Eternity Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (310)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en238
ru26
ja10
de6
ko6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ru92
us28
cn24
es2
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Lilith3
RedLine Stealer3
Sliver2
FIN71
CredStealer1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined144
WordPress Plugin22
Operating System20
Content Management System18
Programming Language Software10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined102
Google12
Apple10
SourceCodester8
Apache8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apple macOS6
Linux Kernel6
Google Chrome6
Perl4
Grafana4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.72CVE-2010-0966
2MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.66CVE-2007-0354
3Atlassian Bitbucket Server and Data Center Environment Variable command injection7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.521360.02CVE-2022-43781
4Atlassian Bitbucket Data Center/Bitbucket Server Privilege Escalation8.38.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000970.05CVE-2023-22513
5Dahua DHI-HCVR7216A-S3 SmartPSS Auto Login Hash access control6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.003310.04CVE-2017-6342
6Cyr to Lat Plugin sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000500.03CVE-2022-4290
7nophp index.php os command injection7.47.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000990.03CVE-2023-28854
8SourceCodester Simple Task Allocation System manage_user.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001320.04CVE-2023-1791
9SourceCodester Young Entrepreneur E-Negosyo System login.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.001520.04CVE-2023-1737
10Lighthouse Development Squirrelcart cart_content.php file inclusion6.55.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.027310.00CVE-2006-2483
11Jelsoft impex ImpExData.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.043170.04CVE-2006-1382
12phpBG forum.php input validation7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.222280.04CVE-2007-4636
13Linux Foundation Xen EFLAGS Register SYSENTER input validation6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000620.02CVE-2013-1917
14PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.05CVE-2015-4134
15HPE Onboard Administrator Reflected cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000500.02CVE-2020-7132
16xwikisas macro-pdfviewer PDF Viewer Macro information disclosure6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-30263
17Moises Heberle WooCommerce Bookings Calendar Plugin cross site scripting5.04.9$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-31117
18Foxit PDF Reader AcroForm use after free6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.03CVE-2024-30354
19Tenda AC10 SetStaticRouteCfg fromSetRouteStatic stack-based overflow8.88.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.85CVE-2024-2581
20MediaTek MT8798 Lk memory corruption6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.02CVE-2024-20022

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • LilithBot

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.9.148.203EternityLilithBot10/09/2022verifiedHigh
2XX.XX.XXX.XXXxxxxxxxXxxxxxxxx10/09/2022verifiedHigh
3XX.XXX.XX.XXXXxxxxxxxXxxxxxxxx10/09/2022verifiedHigh
4XXX.X.XX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxxxxXxxxxxxxx10/09/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-425Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
18TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-20CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
20TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
21TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (173)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin.php/admin/art/data.htmlpredictiveHigh
2File/ajax.php?action=read_msgpredictiveHigh
3File/debug/pprofpredictiveMedium
4File/desktop_app/file.ajax.php?action=uploadfilepredictiveHigh
5File/envpredictiveLow
6File/forum/away.phppredictiveHigh
7File/goform/SetNetControlListpredictiveHigh
8File/goform/SetStaticRouteCfgpredictiveHigh
9File/librarian/bookdetails.phppredictiveHigh
10File/ptipupgrade.cgipredictiveHigh
11File/secure/admin/InsightDefaultCustomFieldConfig.jspapredictiveHigh
12File/src/chatbotapp/chatWindow.javapredictiveHigh
13File/staff/bookdetails.phppredictiveHigh
14Fileabout.phppredictiveMedium
15Fileadmin.color.phppredictiveHigh
16Fileadmin/addons/archive/archive.phppredictiveHigh
17Fileadmin/categories_industry.phppredictiveHigh
18Fileadmin/class-woo-popup-admin.phppredictiveHigh
19Fileadmin/content/postcategorypredictiveHigh
20Fileadmincp/auth/secure.phppredictiveHigh
21Filexxxxxxxxxxxx/xxxxx/xxxx/predictiveHigh
22Filexxxxxxxxx.xxxpredictiveHigh
23Filexxxxx.xxxpredictiveMedium
24Filexxx_xx_xxx_xxx.xxxpredictiveHigh
25Filexxxxxxx/xxxx.xxxpredictiveHigh
26Filexxxxxxxx.xxxpredictiveMedium
27Filexxxxxxxx.xxxxxxx.xxxpredictiveHigh
28Filexxxx_xxxxxxxx.xxxpredictiveHigh
29Filexxx.xpredictiveLow
30Filexxxxx.xxxpredictiveMedium
31Filexxxx_xxxxxxx.xxxpredictiveHigh
32Filexxxxxxxx.xxxpredictiveMedium
33FilexxxpredictiveLow
34Filexxx/xxxxxxxx/xxxx/xxxxxxxx.xxpredictiveHigh
35Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
36Filexxxxxxxxx/xx_xxxxx.xxxxx.xxxpredictiveHigh
37Filexxxxxx.xxxpredictiveMedium
38Filexxxxxxx/xxx/xxx-xx.xpredictiveHigh
39Filexxx_xxxx.xpredictiveMedium
40Filexxxxx.xxxpredictiveMedium
41Filexxx/xxxxx.xxxxxpredictiveHigh
42Filexxxx/xxxxxxxx/xxx&xx=xxxxxxxpredictiveHigh
43Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
44Filexxxx.xxxpredictiveMedium
45Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
46Filexxxxxx.xxxpredictiveMedium
47Filexxxxxxxxx.xxxpredictiveHigh
48Filexxx/xxxxxx.xxxpredictiveHigh
49Filexxxxxxx/xxxxx.xxx.xxxpredictiveHigh
50Filexxxxxxx/xxxxxx.xxxpredictiveHigh
51Filexxxxxxxx/xxxx.xxxpredictiveHigh
52Filexxxxxxxx/xxx/xxx_xx_xxxxxxx.xxxpredictiveHigh
53Filexxxxx.xxxxpredictiveMedium
54Filexxxxx.xxxpredictiveMedium
55Filexxxxxx/xxxxxx/xxxxx.xxxpredictiveHigh
56Filexx_xxxxx.xpredictiveMedium
57Filexxxxx_xxxxx.xpredictiveHigh
58Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
59Filexxxxxxxx.xxx.xxxpredictiveHigh
60Filexxxxxxxx/xxxx_xxxxxxx/xxxx_xxxx_xxxxx.xxxpredictiveHigh
61Filexxxx.xxxpredictiveMedium
62Filexxxxx.xxxpredictiveMedium
63Filexxxxx.xxxpredictiveMedium
64Filexxxxxx_xxxx.xxxpredictiveHigh
65Filexxxxxx.xxxpredictiveMedium
66Filexxxxxxxx.xxxpredictiveMedium
67Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictiveHigh
68Filexxx/xxxxxxxxx/xx_xxx_xxxxxx.xpredictiveHigh
69Filexxxx_xxxxxx.xxxpredictiveHigh
70Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
71Filexxxxxxxxxxx-xxxx.xxpredictiveHigh
72Filexxxxxxxxx.xxx.xxxpredictiveHigh
73Filexxxxxxxxx/xxxxx.xxxxxpredictiveHigh
74Filexxxxxxxxxxxxxx.xxxpredictiveHigh
75Filexxxxx/xxxxx.xxxxxpredictiveHigh
76Filexxxxxxx.xpredictiveMedium
77Filexxxxxxxx.xxxpredictiveMedium
78Filexxxxxxxxxxxxx.xxxpredictiveHigh
79Filexx_xxxx.xxpredictiveMedium
80Filexxxxxx-xxxxxx.xxxpredictiveHigh
81Filexxxxxx_xxx_xxxxxx.xxxpredictiveHigh
82Filexxxx_xxxxxxxxx.xxxpredictiveHigh
83Filexxxxxxxxxxxx.xxxpredictiveHigh
84Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
85Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
86Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
87Filexxx.xpredictiveLow
88FilexxxxxxxxxxxxxxxxpredictiveHigh
89Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
90Filexxxxxxxxx-xx-xxxxxxxx.xxxpredictiveHigh
91Filexxxxxxxxxx.xxxpredictiveHigh
92Filexxx-xxxxxxx-xxx.xxpredictiveHigh
93Filexxxx-xxxxx.xxxpredictiveHigh
94Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
95Filexxxxxxx.xpredictiveMedium
96Filexxxxxxxxx.xxxpredictiveHigh
97Filexxx.xxxpredictiveLow
98Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
99Filexx-xxxxxxxxx.xxxpredictiveHigh
100File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictiveHigh
101Library/xxx/xxx/xxx/x.x/xxxx/xxxxxxxxxx/xxx.xxxpredictiveHigh
102Libraryxx.xxxxxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveHigh
103Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxxx.xxxpredictiveHigh
104Libraryxxxxxxx.xxxpredictiveMedium
105Libraryxxxxx.xxxpredictiveMedium
106Libraryxxxxxxxxxxxxx.xxx)predictiveHigh
107ArgumentxxxxxxpredictiveLow
108ArgumentxxxxxxxxxxxpredictiveMedium
109ArgumentxxxpredictiveLow
110Argumentxxxxxxx_xxxxpredictiveMedium
111Argumentxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
112ArgumentxxxxxxpredictiveLow
113ArgumentxxxxxxxxpredictiveMedium
114ArgumentxxxxxxpredictiveLow
115Argumentx:\xxxxxxx\xpredictiveMedium
116Argumentxxxxx_xxxxpredictiveMedium
117Argumentxxxx_xxx_xxxxpredictiveHigh
118Argumentxxx_xxpredictiveLow
119ArgumentxxxxxxxxxxpredictiveMedium
120ArgumentxxxpredictiveLow
121Argumentxxxxx_xxpredictiveMedium
122ArgumentxxxxxxxxpredictiveMedium
123ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
124Argumentxxx_xxxpredictiveLow
125Argumentxxxxx_xxxx_xxxxpredictiveHigh
126ArgumentxxxxpredictiveLow
127ArgumentxxxxpredictiveLow
128Argumentxxxx_xxxxxpredictiveMedium
129ArgumentxxxxxxxxpredictiveMedium
130Argumentxxxxxx_xxxpredictiveMedium
131ArgumentxxxxpredictiveLow
132ArgumentxxpredictiveLow
133ArgumentxxxxxxxxxpredictiveMedium
134Argumentxxx_xxxpredictiveLow
135ArgumentxxxxxxxpredictiveLow
136ArgumentxxxxxxpredictiveLow
137Argumentxxxxx_xxxpredictiveMedium
138ArgumentxxxxxxxxpredictiveMedium
139ArgumentxxxxpredictiveLow
140ArgumentxxxxpredictiveLow
141Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
142Argumentxxxxxxxxx_xxxx_xxxxpredictiveHigh
143ArgumentxxxxxpredictiveLow
144ArgumentxxpredictiveLow
145Argumentxxxxxx xxxxxxpredictiveHigh
146Argumentxxxx_xxpredictiveLow
147ArgumentxxxxpredictiveLow
148ArgumentxxxxxxxxxpredictiveMedium
149Argumentxxxxx_xxxx_xxxxpredictiveHigh
150Argumentxxxxx_xxxxxxx_xxxxpredictiveHigh
151ArgumentxxxpredictiveLow
152ArgumentxxxxxxxxxpredictiveMedium
153ArgumentxxxxxxxpredictiveLow
154Argumentxxx_xxxxpredictiveMedium
155Argumentx_xxxxpredictiveLow
156ArgumentxxxxxxxpredictiveLow
157Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
158Argumentxxxxxx/xxxxxpredictiveMedium
159ArgumentxxxpredictiveLow
160ArgumentxxxxxpredictiveLow
161Argumentxxx_xxxxxxxxxxxxpredictiveHigh
162ArgumentxxxxxxxxxxpredictiveMedium
163Argumentxx_xxpredictiveLow
164ArgumentxxxxxxxxxxxpredictiveMedium
165ArgumentxxpredictiveLow
166ArgumentxxxpredictiveLow
167ArgumentxxxxxxpredictiveLow
168ArgumentxxxxxxxxpredictiveMedium
169Argumentx_xxxxxxxxpredictiveMedium
170Argumentx-xxxxxxxxx-xxxxpredictiveHigh
171Argument\xxx\predictiveLow
172Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh
173Input Value//xxx//xxxxxxx.xxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!