IcedID Downloader Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (292)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	242
zh	14
ru	10
fr	6
es	6

Country

us	120
cn	60
ru	32
ce	6
gb	4

Actors

Cobalt Strike	17
NetSupportManager RAT	11
IcedID	9
RecordBreaker	9
Raccoon	9

Activities

Interest

Timeline

Type

Not Defined	98
Content Management System	16
Web Server	14
Router Operating System	14
WordPress Plugin	14

Vendor

Not Defined	102
Apache	14
Microsoft	12
IBM	8
Linux	6

Product

Apache HTTP Server	10
WordPress	6
Linux Kernel	6
Microsoft Windows	4
vBulletin	4

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Atmail Remote Code Execution	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00251	0.04	CVE-2013-5033
2	Esoftpro Online Guestbook Pro ogp_show.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00108	0.28	CVE-2009-4935
3	Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow	8.8	8.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00112	0.03	CVE-2021-3056
4	WordPress sql injection	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00467	0.00	CVE-2022-21664
5	Joomla CMS com_easyblog sql injection	6.3	6.1	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00000	0.25
6	VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00250	0.00	CVE-2019-13275
7	HP Router/Switch SNMP information disclosure	3.7	3.4	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00285	0.05	CVE-2012-3268
8	Linksys WRT54GL Web Management Interface SysInfo1.htm information disclosure	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00046	0.15	CVE-2024-1406
9	Esoftpro Online Guestbook Pro ogp_show.php cross site scripting	4.3	4.2	$0-$5k	$0-$5k	High	Unavailable	0.00209	0.04	CVE-2009-2441
10	Teclib GLPI unlock_tasks.php sql injection	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.12149	0.04	CVE-2019-10232
11	Apache Struts ExceptionDelegator input validation	8.8	8.4	$5k-$25k	$0-$5k	High	Official Fix	0.33127	0.04	CVE-2012-0391
12	Schneider Electric Vijeo Designer path traversal	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00251	0.00	CVE-2021-22704
13	Sophos Firewall User Portal/Webadmin improper authentication	8.5	8.5	$0-$5k	$0-$5k	High	Not Defined	0.97434	0.00	CVE-2022-1040
14	Tiki Admin Password tiki-login.php improper authentication	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00936	1.69	CVE-2020-15906
15	MGB OpenSource Guestbook email.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01302	0.65	CVE-2007-0354
16	CutePHP CuteNews unrestricted upload	7.5	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02107	0.08	CVE-2019-11447
17	Hscripts PHP File Browser Script index.php path traversal	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00151	0.00	CVE-2018-16549
18	WordPress Object injection	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00432	0.00	CVE-2022-21663
19	Microsoft IIS IP/Domain Restriction access control	6.5	5.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00817	0.18	CVE-2014-4078
20	Microsoft Windows Active Directory Domain Services Privilege Escalation	8.8	8.3	$25k-$100k	$0-$5k	High	Official Fix	0.07084	0.00	CVE-2022-26923

IOC - Indicator of Compromise (208)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	5.39.218.210		IcedID Downloader	12/16/2021	verified	High
2	5.181.27.192	gcl-lon.com	IcedID Downloader	04/21/2022	verified	High
3	5.181.80.125	ip-80-125-bullethost.net	IcedID Downloader	12/31/2021	verified	High
4	5.181.80.214		IcedID Downloader	12/31/2021	verified	High
5	5.181.80.224		IcedID Downloader	12/31/2021	verified	High
6	5.188.0.52	saycain.example.com	IcedID Downloader	04/21/2022	verified	High
7	5.196.103.151		IcedID Downloader	05/21/2022	verified	High
8	5.196.196.253		IcedID Downloader	12/31/2021	verified	High
9	5.196.196.255		IcedID Downloader	12/31/2021	verified	High
10	5.199.162.123		IcedID Downloader	04/23/2022	verified	High
11	5.199.162.162		IcedID Downloader	05/06/2022	verified	High
12	5.199.162.166		IcedID Downloader	05/19/2022	verified	High
13	5.199.162.174		IcedID Downloader	06/11/2022	verified	High
14	5.199.162.235		IcedID Downloader	06/02/2022	verified	High
15	5.199.173.20		IcedID Downloader	04/24/2022	verified	High
16	5.199.173.24		IcedID Downloader	06/02/2022	verified	High
17	5.199.173.27		IcedID Downloader	04/22/2022	verified	High
18	5.199.173.29		IcedID Downloader	06/02/2022	verified	High
19	5.199.173.107		IcedID Downloader	05/06/2022	verified	High
20	5.199.173.141		IcedID Downloader	05/12/2022	verified	High
21	5.199.173.150		IcedID Downloader	05/13/2022	verified	High
22	5.199.173.217		IcedID Downloader	06/04/2022	verified	High
23	5.199.173.234		IcedID Downloader	05/20/2022	verified	High
24	5.199.174.232		IcedID Downloader	04/21/2022	verified	High
25	23.88.37.159	static.159.37.88.23.clients.your-server.de	IcedID Downloader	10/19/2023	verified	High
26	23.106.124.26		IcedID Downloader	04/21/2022	verified	High
27	37.61.229.95	zeno.igorclark.net	IcedID Downloader	04/21/2022	verified	High
28	45.11.19.121		IcedID Downloader	04/21/2022	verified	High
29	45.66.248.151		IcedID Downloader	04/24/2022	verified	High
30	45.86.229.46		IcedID Downloader	05/17/2022	verified	High
31	45.86.229.94		IcedID Downloader	05/27/2022	verified	High
32	45.86.229.105	1lf7cf33e.northernstarmarketing.com	IcedID Downloader	05/17/2022	verified	High
33	45.86.229.180		IcedID Downloader	05/20/2022	verified	High
34	45.86.229.251		IcedID Downloader	05/27/2022	verified	High
35	45.86.229.253	32l.edUcated-352.insuranceforourfamily.com	IcedID Downloader	05/14/2022	verified	High
36	45.147.230.150		IcedID Downloader	05/10/2022	verified	High
37	45.147.231.142		IcedID Downloader	06/11/2022	verified	High
38	45.147.231.164		IcedID Downloader	06/09/2022	verified	High
39	45.153.241.140		IcedID Downloader	04/21/2022	verified	High
40	51.83.193.221	srv21.leadsflex.co	IcedID Downloader	04/21/2022	verified	High
41	51.89.88.113	be14.wordume.top	IcedID Downloader	04/21/2022	verified	High
42	51.89.88.119	mail.cartoscan.info	IcedID Downloader	04/21/2022	verified	High
43	XX.XX.XXX.XXX	xxxxxx.xxxx	Xxxxxx Xxxxxxxxxx	03/16/2022	verified	High
44	XX.XX.XXX.XXX		Xxxxxx Xxxxxxxxxx	05/12/2022	verified	High
45	XX.XXX.XX.XX		Xxxxxx Xxxxxxxxxx	05/21/2022	verified	High
46	XX.XXX.XXX.XX	xxxxxxxxxxxx.xxxxxxx.xx	Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
47	XX.XXX.XXX.X		Xxxxxx Xxxxxxxxxx	05/20/2022	verified	High
48	XX.XXX.XXX.XX	xxxxxxx.xxx	Xxxxxx Xxxxxxxxxx	12/31/2021	verified	High
49	XX.XX.XX.XX		Xxxxxx Xxxxxxxxxx	05/09/2022	verified	High
50	XX.XX.XXX.XX	xxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxx	Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
51	XX.XXX.XXX.XXX	xxxx.xx	Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
52	XX.XX.XXX.X		Xxxxxx Xxxxxxxxxx	04/24/2022	verified	High
53	XX.XX.XXX.X		Xxxxxx Xxxxxxxxxx	06/13/2022	verified	High
54	XX.XX.XXX.XX		Xxxxxx Xxxxxxxxxx	05/19/2022	verified	High
55	XX.XX.XXX.XX		Xxxxxx Xxxxxxxxxx	05/21/2022	verified	High
56	XX.XX.XXX.XX		Xxxxxx Xxxxxxxxxx	05/05/2022	verified	High
57	XX.XX.XXX.XXX		Xxxxxx Xxxxxxxxxx	06/02/2022	verified	High
58	XX.XX.XXX.XXX		Xxxxxx Xxxxxxxxxx	06/05/2022	verified	High
59	XX.XX.XXX.XXX		Xxxxxx Xxxxxxxxxx	06/12/2022	verified	High
60	XX.XX.XXX.XXX		Xxxxxx Xxxxxxxxxx	05/26/2022	verified	High
61	XX.XX.XXX.XXX		Xxxxxx Xxxxxxxxxx	04/22/2022	verified	High
62	XX.XX.XXX.XXX		Xxxxxx Xxxxxxxxxx	06/11/2022	verified	High
63	XX.XX.XXX.XX		Xxxxxx Xxxxxxxxxx	05/11/2022	verified	High
64	XX.XX.XXX.XX		Xxxxxx Xxxxxxxxxx	04/22/2022	verified	High
65	XX.XX.XXX.XX		Xxxxxx Xxxxxxxxxx	06/12/2022	verified	High
66	XX.XX.XXX.XX		Xxxxxx Xxxxxxxxxx	05/11/2022	verified	High
67	XX.XX.XXX.XX		Xxxxxx Xxxxxxxxxx	06/05/2022	verified	High
68	XX.XX.XXX.XX		Xxxxxx Xxxxxxxxxx	04/24/2022	verified	High
69	XX.XX.XXX.XX		Xxxxxx Xxxxxxxxxx	05/23/2022	verified	High
70	XX.XX.XXX.XX		Xxxxxx Xxxxxxxxxx	05/27/2022	verified	High
71	XX.XXX.XX.XX		Xxxxxx Xxxxxxxxxx	04/29/2022	verified	High
72	XX.XXX.XX.XX	xxxxxxxxxx.xxx	Xxxxxx Xxxxxxxxxx	06/02/2022	verified	High
73	XX.XXX.XX.XXX	xxxxxxx.xxx.xxxx.xx.xx	Xxxxxx Xxxxxxxxxx	06/11/2022	verified	High
74	XX.XXX.XX.XXX		Xxxxxx Xxxxxxxxxx	06/08/2022	verified	High
75	XX.XXX.XX.XXX	xxxxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxxx.xxx	Xxxxxx Xxxxxxxxxx	06/05/2022	verified	High
76	XX.XXX.XX.XXX		Xxxxxx Xxxxxxxxxx	06/12/2022	verified	High
77	XX.XXX.XX.XXX	xxxx.xxxxxxxxxx.xxxx	Xxxxxx Xxxxxxxxxx	05/05/2022	verified	High
78	XX.XXX.XX.XX	xxxxxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxx.xxx	Xxxxxx Xxxxxxxxxx	05/08/2022	verified	High
79	XX.XX.XX.XX	xxxxxx.xx.xx.xx.xx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxx Xxxxxxxxxx	10/19/2023	verified	High
80	XX.XXX.XXX.XX	xxxx.xxxxxxx.xxx	Xxxxxx Xxxxxxxxxx	04/07/2022	verified	High
81	XX.XX.XXX.XX	xxxxxxxxx.xxx	Xxxxxx Xxxxxxxxxx	06/05/2022	verified	High
82	XX.XXX.XXX.XX	xxx-xx-xxx-xxx-xx.xxxx.xx	Xxxxxx Xxxxxxxxxx	10/16/2023	verified	High
83	XX.XXX.XXX.XXX	xxxx.xxxxxxxxx.xx	Xxxxxx Xxxxxxxxxx	06/09/2022	verified	High
84	XX.XXX.XXX.XXX	xxxxx.xxxxxxxxxx.xx	Xxxxxx Xxxxxxxxxx	06/11/2022	verified	High
85	XX.XXX.XX.XXX	xxxx.xx	Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
86	XX.XXX.XXX.XX	xxxx.xx	Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
87	XX.XXX.XX.XXX		Xxxxxx Xxxxxxxxxx	12/31/2021	verified	High
88	XX.XXX.XXX.X		Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
89	XX.XXX.XXX.XX		Xxxxxx Xxxxxxxxxx	12/31/2021	verified	High
90	XX.XXX.XXX.XXX	xxxx.xxx.xx	Xxxxxx Xxxxxxxxxx	06/11/2022	verified	High
91	XX.XXX.XXX.XX		Xxxxxx Xxxxxxxxxx	06/12/2022	verified	High
92	XX.XXX.XXX.XX		Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
93	XX.XXX.XXX.XX		Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
94	XX.XXX.XXX.XX		Xxxxxx Xxxxxxxxxx	06/11/2022	verified	High
95	XX.XXX.XXX.XXX		Xxxxxx Xxxxxxxxxx	06/12/2022	verified	High
96	XX.XXX.XXX.XXX		Xxxxxx Xxxxxxxxxx	04/23/2022	verified	High
97	XX.XXX.XXX.XXX		Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
98	XX.XXX.XXX.XXX		Xxxxxx Xxxxxxxxxx	06/02/2022	verified	High
99	XX.XXX.XXX.XXX		Xxxxxx Xxxxxxxxxx	05/20/2022	verified	High
100	XX.XXX.XXX.XXX		Xxxxxx Xxxxxxxxxx	06/12/2022	verified	High
101	XX.XXX.XXX.XXX		Xxxxxx Xxxxxxxxxx	05/22/2022	verified	High
102	XX.XXX.XXX.XXX		Xxxxxx Xxxxxxxxxx	06/09/2022	verified	High
103	XX.XXX.XXX.XXX		Xxxxxx Xxxxxxxxxx	06/09/2022	verified	High
104	XX.XXX.XXX.XX		Xxxxxx Xxxxxxxxxx	05/19/2022	verified	High
105	XX.XXX.XXX.XX		Xxxxxx Xxxxxxxxxx	05/19/2022	verified	High
106	XX.XXX.XXX.XX		Xxxxxx Xxxxxxxxxx	06/05/2022	verified	High
107	XX.XXX.XXX.XX		Xxxxxx Xxxxxxxxxx	05/13/2022	verified	High
108	XX.XXX.XXX.XX		Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
109	XX.XXX.XXX.XX		Xxxxxx Xxxxxxxxxx	05/27/2022	verified	High
110	XX.XXX.XXX.XXX		Xxxxxx Xxxxxxxxxx	06/04/2022	verified	High
111	XX.XXX.XXX.XXX		Xxxxxx Xxxxxxxxxx	06/11/2022	verified	High
112	XX.XXX.XXX.XXX		Xxxxxx Xxxxxxxxxx	05/22/2022	verified	High
113	XX.XXX.XXX.XXX		Xxxxxx Xxxxxxxxxx	03/16/2022	verified	High
114	XX.XXX.XXX.XXX		Xxxxxx Xxxxxxxxxx	05/19/2022	verified	High
115	XX.XXX.XXX.XXX		Xxxxxx Xxxxxxxxxx	06/02/2022	verified	High
116	XX.XXX.XXX.XXX		Xxxxxx Xxxxxxxxxx	06/02/2022	verified	High
117	XX.XXX.XXX.XXX		Xxxxxx Xxxxxxxxxx	05/17/2022	verified	High
118	XX.XXX.XX.XXX		Xxxxxx Xxxxxxxxxx	11/04/2022	verified	High
119	XX.XXX.XXX.XXX	x-xxxxx.xxxxxxxxxxxxxxxxxxxxxxx.xxx	Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
120	XX.XXX.XXX.XXX		Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
121	XXX.XXX.XX.XX	xxxxxxxx.xxx	Xxxxxx Xxxxxxxxxx	06/13/2022	verified	High
122	XXX.XXX.XX.XXX		Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
123	XXX.XXX.XX.XXX		Xxxxxx Xxxxxxxxxx	03/16/2022	verified	High
124	XXX.XXX.XX.XXX		Xxxxxx Xxxxxxxxxx	03/16/2022	verified	High
125	XXX.XXX.XX.XXX		Xxxxxx Xxxxxxxxxx	05/17/2022	verified	High
126	XXX.XXX.XX.XXX		Xxxxxx Xxxxxxxxxx	04/22/2022	verified	High
127	XXX.XXX.XX.XXX		Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
128	XXX.XXX.XX.XXX		Xxxxxx Xxxxxxxxxx	04/23/2022	verified	High
129	XXX.XX.X.XX		Xxxxxx Xxxxxxxxxx	11/15/2023	verified	High
130	XXX.XXX.XXX.XXX	xxxxxx.xxx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxx Xxxxxxxxxx	10/19/2023	verified	High
131	XXX.XXX.XXX.XXX		Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
132	XXX.XXX.XXX.XX		Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
133	XXX.XXX.XXX.XXX		Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
134	XXX.XXX.XXX.XX	xxxx.xx-xxx-xxx-xxx.xx	Xxxxxx Xxxxxxxxxx	05/07/2022	verified	High
135	XXX.XXX.XX.XXX		Xxxxxx Xxxxxxxxxx	07/13/2022	verified	High
136	XXX.XX.X.XX		Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
137	XXX.XX.XX.XXX		Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
138	XXX.XX.XXX.XX		Xxxxxx Xxxxxxxxxx	05/15/2022	verified	High
139	XXX.XX.XXX.XX		Xxxxxx Xxxxxxxxxx	04/24/2022	verified	High
140	XXX.XX.XXX.XX		Xxxxxx Xxxxxxxxxx	05/01/2022	verified	High
141	XXX.XX.XXX.XX		Xxxxxx Xxxxxxxxxx	05/06/2022	verified	High
142	XXX.XXX.XXX.XXX		Xxxxxx Xxxxxxxxxx	04/23/2022	verified	High
143	XXX.XXX.XX.XXX		Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
144	XXX.XXX.XX.XX		Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
145	XXX.XXX.XX.XX		Xxxxxx Xxxxxxxxxx	04/24/2022	verified	High
146	XXX.XXX.XX.XX		Xxxxxx Xxxxxxxxxx	04/28/2022	verified	High
147	XXX.XXX.XX.XX		Xxxxxx Xxxxxxxxxx	05/02/2022	verified	High
148	XXX.XXX.XX.XX		Xxxxxx Xxxxxxxxxx	05/10/2022	verified	High
149	XXX.XXX.XX.XX		Xxxxxx Xxxxxxxxxx	05/26/2022	verified	High
150	XXX.XX.XX.XXX	xxxxx.xx-xxx-xx-xx.xx	Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
151	XXX.XXX.XXX.XX	xxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxx Xxxxxxxxxx	09/30/2023	verified	High
152	XXX.XXX.XX.XXX	xxxxxxxxx.xxxxxxxxxxxxxxxxxxxx.xx	Xxxxxx Xxxxxxxxxx	04/22/2022	verified	High
153	XXX.XX.XXX.XXX		Xxxxxx Xxxxxxxxxx	07/26/2022	verified	High
154	XXX.XXX.XX.XX		Xxxxxx Xxxxxxxxxx	05/20/2022	verified	High
155	XXX.XXX.XXX.XX		Xxxxxx Xxxxxxxxxx	03/18/2022	verified	High
156	XXX.XX.XXX.XXX		Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
157	XXX.XX.XX.XX		Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
158	XXX.XX.XXX.XX		Xxxxxx Xxxxxxxxxx	03/09/2022	verified	High
159	XXX.XX.XX.XX		Xxxxxx Xxxxxxxxxx	05/10/2022	verified	High
160	XXX.XX.XXX.XX	xxxxxxxxxx.xxx	Xxxxxx Xxxxxxxxxx	04/23/2022	verified	High
161	XXX.XX.XXX.XXX	xxx.xxxxxxxxxxx.xxx	Xxxxxx Xxxxxxxxxx	04/18/2022	verified	High
162	XXX.XXX.XX.X		Xxxxxx Xxxxxxxxxx	06/11/2022	verified	High
163	XXX.XXX.XX.XXX		Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
164	XXX.XX.XX.XXX		Xxxxxx Xxxxxxxxxx	05/11/2022	verified	High
165	XXX.XXX.XX.XX	xxxxxxxxxx.xxx	Xxxxxx Xxxxxxxxxx	03/16/2022	verified	High
166	XXX.XXX.XX.XX	xxxxxx.xxxxxxxxxxxxxxxxx.xxxx	Xxxxxx Xxxxxxxxxx	05/10/2022	verified	High
167	XXX.XXX.XX.XX	xxxxxx.xxxxxxxxxxxxx.xxx	Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
168	XXX.XX.XX.XXX	xxxxxxxxx.xxxxxxxx.xx	Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
169	XXX.XX.XX.XXX		Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
170	XXX.X.XXX.XXX		Xxxxxx Xxxxxxxxxx	04/28/2022	verified	High
171	XXX.X.XXX.XXX		Xxxxxx Xxxxxxxxxx	06/08/2022	verified	High
172	XXX.X.XXX.XXX		Xxxxxx Xxxxxxxxxx	05/20/2022	verified	High
173	XXX.X.XXX.XXX		Xxxxxx Xxxxxxxxxx	05/01/2022	verified	High
174	XXX.X.XXX.XXX		Xxxxxx Xxxxxxxxxx	05/22/2022	verified	High
175	XXX.X.XXX.XXX		Xxxxxx Xxxxxxxxxx	06/02/2022	verified	High
176	XXX.X.XXX.XXX		Xxxxxx Xxxxxxxxxx	05/22/2022	verified	High
177	XXX.XX.XXX.XXX		Xxxxxx Xxxxxxxxxx	05/19/2022	verified	High
178	XXX.XX.XXX.XX		Xxxxxx Xxxxxxxxxx	05/19/2022	verified	High
179	XXX.XX.XXX.XX		Xxxxxx Xxxxxxxxxx	04/24/2022	verified	High
180	XXX.XX.XXX.XXX		Xxxxxx Xxxxxxxxxx	06/02/2022	verified	High
181	XXX.XX.XXX.XXX		Xxxxxx Xxxxxxxxxx	06/02/2022	verified	High
182	XXX.XX.XXX.XX		Xxxxxx Xxxxxxxxxx	03/16/2022	verified	High
183	XXX.XX.XXX.XXX		Xxxxxx Xxxxxxxxxx	03/16/2022	verified	High
184	XXX.XX.XXX.XX	xxxxxxxxx.xxx	Xxxxxx Xxxxxxxxxx	12/31/2021	verified	High
185	XXX.XXX.XXX.XX		Xxxxxx Xxxxxxxxxx	05/27/2022	verified	High
186	XXX.XXX.XXX.XX		Xxxxxx Xxxxxxxxxx	06/08/2022	verified	High
187	XXX.XXX.XXX.XX		Xxxxxx Xxxxxxxxxx	06/12/2022	verified	High
188	XXX.XXX.XXX.XX		Xxxxxx Xxxxxxxxxx	06/13/2022	verified	High
189	XXX.XXX.XXX.XXX		Xxxxxx Xxxxxxxxxx	12/16/2021	verified	High
190	XXX.XXX.XXX.XX	xxxxxxxx.xxxx.xxxxxx.xxx	Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
191	XXX.XXX.XX.XXX	xx-xxxx.xxxxxxxxx.xxx	Xxxxxx Xxxxxxxxxx	03/16/2022	verified	High
192	XXX.XXX.XX.X	xxxxxxxxxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxx Xxxxxxxxxx	03/16/2022	verified	High
193	XXX.XXX.XXX.XXX	xxxxxxxxx.xxx	Xxxxxx Xxxxxxxxxx	03/22/2022	verified	High
194	XXX.XXX.XXX.XXX		Xxxxxx Xxxxxxxxxx	04/17/2022	verified	High
195	XXX.XXX.XXX.XXX	xxxxx.xxxxxxx.xxx	Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
196	XXX.XXX.XXX.XX	xxxxx-xxxxxxx.xxxxxxxxxxxx.xxx	Xxxxxx Xxxxxxxxxx	12/31/2021	verified	High
197	XXX.XXX.XXX.XXX		Xxxxxx Xxxxxxxxxx	10/16/2023	verified	High
198	XXX.XX.XX.XXX		Xxxxxx Xxxxxxxxxx	10/16/2023	verified	High
199	XXX.XXX.XXX.XXX		Xxxxxx Xxxxxxxxxx	04/28/2022	verified	High
200	XXX.XX.XX.XX	xxxxxxxxxx.xx.xx	Xxxxxx Xxxxxxxxxx	05/24/2022	verified	High
201	XXX.XX.XX.XXX		Xxxxxx Xxxxxxxxxx	04/23/2022	verified	High
202	XXX.XX.XX.XXX		Xxxxxx Xxxxxxxxxx	04/22/2022	verified	High
203	XXX.XX.XX.XXX		Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
204	XXX.XXX.XXX.XX	xxx.xxxxxxx.xxxx	Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
205	XXX.XXX.XXX.XX	xxxxx-xxxx.xxxxx.xxx	Xxxxxx Xxxxxxxxxx	04/21/2022	verified	High
206	XXX.XX.XXX.XXX		Xxxxxx Xxxxxxxxxx	03/16/2022	verified	High
207	XXX.XX.XXX.XXX		Xxxxxx Xxxxxxxxxx	03/16/2022	verified	High
208	XXX.XX.XXX.XXX		Xxxxxx Xxxxxxxxxx	06/12/2022	verified	High

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22, CWE-23	Path Traversal	predictive	High
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	High
3	T1059	CAPEC-242	CWE-94, CWE-1321	Argument Injection	predictive	High
4	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	High
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
6	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	High
7	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
8	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
9	TXXXX	CAPEC-184	CWE-XXX	Xxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxx	predictive	High
10	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
11	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	High
12	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
13	TXXXX.XXX	CAPEC-120	CWE-XXX	Xxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx Xxxxxxxx	predictive	High
14	TXXXX.XXX	CAPEC-459	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
15	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
16	TXXXX.XXX	CAPEC-	CWE-XX	Xxxxxxxxxxxxx	predictive	High
17	TXXXX	CAPEC-157	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High
18	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (132)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/api/RecordingList/DownloadRecord?file=	predictive	High
2	File	/apply.cgi	predictive	Medium
3	File	/index.php	predictive	Medium
4	File	/members/view_member.php	predictive	High
5	File	/mhds/clinic/view_details.php	predictive	High
6	File	/owa/auth/logon.aspx	predictive	High
7	File	/php/ping.php	predictive	High
8	File	/rapi/read_url	predictive	High
9	File	/rest/api/latest/projectvalidate/key	predictive	High
10	File	/scripts/unlock_tasks.php	predictive	High
11	File	/SSOPOST/metaAlias/%realm%/idpv2	predictive	High
12	File	/SysInfo1.htm	predictive	High
13	File	/sysinfo_json.cgi	predictive	High
14	File	/system/user/modules/mod_users/controller.php	predictive	High
15	File	/uncpath/	predictive	Medium
16	File	/xx-xxxxx/xxxxx-xxxx.xxx?xx_xxxx=x&xxxxxx_xxxx	predictive	High
17	File	xxxxxxx.xxx	predictive	Medium
18	File	xxxxx.xxxxxxxxx.xxx	predictive	High
19	File	xxxxxxx/xxxx.xxx	predictive	High
20	File	xxx/xxx.xxx	predictive	Medium
21	File	xxxxxx/xxx.x	predictive	Medium
22	File	xxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxx	predictive	High
23	File	xxxxxxxxx.xxx.xxx	predictive	High
24	File	xxxxx/xxxxx.xxx	predictive	High
25	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
26	File	xxxx_xxxxx.xxx	predictive	High
27	File	xxxxx.xxx	predictive	Medium
28	File	xxxxxxxxx.x	predictive	Medium
29	File	xxxxx.xxx	predictive	Medium
30	File	xxx/xxxx/xxxx.x	predictive	High
31	File	xxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxx	predictive	High
32	File	xx/xx-xx.x	predictive	Medium
33	File	xxx/xxxx_xxxx.x	predictive	High
34	File	xxxxxx/xxxxxxxxxxx	predictive	High
35	File	xxxx_xxxxxx.x	predictive	High
36	File	xxxx/xxxxxxx.x	predictive	High
37	File	xxxxx.xxxx	predictive	Medium
38	File	xxx/xxxxxx.xxx	predictive	High
39	File	xxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxx	predictive	High
40	File	xxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxx	predictive	High
41	File	xxxxx.xxx	predictive	Medium
42	File	xxxxx.xxx?xxx=xxxx&xxx=xxxxxxxx	predictive	High
43	File	xxxxxxxx/xx/xxxx.xx	predictive	High
44	File	xxxxxxxx/xxxx_xxxx.x	predictive	High
45	File	xxxxxxxxxx.xxx	predictive	High
46	File	xxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxx	predictive	High
47	File	xxxxx.xxx	predictive	Medium
48	File	xxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxx	predictive	High
49	File	xxx/xxx.xxx	predictive	Medium
50	File	xxx/xxxxx	predictive	Medium
51	File	xxxxxxxxxxxxxxxx.xxx	predictive	High
52	File	xxx_xxxx.xxx	predictive	Medium
53	File	xxxxxx.x	predictive	Medium
54	File	xxxx.xxx	predictive	Medium
55	File	xxxxx.xxx	predictive	Medium
56	File	xxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]	predictive	High
57	File	xxxx.xxx	predictive	Medium
58	File	xxxxxxx.xxx	predictive	Medium
59	File	xxxxxxxxxx.xxx	predictive	High
60	File	xxxxxxxx.xxx	predictive	Medium
61	File	xxxx.xxx	predictive	Medium
62	File	xxxxx/xxxxx.xxx	predictive	High
63	File	xxxxxxxx.xxx	predictive	Medium
64	File	xxxx-xxxxx.xxx	predictive	High
65	File	xxx.x	predictive	Low
66	File	xxxxxxxxx.xxx	predictive	High
67	File	xxxxxxxxx.xxx	predictive	High
68	File	xxxxxxxxxx	predictive	Medium
69	File	xxxxxxx/xxxxx.xxx	predictive	High
70	Library	/_xxx_xxx/xxxxx.xxx	predictive	High
71	Library	xxx/xxxxxx.x	predictive	Medium
72	Argument	xxxxxx	predictive	Low
73	Argument	xxxxxxx_xxxx	predictive	Medium
74	Argument	xxxxxx_xxxx	predictive	Medium
75	Argument	xxxxxxxx	predictive	Medium
76	Argument	xxx	predictive	Low
77	Argument	xxxxxxxxx	predictive	Medium
78	Argument	xxxxxxxxxxxxxxxxx	predictive	High
79	Argument	xxxxxxxxxxxxxxxx	predictive	High
80	Argument	xxxxx	predictive	Low
81	Argument	xxxxxxxxxxx/xxxxxxxx/xxx/xxxxx	predictive	High
82	Argument	xxxx	predictive	Low
83	Argument	xxxxxx_xx	predictive	Medium
84	Argument	xxxxxxx	predictive	Low
85	Argument	xxxxx	predictive	Low
86	Argument	xxxx	predictive	Low
87	Argument	xxxxxx	predictive	Low
88	Argument	xx_xx	predictive	Low
89	Argument	xxxx	predictive	Low
90	Argument	xxxx	predictive	Low
91	Argument	xx	predictive	Low
92	Argument	xxxx	predictive	Low
93	Argument	xxxxxxxx[xx]	predictive	Medium
94	Argument	xxx	predictive	Low
95	Argument	xxxxxxx	predictive	Low
96	Argument	xxxxxxx	predictive	Low
97	Argument	xxx_xxxx	predictive	Medium
98	Argument	xxxx	predictive	Low
99	Argument	xxxxxxxx	predictive	Medium
100	Argument	xxxxxxx	predictive	Low
101	Argument	xxxxxxxx	predictive	Medium
102	Argument	xxxxxxxx	predictive	Medium
103	Argument	xxxx	predictive	Low
104	Argument	xxxxxxx	predictive	Low
105	Argument	xxxxxxx/xxxxx	predictive	High
106	Argument	xxxxxx	predictive	Low
107	Argument	xxxxxxxxxxx	predictive	Medium
108	Argument	xxxxxx_xxx	predictive	Medium
109	Argument	xxxx_xx	predictive	Low
110	Argument	xxxxxxxx_xxxxxxxx	predictive	High
111	Argument	xxx	predictive	Low
112	Argument	xxxxxxxxxxxxxxxxxxxxx	predictive	High
113	Argument	xxxx_xx	predictive	Low
114	Argument	xxx	predictive	Low
115	Argument	xxx	predictive	Low
116	Argument	xxxx	predictive	Low
117	Argument	xxxxxxxx	predictive	Medium
118	Argument	xxxxx	predictive	Low
119	Argument	xxxx/xx/xxxx/xxx	predictive	High
120	Argument	x-xxxxxxxxx-xxxxxx	predictive	High
121	Input Value	.%xx.../.%xx.../	predictive	High
122	Input Value	../	predictive	Low
123	Input Value	../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxx	predictive	High
124	Input Value	xxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxx	predictive	High
125	Input Value	xxxxxxx -xxx	predictive	Medium
126	Input Value	xxxxxxxxxx	predictive	Medium
127	Network Port	xxxx	predictive	Low
128	Network Port	xxxx	predictive	Low
129	Network Port	xxxx xxxx	predictive	Medium
130	Network Port	xxx/xxx	predictive	Low
131	Network Port	xxx/xxxx	predictive	Medium
132	Network Port	xxx/xxx (xxxx)	predictive	High

References (7)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!