Icloader Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (131)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en94
ru26
de8
zh2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ru104
us16
ua8
de4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Dfni2
Vidar1
BEAR1
GreyEnergy1
Dridex1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined36
Operating System16
Photo Gallery Software6
Programming Language Software6
Content Management System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined34
Microsoft20
Apple4
Oracle4
e1072

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows12
Apple Mac OS X4
PHP Everywhere Plugin4
e107 CMS2
APC Switched Rack Pdu2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Microsoft Windows Advanced Local Procedure Call Privilege Escalation9.28.8$25k-$100k$5k-$25kHighOfficial Fix0.007270.00CVE-2023-21674
2IBM Security AppScan Enterprise Enterprise Source Database cryptographic issues9.88.5$5k-$25k$0-$5kUnprovenOfficial Fix0.000820.00CVE-2013-3989
3raspap-webgui activate_ovpncfg.php command injection8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.899660.00CVE-2022-39986
4Microsoft Windows Kernel Privilege Escalation7.26.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.000530.00CVE-2022-21881
5Microsoft Windows SMB Witness Service privileges management8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.001200.00CVE-2023-21549
6Microsoft SQL Server Privilege Escalation8.17.4$25k-$100k$0-$5kUnprovenOfficial Fix0.000430.05CVE-2022-23276
7PHP Everywhere Plugin Shortcode Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001080.02CVE-2022-24663
8HP 3PAR Service Processor SP information disclosure4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.001100.00CVE-2015-5443
9Oracle Java SE/Java SE Embedded Deployment memory corruption10.09.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.014720.03CVE-2013-5788
10WooCommerce PayU India Payment Gateway Plugin Purchase Price input validation6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001140.05CVE-2019-14978
11WooCommerce Instamojo Payment Gateway Plugin Purchase amount Price input validation7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.002410.00CVE-2019-14977
12Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.18CVE-2017-0055
13Omron CX-One CX-Programmer Password Storage information disclosure5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2015-0988
14Apache HTTP Server smbvalid/smbval authensmb memory corruption10.09.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.001330.02CVE-1999-1237
15Add Link to Facebook Plugin profile.php cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000570.03CVE-2018-5214
16openmosix libmosix.c this memory corruption4.04.0$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2008-1865
17Netgate pfSense XML File config.xml restore_rrddata command injection5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.459280.01CVE-2023-27253
18User Post Gallery Plugin authorization8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.051920.00CVE-2022-4060
19eSST Monitoring unrestricted upload7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.001160.00CVE-2023-41631
20Joomla Webservice Endpoint access control5.45.4$5k-$25k$5k-$25kHighNot Defined0.932080.00CVE-2023-23752

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.149.248.134Icloader04/08/2022verifiedHigh
2XXX.XX.XXX.XXxxxxxx-xx.xxx.xxXxxxxxxx04/08/2022verifiedHigh
3XXX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxx04/08/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-102CWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-49CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-154CWE-XXXXxxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (79)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/ajax/openvpn/activate_ovpncfg.phppredictiveHigh
2File/objects/getImageMP4.phppredictiveHigh
3File/payu/icpcheckout/predictiveHigh
4File/uncpath/predictiveMedium
5Fileadmin.phppredictiveMedium
6Fileasn1fix_retrieve.cpredictiveHigh
7Filebigsam_guestbook.phppredictiveHigh
8Filebooks.phppredictiveMedium
9Filecard/pay/.../amountpredictiveHigh
10Filexxxxxxxx.xxxpredictiveMedium
11Filexxxxx.xxxpredictiveMedium
12Filexxxxxx.xxxpredictiveMedium
13Filexxxxxx.xxxpredictiveMedium
14Filexx/xx_xxxxxxx.xxxpredictiveHigh
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxxxxxx/xxxx/xxxxxx/xxxxxxx.xpredictiveHigh
17Filexxxxx.xxxpredictiveMedium
18Filexxxxxxxx.xxxpredictiveMedium
19Filexxxxxxx.xxxpredictiveMedium
20Filexxxxxxxxx.xxxpredictiveHigh
21Filexxx/xxxxxx.xxxpredictiveHigh
22Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
23Filexxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
24Filexxxx_xxxx.xxxpredictiveHigh
25Filexxxxxxxx.xpredictiveMedium
26Filexxxxxxxx.xxxpredictiveMedium
27Filexxx/xxxx/xxxx_xxxx.xpredictiveHigh
28Filexxxx.xxxxxx.xxpredictiveHigh
29Filexxx/xxxxx.xxxxpredictiveHigh
30Filexxxxx-xxxxxxx.xxxpredictiveHigh
31Filexxxxxxx.xxxpredictiveMedium
32Filexxxx.xxxpredictiveMedium
33Filexxxxxxx.xxxpredictiveMedium
34Filexxxx-xx.xxx/xxx.xxxxx/xxx-xxxxxxxx-xxxx.xxxpredictiveHigh
35Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
36Filexxx/xxxx/xxxx/xxx.xxxxxxxx.xxxxxxx/xxxxxxx/xxx/xxxxxx.xxxxpredictiveHigh
37Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
38Filexx/xx/xxxxxxxxx_xxxxxxxxxxx.xxxpredictiveHigh
39Filexxxx.xxxpredictiveMedium
40Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
41Filexxx.xxxxxxxx.xxxpredictiveHigh
42Filexxxxxxxx.xxxpredictiveMedium
43Filexx-xxxxx/xxxxxxx.xxxpredictiveHigh
44Libraryxxxxxx.xxxpredictiveMedium
45Libraryxxx/xxxxxxx-xxxxxxxxx-x.x.x.xxxpredictiveHigh
46Libraryxxxxxxxx.xxx.xxxpredictiveHigh
47Argumentxxxxx_xxxxxxxx_xxpredictiveHigh
48ArgumentxxxxxxxxxpredictiveMedium
49ArgumentxxxxxxxxpredictiveMedium
50ArgumentxxxxxxpredictiveLow
51Argumentxxx_xxxpredictiveLow
52ArgumentxxxpredictiveLow
53Argumentxxx_xxpredictiveLow
54Argumentxxx_xxpredictiveLow
55ArgumentxxxpredictiveLow
56Argumentxxxx_xxpredictiveLow
57ArgumentxxxxxxxxpredictiveMedium
58ArgumentxxpredictiveLow
59ArgumentxxpredictiveLow
60ArgumentxxxxpredictiveLow
61Argumentxxxx_xxpredictiveLow
62ArgumentxxpredictiveLow
63ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
64Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
65ArgumentxxxxxxpredictiveLow
66ArgumentxxxxpredictiveLow
67ArgumentxxxxxxxpredictiveLow
68Argumentxxx_xxpredictiveLow
69ArgumentxxxpredictiveLow
70ArgumentxxxxpredictiveLow
71ArgumentxxxxxpredictiveLow
72ArgumentxxxpredictiveLow
73ArgumentxxxxxxpredictiveLow
74ArgumentxxxxxxxxpredictiveMedium
75Argumentxxxxxxxx/xxxxpredictiveHigh
76Argumentxxxxxxxx:xxxxxxxxpredictiveHigh
77Input Valuexxx[…]predictiveMedium
78Input Valuexxxxxxxxx:xxxxxxxxpredictiveHigh
79Network PortxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!