FamousSparrow Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (151)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en76
zh68
ja6
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn112
us40

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike2
FamousSparrow1
GhostEmperor1
Andariel1
Lazarus1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined62
Groupware Software8
Network Management Software6
Firewall Software6
File Transfer Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined56
Microsoft8
Arcadia4
Apache4
Google4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Arcadia Internet Store4
Google Android4
ThinkPHP2
Zabbix2
Hikvision IP Camera2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1ipTIME NAS-I Bulletin Manage unrestricted upload7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.009880.05CVE-2020-7847
2mm-wiki Markdown Editor cross site scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000780.05CVE-2021-39393
3EspoCRM unrestricted upload7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.001040.04CVE-2022-38843
4Palo Alto PAN-OS unknown vulnerability4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000750.07CVE-2023-0004
5Joomla! Blacklist sql injection6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001960.04CVE-2020-35613
6koha path traversal5.35.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.066560.03CVE-2011-4715
7Synacor Zimbra Collaboration mboximport pathname traversal4.74.5$0-$5k$0-$5kHighOfficial Fix0.947580.00CVE-2022-27925
8WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.00CVE-2017-5611
9Synacor Zimbra Webmail Subsystem upload unrestricted upload6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004660.07CVE-2020-12846
10Vmware Workspace ONE Access/Identity Manager Template injection9.89.4$5k-$25k$0-$5kHighOfficial Fix0.974600.00CVE-2022-22954
11UniSharp laravel-filemanager Image File upload unrestricted upload5.85.7$0-$5k$0-$5kNot DefinedNot Defined0.001930.02CVE-2021-23814
12Citrix XenServer path traversal8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.023400.00CVE-2018-14007
13PHPMailer validateAddress injection5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003440.03CVE-2021-3603
14Spamsniper Mail From stack-based overflow7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.014040.02CVE-2020-7845
15ThinkPHP index.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001790.02CVE-2018-10225
16IBM MQ TLS Key Renegotiation input validation6.86.8$5k-$25k$5k-$25kNot DefinedNot Defined0.002720.00CVE-2019-4055
17Hiroyuki Oyama DBD::mysqlPP MySQL sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001350.00CVE-2011-3989
18Atlassian JIRA Server/Data Center QueryComponent!Default.jspa information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.006280.08CVE-2020-14179
19Sangfor Next-Gen Application Firewall HTTP POST Request login.cgi os command injection9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.046630.00CVE-2023-30806
20MicroWorld Technologies eScan Agent Service mwagent.exe privileges management9.88.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.003390.04CVE-2007-0655

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
127.102.113.240power.playtimeins.netFamousSparrow09/24/2021verifiedHigh
2XX.XXX.XXX.XXXXxxxxxxxxxxxx09/24/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCAPEC-102CWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (57)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/v1/terminal/sessions/?limit=1predictiveHigh
2File/cgi-bin/login.cgipredictiveHigh
3File/login.htmlpredictiveMedium
4File/newpredictiveLow
5File/secure/QueryComponent!Default.jspapredictiveHigh
6File/service/uploadpredictiveHigh
7File/system?action=ServiceAdminpredictiveHigh
8File/xxx/xxx/xxxxxpredictiveHigh
9File/xx-xxxxpredictiveMedium
10Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
11Filexxxxx/xxxxx.xxx?x=xxxxxxxx&x=xxxpredictiveHigh
12Filexxxxx/xxxxxxx/xxxxxxxxxxpredictiveHigh
13Filexxx_xxxxxxx.xxxpredictiveHigh
14Filexxxxxx/xxxxx/xxxxx.xxxpredictiveHigh
15Filexxxxxxx.xxxxx.xxxpredictiveHigh
16Filexxxxxxx_xxxxxxx.xxpredictiveHigh
17Filexxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxxx_xxx_xxxx_xxxxx_xx_xxxxx.xpredictiveHigh
20Filexxxxx.xxxpredictiveMedium
21Filexxxxxx/xxxxxx.xpredictiveHigh
22Filexxxxxxxxxxx/xxxxx.xpredictiveHigh
23Filexxxxxxxxx.xxxpredictiveHigh
24Filexxxxxxx/xxxx/xxxxx/xxxxxxxxxxx.xxxpredictiveHigh
25Filexxxxxxx/xxxx_xxx_xxxxx.xxxpredictiveHigh
26Filexxxxxxx.xxxpredictiveMedium
27Filexxxxxxx.xxxpredictiveMedium
28Filexxxxxx_xxxxx.xxxpredictiveHigh
29Filexxx_xxxx_xxxxxxx.xxxpredictiveHigh
30Filexx_xxx.xxpredictiveMedium
31Filexxxxxxxx/xxxxx/xxxxxxx.xxxx?xxxxxxxxxx=xxxxxxxxxxxxxxxx/xxxxpredictiveHigh
32Filexxxxxx-xxxxxxx-xxxx.xxxpredictiveHigh
33Filexxxxxxx/xxxxxxxx_xxxx_xx_xxx.xpredictiveHigh
34Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
35Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
36File__xxxx_xxxxxxxx.xxxpredictiveHigh
37Libraryxxxxxxxx.xxxpredictiveMedium
38Libraryxxxxxxxx.xxxpredictiveMedium
39Libraryxxxxxxxx.xxxpredictiveMedium
40Argument--xxxxxx/--xxxxxxxxpredictiveHigh
41Argumentxxx_xxxxx_xxxxpredictiveHigh
42ArgumentxxxxxxxxpredictiveMedium
43Argumentxxxx xxxxpredictiveMedium
44Argumentxxxxxxxx_xxxxx[]predictiveHigh
45ArgumentxxxxpredictiveLow
46ArgumentxxxxxpredictiveLow
47ArgumentxxxxxxxxpredictiveMedium
48Argumentxxxx_xxpredictiveLow
49ArgumentxxxxxxxxxxxxxpredictiveHigh
50Argumentxxxxxxxxx_predictiveMedium
51ArgumentxxxxxxpredictiveLow
52ArgumentxxxxxxxxpredictiveMedium
53ArgumentxxxxxxxxpredictiveMedium
54Input Value%xx%xx%xxpredictiveMedium
55Input Value../predictiveLow
56Input Valuexxxx.xxx::$xxxxpredictiveHigh
57Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!