Plurox Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (23)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	24

Country

ru	22
us	2

Actors

Plurox	2
Gamaredon	1
SocGholish	1
DCRat	1
Hook	1

Activities

Interest

Timeline

Type

Not Defined	14
Web Browser	2
Multimedia Player Software	2
Operating System	2
Programming Tool Software	2

Vendor

Not Defined	4
ABB	2
Mozilla	2
Adobe	2
Oracle	2

Product

ABB System 800xA Information Manager	2
Mozilla Firefox	2
Mozilla Firefox ESR	2
Mozilla Thunderbird	2
Adobe Flash Player	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	BigBlueButton cross site scripting	6.2	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00068	0.00	CVE-2021-4143
3	Grafana Proxy authentication spoofing	5.8	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00269	0.00	CVE-2022-35957
4	phpMyAdmin SearchController sql injection	8.0	7.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00745	0.00	CVE-2020-26935
5	AWStats awstats.pl pathname traversal	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00499	0.09	CVE-2020-35176
6	OpenEMR Create New User cross site scripting	3.6	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02432	0.00	CVE-2021-25919
7	Mozilla Firefox/Firefox ESR/Thunderbird Content Security Policy cross-domain policy	5.3	5.1	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00763	0.00	CVE-2021-23968
8	Cisco Unified Communications Manager Web-based Management Interface cross-site request forgery	5.9	5.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00113	0.00	CVE-2020-3135
9	INplc SD Card Manager untrusted search path	6.5	6.5	$0-$5k	Calculating	Not Defined	Not Defined	0.00070	0.00	CVE-2018-0667
10	Affiliate Tracking Script adminlogin.asp sql injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
11	Apple tvOS FontParser Memory memory corruption	6.5	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00712	0.00	CVE-2016-4718
12	Google Android libziparchive access control	6.3	6.3	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.00071	0.00	CVE-2016-6762
13	IBM AIX FTP Server access control	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00156	0.00	CVE-2012-4845
14	GeniXCMS Media Rename data processing	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00135	0.00	CVE-2017-5520
15	Rockwell FactoryTalk EnergyMetrix Logout improper authorization	6.8	6.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00181	0.00	CVE-2016-4531
16	Apache Struts Restriction input validation	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00914	0.00	CVE-2016-4431
17	Adobe Flash Player TCP Connection 7pk security	6.8	6.6	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00261	0.02	CVE-2017-2938
18	Dell Alienware Digital Delivery Universal Windows Platform access control	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2019-3744
19	Dell Alienware Digital Delivery Named Pipe access control	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00046	0.06	CVE-2019-3742
20	Oracle Agile Engineering Data Management Install (Apache Tomcat) access control	6.5	6.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00119	0.02	CVE-2018-1305

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	37.140.199.65	37-140-199-65.xen.vps.regruhosting.ru	Plurox	12/30/2022	verified	High
2	XXX.XX.XX.XX	xxx-xx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xx	Xxxxxx	12/30/2022	verified	High
3	XXX.XXX.XXX.XXX	xxxx.xxxxxx.xxx	Xxxxxx	12/30/2022	verified	High

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CWE-21	Path Traversal	predictive	High
2	T1059.007	CWE-79	Cross Site Scripting	predictive	High
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
4	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
6	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	High
7	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	High
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (6)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/adminlogin.asp	predictive	High
2	File	cgi-bin/awstats.pl	predictive	High
3	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
4	Argument	xxxxxx	predictive	Low
5	Argument	xxxxxxxx/xxxxxxxx	predictive	High
6	Input Value	'xx''='	predictive	Low

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!