FakeAlert Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (54)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	42
ru	4
de	4
fr	2
es	2

Country

us	30
pt	6
ru	4
tr	4
ir	2

Actors

FakeAlert	6
Cobalt Strike	2
Quasar RAT	1
Wannacry	1
Dridex	1

Activities

Interest

Timeline

Type

Not Defined	20
WordPress Plugin	4
Web Server	4
Router Operating System	2
Learning Management Software	2

Vendor

Not Defined	20
TP-LINK	2
Iptanus	2
Intel	2
Itechscripts	2

Product

TP-LINK TL-WR740N	2
TP-LINK TL-WR741N	2
Moodle	2
Iptanus File Upload Plugin	2
Intel Computing Improvement Program	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Netgear ProSAFE Network Management System getNodesByTopologyMapSearch sql injection	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00000	0.00	CVE-2023-38099
2	Samsung UWB Stack memory corruption	6.0	5.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00170	0.00	CVE-2022-25818
3	Cisco Linksys EA2700 URL information disclosure	4.3	4.1	$5k-$25k	$0-$5k	Proof-of-Concept	Unavailable	0.00000	0.00
4	Basti2web Book Panel books.php sql injection	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00064	0.05	CVE-2009-4889
5	HotScripts Clone Script software-description.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00160	0.00	CVE-2007-6084
6	gopeak MasterLab User.php update unrestricted upload	6.4	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00063	0.04	CVE-2023-7159
7	7-card Fakabao notify.php sql injection	6.6	6.4	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00064	0.06	CVE-2023-7184
8	SourceCodester Free and Open Source Inventory Management System edit_product.php sql injection	7.1	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00061	0.03	CVE-2023-7155
9	Linux Kernel Spectre Mitigation bugs.c spectre_v2_user_select_mitigation information exposure	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00045	0.03	CVE-2023-1998
10	WordPress path traversal	5.7	5.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00326	0.05	CVE-2023-2745
11	nginx request smuggling	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	2.39	CVE-2020-12440
12	Nagios XI command_test.php Privilege Escalation	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.28543	0.06	CVE-2023-48085
13	Moment.js path traversal	6.9	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00330	0.16	CVE-2022-24785
14	Moodle LTI Module cross site scripting	4.8	4.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01147	0.02	CVE-2022-35653
15	ZoneMinder Language Privilege Escalation	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.38401	0.03	CVE-2022-29806
16	ZoneMinder Snapshot Action shell_exec authorization	8.1	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.96928	0.03	CVE-2023-26035
17	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.08	CVE-2017-0055
18	Redis Lua Script heap-based overflow	7.4	7.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00329	0.08	CVE-2022-24834
19	Apple iOS/iPadOS Kernel Coldtro out-of-bounds write	7.8	7.6	$25k-$100k	$5k-$25k	High	Official Fix	0.00149	0.00	CVE-2022-32894
20	Asana Desktop information disclosure	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00218	0.00	CVE-2022-26877

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	3.8.23.195	ec2-3-8-23-195.eu-west-2.compute.amazonaws.com	FakeAlert	05/31/2021	verified	Medium
2	3.8.191.167	ec2-3-8-191-167.eu-west-2.compute.amazonaws.com	FakeAlert	05/31/2021	verified	Medium
3	18.130.240.77	ec2-18-130-240-77.eu-west-2.compute.amazonaws.com	FakeAlert	05/31/2021	verified	Medium
4	XX.XXX.XX.XXX	xxx-xxx-xxx-xxx.xxx.xxxxxxxx.xxx	Xxxxxxxxx	05/31/2021	verified	High
5	XX.XXX.XXX.XX	xx.xxx.xxx.xx.xxxxx.xxx	Xxxxxxxxx	05/31/2021	verified	Medium
6	XX.XXX.XX.XXX	xx-xxx-xx-xxx.xx-xxxx.xxxxxxx.xxxx	Xxxxxxxxx	05/31/2021	verified	High
7	XX.XXX.XX.XXX	xx-xxx-xx-xxx.xx-xxxx.xxxxxxx.xxxx	Xxxxxxxxx	05/31/2021	verified	High
8	XXX.XX.XXX.XXX	xxx.xx.xxx.xxx.xxxxx.xxx	Xxxxxxxxx	05/31/2021	verified	Medium
9	XXX.XXX.XXX.XX	xxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxxxx	05/31/2021	verified	High
10	XXX.XXX.XXX.XXX		Xxxxxxxxx	05/31/2021	verified	High
11	XXX.XX.XX.XX	xxxxx.xxxxxxxxxxxxxxx	Xxxxxxxxx	05/31/2021	verified	High
12	XXX.XXX.XXX.XXX		Xxxxxxxxx	05/31/2021	verified	High
13	XXX.XX.XX.XXX		Xxxxxxxxx	05/31/2021	verified	High

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
3	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
4	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
7	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
8	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (37)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/ample/app/action/edit_product.php	predictive	High
2	File	/getcfg.php	predictive	Medium
3	File	/uncpath/	predictive	Medium
4	File	app/ctrl/admin/User.php	predictive	High
5	File	arch/x86/kernel/cpu/bugs.c	predictive	High
6	File	xxxxx.xxx	predictive	Medium
7	File	xxxxxx/xxxx.x	predictive	High
8	File	xxxxxxx_xxxx.xxx	predictive	High
9	File	xxxxxxx.xxx	predictive	Medium
10	File	xxxxxx.xxx	predictive	Medium
11	File	xxxxxxx.xxx	predictive	Medium
12	File	xxxxxxxxxx.xxx	predictive	High
13	File	xxxxx.xxxxxxx.xxx	predictive	High
14	File	xxxx_xxxx.xxx	predictive	High
15	File	xxxxxxxxxxxxxxxxxx.xxxx	predictive	High
16	File	xxxx.xxx	predictive	Medium
17	File	xxxxxxxx.xxx	predictive	Medium
18	File	xxxxxxxxxx.xxx	predictive	High
19	File	xxxx/xxxxxx.xxx	predictive	High
20	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	High
21	File	xxxxxxxx-xxxxxxxxxxx.xxx	predictive	High
22	File	xxxxxxxxx.xx	predictive	Medium
23	File	xxxxx-xxxxxx.xxx	predictive	High
24	Library	xxxxxx.xxx	predictive	Medium
25	Argument	xxxxxx	predictive	Low
26	Argument	xxxxxx	predictive	Low
27	Argument	xxx	predictive	Low
28	Argument	xxx_xx	predictive	Low
29	Argument	xxx	predictive	Low
30	Argument	xxxx_xx	predictive	Low
31	Argument	xx	predictive	Low
32	Argument	xxxx_xx	predictive	Low
33	Argument	xxx_xxxxx_xx	predictive	Medium
34	Argument	xxxxxxxx	predictive	Medium
35	Input Value	xxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxx	predictive	High
36	Pattern	\|xx\|xx\|xx\|	predictive	Medium
37	Network Port	xxx xxxxxx xxxx	predictive	High

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!