Equation Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (314)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en308
ru2
it2
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ke216
pk96
kr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Equation1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined80
Operating System40
Router Operating System20
Smartphone Operating System14
Web Browser10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Microsoft42
Not Defined42
Cisco22
Google16
IBM12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows28
Google Android10
Linux Kernel6
Google Chrome6
Microsoft SharePoint Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Oracle ZFS Storage Appliance Kit Operating System Image use after free9.89.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.010770.00CVE-2020-11656
2MikroTik Router FTP Daemon resource consumption6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.002020.02CVE-2019-13074
3phpMyAdmin grab_globals.lib.php path traversal4.84.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.023340.04CVE-2005-3299
4Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
5Zoho ManageEngine Applications Manager jar unrestricted upload6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.127040.03CVE-2020-14008
6Apple tvOS Wi-Fi memory corruption9.69.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.005270.00CVE-2020-9918
7Oracle Siebel Engineering Installer / Deployment Siebel Approval Manager input validation9.89.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.004040.00CVE-2019-16943
8Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.03CVE-2017-0055
9Microsoft FrontPage Server Extensions SmartHTML Content denial of service7.56.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.416410.00CVE-2003-0824
10Host NetBIOS/SMB Share privileges management6.56.4$0-$5k$0-$5kHighWorkaround0.020210.00CVE-1999-0520
11Cisco IOS SNMP improper authentication6.56.2$25k-$100k$0-$5kHighOfficial Fix0.026940.03CVE-2006-4950
12Apple macOS Kernel Coldtro out-of-bounds write7.87.6$5k-$25k$0-$5kHighOfficial Fix0.001490.00CVE-2022-32894
13Cisco AnyConnect Secure Mobility Client Start Before Logon access control7.87.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000900.00CVE-2017-3813
14Schneider Electric PowerLogic ION9000 memory corruption8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.004930.00CVE-2021-22714
15Google Android Performance Driver out-of-bounds write7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000420.00CVE-2021-0405
16Google Android Bluetooth avrc_pars_tg.cc avrc_pars_vendor_cmd out-of-bounds write8.58.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001020.04CVE-2021-0316
17Linux Kernel KDGKBSENT/KDSKBSENT vt_do_kdgkb_ioctl race condition9.99.4$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000420.02CVE-2020-25656
18Cisco IOS XE Aggregation Services routine7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2020-3513
19IBM InfoSphere Information Server Web UI Stored cross site scripting5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.000500.00CVE-2020-4702
20IBM InfoSphere Metadata Asset Manager server-side request forgery6.06.0$5k-$25k$5k-$25kNot DefinedNot Defined0.000830.00CVE-2020-4632

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Gauss

IOC - Indicator of Compromise (264)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
141.222.35.7070.35.static.rdns.co.zaEquation12/16/2020verifiedHigh
261.0.0.46Equation10/12/2022verifiedHigh
361.0.0.71Equation10/12/2022verifiedHigh
461.1.64.45Equation10/12/2022verifiedHigh
561.1.128.17Equation10/12/2022verifiedHigh
661.1.128.71Equation10/12/2022verifiedHigh
762.56.174.152Equation10/12/2022verifiedHigh
862.76.114.22Equation10/12/2022verifiedHigh
962.116.144.147live.onsite-it.netEquation10/12/2022verifiedHigh
1062.116.144.150onsite.onsite-it.netEquation10/12/2022verifiedHigh
1162.116.144.190acronistest.kuhlma-cloud.deEquation10/12/2022verifiedHigh
1262.216.152.67Equation12/16/2020verifiedHigh
1364.76.82.52c647682-52.static.impsat.com.coEquation12/16/2020verifiedHigh
1466.128.32.67host-67-32-128-66.rev.itelsa.com.arEquation10/12/2022verifiedHigh
1566.128.32.68host-68-32-128-66.rev.itelsa.com.arEquation10/12/2022verifiedHigh
1680.77.4.3Equation12/16/2020verifiedHigh
1780.82.162.118Equation10/12/2022verifiedHigh
1880.191.2.2Equation10/12/2022verifiedHigh
1981.31.34.17581-31-34-175.static.masterinter.netEquation12/16/2020verifiedHigh
2081.31.36.174vl504.sl509s.r1-3.dc1.4d.prg.masterinter.netEquation12/16/2020verifiedHigh
2181.31.38.16381-31-38-163.static.masterinter.netEquation12/16/2020verifiedHigh
2281.31.38.16681-31-38-166.static.masterinter.netEquation12/16/2020verifiedHigh
2381.94.47.83Equation10/12/2022verifiedHigh
2482.192.68.37Equation10/12/2022verifiedHigh
2584.233.205.99Equation12/16/2020verifiedHigh
2685.112.1.83Equation12/16/2020verifiedHigh
2787.255.38.2Equation12/16/2020verifiedHigh
2888.147.128.28mail.san.ruEquation10/12/2022verifiedHigh
2989.18.177.389-18-177-3.reasonnet.comEquation12/16/2020verifiedHigh
30109.71.45.115smtp-out.wisdomgroup.ptEquationGauss12/16/2020verifiedHigh
31125.10.31.145125-10-31-145.rev.home.ne.jpEquation10/12/2022verifiedHigh
32129.187.244.204mailrelay2.rz.fh-muenchen.deEquation10/12/2022verifiedHigh
33129.194.41.4Equation10/12/2022verifiedHigh
34129.194.49.47Equation10/12/2022verifiedHigh
35129.194.97.8Equation10/12/2022verifiedHigh
36130.34.115.132ns2.chem.tohoku.ac.jpEquation10/12/2022verifiedHigh
37130.134.115.132Equation10/12/2022verifiedHigh
38130.237.234.3milko.stacken.kth.seEquation10/12/2022verifiedHigh
39130.237.234.17ns.stacken.kth.seEquation10/12/2022verifiedHigh
40130.237.234.51Equation10/12/2022verifiedHigh
41130.237.234.53ns53.stacken.kth.seEquation10/12/2022verifiedHigh
42130.237.234.151mount-kilimanjaro.stacken.kth.seEquation10/12/2022verifiedHigh
43131.188.3.200reserved.rrze.uni-erlangen.deEquation10/12/2022verifiedHigh
44132.248.10.2dns2.unam.mxEquation10/12/2022verifiedHigh
45132.248.204.1dns1.unam.mxEquation10/12/2022verifiedHigh
46132.248.253.1ve53.zc-dist.unam.mxEquation10/12/2022verifiedHigh
47133.3.5.2pfdsun.kuicr.kyoto-u.ac.jpEquation10/12/2022verifiedHigh
48133.3.5.20icrsun.kuicr.kyoto-u.ac.jpEquation10/12/2022verifiedHigh
49133.3.5.30Equation10/12/2022verifiedHigh
50133.3.5.33sms.uji.kyoto-u.ac.jpEquation10/12/2022verifiedHigh
51133.26.135.224Equation10/12/2022verifiedHigh
52133.31.106.46ci970000.ci.noda.sut.ac.jpEquation10/12/2022verifiedHigh
53133.41.145.11145-011.eduroam.hiroshima-u.ac.jpEquation10/12/2022verifiedHigh
54XXX.XXX.XXX.XXXxxxxxxx10/12/2022verifiedHigh
55XXX.XXX.XXX.XXXXxxxxxxx10/12/2022verifiedHigh
56XXX.XXX.XXX.XXXxxxxxxx10/12/2022verifiedHigh
57XXX.XXX.XX.XXxxxx.xxx.xx.xxXxxxxxxx10/12/2022verifiedHigh
58XXX.XXX.XX.XXXxxxxxxx10/12/2022verifiedHigh
59XXX.XX.XX.XXxxxxxxx10/12/2022verifiedHigh
60XXX.XXX.XX.XXxxxxxxx10/12/2022verifiedHigh
61XXX.XXX.XX.XXXxxxxxxx10/12/2022verifiedHigh
62XXX.XX.XXX.XXXxxxxxxx10/12/2022verifiedHigh
63XXX.XX.XXX.XXXx-xxxxxxx.xxx-xxxxxxx.xxXxxxxxxx10/12/2022verifiedHigh
64XXX.XX.XXX.XXXXxxxxxxx10/12/2022verifiedHigh
65XXX.XX.XXX.XXxxxxxxx10/12/2022verifiedHigh
66XXX.XX.XXX.XXXxxxxxxx10/12/2022verifiedHigh
67XXX.XXX.XXX.Xxxxxxx.xx.xxxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
68XXX.XXX.XXX.XXxxxx.xx.xxxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
69XXX.XXX.XXX.XXxxxxx.xx.xxxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
70XXX.XXX.XXX.XXxxxxxxx.xx.xxxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
71XXX.XXX.XXX.XXxxxxxxx.xx.xxxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
72XXX.XXX.XXX.XXXxx.xx.xxxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
73XXX.XXX.X.XXxx.xxxxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
74XXX.XXX.XX.XXXxxxxxxx10/12/2022verifiedHigh
75XXX.XXX.XXX.XXxxxxxxx10/12/2022verifiedHigh
76XXX.XX.XX.XXXxxxxxxx10/12/2022verifiedHigh
77XXX.XX.X.Xxxxxxx.xxx.xxxXxxxxxxx10/12/2022verifiedHigh
78XXX.XX.X.XXxxxxxxx.xxx.xxxXxxxxxxx10/12/2022verifiedHigh
79XXX.XX.X.XXxxxxxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
80XXX.XX.X.XXXXxxxxxxx10/12/2022verifiedHigh
81XXX.XXX.X.XXXxxxxxxxx-xxx-xxx-x-xxx.xxxxxx-xxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
82XXX.XX.XX.XXxxxxxxx12/16/2020verifiedHigh
83XXX.XXX.XX.XXxxxxx.xxxx.xx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
84XXX.XXX.XX.XXxxxxxx.xxxx.xx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
85XXX.XX.X.Xxxxxx.xxx-xx.xx.xxXxxxxxxx10/12/2022verifiedHigh
86XXX.XX.X.Xxx.xxx-xx.xx.xxXxxxxxxx10/12/2022verifiedHigh
87XXX.XX.X.Xxxx.xxx-xx.xx.xxXxxxxxxx10/12/2022verifiedHigh
88XXX.XX.X.XXxx.xxx-xx.xx.xxXxxxxxxx10/12/2022verifiedHigh
89XXX.XX.X.XXxx.xxx.xx.xxXxxxxxxx10/12/2022verifiedHigh
90XXX.XX.XX.XXxxxxx.xxx.xxx.xxxx.xxXxxxxxxx10/12/2022verifiedHigh
91XXX.XX.XX.XXXxxxxx.xxxx.xxXxxxxxxx10/12/2022verifiedHigh
92XXX.XXX.XXX.XXxxxxxxx10/12/2022verifiedHigh
93XXX.XXX.XXX.XXxxxxx.xxxxxxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
94XXX.XX.X.XXxxxx.xxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
95XXX.XX.XXX.XXXXxxxxxxx10/12/2022verifiedHigh
96XXX.XXX.XX.XXxxxxxxx10/12/2022verifiedHigh
97XXX.XX.XXX.Xxxxx.xxxxxxxxxxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
98XXX.XXX.XX.XXXxxxxxxx10/12/2022verifiedHigh
99XXX.XXX.X.XXxxxxxxx10/12/2022verifiedHigh
100XXX.XXX.X.XXxxxxxxx10/12/2022verifiedHigh
101XXX.XXX.XXX.XXxxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
102XXX.XXX.XXX.XXXXxxxxxxxXxxxx12/16/2020verifiedHigh
103XXX.XXX.XXX.XXXXxxxxxxxXxxxx12/16/2020verifiedHigh
104XXX.XX.XXX.XXXxxxxxxxxx.xxxxxxxxx.xxxXxxxxxxxXxxxx12/16/2020verifiedHigh
105XXX.XX.XXX.Xx.xxx.xx.xxx.xxxxxx.xxxx.xxxxxxxxxxx.xxxXxxxxxxx12/16/2020verifiedHigh
106XXX.XXX.XX.XXXXxxxxxxx12/16/2020verifiedHigh
107XXX.XXX.XXX.XXxxxxxxx10/12/2022verifiedHigh
108XXX.XXX.XXX.XXxxxxxxx10/12/2022verifiedHigh
109XXX.XXX.XXX.Xxxxx.xxxxxxx.xxXxxxxxxx10/12/2022verifiedHigh
110XXX.XXX.XXX.XXXxxxxxxx10/12/2022verifiedHigh
111XXX.XXX.XXX.XXxxxxxxxx.xxxxxx.xxXxxxxxxx10/12/2022verifiedHigh
112XXX.XXX.XXX.XXxx.xxxxxx.xxXxxxxxxx10/12/2022verifiedHigh
113XXX.XXX.XXX.XXxxxxxx.xxxxx.xxxxxx.xxXxxxxxxx10/12/2022verifiedHigh
114XXX.XXX.XX.Xxx.xxx.xxxxx.xxXxxxxxxx10/12/2022verifiedHigh
115XXX.XXX.XX.XXXxxxxxxx10/12/2022verifiedHigh
116XXX.XXX.XX.XXxxxxx.xxx.xxxxx.xxXxxxxxxx10/12/2022verifiedHigh
117XXX.XXX.XX.XXXXxxxxxxx10/12/2022verifiedHigh
118XXX.XXX.XX.XXXXxxxxxxx10/12/2022verifiedHigh
119XXX.XXX.XX.XXXXxxxxxxx10/12/2022verifiedHigh
120XXX.XXX.XXX.XXxxxxxxx10/12/2022verifiedHigh
121XXX.XXX.XX.XXXXxxxxxxx10/12/2022verifiedHigh
122XXX.X.XXX.XXxxxxxx.xxxxxx.xxXxxxxxxx10/12/2022verifiedHigh
123XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxx.xxxxxxx.xxxxxxx.xxXxxxxxxx10/12/2022verifiedHigh
124XXX.XXX.XX.XXXxxxxxxx10/12/2022verifiedHigh
125XXX.XXX.XX.XXXxxxxxxx10/12/2022verifiedHigh
126XXX.XXX.XX.XXxxxxxxx10/12/2022verifiedHigh
127XXX.XXX.XX.XXXxxxxxxx10/12/2022verifiedHigh
128XXX.XXX.XX.XXxxx.xxxxxxxx.xxXxxxxxxx10/12/2022verifiedHigh
129XXX.XXX.X.Xxxx.xxx.xx.xxXxxxxxxx10/12/2022verifiedHigh
130XXX.XX.X.XXxxx.xxxxxxx.xxXxxxxxxx10/12/2022verifiedHigh
131XXX.XX.XX.XXXxxxxxxx10/12/2022verifiedHigh
132XXX.XX.XX.XXXxxxxxxxxxx.xxxxxxx.xxxXxxxxxxx10/12/2022verifiedHigh
133XXX.XX.XX.XXXXxxxxxxx10/12/2022verifiedHigh
134XXX.XX.XX.XXXxxxxxxxxxx.xxxxxxx.xxxXxxxxxxx10/12/2022verifiedHigh
135XXX.XX.XX.XXXxxxxxxxxxx.xxxxxxx.xxxXxxxxxxx10/12/2022verifiedHigh
136XXX.XX.XX.XXXxxxxxxxxxx.xxxxxxx.xxxXxxxxxxx10/12/2022verifiedHigh
137XXX.XX.XX.XXxxxxxxx.xxxxxxxxx.xxxXxxxxxxx10/12/2022verifiedHigh
138XXX.XX.XX.XXXxxx.xxxxxxxx.xxxXxxxxxxx10/12/2022verifiedHigh
139XXX.XXX.XX.XXxxxxx.xxxxxxx.xxXxxxxxxx10/12/2022verifiedHigh
140XXX.XXX.XXX.XXXxxxxxxx10/12/2022verifiedHigh
141XXX.XXX.XX.XXxxxxxxx10/12/2022verifiedHigh
142XXX.XXX.XXX.XXxxxxxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
143XXX.XXX.XXX.XXxxxx-xxx-xxx-xxx-xx.xxxxxxxx.xxxxxxxxxxxxx.xxXxxxxxxx10/12/2022verifiedHigh
144XXX.XX.XX.XXXxxxxxxx10/12/2022verifiedHigh
145XXX.XX.XX.XXXxxxxxxx12/16/2020verifiedHigh
146XXX.XXX.X.XXxxx.xxxxxxxxxxxxxx.xxXxxxxxxx10/12/2022verifiedHigh
147XXX.XXX.XXX.XXXXxxxxxxx12/16/2020verifiedHigh
148XXX.XXX.XXX.XXXXxxxxxxx12/16/2020verifiedHigh
149XXX.XXX.XXX.XXXxxxx-xxx-xxx-xxx-xxx.xxxxxxx.xxxxxxxxxxx.xxxXxxxxxxx10/12/2022verifiedHigh
150XXX.XXX.X.Xxxx.xxxxxx.xxXxxxxxxx10/12/2022verifiedHigh
151XXX.XXX.X.Xxxxxxxx.xxxxxx.xxXxxxxxxx10/12/2022verifiedHigh
152XXX.XXX.XXX.XXXXxxxxxxx10/12/2022verifiedHigh
153XXX.XXX.XX.Xxxxx.xxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
154XXX.XX.XXX.XXxxxxxxx10/12/2022verifiedHigh
155XXX.XX.XX.XXXxxxx.xxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
156XXX.XX.XX.XXXxxxx.xxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
157XXX.XX.XXX.Xxxxx-xxx.xx.xxx.x.xxxxxxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
158XXX.XX.XXX.XXxxxx.xxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
159XXX.XXX.XXX.Xxxxxxxxxxxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
160XXX.XXX.XXX.Xxxxxxxxxxxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
161XXX.XX.XX.XXxxxxxxx10/12/2022verifiedHigh
162XXX.XX.XX.Xxx.xx.xx.xxXxxxxxxx10/12/2022verifiedHigh
163XXX.XX.XX.XXxxxxxxx10/12/2022verifiedHigh
164XXX.XX.XX.XXXxxxxxxx10/12/2022verifiedHigh
165XXX.XX.XX.XXxxx-xx-xx-xx.xxxxx-xx.xxxxx.xxxXxxxxxxx10/12/2022verifiedHigh
166XXX.XX.X.XXxxxx-xx.xxxx.xxxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
167XXX.XX.X.XXxxxx-xx.xxxx.xxxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
168XXX.XX.XX.XXxx-xx.xxxxxxxxx.xxxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
169XXX.XX.XX.XXXxxxxxxx12/16/2020verifiedHigh
170XXX.XXX.XXX.XXXxxxxxxxxxxxxx.xxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
171XXX.XXX.XXX.XXXxxxxx.xxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
172XXX.XXX.XXX.XXXxxxxxxx10/12/2022verifiedHigh
173XXX.XXX.XXX.XXXXxxxxxxx10/12/2022verifiedHigh
174XXX.XXX.XXX.XXxxx.xxxxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
175XXX.XXX.XXX.XXxxxxx.xxxxxxxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
176XXX.XXX.XXX.XXXxxxxxxx10/12/2022verifiedHigh
177XXX.XXX.XXX.XXXXxxxxxxx10/12/2022verifiedHigh
178XXX.XXX.XXX.Xxxxxxx.xxx-xxxxxx.xxxx.xxxxx.xxXxxxxxxx10/12/2022verifiedHigh
179XXX.XX.XX.XXXXxxxxxxx10/12/2022verifiedHigh
180XXX.XX.XX.XXxxxxxxx10/12/2022verifiedHigh
181XXX.XX.XXX.XXXxxxxxxx10/12/2022verifiedHigh
182XXX.XX.XXX.XXXxxxxxxx10/12/2022verifiedHigh
183XXX.XXX.X.XXXXxxxxxxx10/12/2022verifiedHigh
184XXX.XXX.XX.XXXxxxxxxx10/12/2022verifiedHigh
185XXX.XXX.XX.XXxxxxx.xxxxxxx.xxxXxxxxxxx10/12/2022verifiedHigh
186XXX.XXX.XX.XXXXxxxxxxx10/12/2022verifiedHigh
187XXX.XXX.XXX.XXxxxxxx.xxxxx.xxxXxxxxxxx12/16/2020verifiedHigh
188XXX.XXX.XXX.XXxxxxxx.xxxxx.xxxXxxxxxxx12/16/2020verifiedHigh
189XXX.XXX.X.XXxxxxxx-xxxxx.xxx.xxx.xxx.xx.xxXxxxxxxx10/12/2022verifiedHigh
190XXX.XXX.X.XXXxxxxxxx10/12/2022verifiedHigh
191XXX.XXX.X.XXXxxxxxxx10/12/2022verifiedHigh
192XXX.XXX.X.XXxxxxx-xxxxx.xxx.xxx.xxx.xx.xxXxxxxxxx10/12/2022verifiedHigh
193XXX.XXX.X.XXxxxxxxxxx-xxxxx.xxx.xxx.xxx.xx.xxXxxxxxxx10/12/2022verifiedHigh
194XXX.XXX.X.XXXXxxxxxxx10/12/2022verifiedHigh
195XXX.XXX.X.XXXxxxxxx-xxxxx.xxx.xxx.xxx.xx.xxXxxxxxxx10/12/2022verifiedHigh
196XXX.XXX.X.XXXxxxxxxxx-xxxxx.xxx.xxx.xxx.xx.xxXxxxxxxx10/12/2022verifiedHigh
197XXX.XXX.XX.XXXxxxxxxx10/12/2022verifiedHigh
198XXX.XXX.XXX.Xxxx.xxxxxx.xxxXxxxxxxx10/12/2022verifiedHigh
199XXX.XXX.XXX.Xxxxx.xxxxxx.xxxXxxxxxxx10/12/2022verifiedHigh
200XXX.XXX.XXX.XXxxxx.xxxxxx.xxxXxxxxxxx10/12/2022verifiedHigh
201XXX.XXX.XXX.XXxxx.xxx.xx.xxXxxxxxxx10/12/2022verifiedHigh
202XXX.XXX.XXX.Xxxxx.xxxxxxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
203XXX.XXX.XXX.XXxxxxxxx10/12/2022verifiedHigh
204XXX.XXX.XX.XXxxxxxxx10/12/2022verifiedHigh
205XXX.XXX.XX.XXxxxxxxx10/12/2022verifiedHigh
206XXX.XXX.XXX.XXxxxxxxx10/12/2022verifiedHigh
207XXX.XXX.XXX.XXxxxxxxx10/12/2022verifiedHigh
208XXX.XXX.XXX.XXxxxxxxx10/12/2022verifiedHigh
209XXX.XXX.XXX.Xxxxxxx.xxxx.xxxXxxxxxxx10/12/2022verifiedHigh
210XXX.XXX.XX.XXxx.xxxx.xx.xxXxxxxxxx10/12/2022verifiedHigh
211XXX.XXX.XX.XXXxxxxxxx10/12/2022verifiedHigh
212XXX.XXX.XX.XXxxxxxxx10/12/2022verifiedHigh
213XXX.XXX.XX.XXxxxxxxx10/12/2022verifiedHigh
214XXX.XXX.XX.Xxx.xxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
215XXX.XXX.XX.XXxxxxxxxx.xxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
216XXX.XXX.XX.XXxxxxxxxxxxxx.xxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
217XXX.XX.XX.XXxxxxxxx10/12/2022verifiedHigh
218XXX.XX.XXX.XXxxxxxxx10/12/2022verifiedHigh
219XXX.XX.XX.XXXXxxxxxxx12/16/2020verifiedHigh
220XXX.XX.XXX.XXXxxxxxxx10/12/2022verifiedHigh
221XXX.XXX.XXX.XXXxxxxxxx10/12/2022verifiedHigh
222XXX.XXX.XXX.XXxxxxxx.xxxxxx.xx.xxXxxxxxxx10/12/2022verifiedHigh
223XXX.XXX.XXX.XXxx.xxx.xxxxx.xx.xxXxxxxxxx10/12/2022verifiedHigh
224XXX.XXX.XXX.XXxxxxxxx.xxxxxx.xx.xxXxxxxxxx10/12/2022verifiedHigh
225XXX.XXX.XXX.XXxxxxx.xxxxxx.xx.xxXxxxxxxx10/12/2022verifiedHigh
226XXX.XXX.XXX.XXxxx.xxxxxx.xx.xxXxxxxxxx10/12/2022verifiedHigh
227XXX.XXX.XXX.XXxxxx.xxxxxx.xx.xxXxxxxxxx10/12/2022verifiedHigh
228XXX.XXX.XX.XXXxxxxxxx10/12/2022verifiedHigh
229XXX.XXX.XXX.XXxxxxxxx10/12/2022verifiedHigh
230XXX.XXX.XXX.XXXxxxxxxx10/12/2022verifiedHigh
231XXX.XXX.XX.Xxxxx.xxx.xx.xxXxxxxxxx10/12/2022verifiedHigh
232XXX.XXX.XX.Xxxxx.xxx.xx.xxXxxxxxxx10/12/2022verifiedHigh
233XXX.XXX.XX.XXXxxxxxxx10/12/2022verifiedHigh
234XXX.XXX.X.XXXxxxxxxx10/12/2022verifiedHigh
235XXX.XXX.XX.XXxxxxxx.xxx-xxx.xxXxxxxxxx10/12/2022verifiedHigh
236XXX.XXX.XX.XXxxxxxxx10/12/2022verifiedHigh
237XXX.XXX.XXX.XXxxxxxx.x-xx.xxXxxxxxxx10/12/2022verifiedHigh
238XXX.XXX.X.XXxxx.xxxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
239XXX.XX.XXX.XXXxxxxx.xx.xxXxxxxxxx10/12/2022verifiedHigh
240XXX.XX.XXX.XXxxxxxxx10/12/2022verifiedHigh
241XXX.XX.XXX.XXXxxxxxxx10/12/2022verifiedHigh
242XXX.XXX.XX.XXXxxx.xxxxxxx.xx.xxXxxxxxxx10/12/2022verifiedHigh
243XXX.XXX.XX.XXXxxxx.xxxxxxx.xx.xxXxxxxxxx10/12/2022verifiedHigh
244XXX.XX.XXX.XXXxxxxxxx10/12/2022verifiedHigh
245XXX.XX.XX.XXXXxxxxxxx10/12/2022verifiedHigh
246XXX.XX.XXX.XXxxxxxxx10/12/2022verifiedHigh
247XXX.XX.XX.XXXxxxxx.xxxxxx.xx.xxXxxxxxxx10/12/2022verifiedHigh
248XXX.XX.XX.XXXxxxxxx.xxxxxxxx.xxXxxxxxxx12/16/2020verifiedHigh
249XXX.XX.XX.XXXXxxxxxxx10/12/2022verifiedHigh
250XXX.XXX.XX.XXxxxxxxx10/12/2022verifiedHigh
251XXX.XXX.X.XXxx-xxx-xxx-x-xx.xxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
252XXX.XXX.X.XXxx-xxx-xxx-x-xx.xxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
253XXX.XX.XX.XXxxxxxxx-xx.xx.xxx.xx.xxxx.xxxXxxxxxxx10/12/2022verifiedHigh
254XXX.XX.XX.XXxxxxxxxxx-xxxxx.xx.xxxx.xxxXxxxxxxx10/12/2022verifiedHigh
255XXX.XX.XX.XXxxxxxxxxx-xxxxxx.xx.xxxx.xxxXxxxxxxx10/12/2022verifiedHigh
256XXX.XX.XX.XXxxxxxxxxx-xxxxxx.xx.xxxx.xxxXxxxxxxx10/12/2022verifiedHigh
257XXX.XX.XX.XXxxxxxxxxx-xxxxxx.xx.xxxx.xxxXxxxxxxx10/12/2022verifiedHigh
258XXX.XXX.XX.XXXxxxxxxx10/12/2022verifiedHigh
259XXX.XXX.XXX.XXxxxxxxx10/12/2022verifiedHigh
260XXX.XXX.XXX.XXxxxx.xxxxxx.xxx.xxXxxxxxxx10/12/2022verifiedHigh
261XXX.XX.XX.XXXXxxxxxxx10/12/2022verifiedHigh
262XXX.X.XXX.XXXxxxxxxx10/12/2022verifiedHigh
263XXX.XX.XX.XXXxxxxxxx10/12/2022verifiedHigh
264XXX.XX.XX.XXXXxxxxxxx10/12/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-20CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (76)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/.envpredictiveLow
3File/auxpredictiveLow
4File/cgi-bin/kerbynetpredictiveHigh
5File/cgi-bin/system_mgr.cgipredictiveHigh
6File/cgi-bin/upload_vpntarpredictiveHigh
7File/edit-db.phppredictiveMedium
8File/EXCU_SHELLpredictiveMedium
9File/goform/WifiGuestSetpredictiveHigh
10File/xxxxx/xxxxxxxxxxxxxpredictiveHigh
11File/xxxxxxxx/xxxxxxx.xxx.xxxpredictiveHigh
12File/xxxxxxx/xxxxx.xxxpredictiveHigh
13File/xxxxxxx/predictiveMedium
14Filexxxx_xxxxxx_xxxx_xxxxxxx.xxpredictiveHigh
15Filexxxxx/xxxx.xxx?xxxxxx=xxxx_xxx_xxxpredictiveHigh
16Filexxxxxxxxxxx/xxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxx_xxxx_xx.xxpredictiveHigh
19Filexxxxxxx.xxpredictiveMedium
20Filexxxxxx.xpredictiveMedium
21Filexxxxx_xxxxxxxxx.xxxpredictiveHigh
22Filexxxxxx/xxx.xpredictiveMedium
23Filexxxxxxxxxxxxxxxxxxxxxxx.xpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
26Filexxxxxxx.xxxpredictiveMedium
27Filexxxxxxx/xxxxx/xxxxx.xpredictiveHigh
28Filexxxxxxx/xxxx/xxxxxx/xx.xpredictiveHigh
29Filexxxxxxxx/xxpredictiveMedium
30Filexxxxxx.xxxpredictiveMedium
31Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
32Filexxxxxxxx/xxxx/xxxx.xxpredictiveHigh
33Filexxxxx/predictiveLow
34Filexx/xxxx.xxxpredictiveMedium
35Filexxxxxxx.xxxx_xxxpredictiveHigh
36Filexxxx-xxx/xxxxxxxx.xxxpredictiveHigh
37Filexxxxxx.xxpredictiveMedium
38Filexxx_xx.xxpredictiveMedium
39Filexxx.xxxxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
40Filexxxxx_xxxxxpredictiveMedium
41Filexxxxxxx.xpredictiveMedium
42Filexxxxxx.xxxpredictiveMedium
43Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveHigh
44Filexx-xxxxx.xxxpredictiveMedium
45Library/xxx/xxx/xxx/xxx_xxxxxxxxxx/xxx_xxxx.xxxpredictiveHigh
46Libraryxxxxxx.xxxpredictiveMedium
47Libraryxxx.xxxpredictiveLow
48Libraryxxx/xxxxx/xxxx.xpredictiveHigh
49LibraryxxxxpredictiveLow
50ArgumentxxpredictiveLow
51Argumentxxx[]predictiveLow
52ArgumentxxxxxxxxxpredictiveMedium
53ArgumentxxxxxxxxxpredictiveMedium
54ArgumentxxxxxxpredictiveLow
55ArgumentxxxxpredictiveLow
56ArgumentxxxxpredictiveLow
57ArgumentxxxxxxxxxxpredictiveMedium
58ArgumentxxxxxxxpredictiveLow
59ArgumentxxxxxxxxpredictiveMedium
60ArgumentxxxxxxxxpredictiveMedium
61ArgumentxxxxxxxxxxpredictiveMedium
62ArgumentxxxpredictiveLow
63ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
64ArgumentxxxxxxxxpredictiveMedium
65Argumentxxxxxxxx/xxxxpredictiveHigh
66Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
67Input Value%xxpredictiveLow
68Input ValuexxxxxxxpredictiveLow
69Input ValuexxxxxxpredictiveLow
70Input Value\xpredictiveLow
71Patternxxxxx.xxxpredictiveMedium
72Network PortxxxxxpredictiveLow
73Network Portxxxxx xxx-xxx, xxxpredictiveHigh
74Network Portxxx/xxxxpredictiveMedium
75Network Portxxx/xxxxxpredictiveMedium
76Network PortxxxpredictiveLow

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!