FAKE UPDATER Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (319)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en274
de22
es6
pl6
fr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us268
ru6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

FAKE UPDATER2
Quasar RAT2
TrickBot1
Mikey1
NjRAT1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined56
Content Management System14
Operating System10
Forum Software8
Web Browser6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined52
Apple6
Google6
Microsoft6
IBM6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
DESlock4
Google Android4
DZCP deV!L`z Clanportal4
Apple Safari4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.55CVE-2010-0966
3Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009361.98CVE-2020-15906
4TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010758.28CVE-2006-6168
5MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.48CVE-2007-0354
6DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.33CVE-2007-1167
7FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.002030.07CVE-2008-5928
8Citrix NetScaler ADC/NetScaler Gateway OpenID openid-configuration ns_aaa_oauthrp_send_openid_config CitrixBleed memory corruption8.38.2$25k-$100k$0-$5kHighOfficial Fix0.966680.07CVE-2023-4966
9Apple M1 Register s3_5_c15_c10_1 M1RACLES access control8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.04CVE-2021-30747
10Francisco Burzi PHP-Nuke Downloads Module viewsdownload sql injection5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001870.00CVE-2005-0996
11Wheatblog add_comment.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001540.00CVE-2006-7002
12phpBB album_portal.php file inclusion7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.047310.05CVE-2004-1943
13SNETWORKS PHP CLASSIFIEDS config.inc.php sql injection7.36.2$0-$5k$0-$5kProof-of-ConceptUnavailable0.020810.04CVE-2008-0137
14Smartisoft phpBazar classified_right.php file inclusion6.56.2$0-$5k$0-$5kProof-of-ConceptUnavailable0.009330.09CVE-2006-2528
15LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.00
16Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.29
17Alurian Prismotube Video Script index.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.000790.00CVE-2011-5103
18Void Contact Form 7 Widget for Elementor Page Builder Plugin void_cf7_opt_in_user_data_track cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000630.00CVE-2022-47166
19Total PC PHP Rocket Add-In path traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.005970.00CVE-2001-1204
20PhotoPost PHP register.php privileges management5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.02

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
123.95.97.3223-95-97-32-host.colocrossing.comFAKE UPDATER10/13/2018verifiedHigh
246.249.59.67FAKE UPDATER10/13/2018verifiedHigh
3XXX.XXX.X.XXXxxxx.xxxx.xxXxxx Xxxxxxx10/13/2018verifiedHigh
4XXX.XXX.X.XXXxxxx.xxxx.xxXxxx Xxxxxxx10/13/2018verifiedHigh
5XXX.XXX.X.XXXxxxx.xxxx.xxXxxx Xxxxxxx10/13/2018verifiedHigh
6XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxxXxxx Xxxxxxx10/13/2018verifiedHigh

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (101)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/account/details.phppredictiveHigh
2File/admin/subject.phppredictiveHigh
3File/cgi/get_param.cgipredictiveHigh
4File/forum/away.phppredictiveHigh
5File/modules/registration_admission/patient_register.phppredictiveHigh
6File/oauth/idp/.well-known/openid-configurationpredictiveHigh
7File/out.phppredictiveMedium
8File/sbin/gs_configpredictiveHigh
9Fileadclick.phppredictiveMedium
10Fileadd_comment.phppredictiveHigh
11Filealbum_portal.phppredictiveHigh
12Filebrowse-category.phppredictiveHigh
13Filecategory.cfmpredictiveMedium
14Fileclassified_right.phppredictiveHigh
15Filexxxxxxxxxxxxxx.xxxxpredictiveHigh
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxxx_xxx.xxxpredictiveHigh
18Filexxxxxx.xxx.xxxpredictiveHigh
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxxxxx.xxxxpredictiveMedium
21Filexxxxxx.xxxpredictiveMedium
22Filexxxxx.xxxpredictiveMedium
23Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictiveHigh
24Filexxxx.xxxpredictiveMedium
25Filexx/xxxxx.xxxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
26Filexx_xxxxxxxxxxxxx.xpredictiveHigh
27Filexxxx.xxxpredictiveMedium
28Filexx.xxxpredictiveLow
29Filexxxx/xxxxx/xxxx.xxpredictiveHigh
30Filexxx/xxxxxx.xxxpredictiveHigh
31Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
32Filexxxxxxx/xxxxxxx/xxxxxxxx.xxx.xxxpredictiveHigh
33Filexxxxxxxx/xxxxxx_xxxxxxxxxxx.xxxpredictiveHigh
34Filexxxxxxx_xxxx/xxxxxxxx.xxxpredictiveHigh
35Filexxxxx.xxxpredictiveMedium
36Filexxxx.xxxpredictiveMedium
37Filexxxxxx.xxxxpredictiveMedium
38Filexxxxx.xxxpredictiveMedium
39Filexxxxxxxx/xxxxxxxxxxxxx.xxpredictiveHigh
40Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
41Filexxx_xxxx.xxxpredictiveMedium
42Filexxx.xxxpredictiveLow
43Filexxxxx.xxxpredictiveMedium
44Filexxxx.xxxpredictiveMedium
45Filexxxxxxxxxx.xxxpredictiveHigh
46Filexxxxx.xxxpredictiveMedium
47Filexxxxx.xxxpredictiveMedium
48Filexxxxxxxx.xxxpredictiveMedium
49Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
50Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
51Filexxxx.xpredictiveLow
52Filexxxxxx.xxxpredictiveMedium
53FilexxxxxpredictiveLow
54Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
55Filexxxxxxx.xxxxxxxxxx.xxxpredictiveHigh
56Filexxxx.xxxpredictiveMedium
57Filexxxx-xxxxx.xxxpredictiveHigh
58Filexxxx-xxxxxxxx.xxxpredictiveHigh
59Filexxxx/xxxxxxxx.xxxpredictiveHigh
60Filexxxxxx_xxxxxxxx.xxxpredictiveHigh
61Filexxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
62Filexxxx.xxpredictiveLow
63File~/xxxxxxxx/xxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveHigh
64Argument-xpredictiveLow
65ArgumentxxxxxxxxpredictiveMedium
66ArgumentxxxxxxxxpredictiveMedium
67ArgumentxxxxxpredictiveLow
68ArgumentxxxpredictiveLow
69ArgumentxxxxxxxxxxpredictiveMedium
70ArgumentxxxxxpredictiveLow
71Argumentxxx_xxpredictiveLow
72ArgumentxxxpredictiveLow
73Argumentxxxxxxxxx[x]predictiveMedium
74ArgumentxxxxpredictiveLow
75ArgumentxxxxxxxpredictiveLow
76ArgumentxxxxpredictiveLow
77ArgumentxxxxxxxxxxxxxxxpredictiveHigh
78Argumentxxxxxxx[xxxxxx][xxxxxxxxx_xxxx]predictiveHigh
79ArgumentxxxxxxxxpredictiveMedium
80ArgumentxxpredictiveLow
81Argumentxx_xxxxpredictiveLow
82Argumentxxxxxxx_xxxxpredictiveMedium
83Argumentxxxxxxxx_xxxpredictiveMedium
84Argumentxxxx_xxxpredictiveMedium
85ArgumentxxxpredictiveLow
86Argumentxxxx_xxxxxx/xxxx_xxx/xxxxxxx/xxxx_xxxxxx/xxxx_x/xxxx_xpredictiveHigh
87ArgumentxxpredictiveLow
88ArgumentxxxxpredictiveLow
89ArgumentxxxxxxxxpredictiveMedium
90Argumentxxxx_xxxxxxpredictiveMedium
91Argumentxxxxx_xxxx_xxxxpredictiveHigh
92Argumentxx_xxxxpredictiveLow
93Argumentxxx_xxxxpredictiveMedium
94ArgumentxxxpredictiveLow
95Argumentxxxxx_xxxx/xxx_xxxxpredictiveHigh
96Argumentxxxx_xxxxxx_xxxxpredictiveHigh
97ArgumentxxxxxpredictiveLow
98ArgumentxxxxxxxxpredictiveMedium
99ArgumentxxxxxxxxxpredictiveMedium
100ArgumentxxxpredictiveLow
101Argument_xxxxxx[xxxx_xxxx]predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!