French Southern Territories Unknown Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (71)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en58
zh4
fr4
es2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us52
cn6
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

DarkComet1
Bashlite1
Cobalt Strike1
Gabon1
Rancor1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined12
Forum Software6
Operating System6
Web Server4
Mail Client Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined18
Microsoft6
Thomas R. Pasawicz2
Check Point2
Gallery2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows4
Thomas R. Pasawicz HyperBook Guestbook2
Check Point Security Management2
JForum2
SquirrelMail2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Check Point Security Management CA Web Management input validation4.44.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.03CVE-2020-6020
2Apple Safari BMP/GIF Image memory corruption7.36.4$100k and more$0-$5kProof-of-ConceptOfficial Fix0.007210.00CVE-2008-1573
3Microsoft Windows PowerShell Integrated Scripting Environment privileges management5.35.0$25k-$100k$0-$5kProof-of-ConceptUnavailable0.000000.00
4AnyDesk Tunneling Feature access control6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.04CVE-2021-44425
5AnyDesk unrestricted upload7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002100.02CVE-2021-44426
6Check Point Gaia Portal Security Management GUI Client os command injection4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.03CVE-2021-30361
7Linux Foundation Xen EFLAGS Register SYSENTER input validation6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000620.02CVE-2013-1917
8Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
9CarSpot Theme Phone Number Stored cross site scripting4.74.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000580.02CVE-2019-15870
10Apache Tapestry HMAC Verification input validation9.89.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.077710.00CVE-2019-10071
11Gempar Script Toko Online shop_display_products.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.02CVE-2009-0296
12Inventory Management editProduct.php cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2023-46580
13D-Link DIR-850L category_view.php improper authentication8.58.1$5k-$25k$0-$5kProof-of-ConceptNot Defined0.925780.03CVE-2018-9032
14Comersus Open Technologies Comersus Cart comersus_optreviewreadexec.asp sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.003810.06CVE-2007-3323
15MIT Kerberos kadmin memory corruption7.36.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.077420.00CVE-2006-6144
16IdeaBox generformlib_date.php privileges management7.36.1$0-$5k$0-$5kUnprovenOfficial Fix0.000000.02
17OpenSSL DTLS CBC Encryption cryptographic issues5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.004850.02CVE-2011-4108
18Cisco SD-WAN vManage REST API access control9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001020.05CVE-2023-20214
19Sudo Environment Variable protection mechanism8.37.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000500.00CVE-2023-22809

IOC - Indicator of Compromise (15)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.12.70.217topical.globalhilive.comFrench Southern Territories Unknown01/13/2023verifiedHigh
245.12.71.217French Southern Territories Unknown01/13/2023verifiedHigh
345.32.150.25245.32.150.252.vultrusercontent.comFrench Southern Territories Unknown01/13/2023verifiedHigh
4XX.XX.XXX.XXxxxxx Xxxxxxxx Xxxxxxxxxxx Xxxxxxx01/13/2023verifiedHigh
5XX.XX.XX.XXXxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxx Xxxxxxxx Xxxxxxxxxxx Xxxxxxx01/13/2023verifiedHigh
6XX.XX.XXX.XXXXxxxxx Xxxxxxxx Xxxxxxxxxxx Xxxxxxx01/13/2023verifiedHigh
7XX.XX.XXX.XXXXxxxxx Xxxxxxxx Xxxxxxxxxxx Xxxxxxx01/13/2023verifiedHigh
8XX.XX.XXX.XXXXxxxxx Xxxxxxxx Xxxxxxxxxxx Xxxxxxx01/13/2023verifiedHigh
9XX.XX.XXX.XXXXxxxxx Xxxxxxxx Xxxxxxxxxxx Xxxxxxx01/13/2023verifiedHigh
10XX.XX.XXX.XXXXxxxxx Xxxxxxxx Xxxxxxxxxxx Xxxxxxx01/13/2023verifiedHigh
11XX.XX.XXX.XXXxxx.xxx.xx.xx.xxxxxxxxx.xxxx.xxxXxxxxx Xxxxxxxx Xxxxxxxxxxx Xxxxxxx01/13/2023verifiedHigh
12XXX.XXX.XX.XXxxxxx Xxxxxxxx Xxxxxxxxxxx Xxxxxxx01/13/2023verifiedHigh
13XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxx Xxxxxxxx Xxxxxxxxxxx Xxxxxxx01/13/2023verifiedHigh
14XXX.XX.XX.XXXXxxxxx Xxxxxxxx Xxxxxxxxxxx Xxxxxxx01/13/2023verifiedHigh
15XXX.XX.XXX.XXXXxxxxx Xxxxxxxx Xxxxxxxxxxx Xxxxxxx01/13/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (52)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/category_view.phppredictiveHigh
2File/my_photo_gallery/image.phppredictiveHigh
3File/uncpath/predictiveMedium
4Fileadd_comment.phppredictiveHigh
5Fileadmin/conf_users_edit.phppredictiveHigh
6Fileadministrator/components/com_media/helpers/media.phppredictiveHigh
7Filexxxxxxx/xxxxxxxxxxx.xpredictiveHigh
8Filexxx.xxxpredictiveLow
9Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
10Filexxxxxxxxx-xxxxxx-xxxxxx/xxx/xxxxxxxx/xxxxx/xxxxx/xxxxxxxx_xxxx.xxxpredictiveHigh
11Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxxxxxx.xxxpredictiveHigh
13Filexxxxx.xxxpredictiveMedium
14Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
15Filexxxxxxx/xxxxxxx/xxxxxxxx_xxxxxxxx.xxx.xxxpredictiveHigh
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxxx\xxxxxxxxx\xxxxxxx.xxxpredictiveHigh
18Filexxx_xxxxx_xxxx.xpredictiveHigh
19Filexxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxxx.xxxxpredictiveHigh
20Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
21Filexxxxxxxxxx.xxxpredictiveHigh
22Filexxxxxx_xxxxxxxxx_xxxxxxxx.xxxpredictiveHigh
23Filexxxxxxxxx.xxxpredictiveHigh
24Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
25Filexxxxxxx.xxxpredictiveMedium
26Filexx-xxxxxxxxx.xxxpredictiveHigh
27File~/xxxxxxxxx/predictiveMedium
28Libraryxxxxxxx/xxxx/xxxxxx/xxx_xxxxxxxx.xpredictiveHigh
29Libraryxxxxxxxx.xxxpredictiveMedium
30Libraryxxxxx.xxxpredictiveMedium
31Argumentxxx_xxpredictiveLow
32ArgumentxxxxxxxxpredictiveMedium
33ArgumentxxxxxxxxxpredictiveMedium
34ArgumentxxxxxxxxpredictiveMedium
35ArgumentxxpredictiveLow
36ArgumentxxxxxxxxxpredictiveMedium
37ArgumentxxxxxpredictiveLow
38Argumentxxxxxxx_xxxxpredictiveMedium
39Argumentxxxx_xxxxxx_xxpredictiveHigh
40ArgumentxxxxxxxxpredictiveMedium
41ArgumentxxpredictiveLow
42ArgumentxxxxxpredictiveLow
43ArgumentxxxxxpredictiveLow
44ArgumentxxxxxxxxxxpredictiveMedium
45Argumentxxxxxx_xxpredictiveMedium
46Argumentxxxx_xxxxxx/xxxxxx/xxxxxxpredictiveHigh
47Argumentxx_xxpredictiveLow
48Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
49Input Valuex xxxxx xxx xxxxxx xxxx,xxxx,xxxx,xxxx,xxxxxx(xxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxx)--predictiveHigh
50Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
51Network PortxxxpredictiveLow
52Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!