janobe Online Ordering System unrestricted upload6.36.2$0-$5k$0-$5kNot DefinedNot Defined0.001250.00CVE-2022-36580
6Google Android PowerVR GPU Kernel Driver memory corruption5.45.3$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000430.02CVE-2022-20235
7WordPress Pingback server-side request forgery5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.001200.00CVE-2022-3590
8Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.15CVE-2014-4078
9Microsoft Exchange Server PowerShell ProxyNotShell Privilege Escalation7.77.3$5k-$25k$0-$5kHighOfficial Fix0.106980.00CVE-2022-41082
10nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.73CVE-2020-12440
11Django Admin Interface debug.py cross site scripting6.15.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003700.03CVE-2016-6186
12Communigate Pro WebMail Stored cross site scripting5.25.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000780.03CVE-2017-16962
13Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.14CVE-2020-15906
14OceanWP Plugin file inclusion5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.06CVE-2023-23700
15Sonatype Nexus Repository Manager OSS Admin Panel access control6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000440.00CVE-2022-31289
16Ivanti Connect Secure/Policy Secure SAML server-side request forgery7.97.8$0-$5k$0-$5kHighOfficial Fix0.961390.00CVE-2024-21893
17Google Chrome V8 out-of-bounds write7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000800.04CVE-2024-0517
18Zabbix input validation6.36.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001340.03CVE-2023-32728
19Microsoft IIS FTP Server memory corruption7.57.2$25k-$100k$0-$5kHighOfficial Fix0.968430.00CVE-2010-3972
20Nagios XI POST Request banner_message-ajaxhelper.php sql injection6.06.0$0-$5k$0-$5kNot DefinedNot Defined0.000850.04CVE-2023-40931

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.84.0.116vm1904340.stark-industries.solutionsElephant02/12/2024verifiedHigh
2XX.XX.XX.XXXXxxxxxxx02/12/2024verifiedHigh
3XX.XXX.XXX.XXXXxxxxxxx02/12/2024verifiedHigh
4XX.XXX.XXX.XXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxx02/12/2024verifiedHigh
5XXX.XX.XX.XXXXxxxxxxx02/12/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-1CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-492CWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (126)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/edit_user.phppredictiveHigh
2File/admin/products/controller.php?action=addpredictiveHigh
3File/admin/question/editpredictiveHigh
4File/api/predictiveLow
5File/bifs/field_decode.cpredictiveHigh
6File/bin/proc.cgipredictiveHigh
7File/bitrix/admin/ldap_server_edit.phppredictiveHigh
8File/cgi-bin/system_mgr.cgipredictiveHigh
9File/Core/Ap4File.cpppredictiveHigh
10File/csms/?page=contact_uspredictiveHigh
11File/debug/pprofpredictiveMedium
12File/DXR.axdpredictiveMedium
13File/index.phppredictiveMedium
14File/index.php?route=extension/module/so_filter_shop_by/filter_datapredictiveHigh
15File/isomedia/box_funcs.cpredictiveHigh
16File/xxxxxxxx/xxxx.xpredictiveHigh
17File/xxxxxxxx/xxxxx/xxxxxx_xxxxxxx-xxxxxxxxxx.xxxpredictiveHigh
18File/xxx_xxxxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
19File/xxxxx_xxxxxx/xxxxxx_xxxx.xxxpredictiveHigh
20File/xxxxx_xxxxxxx/xxxxx_xxxx.xpredictiveHigh
21File/xxxxxpredictiveLow
22File/xxxx_xxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
23File/xxx/xxx/xxxxxxpredictiveHigh
24File/xx-xxxxx/xxxxxxx.xxxpredictiveHigh
25File/_xxxxpredictiveLow
26Filexxxxxxxxxx/xxx/xxxxxx_xxxxxxxx/xxxxxxxxxx/xxxxxxxxx/xxxxxx/_xxxxx.xxxx.xxxpredictiveHigh
27Filexxxxx/xxxxxx/xxxxxxx.xxxpredictiveHigh
28Filexxxxx/xxxxx-xxxx.xxxpredictiveHigh
29Filexxxxxxx/xxxxxxxxxx.xxx&xx=xxxxxxx&xxxxpredictiveHigh
30Filexxxx_xxxxx.xxxpredictiveHigh
31Filexxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
33Filexxxxxxxxxx.xxxpredictiveHigh
34Filexxxxxxx.xxxpredictiveMedium
35Filexxxxxxxxxx\xxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
36Filexxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
37Filexxxxxxx/xxx/xxx/xxxxx.xpredictiveHigh
38Filexxx_xxxxxxxx.xpredictiveHigh
39Filexxxxxxxxxxx.xxxpredictiveHigh
40Filexxxxxxxx.xxxpredictiveMedium
41Filexxx/xxxx/xxxx.xpredictiveHigh
42Filexxxxxxxxxxxxxx.xxxxpredictiveHigh
43Filexx/xxxx/xxxx.xpredictiveHigh
44Filexxxxxxx/xxxxxx.xxxpredictiveHigh
45Filexxx.xxxpredictiveLow
46Filexxxxxx_xxxxx_xxxxx.xpredictiveHigh
47Filexxx/xxxxxx.xxxpredictiveHigh
48Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictiveHigh
49Filexxxxx.xxxpredictiveMedium
50Filexx/xxxxxxx.xpredictiveMedium
51Filexxxxxxxx/xxxx_xxxxxx.xpredictiveHigh
52Filexxxxx.xxxpredictiveMedium
53Filexxxxx.xxxpredictiveMedium
54Filexxxxxxx.xxxpredictiveMedium
55Filexxx%xx.xxxpredictiveMedium
56Filexxxxxxxx.xxxpredictiveMedium
57Filexxxx.xxxpredictiveMedium
58Filexx-xxx.xxxpredictiveMedium
59Filexxxxxxx.xxxpredictiveMedium
60Filexxxxxx.xxxpredictiveMedium
61Filexxxxxxxxxx.xxpredictiveHigh
62Filexxxxxx.xxxpredictiveMedium
63Filexxxx.xxxpredictiveMedium
64Filexxx/xxxxxxx/xx.xxxpredictiveHigh
65Filexxxxxxxxxxxxxx/xxxxx.xxpredictiveHigh
66Filexxxxxx.xxxpredictiveMedium
67Filexxxxxxxxx/xxxx/xxxxxx_xxxxxxxxxx.xxxpredictiveHigh
68Filexxxx-xxxxx.xxxpredictiveHigh
69Filexxxx-xxxxxxxx.xxxpredictiveHigh
70Filexxxxx/xxx/xxx/xxxxxx.xpredictiveHigh
71Filexxxxxx\xxxxxx\xxxxxxxxx-xxxxxx-xxxxxxx\xxx\xxxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
72Filexxxxxxx.xxxpredictiveMedium
73Filexxxxx/xxxxx.xxpredictiveHigh
74Filexxx/xxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
75Filexxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxxpredictiveHigh
76Filexx-xxxxx.xxxpredictiveMedium
77Filexx/xx/xxxxxpredictiveMedium
78File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxx.xxxpredictiveHigh
79Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
80Libraryxxxxxxxxxxxxxx.xxxpredictiveHigh
81Libraryxxx/xxxxxxxx.xxxpredictiveHigh
82Argumentxxx_xxxxx_xx /xxxx_xxxxx_xx /xxx_xxxxx_xx /xxxxxxx_xxxxx_xxpredictiveHigh
83ArgumentxxxxxxxxpredictiveMedium
84ArgumentxxxxxxxpredictiveLow
85ArgumentxxxxxxxxpredictiveMedium
86ArgumentxxxpredictiveLow
87ArgumentxxxxxxxxxxxpredictiveMedium
88Argumentxxxxxx_xxxxpredictiveMedium
89ArgumentxxxxpredictiveLow
90ArgumentxxxxxxxxpredictiveMedium
91Argumentxxxx[]predictiveLow
92ArgumentxxxpredictiveLow
93ArgumentxxxxpredictiveLow
94ArgumentxxxxpredictiveLow
95ArgumentxxpredictiveLow
96ArgumentxxpredictiveLow
97ArgumentxxxxxxxxxpredictiveMedium
98ArgumentxxxxxpredictiveLow
99ArgumentxxxxpredictiveLow
100Argumentxxxx/xxxxxxxxxpredictiveHigh
101ArgumentxxxxpredictiveLow
102ArgumentxxxxxpredictiveLow
103Argumentxxxx_xxxpredictiveMedium
104ArgumentxxxxxxpredictiveLow
105ArgumentxxxxxpredictiveLow
106ArgumentxxxxxxxxpredictiveMedium
107Argumentxxxxxx_xxxxpredictiveMedium
108ArgumentxxxxxxxpredictiveLow
109Argumentxxxxxxx_xxxpredictiveMedium
110ArgumentxxxxpredictiveLow
111Argumentxxxxxx/xxxxxpredictiveMedium
112ArgumentxxxxxxpredictiveLow
113ArgumentxxxxpredictiveLow
114ArgumentxxxxxxxxpredictiveMedium
115ArgumentxxxxxpredictiveLow
116ArgumentxxxxpredictiveLow
117Argumentxxx_xxxpredictiveLow
118ArgumentxxxxxxxxpredictiveMedium
119Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
120Argumentxxxxx[_xxxxxxxx]predictiveHigh
121ArgumentxxxxxpredictiveLow
122Argumentxxx_xxx_xxxxxxxxpredictiveHigh
123Argumentxxxx-xxxxxpredictiveMedium
124Argumentxxxxx_xxxxxxxxxx_xxxxxpredictiveHigh
125Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
126Input Value…/.predictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!