FakeCrack Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (260)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en238
zh14
ru6
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us68
cn38
tr34
ru6
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

FTP Info Stealer6
Cobalt Strike5
RedLine Stealer3
Mirai2
RedLine2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined116
Operating System20
Content Management System20
WordPress Plugin18
Web Server6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined102
Microsoft12
Google6
GitLab6
Netgear6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

GitLab Enterprise Edition6
FreeBSD6
Microsoft Windows6
Linux Kernel4
OFCMS4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DeDeCMS Backend file_class.php unrestricted upload6.46.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.06CVE-2023-7212
2Microsoft Office Word Remote Code Execution7.06.2$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.013500.00CVE-2023-28311
3Microsoft Exchange Server ProxyShell Remote Code Execution9.58.7$25k-$100k$5k-$25kHighOfficial Fix0.973190.05CVE-2021-34473
4ThinkPHP input validation8.58.4$0-$5k$0-$5kHighOfficial Fix0.974550.06CVE-2019-9082
5SmarterTools SmarterMail path traversal6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.04CVE-2019-7213
6cumin Server Certificate Validator certificate validation7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000900.05CVE-2013-0264
7PostgreSQL privilege dropping / lowering errors8.07.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000500.04CVE-2024-0985
8kyivstarteam react-native-sms-user-consent SmsUserConsentModule.kt registerReceiver improper export of android application components5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.11CVE-2021-4438
9Campcodes House Rental Management System ajax.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.27CVE-2024-3719
10Linux Kernel BlueZ jlink.c jlink_init denial of service3.63.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.11CVE-2022-3637
11Huawei HG8245H URL information disclosure7.47.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001670.05CVE-2017-15328
12DeDeCMS co_do.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001890.02CVE-2018-19061
13DedeCMS selectimages.php cross site scripting4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000460.03CVE-2023-49493
14DeDeCMS select_images_post.php code injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.019580.00CVE-2018-20129
15DedeCMS article_allowurl_edit.php code injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001180.04CVE-2023-2928
16DeDeCMS downmix.inc.php Path information disclosure5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.024220.02CVE-2018-6910
17Plesk Obsidian Login Page injection5.85.7$0-$5k$0-$5kNot DefinedNot Defined0.001740.04CVE-2023-24044
18Tenda AC10U fromAddressNat stack-based overflow6.46.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000860.11CVE-2024-0927
19Xen Orchestra improper authorization6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000580.03CVE-2021-36383
20Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009365.09CVE-2020-15906

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
137.221.67.219FakeCrack07/30/2022verifiedHigh
245.135.134.211mail.hhllk.cnFakeCrack07/30/2022verifiedHigh
3XX.XXX.XXX.XXXXxxxxxxxx07/30/2022verifiedHigh
4XX.XXX.XXX.XXXxxxxxxxxxxxxxxxxxx.xxxXxxxxxxxx07/30/2022verifiedHigh
5XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxx07/30/2022verifiedMedium
6XXX.XXX.XXX.XXxxxxxxxxx.xx.xxXxxxxxxxx07/30/2022verifiedHigh
7XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxx.xxxXxxxxxxxx07/30/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (24)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-492CWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
13TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-55CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-466CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
18TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
19TXXXX.XXXCAPEC-142CWE-XXXXxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx XxxxxxxxpredictiveHigh
20TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
21TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
22TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
23TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
24TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (123)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/acms/classes/Master.php?f=delete_cargopredictiveHigh
2File/admin.php/news/admin/topic/savepredictiveHigh
3File/admin/comn/service/update.jsonpredictiveHigh
4File/api/files/predictiveMedium
5File/cgi-bin/touchlist_sync.cgipredictiveHigh
6File/dev/shmpredictiveMedium
7File/dl/dl_print.phppredictiveHigh
8File/getcfg.phppredictiveMedium
9File/ofcms/company-c-47predictiveHigh
10File/usr/sbin/httpdpredictiveHigh
11File/util/print.cpredictiveHigh
12File/web/MCmsAction.javapredictiveHigh
13Fileabc-pcie.cpredictiveMedium
14Fileaccounts/payment_history.phppredictiveHigh
15Filexxxxx.xxx/xxxxx/xxxxxxxxx/xxxxx/xxxxx/xxxxxx.xxxxpredictiveHigh
16Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
17Filexxxx.xxxpredictiveMedium
18Filexxxxxxx/xxx/xxxx/xxxx/xx/xxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
19Filexxxxxxxx.xxxpredictiveMedium
20Filexxx-xxxx.xxxpredictiveMedium
21Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
22Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
23Filexxxx_xxxxx.xxxpredictiveHigh
24Filexxxxxxxxx.xpredictiveMedium
25Filexxxx\xx_xx.xxxpredictiveHigh
26Filexxxxxxx.xxxpredictiveMedium
27Filexxxxxxx/xxx/xxx-xxx.xpredictiveHigh
28Filexxxxxxx/xxx/xx/xxxxxxxxxx.xpredictiveHigh
29Filexxxxxxxx.xxxpredictiveMedium
30Filexxxx_xxxxx.xxxpredictiveHigh
31Filexxxxxxx_x.xpredictiveMedium
32Filexxxxx_xxxxxxxx.xxxpredictiveHigh
33Filexxxxxx_xx.xpredictiveMedium
34Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
35Filexxxxxxx/xxxxxxx.xxx.xxxpredictiveHigh
36Filexxxxx.xxxpredictiveMedium
37Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
38Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictiveHigh
39Filexxxxxxxxx/xxxxxxxxx/xxxxxxxxx_xxxxx_xxx.xxxpredictiveHigh
40Filexxxxxxxx/xxxx_xxxx.xpredictiveHigh
41Filexxx_xxxxxx_xxxxxx.xxpredictiveHigh
42Filexxxx_xxxxxxxx_xxxxxxx.xxxpredictiveHigh
43Filexxxxxx/xxxxxxxx/xxx.xxxpredictiveHigh
44Filexxx_xxxxx.xpredictiveMedium
45Filexxxxxxx/xxxxx.xpredictiveHigh
46Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveHigh
47Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
48Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
49Filexxx_xxxxxxx.xpredictiveHigh
50Filexxx/xxxxxx/xxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
51Filexxxxxxx/xx_xxxxx_xxxx/xxxx.xxxpredictiveHigh
52Filexxxxxxx.xxxpredictiveMedium
53Filexxxxx.xxxpredictiveMedium
54Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
55Filexxxxxxx.xxxpredictiveMedium
56Filexxxxxxxxxxxx.xxxpredictiveHigh
57Filexxxx.xxxpredictiveMedium
58Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
59Filexx_xxxx/xx_xxxxxx.xpredictiveHigh
60Filexxx_xxxxxxxx.xpredictiveHigh
61Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
62Filexxxxxx/xxx/xx/xxx.xpredictiveHigh
63Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
64Filexxxxxxxxx/xxxxxxxxx/xxxx-xxx.xxx.xxxpredictiveHigh
65Filexxxx-xxxxx.xxxpredictiveHigh
66Filexxxxxxx/xxxxx.xxxpredictiveHigh
67Filexxxxxxxxxxx_xxxxxx_xxxx.xxxx.xxxpredictiveHigh
68Filexxxxx/xxx/xxxxxxx/xxxxxx.xxxpredictiveHigh
69Filexxxxxx.xxxpredictiveMedium
70Filexxxxxxx/xxxx/xxxxxxx_xxxxxxxx_xxxx.xxxpredictiveHigh
71Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxxxx_xxxx.xxxpredictiveHigh
72Filexxxxxxxx/xxxxxxxxpredictiveHigh
73Filexxxxx/xxxxx.xxpredictiveHigh
74Filexxxxx.xxxpredictiveMedium
75Filexxxxxx/xx/xxxx.xxxpredictiveHigh
76Filexxxxxxxxx.xxxpredictiveHigh
77Libraryxxxxx.xxxpredictiveMedium
78Libraryxxx/xx/xxxxx/xxxxxxxxxx/xxxx.xxpredictiveHigh
79Argument$_xxxxxxx["xxx"]predictiveHigh
80Argumentxx_xxxxx_xxx_xxxxpredictiveHigh
81ArgumentxxxxxxxpredictiveLow
82Argumentxxx_xxxxxxxxxxpredictiveHigh
83Argumentxxxxxxxx_x/xxxxxxxx_xpredictiveHigh
84Argumentxxxxxx_xxxxpredictiveMedium
85ArgumentxxxxxxxxxpredictiveMedium
86ArgumentxxxpredictiveLow
87ArgumentxxxxxxxxxxxxxxxpredictiveHigh
88ArgumentxxxxxxxxxpredictiveMedium
89ArgumentxxxxxxxxxpredictiveMedium
90Argumentxxxxxx x xxx xxxxxxxxxxpredictiveHigh
91Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
92Argumentxxxxx/xxxxxxxxpredictiveHigh
93Argumentxxxxxx_xxxx_xxxxxxxxpredictiveHigh
94Argumentxxxxxx/xxxxxxxxxxxx/xxxxpredictiveHigh
95ArgumentxxxxxxxxxpredictiveMedium
96ArgumentxxxxpredictiveLow
97ArgumentxxxxpredictiveLow
98ArgumentxxpredictiveLow
99ArgumentxxxxxxxxxpredictiveMedium
100ArgumentxxxpredictiveLow
101ArgumentxxxpredictiveLow
102ArgumentxxxxxxxxxpredictiveMedium
103ArgumentxxpredictiveLow
104ArgumentxxxxpredictiveLow
105ArgumentxxxxxxpredictiveLow
106ArgumentxxxxxxxpredictiveLow
107ArgumentxxxxxxxxpredictiveMedium
108ArgumentxxxxxpredictiveLow
109Argumentx_xxpredictiveLow
110Argumentxxxxxx xxxxpredictiveMedium
111ArgumentxxxxpredictiveLow
112Argumentxxxx_xxpredictiveLow
113ArgumentxxxxpredictiveLow
114ArgumentxxxxxxxxxpredictiveMedium
115ArgumentxxxxxxxxpredictiveMedium
116ArgumentxxxxxxxxpredictiveMedium
117ArgumentxxxxxxxxpredictiveMedium
118ArgumentxxxxxpredictiveLow
119ArgumentxxxxxpredictiveLow
120Input Value../predictiveLow
121Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
122Input Valuexxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxxpredictiveHigh
123Network Portxxx/xxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!