Get2 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (47)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en44
ko4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us18
kr18
my10
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Get26

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined22
Operating System6
SSH Server Software2
Application Server Software2
Photo Gallery Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined10
Linux4
Dropbear2
Xplatform2
V-EVA2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel4
Dropbear SSH Server2
Xplatform ActiveX2
V-EVA Press Release Script2
VMware Workspace one UEM Console2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Image Uploader/Browser plugin Pathname pluginconfig.php input validation9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.006970.03CVE-2019-19502
2Linux Kernel XFS xfs_ioctl.c xfs_ioc_space buffer size4.94.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2021-4155
3jquery.json-viewer library JSON Object injection5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000610.00CVE-2022-30241
4Juniper Web Device Manager Authentication hard-coded credentials9.89.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.06
5Microsoft Windows Kernel Cryptography Driver cng.sys CfgAdtpFormatPropertyBlock buffer overflow7.97.9$25k-$100k$25k-$100kHighOfficial Fix0.143040.00CVE-2020-17087
6Dropbear SSH Server Login format string9.89.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.000000.04
7Goodtech FTP Server Connection denial of service5.35.2$0-$5k$0-$5kNot DefinedWorkaround0.006710.00CVE-2001-0188
8OSSEC Web UI search.php cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001310.03CVE-2016-4847
9Kong Insomnia Environment Variable access control5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000650.04CVE-2023-40299
10Nokia NetAct Performance Manager Page xml external entity reference6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001160.00CVE-2023-26058
11Linux Kernel XFS data processing8.47.3$5k-$25k$0-$5kUnprovenOfficial Fix0.000420.00CVE-2015-0274
12V-EVA Press Release Script page.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001870.08CVE-2010-5047
13TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010756.54CVE-2006-6168
14Microsoft Windows Remote Desktop Protocol information disclosure5.85.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.030560.00CVE-2022-22015
15Tobesoft NEXACRO17 File Creation copy input validation8.48.3$0-$5k$0-$5kNot DefinedOfficial Fix0.005280.00CVE-2021-26612
16Online Book Store admin_add.php unrestricted upload6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.035330.00CVE-2020-19113
17VMware Workspace one UEM Console server-side request forgery5.95.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.758200.00CVE-2021-22054
18lighttpd Log File mod_mysql_vhost.c injection6.46.0$0-$5k$0-$5kUnprovenOfficial Fix0.011230.03CVE-2015-3200
19lighttpd Log File http_auth.c injection7.57.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.011230.00CVE-2015-3200
20ShopXO phar File unrestricted upload8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.004880.00CVE-2021-27817

IOC - Indicator of Compromise (81)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
127.101.221.227Get209/24/2023verifiedHigh
227.101.222.24Get211/17/2023verifiedHigh
327.101.222.186Get210/25/2023verifiedHigh
4101.78.26.130Get209/26/2023verifiedHigh
5103.86.130.35amis.unimap.edu.myGet202/04/2024verifiedHigh
6103.86.130.50edev.unimap.edu.myGet201/30/2024verifiedHigh
7103.86.130.51usis.unimap.edu.myGet201/29/2024verifiedHigh
8103.86.130.54courseregdip.unimap.edu.myGet201/30/2024verifiedHigh
9103.86.130.61elearninglab.unimap.edu.myGet202/07/2024verifiedHigh
10103.86.130.67ipam1.unimap.edu.myGet201/28/2024verifiedHigh
11103.86.130.68imsic.unimap.edu.myGet201/28/2024verifiedHigh
12103.86.130.72kedatangan.unimap.edu.myGet202/04/2024verifiedHigh
13103.86.130.74security.unimap.edu.myGet201/26/2024verifiedHigh
14103.86.130.76ofis.unimap.edu.myGet201/30/2024verifiedHigh
15103.86.130.78misos.unimap.edu.myGet203/03/2024verifiedHigh
16103.86.130.79opa.unimap.edu.myGet201/31/2024verifiedHigh
17103.86.130.83icthelpdesk.unimap.edu.myGet202/07/2024verifiedHigh
18XXX.XX.XXX.XXx-xxx.xxxxxx.xxx.xxXxxx02/07/2024verifiedHigh
19XXX.XX.XXX.XXxxxxxx.xxxxxx.xxx.xxXxxx02/05/2024verifiedHigh
20XXX.XX.XXX.XXxxx.xxxxxx.xxx.xxXxxx01/28/2024verifiedHigh
21XXX.XX.XXX.XXXxxx.xxxxxx.xxx.xxXxxx03/03/2024verifiedHigh
22XXX.XX.XXX.XXXxxxxxxxxx.xxxxxx.xxx.xxXxxx02/06/2024verifiedHigh
23XXX.XX.XXX.XXxxxx.xxxxxx.xxx.xxXxxx01/27/2024verifiedHigh
24XXX.XX.XXX.XXxxxxxxxx.xxxxxx.xxx.xxXxxx01/26/2024verifiedHigh
25XXX.XX.XXX.XXxxx.xxxxxx.xxx.xxXxxx01/30/2024verifiedHigh
26XXX.XX.XXX.XXxxxxxxx-xxxxxxxx.xxxxxx.xxx.xxXxxx03/03/2024verifiedHigh
27XXX.XX.XXX.XXxxxxxxx.xxxxxx.xxx.xxXxxx01/31/2024verifiedHigh
28XXX.XX.XXX.XXxxxxx.xxxxxx.xxx.xxXxxx02/07/2024verifiedHigh
29XXX.XX.XXX.XXxxxxxxx.xxxxxx.xxx.xxXxxx02/01/2024verifiedHigh
30XXX.XX.XXX.XXxxxx.xxxxxx.xxx.xxXxxx02/02/2024verifiedHigh
31XXX.XX.XXX.XXXxxx01/28/2024verifiedHigh
32XXX.XX.XXX.XXXXxxx02/09/2024verifiedHigh
33XXX.XX.XXX.XXXXxxx02/02/2024verifiedHigh
34XXX.XX.XXX.XXXXxxx02/01/2024verifiedHigh
35XXX.XX.XXX.XXXXxxx02/03/2024verifiedHigh
36XXX.XX.XXX.XXXXxxx02/01/2024verifiedHigh
37XXX.XX.XXX.XXXXxxx03/03/2024verifiedHigh
38XXX.XX.XXX.XXXXxxx10/01/2023verifiedHigh
39XXX.XX.XXX.XXXXxxx11/04/2023verifiedHigh
40XXX.XXX.XX.XXxxx04/03/2024verifiedHigh
41XXX.XXX.XX.XXxxx11/16/2023verifiedHigh
42XXX.XXX.XX.XXXXxxx09/23/2023verifiedHigh
43XXX.X.XXX.XXXXxxx11/04/2023verifiedHigh
44XXX.XX.X.XXXXxxx11/04/2023verifiedHigh
45XXX.XX.X.XXXXxxx11/17/2023verifiedHigh
46XXX.XX.XX.XXXXxxx11/05/2023verifiedHigh
47XXX.XX.XX.XXXXxxx11/22/2023verifiedHigh
48XXX.XXX.XXX.XXXXxxx01/23/2024verifiedHigh
49XXX.XXX.XXX.XXXXxxx09/23/2023verifiedHigh
50XXX.XXX.XXX.XXXXxxx09/23/2023verifiedHigh
51XXX.XXX.XXX.XXXXxxx09/24/2023verifiedHigh
52XXX.XXX.XXX.XXXXxxx09/24/2023verifiedHigh
53XXX.XXX.XXX.XXXXxxx09/26/2023verifiedHigh
54XXX.XXX.XXX.XXXXxxx10/15/2023verifiedHigh
55XXX.XXX.XXX.XXXXxxx10/28/2023verifiedHigh
56XXX.XXX.XXX.XXXXxxx04/03/2024verifiedHigh
57XXX.XXX.XXX.XXXXxxx09/23/2023verifiedHigh
58XXX.XXX.XXX.XXXXxxx09/23/2023verifiedHigh
59XXX.XXX.XXX.XXXxxx10/01/2023verifiedHigh
60XXX.XXX.XXX.XXXXxxx09/26/2023verifiedHigh
61XXX.XXX.X.XXXxxx09/30/2023verifiedHigh
62XXX.XXX.X.XXxxxxx_xxx.xxx.xx.xxXxxx09/28/2023verifiedHigh
63XXX.XXX.XXX.XXXXxxx10/02/2023verifiedHigh
64XXX.XX.XXX.XXXXxxx09/25/2023verifiedHigh
65XXX.XXX.XX.XXXXxxx04/03/2024verifiedHigh
66XXX.XXX.XX.XXXXxxx04/03/2024verifiedHigh
67XXX.XX.XX.XXXxxx10/03/2023verifiedHigh
68XXX.XX.XX.XXXxxx10/16/2023verifiedHigh
69XXX.XX.XX.XXXxxx09/28/2023verifiedHigh
70XXX.XX.XX.XXXxxx12/10/2023verifiedHigh
71XXX.XX.XX.XXXxxx11/29/2023verifiedHigh
72XXX.XX.XX.XXXxxx10/28/2023verifiedHigh
73XXX.XX.XX.XXXxxx03/03/2024verifiedHigh
74XXX.XX.XX.XXXxxx04/03/2024verifiedHigh
75XXX.XX.XX.XXXxxx12/16/2023verifiedHigh
76XXX.XX.XX.XXXXxxx09/26/2023verifiedHigh
77XXX.XX.XX.XXXXxxx10/27/2023verifiedHigh
78XXX.XX.XX.XXXXxxx01/12/2024verifiedHigh
79XXX.XX.XX.XXXXxxx10/15/2023verifiedHigh
80XXX.XX.XX.XXXXxxx12/25/2023verifiedHigh
81XXX.XX.XX.XXXXxxx12/16/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3TXXXXCAPEC-242CWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/tmppredictiveLow
2Fileadmin.phppredictiveMedium
3Fileadmin_add.phppredictiveHigh
4Filexxx.xxxpredictiveLow
5Filexxxxxxx/xxxxxxx/xxxxxxx/xx_xxxxx/xxxxx.xxxpredictiveHigh
6Filexxxxxxx/xxx/xxxx/xxxxxx.xpredictiveHigh
7Filexxxx_xxxx.xpredictiveMedium
8Filexxx/xxxxxx.xxxpredictiveHigh
9Filexxx_xxxxx_xxxxx.xpredictiveHigh
10Filexxxx.xxxpredictiveMedium
11Filexxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxx/xxxxxx.xxxpredictiveHigh
14Filexxxx-xxxxxxxx.xxxpredictiveHigh
15Filexxx/xxx_xxxxx.xpredictiveHigh
16Libraryxxxxxxxxx.xxxpredictiveHigh
17ArgumentxxxxxxxxpredictiveMedium
18ArgumentxxxxxxpredictiveLow
19Argumentxxxx_xxxxxx_xxxxxxxxxpredictiveHigh
20ArgumentxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!