Esfury Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (109)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en98
de8
ru2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us30
de8
ru2
ca2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Chthonic2
Expiro1
Liberty Front Press1
Esfury1
Razy1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined46
Content Management System8
Programming Language Software6
Web Server4
Smartphone Operating System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined28
SourceCodester26
gps-server.net2
Microsoft2
Muhammad A. Muquit2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

SourceCodester Lost and Found Information System4
SourceCodester Online Exam System4
TikiWiki4
WordPress4
SourceCodester File Tracker Manager System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010759.76CVE-2006-6168
2Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.04CVE-2011-0643
3SourceCodester Online Exam System GET Parameter updateCourse.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.00CVE-2023-2642
4SourceCodester Online Internship Management System POST Parameter login.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.04CVE-2023-2641
5OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment memory leak6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.09CVE-2023-2618
6OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment null pointer dereference5.65.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.09CVE-2023-2617
7SourceCodester Online Reviewer System GET Parameter user-update.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.04CVE-2023-2596
8SourceCodester Billing Management System POST Parameter ajax_service.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.04CVE-2023-2595
9SourceCodester Food Ordering Management System Registration sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.04CVE-2023-2594
10SourceCodester Multi Language Hotel Management Software POST Parameter ajax.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000620.04CVE-2023-2565
11jja8 NewBingGoGo cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.08CVE-2023-2560
12External Media without Import Plugin external-media-without-import.php print_media_new_panel cross site scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.08CVE-2017-20183
13SourceCodester Online Tours & Travels Management System disapprove_delete.php exec sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.04CVE-2023-2619
14PHP-Login POST Parameter class.loginscript.php checkLogin sql injection8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000590.09CVE-2016-15031
15PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.72CVE-2007-0529
16TikiWiki tiki-index.php path traversal7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.014140.54CVE-2007-5684
17AWStats Config awstats.pl cross site scripting4.34.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005870.18CVE-2006-3681
18vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002380.04CVE-2007-6138
19LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.94
20Suricata Rule path traversal6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.04CVE-2023-35852

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.79.71.205Esfury04/28/2022verifiedHigh
25.79.71.225Esfury04/28/2022verifiedHigh
335.229.93.4646.93.229.35.bc.googleusercontent.comEsfury04/28/2022verifiedMedium
4XX.XXX.XXX.Xx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxx04/28/2022verifiedMedium
5XX.XX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxx04/28/2022verifiedHigh
6XX.XXX.XX.XXxxxxx.xxXxxxxx04/28/2022verifiedHigh
7XX.XXX.XX.XXxxxxx.xxXxxxxx04/28/2022verifiedHigh
8XX.XXX.XX.XXxxxxx.xxXxxxxx04/28/2022verifiedHigh
9XXX.XX.XX.XXXXxxxxx04/28/2022verifiedHigh
10XXX.XX.XX.XXXXxxxxx04/28/2022verifiedHigh
11XXX.XXX.XXX.XXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxx04/28/2022verifiedHigh
12XXX.XXX.XX.XXXxxxx-x.xxxxxxxxxxxxXxxxxx04/28/2022verifiedHigh
13XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxxx04/28/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4T1068CAPEC-122CWE-264, CWE-269Execution with Unnecessary PrivilegespredictiveHigh
5TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
13TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (111)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/budget/manage_budget.phppredictiveHigh
2File/admin/edit_subject.phppredictiveHigh
3File/admin/save_teacher.phppredictiveHigh
4File/admin/service.phppredictiveHigh
5File/building/backmgr/urlpage/mobileurl/configfile/jx2_config.inipredictiveHigh
6File/cas/logoutpredictiveMedium
7File/changeimage.phppredictiveHigh
8File/dosen/datapredictiveMedium
9File/forum/away.phppredictiveHigh
10File/jurusan/datapredictiveHigh
11File/kelas/datapredictiveMedium
12File/kelasdosen/datapredictiveHigh
13File/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05predictiveHigh
14File/mahasiswa/datapredictiveHigh
15File/xxxxx/xxxxxxx/xxxx/xxxxx.xxxpredictiveHigh
16File/xxxxxxxxx/xxxxxx.xxxpredictiveHigh
17File/xxxxxxxx/xxxxxx/xxxxxx/xxxxxx/xxxxxx/xxxxx/xxxx-xxxxxx.xxxpredictiveHigh
18File/xxxx_xxxxx.xxx?xxxxxxxxx=xxxxxxxpredictiveHigh
19File/xxxxxxxx-xxxx/xxx_xx/xxxxxx.xxxxpredictiveHigh
20File/xxxxxxx/predictiveMedium
21File/xx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveHigh
22Filexxxxx/predictiveLow
23Filexxxxx/?xxxx=xxxxxxxxxx/xxxxxx_xxxxxxxxpredictiveHigh
24Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
25Filexxxxx/xxxxx.xxxpredictiveHigh
26Filexxxxx/xxxxxxxx_xxxxx_xxxx.xxxpredictiveHigh
27Filexxxxxxxxxx/xxxxx/xxxxxxx_xxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
28Filexxxxx_xxx.xxx?xxxxxx=xxxpredictiveHigh
29Filexxxx.xxxpredictiveMedium
30Filexxxx_xxxxxxx.xxxpredictiveHigh
31Filexxxxxxx.xxpredictiveMedium
32Filex:\xxxxxxx xxxxx (xxx)\xxxxxxxx\xxx\xxxxxx.xxxpredictiveHigh
33Filexxx.xpredictiveLow
34Filexxxxxxx/xxxxxx.xxx?x=xxxx_xxxxxxxpredictiveHigh
35Filexxxxx.xxxpredictiveMedium
36Filexxxxxxxx.xxxpredictiveMedium
37Filexxxxxxxxxx_xxxxxx.xxxpredictiveHigh
38Filexxxxxxxx.xxxpredictiveMedium
39Filexxxxxxxxxxxxx.xxxpredictiveHigh
40Filexxxxxxxx-xxxxx-xxxxxxx-xxxxxx.xxxpredictiveHigh
41Filexxxxxxxxxxx.xxxpredictiveHigh
42Filexxxxxxxxxxxx.xxxpredictiveHigh
43Filexx_xxxxxxx.xxxpredictiveHigh
44Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
45Filexxxxxxxxxx.xxxxx.xxxpredictiveHigh
46Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
47Filexxxxx.xxxxpredictiveMedium
48Filexxxxx/xxxx.xxxpredictiveHigh
49Filexxxxx/xxxxxxx/xxxxx.xxxxxxxxxxx.xxxpredictiveHigh
50Filexxxxxx_xxxxxxx.xxxpredictiveHigh
51Filexxxx.xxxxxxxxxx.xxxpredictiveHigh
52Filexxxxxx.xpredictiveMedium
53Filexxxxx-xxxx.xxxpredictiveHigh
54Filexxxxxx/xxxxxxx/xxxxxxx_xxx_xxxxxx_xxxxxx.xxxpredictiveHigh
55Filexxxxx.xxxpredictiveMedium
56Filexxxxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveHigh
57Filexxxx/xxx/xxx_xxxx.xpredictiveHigh
58Filexxxxxxx_xxxxxxxxxxxxx.xxxpredictiveHigh
59Filexxxx_xxxx.xxxpredictiveHigh
60Filexxxxxxxx.xxxpredictiveMedium
61Filexxxx-xxxxx.xxxpredictiveHigh
62Filexxxx-xxxxxxxx.xxxpredictiveHigh
63Filexxxxx/xxxx_xxxx.xxxpredictiveHigh
64Filexxxx_xxxxxx.xxxpredictiveHigh
65Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx-xxxxx.xxxpredictiveHigh
66Filexxxxxxx.xxxxpredictiveMedium
67Argument$_xxxxxx['xxxxx_xxxxxx']predictiveHigh
68Argumentxxxxxxxx_xxxxpredictiveHigh
69ArgumentxxxxxxpredictiveLow
70ArgumentxxxxxxxxpredictiveMedium
71ArgumentxxxxxxxxxxpredictiveMedium
72Argumentxx_xxpredictiveLow
73Argumentxxxxxx_xxpredictiveMedium
74Argumentxxxx_xxpredictiveLow
75Argumentxxxxxxx[x][xxxx]predictiveHigh
76Argumentxxxxxxxxx_xxxxpredictiveHigh
77ArgumentxxxxxxpredictiveLow
78Argumentxxxx_xxxxxxxxpredictiveHigh
79ArgumentxxxxxpredictiveLow
80ArgumentxxxxxxxxpredictiveMedium
81ArgumentxxxxxxpredictiveLow
82Argumentxxxxxxxx/xxxxxxx/xxxxxxxpredictiveHigh
83ArgumentxxpredictiveLow
84Argumentxxx_xxxxxxxxpredictiveMedium
85ArgumentxxxxxpredictiveLow
86ArgumentxxxxxxxpredictiveLow
87ArgumentxxxxpredictiveLow
88ArgumentxxxxxxxxxxpredictiveMedium
89ArgumentxxxxpredictiveLow
90ArgumentxxxxxxpredictiveLow
91Argumentxxx_xxxxxxxxpredictiveMedium
92ArgumentxxxxpredictiveLow
93ArgumentxxxxxxxxpredictiveMedium
94ArgumentxxxxxxxpredictiveLow
95ArgumentxxxxxxxpredictiveLow
96Argumentxxxx/xxxxpredictiveMedium
97ArgumentxxxxxxpredictiveLow
98ArgumentxxxpredictiveLow
99Argumentxxx/xxxxx/xxxxx/xxxxxx/xxxx-xxxxpredictiveHigh
100ArgumentxxxxxxxxpredictiveMedium
101Argumentxxxxxxxx-xxxx-xxpredictiveHigh
102Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
103ArgumentxxxxxxxxpredictiveMedium
104Argumentxxxx_xxpredictiveLow
105Input Value-xpredictiveLow
106Input ValuexxxxxxpredictiveLow
107Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveHigh
108Input ValuexxxxxpredictiveLow
109Input ValuexxxxxxpredictiveLow
110Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh
111Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!