NodeJS Ransomware Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (45)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en46

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ru44

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Banjori1
Ursnif1
SmokeLoader1
GandCrab1
Emotet1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined16
Programming Language Software8
Web Server4
Operating System4
Web Browser4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined10
Microsoft6
Oracle6
Google2
SuSE2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Oracle Java SE6
Microsoft Internet Explorer4
Microsoft IIS2
Google Android2
Oracle Java SE Embedded2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1HP 3PAR Service Processor SP information disclosure4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.001100.00CVE-2015-5443
2Microsoft Internet Explorer MHT File xml external entity reference4.34.1$25k-$100k$0-$5kProof-of-ConceptUnavailable0.000000.00
3IBM HTTP Server memory corruption6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.003590.03CVE-2015-4947
4TYPO3 spell-check-logic.php unknown vulnerability4.84.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.050560.02CVE-2006-6690
5PHP Scripts Mall Muslim Matrimonial Script view-profile.php sql injection7.56.9$0-$5k$0-$5kNot DefinedNot Defined0.000910.00CVE-2017-17983
6PHP Scripts Mall PHP Multivendor Ecommerce my_wishlist.php sql injection8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.001720.04CVE-2017-17957
7Mitel ShoreTel MiVoice Connect Web Application home.php Reflected cross site scripting5.75.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001150.00CVE-2020-12679
8OpenEMR Access Restriction fax_dispatch.php access control7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.007580.04CVE-2018-10573
9Basic B2B Script product_details.php sql injection8.58.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002420.03CVE-2017-17600
10Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.18CVE-2017-0055
11Linux Kernel Multithreading af_packet.c use after free5.14.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.05CVE-2017-6346
12Microsoft Internet Explorer memory corruption6.35.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.488510.00CVE-2014-4099
13OpenSSH scp input validation5.35.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.002010.06CVE-2019-6111
14Oracle Java SE/Java SE Embedded Deployment memory corruption10.09.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.014720.03CVE-2013-5788
15vmware Remote Console vmware-vmrc.exe format string10.09.4$25k-$100k$0-$5kProof-of-ConceptNot Defined0.911510.00CVE-2009-3732
16Microsoft Windows rpc access control6.66.5$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.327620.04CVE-2017-8461
173PAR Service Processor path traversal6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.05CVE-2018-7098
18CFITSIO memory corruption8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.004480.00CVE-2018-3847
19SAP Crystal Reports ActiveX Control CrystalReports12.CrystalPrintControl.1 memory corruption10.010.0$25k-$100k$0-$5kHighNot Defined0.907610.00CVE-2010-2590
20IBM QRadar SIEM Process os command injection7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001490.00CVE-2016-2876

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
192.53.96.31angela.timeweb.ruNodeJS Ransomware03/26/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (28)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/uncpath/predictiveMedium
2Fileadmin/index.phppredictiveHigh
3Fileafd.syspredictiveLow
4FileCrystalReports12.CrystalPrintControl.1predictiveHigh
5Filexxxx.xxxpredictiveMedium
6Filexxxxx.xxxpredictiveMedium
7Filexxxxxxxxx/xxx/xxx_xxxxxxxx.xxxpredictiveHigh
8Filexx_xxxxxxxx.xxxpredictiveHigh
9Filexxx/xxxxxx/xx_xxxxxx.xpredictiveHigh
10Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
11Filexxxxx.xxxpredictiveMedium
12Filexx.xxxpredictiveLow
13Filexxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxx-xxxxx-xxxxx.xxxpredictiveHigh
15Filexxxx-xxxxxxx.xxxpredictiveHigh
16Filexxxxxx-xxxx.xxxpredictiveHigh
17Libraryxxxxxxxxxxxx.xxxpredictiveHigh
18Argumentxxx_xxpredictiveLow
19ArgumentxxxpredictiveLow
20ArgumentxxxpredictiveLow
21ArgumentxxpredictiveLow
22ArgumentxxxxxpredictiveLow
23Argumentxxx_xxpredictiveLow
24Argumentxxxx_xxxxpredictiveMedium
25ArgumentxxxxxxxxxxxpredictiveMedium
26ArgumentxxxxpredictiveLow
27Argumentxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxpredictiveHigh
28ArgumentxxxxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!