FelixRoot Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (622)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en552
pl16
it14
de12
es10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us286
ru24
it12
cn10
de4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

BianLian2
FelixRoot2
APT331
APT281
Sliver1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined214
WordPress Plugin22
Content Management System22
Operating System18
Learning Management Software10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined174
Apple14
Microsoft12
Google12
IBM12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Moodle10
Iomega/Lenovo/LenovoEMC NAS8
BigBlueButton6
Microsoft Windows6
Google Android6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.71CVE-2010-0966
2Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.68
3Trivantis Coursemill Learning Management System userlogin.jsp input validation9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.002720.00CVE-2013-3599
4Moodle Manifest locallib.php information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.003130.00CVE-2014-3543
5TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010757.17CVE-2006-6168
6Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.09CVE-2020-15906
7jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
8LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.73
9PHPizabi index.php path traversal6.55.7$0-$5k$0-$5kUnprovenUnavailable0.008260.03CVE-2008-3723
10MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.68CVE-2007-0354
11V-EVA Press Release Script page.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001870.09CVE-2010-5047
12Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
13eTicket newticket.php cross site scripting4.34.1$0-$5k$0-$5kHighOfficial Fix0.002200.07CVE-2008-0093
14PHP phpinfo cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.089850.04CVE-2006-0996
15Hypersilence Silentum Guestbook silentum_guestbook.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001070.04CVE-2009-4687
16Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.003391.53CVE-2015-5911
17cPanel Boxtrapper cgi-sys Script bxd.cgi denial of service4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.04
18PHPizabi template.class.php assignuser information disclosure4.34.2$0-$5k$0-$5kHighUnavailable0.005070.05CVE-2008-2018
19PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.019600.03CVE-2007-1287
20vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001060.04CVE-2018-6200

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
188.198.13.116static.88.198.13.116.clients.your-server.deFelixRoot07/31/2018verifiedHigh
2XXX.XX.XXX.XXXxxxxxxxxx.xxxx.xxxxXxxxxxxxx07/31/2018verifiedHigh
3XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxxx07/31/2018verifiedHigh

TTP - Tactics, Techniques, Procedures (23)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23, CWE-425Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-102CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
17TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
18TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
19TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
20TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
21TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
22TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
23TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (189)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/?page=system_info/contact_infopredictiveHigh
2File/admin/login.phppredictiveHigh
3File/admin/produts/controller.phppredictiveHigh
4File/admin/user/teampredictiveHigh
5File/book-services.phppredictiveHigh
6File/cgi-bin/system_mgr.cgipredictiveHigh
7File/common/logViewer/logViewer.jsfpredictiveHigh
8File/crmeb/app/admin/controller/store/CopyTaobao.phppredictiveHigh
9File/DXR.axdpredictiveMedium
10File/en/blog-comment-4predictiveHigh
11File/forum/away.phppredictiveHigh
12File/goform/aspFormpredictiveHigh
13File/h/predictiveLow
14File/hocms/classes/Master.php?f=delete_collectionpredictiveHigh
15File/InternalPages/ExecuteTask.aspxpredictiveHigh
16File/mifs/c/i/reg/reg.htmlpredictiveHigh
17File/ms/cms/content/list.dopredictiveHigh
18File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
19File/orms/predictiveLow
20File/plesk-site-preview/predictiveHigh
21File/project/PROJECTNAME/reports/predictiveHigh
22File/school/model/get_admin_profile.phppredictiveHigh
23File/show_news.phppredictiveHigh
24File/xxxxxxx-xxxxxxx-xxxxxx/xxx.xxx?xxxx=xxxxxpredictiveHigh
25File/xxxxxxxxx.xxxpredictiveHigh
26File/xxxxxxx/predictiveMedium
27Filexxxxxxx.xxxpredictiveMedium
28Filexxxxxxx.xxxpredictiveMedium
29Filexxxxxxx.xxxpredictiveMedium
30Filexxxxx-xxxx.xxxpredictiveHigh
31Filexxxxx.xxxpredictiveMedium
32Filexxxxx/xxxxxxxxxx.xxxpredictiveHigh
33Filexxxxx/xxxx-xxxx.xxxpredictiveHigh
34Filexxxxx/xxxxx.xxxpredictiveHigh
35Filexxxxx_xxxxxxx_xxxxx.xxxpredictiveHigh
36Filexxx.xxxpredictiveLow
37Filexxx/xxxx/xxxxxxxxxxxxx/xxxx.xxxpredictiveHigh
38Filexxxx.xxx_xxxxx_xxxx_xxxxx.xxxpredictiveHigh
39Filexxxx.xxxpredictiveMedium
40Filexxxxxx.xxxpredictiveMedium
41Filexxx.xxxpredictiveLow
42Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
43Filexxxxxxxxx.xxxpredictiveHigh
44Filexxxxx.xxxpredictiveMedium
45Filexxxxxxxxxxxxxxxxxxxxxxx.xpredictiveHigh
46Filexxxxxxxxxx/xxx.xxxxxxxxxx/xxx.xxxxxxxxxx.xxpredictiveHigh
47Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
48Filexxxxxxx.xxxpredictiveMedium
49Filexxxxxx.xxxpredictiveMedium
50Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
51Filexxxxxxxxxxx/xx/xxx/xxxxxx/xxxxxx_xxx.xpredictiveHigh
52Filexxxxx.xxxpredictiveMedium
53Filexxx/xxxx/xxxxxxxx/xxxxxxxx_xxxx.xpredictiveHigh
54Filexxx/xxxxxxxx/xxxx_xxxxx_xxxxxxx.xpredictiveHigh
55Filexxxxxxx.xxxpredictiveMedium
56Filexxxxx.xxxpredictiveMedium
57Filexxxxxxxxx.xxxpredictiveHigh
58Filexxx/xxxxxx.xxxpredictiveHigh
59Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
60Filexxxxx.xxxxpredictiveMedium
61Filexxxxx.xxxpredictiveMedium
62Filexxxx.xpredictiveLow
63Filexx/xxx.xxpredictiveMedium
64Filexxxxxxxxx_xx.x/xxxxx/xxxxx.xxx?x=xxxxxxxxxxxxx&x=xxxpredictiveHigh
65Filexxxxxx.xpredictiveMedium
66Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
67Filexxxxxxxxxxx.xxxpredictiveHigh
68Filexxx/xxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
69Filexxx/xxxxxx/xxxxxxxxx.xxxpredictiveHigh
70Filexxx/xxx/xxxx.xxxpredictiveHigh
71Filexxxxxxx/xxxxxx/xxxxx.xxxpredictiveHigh
72Filexxxxxxxxx/xxxx-xxxxpredictiveHigh
73Filexxxxxxxxx.xxxpredictiveHigh
74Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
75Filexxx_xxxx.xxxpredictiveMedium
76Filexxxxxxx.xxxxpredictiveMedium
77Filexxxx.xxxpredictiveMedium
78Filexxxxxxxxxxx.xxpredictiveHigh
79Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
80Filexxxx/xxxx_xxxxxx.xxxpredictiveHigh
81Filexxxx.xxxpredictiveMedium
82Filexxxx.xxxpredictiveMedium
83Filexxxxx.xxxpredictiveMedium
84Filexxxxxxxxxx.xxxpredictiveHigh
85Filexxxxxxxx.xxxpredictiveMedium
86Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
87Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
88Filexxxxxxx/xxx-xxxxxx-xxxxpredictiveHigh
89Filexxx/xxxxxxx_xxxxxxx.xxxpredictiveHigh
90Filexxxxx.xxxpredictiveMedium
91Filexxxxxxxx_xxxxxxxxx.xxxpredictiveHigh
92Filexxx/xxxxxx.xpredictiveMedium
93Filexxx_xxxx.xxxpredictiveMedium
94Filexxxxxx_xxxxxxx.xpredictiveHigh
95Filexxxxxxx_xxxxxxxx.xxxpredictiveHigh
96Filexxxxxxxx.xxxxx.xxxpredictiveHigh
97Filexxxx-xxxxxx_xxxxxxxxxx.xxxpredictiveHigh
98Filexxxx-xxxxxxxx.xxxpredictiveHigh
99Filexxxx-xxxxx.xxxpredictiveHigh
100Filexxxx-xxxxx.xxxpredictiveHigh
101Filexxxx-xxxxxxxx.xxxpredictiveHigh
102Filexxxxxx/xxxxx/xxxxx_xxxxx.xxxpredictiveHigh
103Filexxxxxxx/xxxxxxxx-xxxxpredictiveHigh
104Filexxxxxxxxx.xxxpredictiveHigh
105Filexxx/xxx/xxx-xxxxxxpredictiveHigh
106Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
107Filexx-xxxxx/xxxx.xxxpredictiveHigh
108Library/xxxxxxxx/xxxxxxx.xxxpredictiveHigh
109Library/xxx/xxx/xxxx.xxxpredictiveHigh
110Library/xxx/xxxxxx.xxxxx.xxxpredictiveHigh
111Libraryxxx/xxxx_xxxxxxx/xxxxxxpredictiveHigh
112Libraryxxx/xxxxxxx.xxxpredictiveHigh
113Libraryxxx/xxxxx/xxxxxxxx.xxxpredictiveHigh
114Libraryxxx/xxx/xxxxxxxx.xxxpredictiveHigh
115Libraryxxx.xxxpredictiveLow
116Libraryxxxxxxx.xxxpredictiveMedium
117Libraryxxxxxxxx.xxxpredictiveMedium
118Libraryxxxxxxxxxxxx.xxxpredictiveHigh
119Libraryxxxxxxx.xxxpredictiveMedium
120Argument-xpredictiveLow
121ArgumentxxxxxxxxxxxxxxpredictiveHigh
122ArgumentxxxxxxxxpredictiveMedium
123ArgumentxxxxpredictiveLow
124ArgumentxxxpredictiveLow
125ArgumentxxxxxxxxxxpredictiveMedium
126Argumentxxx_xxpredictiveLow
127Argumentxx_xxxxxpredictiveMedium
128ArgumentxxxxxxxpredictiveLow
129Argumentxxxxxxx_xxxx/xxxxxxx_xxxxxxxpredictiveHigh
130Argumentxxxxxxx_xxpredictiveMedium
131ArgumentxxxxpredictiveLow
132ArgumentxxxpredictiveLow
133ArgumentxxxxxxxpredictiveLow
134ArgumentxxxxpredictiveLow
135ArgumentxxxxxxxxxxxxxxpredictiveHigh
136ArgumentxxxxxpredictiveLow
137Argumentxxxxx_xxxpredictiveMedium
138ArgumentxxxxpredictiveLow
139ArgumentxxpredictiveLow
140ArgumentxxxxxxxxpredictiveMedium
141Argumentxxxx_xxxxxpredictiveMedium
142Argumentxxxx_xxxxxxx_xxxxxxxxxpredictiveHigh
143Argumentxxxx_xxxxxxxpredictiveMedium
144ArgumentxxpredictiveLow
145Argumentxxx_xxxxxxxxpredictiveMedium
146Argumentxxxxx_xxx_xxxxxxxxxpredictiveHigh
147ArgumentxxxxxxpredictiveLow
148ArgumentxxxxxpredictiveLow
149Argumentxx_xxxxxxxxpredictiveMedium
150ArgumentxxxxxxxpredictiveLow
151ArgumentxxxxpredictiveLow
152ArgumentxxxxpredictiveLow
153ArgumentxxxxxxxpredictiveLow
154ArgumentxxxxxxxxxpredictiveMedium
155Argumentxx_xxxxxxxxpredictiveMedium
156Argumentxx_xxxxxpredictiveMedium
157Argumentxxx_xxxxxxxpredictiveMedium
158ArgumentxxxxxpredictiveLow
159ArgumentxxxxxxxxpredictiveMedium
160ArgumentxxxxxxxxxpredictiveMedium
161Argumentx_xxxxxxxpredictiveMedium
162ArgumentxxxxxxxxpredictiveMedium
163Argumentxxxxxxxx_xxxpredictiveMedium
164ArgumentxxxxxxpredictiveLow
165Argumentxxx_xxxxxxpredictiveMedium
166Argumentxxxxxx/xxxxxxxxxxxx/xxxxxxxxpredictiveHigh
167Argumentxxxxxx_xxxxpredictiveMedium
168ArgumentxxxxxxxxxxxxxpredictiveHigh
169Argumentxxx_xxxxx/xxx_xxxxxx/xxx_xxxxxpredictiveHigh
170ArgumentxxxxxxpredictiveLow
171ArgumentxxxxxxxxpredictiveMedium
172ArgumentxxxxxxxpredictiveLow
173ArgumentxxxxxxxxxpredictiveMedium
174ArgumentxxxpredictiveLow
175ArgumentxxxxxxxxpredictiveMedium
176Argumentxxxxxx_xxxxpredictiveMedium
177ArgumentxxxpredictiveLow
178ArgumentxxxpredictiveLow
179ArgumentxxxxxxxxpredictiveMedium
180Argument_xxxxxxpredictiveLow
181Argument__x/xxxxxxpredictiveMedium
182Argument__xxxxxxxxxxxxxpredictiveHigh
183Input Valuexxxxx"][xxxxxx]xxxxx('xxx')[/xxxxxx]predictiveHigh
184Input Value<xxxxxx>xxxxx(x);</xxxxxx>predictiveHigh
185Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
186Input Valuexxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x)predictiveHigh
187Input Valuexxxx:./../predictiveMedium
188Network Portxxx/xxxxxpredictiveMedium
189Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!