FunnySwitch Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (304)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en246
zh44
es8
jp2
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us182
cn112
br2
it2
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

FunnySwitch14
Cobalt Strike8
pupy2
TAG-531
Drinik1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined88
Operating System12
Smartphone Operating System10
Content Management System8
WordPress Plugin6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined74
Google10
Apache10
Apple8
Linux4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android8
jforum4
Linux Kernel4
PostgreSQL4
Easy-scripts Answer4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.91CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
3PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.43CVE-2015-4134
4HRworks Login Reflected cross site scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.001070.02CVE-2019-11559
5WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.00CVE-2006-5509
6Elasticsearch Async Search API information disclosure4.14.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000820.02CVE-2021-22132
7jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
8PHPList Sending Campain sql injection5.35.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000880.05CVE-2017-20030
9PHP phpinfo cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.089850.05CVE-2006-0996
10OpenWrt Access Control rpcd access control7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.002350.00CVE-2018-11116
11Microsoft Windows SMB access control7.06.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.000860.04CVE-2017-11782
12Honeywell Controller Message stack-based overflow9.09.0$0-$5k$0-$5kNot DefinedNot Defined0.000460.05CVE-2023-24480
13Linux Kernel ioctl.c dm_get_inactive_table deadlock5.15.0$5k-$25k$0-$5kNot DefinedNot Defined0.000420.05CVE-2023-2269
14Kubernetes kubelet pprof information disclosure7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.556250.04CVE-2019-11248
15Discuz!ML Cookie code injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.040150.02CVE-2019-13956
16Google Android Qualcomm Privilege Escalation5.55.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000440.00CVE-2021-1921
17Microsoft SQL Server input validation7.57.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.022040.04CVE-2019-1068
18Elasticsearch Elastic Cloud Enterprise API permission4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.019900.03CVE-2021-22146
19Cyrus IMAP index.c index_urlfetch memory corruption7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.017650.00CVE-2015-8076
20Sharp Zaurus Samba Access improper authentication6.56.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.963310.00CVE-2003-0085

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.76.6.14945.76.6.149.vultrusercontent.comFunnySwitch08/10/2022verifiedHigh
245.76.75.21945.76.75.219.vultrusercontent.comFunnySwitch08/10/2022verifiedHigh
366.42.48.186www.cookieli1983.mlFunnySwitch08/10/2022verifiedHigh
466.42.103.22266.42.103.222.vultrusercontent.comFunnySwitch08/10/2022verifiedHigh
5XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxx08/10/2022verifiedHigh
6XX.XX.XXX.XXXxxxx.xxXxxxxxxxxxx08/10/2022verifiedHigh
7XXX.XX.XX.XXXXxxxxxxxxxx08/10/2022verifiedHigh
8XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxx.xxxXxxxxxxxxxx08/10/2022verifiedHigh
9XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxx08/10/2022verifiedHigh
10XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxx.xxxXxxxxxxxxxx08/10/2022verifiedHigh
11XXX.XX.XX.XXxxxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx08/10/2022verifiedHigh
12XXX.XX.XX.XXxxx.xx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxx08/10/2022verifiedHigh
13XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxx08/10/2022verifiedHigh
14XXX.XXX.X.XXXXxxxxxxxxxx08/10/2022verifiedHigh
15XXX.XXX.X.XXxxxxxxxxxx08/10/2022verifiedHigh
16XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxx.xxxXxxxxxxxxxx08/10/2022verifiedHigh
17XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxx08/10/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-CWE-XXXXxx-xxx Xxxx Xxxxxxx XxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-20CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (101)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/debug/pprofpredictiveMedium
2File/etc/config/rpcdpredictiveHigh
3File/forum/away.phppredictiveHigh
4File/lists/admin/predictiveHigh
5File/public/login.htmpredictiveHigh
6File/wp-admin/admin-ajax.phppredictiveHigh
7File/w_selfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtreepredictiveHigh
8File/_nextpredictiveLow
9Fileaddentry.phppredictiveMedium
10Fileadmin/conf_users_edit.phppredictiveHigh
11Fileadmin/write-post.phppredictiveHigh
12Filearchiver\index.phppredictiveHigh
13Filexxxxx.xxxpredictiveMedium
14Filexxx/xxxxxxx.xxpredictiveHigh
15Filexxx/xxxxxxpredictiveMedium
16Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxx/xxx/xxx.xpredictiveHigh
18Filexxxxx.xxxpredictiveMedium
19Filexx-xxxxxxx/xxxxxxxpredictiveHigh
20Filexxxxxx/xxxxxxxxxxxxpredictiveHigh
21Filexxxx.xxxpredictiveMedium
22Filexxxxxxxxx.xxxpredictiveHigh
23Filexxxxx/xxxxxxxxxxxxxxpredictiveHigh
24Filexxx/xxxxxx.xxxpredictiveHigh
25Filexxxxxxxx/xxxxxxxx.xxxpredictiveHigh
26Filexxxxx.xpredictiveLow
27Filexxxxx.xxxpredictiveMedium
28Filexxxxx.xpredictiveLow
29FilexxxxxxxpredictiveLow
30Filexxxxx.xxxxpredictiveMedium
31Filexxxxxxxx.xpredictiveMedium
32Filexxxxxxxx.xxxpredictiveMedium
33Filexxxxxxxx.xxpredictiveMedium
34Filexxxxxxxxx/xxxx-xxxxpredictiveHigh
35Filexxxxxxxxx.xxxpredictiveHigh
36Filexxxxxxxx.xpredictiveMedium
37Filexxx_xxxx.xxxpredictiveMedium
38Filexxxxxxx.xxxpredictiveMedium
39Filexxxxx/xxxxxxx.xpredictiveHigh
40Filexxxxxx.xxxpredictiveMedium
41Filexxxxx.xxxpredictiveMedium
42Filexxxxxxxxxxxxxx.xxxpredictiveHigh
43Filexxxxx_xxxxx.xxxpredictiveHigh
44Filexxxxx_xxxxxx_xxx.xxxpredictiveHigh
45Filexxxxx.xxxpredictiveMedium
46Filexxxxx.xxxpredictiveMedium
47Filexxxxxxxxxx.xxxpredictiveHigh
48Filexxxxx-xxxx/xxxxx-xxxxx-xxxx.xxxpredictiveHigh
49Filexxxxxxxx.xxxpredictiveMedium
50Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
51Filexxxx.xpredictiveLow
52Filexxxxxx_xxxxxx.xxxpredictiveHigh
53Filexxxx.xxxpredictiveMedium
54Filexxxxxxx/xxxxxxxx.xpredictiveHigh
55Filexxx_xxxxxx.xxxpredictiveHigh
56Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
57Filexxxxxxxx.xxxxx.xxxpredictiveHigh
58Filexxxx-xxxxxxxx.xxxpredictiveHigh
59Filexxxxxxxxx.xxxpredictiveHigh
60Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
61Filexxxxxx.xxxpredictiveMedium
62Filexxxxx.xxxpredictiveMedium
63Filexxxx.xxpredictiveLow
64Libraryxxxxxx.xxxpredictiveMedium
65Libraryxxx/xxxxx/xxxxxxxx.xxpredictiveHigh
66Libraryxxxxxxxx/xxxxxxx/xxxxx/xxx.xxxpredictiveHigh
67Argument$_xxxx['xxx_xxxx_xxxxxx']predictiveHigh
68Argument.xxx.x.x.x.x.x.xx.x.x.x.x.x.x.x.x.x.x.xpredictiveHigh
69Argumentxx_xxxxx_xxx_xxxxpredictiveHigh
70ArgumentxxxxxxpredictiveLow
71ArgumentxxxxxxxxpredictiveMedium
72ArgumentxxxxxxpredictiveLow
73ArgumentxxxpredictiveLow
74Argumentxxxxxxx-xxxxxxpredictiveHigh
75ArgumentxxxxxxxxxxpredictiveMedium
76ArgumentxxxxxxxpredictiveLow
77ArgumentxxxxxxpredictiveLow
78ArgumentxxxxpredictiveLow
79ArgumentxxpredictiveLow
80Argumentxxxxxx_xxpredictiveMedium
81ArgumentxxxxxxxxpredictiveMedium
82Argumentxxx_xxxxxxpredictiveMedium
83ArgumentxxxxxxxxpredictiveMedium
84ArgumentxxxxxxxxpredictiveMedium
85ArgumentxxxxxxxxxxpredictiveMedium
86ArgumentxxxxxxxxpredictiveMedium
87ArgumentxxxxxxpredictiveLow
88ArgumentxxxxpredictiveLow
89Argumentxxx_xxxxxpredictiveMedium
90ArgumentxxxxxxxpredictiveLow
91Argumentxxxx_xxpredictiveLow
92ArgumentxxxpredictiveLow
93ArgumentxxxxxpredictiveLow
94ArgumentxxxpredictiveLow
95ArgumentxxxpredictiveLow
96ArgumentxxxxxxxxpredictiveMedium
97Argument_xxx_xxxxxxxxxxx_predictiveHigh
98Input Value(|)(\\x\\x)*predictiveMedium
99Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
100Pattern|xx|predictiveLow
101Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!