Packrat Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (85)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en56
pt22
es8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

br50
es10
us4
cl4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Packrat4
Banjori1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined14
Smartphone Operating System8
Web Browser6
Operating System6
Office Suite Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined10
Google8
Microsoft8
Linux4
Fortinet2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android8
Linux Kernel4
Microsoft Office4
Fortinet FortiMail2
avahi2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Dropbear SSH input validation8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.029110.06CVE-2016-7406
2OpenSSL Non-prime Moduli BN_mod_sqrt infinite loop6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.013420.00CVE-2022-0778
3VMware ESXi Host Client Stored cross site scripting5.24.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000760.00CVE-2017-4940
4HP Integrated Lights-Out IPMI Protocol credentials management8.28.0$5k-$25k$0-$5kHighWorkaround0.271960.04CVE-2013-4786
5Apache HTTP Server mod_reqtimeout resource management5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.016960.04CVE-2007-6750
6Linux Kernel Socket Buffer virtio_bt.c memory leak5.75.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.02CVE-2022-26878
7Microsoft Windows LSA information disclosure6.46.0$25k-$100k$5k-$25kHighOfficial Fix0.815520.05CVE-2021-36942
8Dropbear SSH dbclient/server Memory information disclosure4.44.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.04CVE-2016-7409
9Dropbear SSH dropbearconvert input validation8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009560.02CVE-2016-7407
10phpMyAdmin grab_globals.lib.php path traversal4.84.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.023340.11CVE-2005-3299
11Ietf MD5 cryptographic issues5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.012240.00CVE-2004-2761
12Sun Solaris Authentication improper authentication9.89.6$5k-$25k$0-$5kHighWorkaround0.012970.00CVE-1999-0502
13TP-LINK TL-WR840N buffer overflow5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000920.00CVE-2022-26642
14HP Intelligent Management Center tftpserver.exe input validation10.09.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.061530.00CVE-2011-1853
15Microsoft Windows SMB Processor EducatedScholar resource management7.37.0$5k-$25k$0-$5kHighOfficial Fix0.972660.00CVE-2009-3103
16avahi socket.c resource management5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.075140.04CVE-2011-1002
17OpenSSL EC information disclosure3.13.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.003860.05CVE-2021-4160
18Linux Kernel KVM authorization7.67.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000560.03CVE-2021-3653
19Fortinet FortiMail path traversal6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000930.00CVE-2021-24013
20Fortinet FortiMail Identity-Based Encryption Service missing encryption4.03.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000600.00CVE-2021-26099

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
146.246.89.246joana.homework.spacePackrat12/24/2020verifiedHigh
250.62.133.49ip-50-62-133-49.ip.secureserver.netPackrat12/24/2020verifiedHigh
3XXX.XXX.X.XXxxxxxxxx.xxxxxx.xxx.xxXxxxxxx12/24/2020verifiedHigh
4XXX.XXX.XX.XXxxxxxxxx.xxxxxx.xxx.xxXxxxxxx12/24/2020verifiedHigh
5XXX.XXX.XXX.XXXxxxxxxxx.xxxxxx.xxx.xxXxxxxxx12/24/2020verifiedHigh
6XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxx.xxxxxxxx.xxXxxxxxx12/24/2020verifiedHigh
7XXX.XXX.XXX.XXXxxxxxxxx-xxxxxx-xxx-xxx-xxx.xxxxxxxxxxxxx.xxxXxxxxxx12/24/2020verifiedHigh
8XXX.XXX.XXX.XXxx-xxx-xxx-xxx-xx.xx.xxxxxxxxxxxx.xxxXxxxxxx12/24/2020verifiedHigh
9XXX.XX.XXX.XXXxx-xxx-xx-xxx-xxx.xx.xxxxxxxxxxxx.xxxXxxxxxx12/24/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileapi/sms_check.phppredictiveHigh
2Fileavahi-core/socket.cpredictiveHigh
3Filechmextract.cpredictiveMedium
4Filexxxxxxx/xxxxxxxxx/xxxxxx_xx.xpredictiveHigh
5Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
6Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
7Filexxxxx.xxxpredictiveMedium
8Filexxxxxx_xxx.xpredictiveMedium
9Filexxxxx-xxx.xpredictiveMedium
10Filexxxxxxxxxx.xxxpredictiveHigh
11Libraryxxxxxxxx.xxxpredictiveMedium
12Argument-xpredictiveLow
13ArgumentxxxxpredictiveLow
14Argumentxxx_xxxpredictiveLow
15ArgumentxxxxxpredictiveLow
16ArgumentxxxxxxxxpredictiveMedium
17ArgumentxxxxxxxxpredictiveMedium
18ArgumentxxxxpredictiveLow
19Argumentxxxxxxxx/xxxxpredictiveHigh
20Argumentx_xx_xxxxxxxxxxxxxxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!