RecordStealer Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (581)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en442
ru76
zh46
es6
pt6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us268
cn96
ru76
mo20
pl20

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike23
FTP Info Stealer21
RecordBreaker18
RedLine Stealer14
Raccoon14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined178
Content Management System36
WordPress Plugin32
Operating System24
Firewall Software22

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined204
Microsoft22
Netgear14
Oracle14
Cisco10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

PHP16
WordPress14
Microsoft Windows10
Netgear SRX53088
Apache HTTP Server8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.04CVE-2013-5033
2PHP File Upload rfc1867.c input validation6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.034790.00CVE-2012-1172
3ThinkPHP input validation8.58.4$0-$5k$0-$5kHighOfficial Fix0.974550.03CVE-2019-9082
4nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.74CVE-2020-12440
5imgproxy cross site scripting5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000910.02CVE-2023-1496
6Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001120.03CVE-2021-3056
7ZZZCMS zzzphp File Upload unrestricted upload7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.000900.00CVE-2019-16720
8Redis heap-based overflow7.27.0$0-$5k$0-$5kNot DefinedOfficial Fix0.007500.04CVE-2023-41056
9vsftpd deny_file unknown vulnerability3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003120.22CVE-2015-1419
10WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.06CVE-2022-21664
11Microsoft Exchange Server ProxyShell Remote Code Execution9.58.7$25k-$100k$5k-$25kHighOfficial Fix0.973190.07CVE-2021-34473
12VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.00CVE-2019-13275
13Netgear SRX5308 Web Management Interface cross site scripting3.23.1$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000970.07CVE-2023-2385
14VICIdial vicidial.php cross site scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000750.04CVE-2021-35377
15Linksys WRT54GL Web Management Interface SysInfo1.htm information disclosure4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.04CVE-2024-1406
16Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.40CVE-2009-4935
17Shopware API sql injection8.88.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000910.03CVE-2024-22406
18WP Rocket Plugin path traversal6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.001540.03CVE-2017-11658
19ALPACA improper authentication5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001100.07CVE-2021-3618
20Exim neutralization8.17.8$0-$5k$0-$5kNot DefinedNot Defined0.000650.04CVE-2023-42117

IOC - Indicator of Compromise (32)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.67.34.152mail.worthlesspussy.infoRecordStealer10/05/2022verifiedHigh
245.67.34.234varitbucks.siteRecordStealer10/05/2022verifiedHigh
345.67.34.238vm644735.stark-industries.solutionsRecordStealer10/05/2022verifiedHigh
445.84.0.152vm603207.stark-industries.solutionsRecordStealer10/05/2022verifiedHigh
545.133.216.145new18.vpsfastRecordStealer10/05/2022verifiedHigh
645.133.216.170wireguard.vasilchenko.devRecordStealer10/05/2022verifiedHigh
745.133.216.249vm542550.stark-industries.solutionsRecordStealer10/05/2022verifiedHigh
8XX.XXX.XXX.XXXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxxxxxxx10/05/2022verifiedHigh
9XX.XXX.XXX.XXXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxxxxxxx10/05/2022verifiedHigh
10XX.XXX.XXX.XXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxxxxxxx10/05/2022verifiedHigh
11XX.XXX.XXX.XXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxxxxxxx10/05/2022verifiedHigh
12XX.XXX.XX.XXXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxxxxxxx10/05/2022verifiedHigh
13XX.XXX.XX.XXXxxxxxxxxxxxx10/05/2022verifiedHigh
14XX.XXX.XXX.XXXxxx-xx.xxxxxXxxxxxxxxxxxx10/05/2022verifiedHigh
15XX.XXX.XXX.XXXxxxxxxxxxxxx10/05/2022verifiedHigh
16XX.XXX.XXX.XXxxxxxx.xxxxxxxx.xxxXxxxxxxxxxxxx10/05/2022verifiedHigh
17XX.XX.XX.XXxxxx.xxxxxxx.xxxxXxxxxxxxxxxxx10/05/2022verifiedHigh
18XX.XX.XXX.XXxxx.xxxxxxx.xxxxxxXxxxxxxxxxxxx10/05/2022verifiedHigh
19XX.XX.XXX.XXXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxxxxxxx10/05/2022verifiedHigh
20XX.XX.XXX.XXXxxxxxxxxxxxx10/05/2022verifiedHigh
21XX.XXX.XX.XXXxxxxxxxxx.xxxXxxxxxxxxxxxx10/05/2022verifiedHigh
22XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxxxx.xxxXxxxxxxxxxxxx10/05/2022verifiedHigh
23XX.XXX.XXX.XXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxxxxx10/05/2022verifiedHigh
24XXX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxxxxx10/05/2022verifiedHigh
25XXX.XX.XX.Xxxxxxxxxx.xxXxxxxxxxxxxxx10/05/2022verifiedHigh
26XXX.XX.XXX.XXXxxxxxxxxxxxx10/05/2022verifiedHigh
27XXX.XX.XXX.XXXxxxxxxxxxxxx10/05/2022verifiedHigh
28XXX.XX.XXX.XXXxxxxxxxxxxxx10/05/2022verifiedHigh
29XXX.XX.XXX.XXXxxxxxxxxxxxx10/05/2022verifiedHigh
30XXX.XX.XXX.XXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxxxxxxx10/05/2022verifiedHigh
31XXX.XX.XXX.XXxxx.xxxxx.xxXxxxxxxxxxxxx10/05/2022verifiedHigh
32XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxx.xxxXxxxxxxxxxxxx10/05/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (23)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94, CWE-1321Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
12TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-466CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-154CWE-XXXXxxxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
18TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
20TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
21TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
22TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh
23TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (256)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/agc/vicidial.phppredictiveHigh
2File/api/baskets/{name}predictiveHigh
3File/api/RecordingList/DownloadRecord?file=predictiveHigh
4File/apply.cgipredictiveMedium
5File/cgi-bin/luci/api/switchpredictiveHigh
6File/cgi-bin/sm_changepassword.cgipredictiveHigh
7File/classes/Master.php?f=delete_inquirypredictiveHigh
8File/contact.phppredictiveMedium
9File/core/config-revisionspredictiveHigh
10File/debuginfo.htmpredictiveHigh
11File/Electron/downloadpredictiveHigh
12File/exportpredictiveLow
13File/forum/away.phppredictiveHigh
14File/guest_auth/cfg/upLoadCfg.phppredictiveHigh
15File/include/chart_generator.phppredictiveHigh
16File/index.phppredictiveMedium
17File/items/searchpredictiveHigh
18File/jsonrpcpredictiveMedium
19File/load.phppredictiveMedium
20File/lua/set-passwd.luapredictiveHigh
21File/mims/login.phppredictiveHigh
22File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
23File/pages/animals.phppredictiveHigh
24File/php/ping.phppredictiveHigh
25File/rapi/read_urlpredictiveHigh
26File/scripts/cpan_configpredictiveHigh
27File/scripts/unlock_tasks.phppredictiveHigh
28File/SetTriggerWPS/PINpredictiveHigh
29File/xxxxxxxx/xxxxx/xxxxxx.xxxxpredictiveHigh
30File/xxxxxxxx.xxxpredictiveHigh
31File/xxxxxxx_xxxx.xxxpredictiveHigh
32File/xxxxxx/xxxx/xxxxxxx/xxx_xxxxx/xxxxxxxxxx.xxxpredictiveHigh
33File/xxxxxpredictiveLow
34File/xxx/xxxx/_xxxxxxxx/xxxxxxxxxxxxx.xxx.xxxpredictiveHigh
35File/xx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
36File/xx-xxxxx/xxxxx-xxxx.xxx?xx_xxxx=x&xxxxxx_xxxxpredictiveHigh
37Filexxxxx.xxx/xxxxx-x.x.xxx/xxxxxxx.xxx/xxxx.xxxpredictiveHigh
38Filexxxxxxx.xxxpredictiveMedium
39Filexxxxxxxxxxxx.xxxpredictiveHigh
40Filexxxxx-xxxx.xxx?xxxxxx=xxx_xxxxxxx xxxxx[x][xxx]predictiveHigh
41Filexxxxx/xxxxxx/xxxxxxx.xxxpredictiveHigh
42Filexxxxx/xxx_xxxx/xxxxx.xxxpredictiveHigh
43Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
44Filexxxx.xxxpredictiveMedium
45Filexxxxxxx/xxx/xxxx/xxxx/xx/xxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
46Filexxx_xxxxxxx.xxxpredictiveHigh
47Filexxxxxxx/xxxx.xxxpredictiveHigh
48Filexxx\xxxxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
49Filexxxx/xxxx.xxxxpredictiveHigh
50Filexxxxxxx.xxpredictiveMedium
51Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
52Filexxxxxxxxxx/xxxxxxxxxx.xxx/xxxxxxx/xxx/xxxxxxxxxxxxxxxx.xxpredictiveHigh
53Filexxxxxxx.xxxxpredictiveMedium
54Filexxxxxxxx.xxxpredictiveMedium
55Filexxx-xxx/xxxxxxx.xxpredictiveHigh
56Filexxxxxxx/xxxxx-xxxxxxxxxxx-xxx-xxxxxxxxx.xxxpredictiveHigh
57Filexxxx_xxxx_xxxxx.xxxpredictiveHigh
58Filexxxxxx/xxx.xpredictiveMedium
59Filexxxxxxx_xxxx.xxxpredictiveHigh
60Filexxxxxxxxxx.xxxxx.xxxpredictiveHigh
61Filexxxxxx/xxxxxxx/xxx_xxx.xpredictiveHigh
62Filexxxxxxx.xxxpredictiveMedium
63Filexxxxxxxxx.xxx.xxxpredictiveHigh
64Filexxxxx/xxxxx.xxxpredictiveHigh
65Filexxxx_xxxxx.xxxpredictiveHigh
66Filexxxxx.xxxpredictiveMedium
67Filexxxxxxxx-xxx/xx.xxxpredictiveHigh
68Filexxxxx.xpredictiveLow
69Filexxxxxxxx.xxxxpredictiveHigh
70Filexxxxxxx.xxxpredictiveMedium
71Filexxx/xxx/xxx_xxxx.xpredictiveHigh
72Filexxxxx/xxxx.xxxpredictiveHigh
73Filexx/xx-xx.xpredictiveMedium
74Filexxx/xxxx_xxxx.xpredictiveHigh
75Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
76Filexxxxxx/xxxxxxxxxxxpredictiveHigh
77Filexxxx_xxxxxx.xpredictiveHigh
78Filexxxxxx.xxxpredictiveMedium
79Filexxxx.xxxpredictiveMedium
80Filexxxx/xxxxxxx.xpredictiveHigh
81Filexx/xxx/xxxx_xxxxx.xpredictiveHigh
82Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
83Filexxx/xxxxxx.xxxpredictiveHigh
84Filexxxxxxx.xxxpredictiveMedium
85Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
86Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveHigh
87Filexxxxx.xxxpredictiveMedium
88Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
89Filexxxxxxx.xxxpredictiveMedium
90Filexxxxxxxxxx.xxxpredictiveHigh
91Filexxx/xxxxx/xxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
92Filexxxx_xxx_xxxxxx.xpredictiveHigh
93Filexxxxx.xxxpredictiveMedium
94Filexxxxx.xxxpredictiveMedium
95Filexxxxx.xxxxpredictiveMedium
96Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
97Filexxx/xxx.xxxpredictiveMedium
98Filexx/xxxx.xpredictiveMedium
99Filexxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
100Filexxx_xxxxxx.xpredictiveMedium
101Filexxx_xxxx.xxxpredictiveMedium
102Filexxxx_xxxxxx.xpredictiveHigh
103Filexxx%xx.xxxpredictiveMedium
104Filexxx_xxxxxxxxx.xpredictiveHigh
105Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHigh
106Filexxxxxxx/xxx/xxxxxxx/xxxxxx/xxxx-xxxxxxxxxx/<xxxxxx>/xx.xxxpredictiveHigh
107Filexxxxx.xxxpredictiveMedium
108Filexxxxxx.xpredictiveMedium
109Filexxxx.xxxpredictiveMedium
110Filexxxxx.xxxpredictiveMedium
111Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
112Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictiveHigh
113Filexxxxxxxx.xxxpredictiveMedium
114Filexxxxxxx.xpredictiveMedium
115Filexxxxxxxx.xxxpredictiveMedium
116Filexxxx/xxx/xxx_xxxx.xpredictiveHigh
117Filexxxx-xxx/xxxxxxxx.xxx?xxxx=xxxxxxxx_xxxx_xxxxx.xxxpredictiveHigh
118Filexxxx-xxx/xxxxxxxx.xxx?xxxx=xxx_xxxxxxxx.xxxpredictiveHigh
119Filexxxxxx/xxxx_xxxxxxx_xxx.xxpredictiveHigh
120Filexxxxx.xxxpredictiveMedium
121Filexxxxx.xxxpredictiveMedium
122Filexxxxxxxxx.xxxpredictiveHigh
123Filexxxx_xxxxxx_xxxxxx.xxxpredictiveHigh
124Filexxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxx%xxxxxxxxx/xxxxxxxxxxxxxx.xxxxpredictiveHigh
125Filexxx_xxxxxxxxxxxxxxx.xpredictiveHigh
126Filexxxx.xxxpredictiveMedium
127Filexxxxx/xxxxx.xxxpredictiveHigh
128Filexxxxxxx/xxxx/xxxxxxx.xxxpredictiveHigh
129Filexxxxxx.xpredictiveMedium
130Filexxxxxxxxxxxx.xxxpredictiveHigh
131Filexxxxxxxx.xxxpredictiveMedium
132Filexxxxxx.xxxpredictiveMedium
133Filexxxxxx_xxx.xxxpredictiveHigh
134Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
135Filexxxxxxxxx.xxxpredictiveHigh
136Filexxxxx/xxx/xxxxxxx/xxxxxx.xxxpredictiveHigh
137Filexxxxxxxxx.xxxpredictiveHigh
138Filexxxxxxx/xxxxxxxx-xxxxpredictiveHigh
139Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
140Filexxxx\xxxxxx_xxxx.xxxpredictiveHigh
141Filexxxxxx\xxxxxx\xxxxxxxxx-xxxxxx-xxxxxxx\xxx\xxxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
142FilexxxxxxxxxxpredictiveMedium
143Filexxxxxxx.xxxpredictiveMedium
144Filexxxxxxx/xxxxx.xxxpredictiveHigh
145Filexxxx.xxxxx.xxxxxxpredictiveHigh
146Filexx-xxxxx/xxxxx.xxx?xx-xxxxx-xxxxxx[]=xxxxxpredictiveHigh
147Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
148Filexx-xxxxx.xxxpredictiveMedium
149Libraryxxxxxxxxx.xxxpredictiveHigh
150Libraryxxx/xxxxx_xxxxxx.xxxpredictiveHigh
151Libraryxxx/xx/xxxxx/xxxxxxxxxx/xxxx.xxpredictiveHigh
152LibraryxxxxpredictiveLow
153Libraryxxxxxxxxx/xxxxxxx_xxx.xxx.xxxpredictiveHigh
154Libraryxxxxxxx/xxx/xxxxxxxxx/xxxxx_xxxxxxx.xxxpredictiveHigh
155Libraryxxx/xx_xxx.xpredictiveMedium
156Libraryxxxxxxxx/xxxxxxx/xxxxx/xxx.xxxpredictiveHigh
157Libraryxxxx.xxxxxpredictiveMedium
158Argument$_xxxxxx['xxxxx_xxxxxx']predictiveHigh
159Argument?xxxx_xxxx=xxxxxxx.xxx/xxxx=xxxxxx/xxx=xxx+/xxx/.xxxxxxxx/xxxxxxx=//xxxxxxxxxxxxxx.xxx=xpredictiveHigh
160ArgumentxxxxxxpredictiveLow
161Argumentxxxxxxx_xxxxpredictiveMedium
162ArgumentxxxxxpredictiveLow
163Argumentxxxxxx_xxxxpredictiveMedium
164ArgumentxxxxxxxxpredictiveMedium
165ArgumentxxxpredictiveLow
166ArgumentxxpredictiveLow
167ArgumentxxxpredictiveLow
168Argumentxxxxx_xxpredictiveMedium
169Argumentxxxx_xxpredictiveLow
170ArgumentxxxxxxpredictiveLow
171ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
172ArgumentxxxxxpredictiveLow
173Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
174ArgumentxxxxpredictiveLow
175Argumentxxxxxx_xxpredictiveMedium
176ArgumentxxxxxxxpredictiveLow
177ArgumentxxxxxxxxpredictiveMedium
178ArgumentxxxxxxxxpredictiveMedium
179ArgumentxxxxxxpredictiveLow
180ArgumentxxxxxxxxpredictiveMedium
181Argumentxxxxx xxxxpredictiveMedium
182Argumentxxxxx_xxxx/xxxxxx_xxxx/xxxxx/xxxxxxx_x/xxxxxxxpredictiveHigh
183Argumentxxxxx.xxxxxxxxx/xxxxx.xxxxxxxxxxpredictiveHigh
184Argumentxxxxxxx[xxxx_xxx][$xxxx->xxxx][xxxxxxxxxxxxxxpredictiveHigh
185ArgumentxxxxxxxxpredictiveMedium
186ArgumentxxxxpredictiveLow
187ArgumentxxxxpredictiveLow
188ArgumentxxxxpredictiveLow
189ArgumentxxpredictiveLow
190ArgumentxxxxxxpredictiveLow
191Argumentxx xxxxxxxpredictiveMedium
192Argumentxxxxxxxxxxxxxx.xxxxxxxxxxxxxpredictiveHigh
193Argumentxxxxxxxx[xx]predictiveMedium
194ArgumentxxxxxxxpredictiveLow
195Argumentxxxx/xxx_xxxxxxxxxpredictiveHigh
196ArgumentxxxxxxxxxxpredictiveMedium
197Argumentxxx_xxxxpredictiveMedium
198Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
199Argumentxxxx/xxxxpredictiveMedium
200ArgumentxxxxxxxxpredictiveMedium
201ArgumentxxxxxxxxpredictiveMedium
202ArgumentxxxxxxxxpredictiveMedium
203Argumentxxxx_xxxxxxpredictiveMedium
204Argumentxxxxx_xxxx_xxxpredictiveHigh
205ArgumentxxxxxxxxxxxpredictiveMedium
206Argumentxxxxxxx/xxxxxpredictiveHigh
207Argumentxxxxxx_xxxxpredictiveMedium
208ArgumentxxxxxxxxpredictiveMedium
209ArgumentxxxxxxpredictiveLow
210ArgumentxxxxxxxxxxpredictiveMedium
211ArgumentxxxxpredictiveLow
212Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
213Argumentxxxxxx_xxxpredictiveMedium
214Argumentxxxxxx_xxxxpredictiveMedium
215Argumentxxxxxxx_xxpredictiveMedium
216Argumentxxxx_xxpredictiveLow
217Argumentxxxxxxxxxx.xxxxxxxxxxxpredictiveHigh
218ArgumentxxxxxxxxxxpredictiveMedium
219Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
220Argumentxxxx_xxxxxx/xxxxxx/xxxxxxpredictiveHigh
221ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
222Argumentxxxx_xxpredictiveLow
223Argumentxxxxxxxxxxx/xxxxxx/xxxxxxxxxx/xxxxxxxxpredictiveHigh
224ArgumentxxxpredictiveLow
225ArgumentxxxpredictiveLow
226ArgumentxxxxpredictiveLow
227Argumentxxxxxxxxxxx.xxxxxxxxpredictiveHigh
228ArgumentxxxxxxxxpredictiveMedium
229Argumentxxxxxxxx/xxxxpredictiveHigh
230Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
231ArgumentxxxxxpredictiveLow
232Argumentxxxxx[_xxxxxxxx]predictiveHigh
233ArgumentxxxxpredictiveLow
234Argumentxxxx/xx/xxxx/xxxpredictiveHigh
235ArgumentxxxxxxxpredictiveLow
236Argumentxxx_xxxxxpredictiveMedium
237Argumentx_xxpredictiveLow
238Argument_xxxxxpredictiveLow
239Argument_xxx_xxxxxxxxxxx_predictiveHigh
240Input Value'||x=x#predictiveLow
241Input Value-xpredictiveLow
242Input Value.%xx.../.%xx.../predictiveHigh
243Input Value..predictiveLow
244Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
245Input Value//xxxxxxx.xxxpredictiveHigh
246Input Value<<xx xxxxxx=xxxxx(x)>>xxxx</xx>predictiveHigh
247Input Valuexxxxxxx -xxxpredictiveMedium
248Input ValuexxxxxxxxxxpredictiveMedium
249Patternx-xxxxxxxxxxpredictiveMedium
250Pattern|xx xx xx|predictiveMedium
251Network PortxxxxpredictiveLow
252Network PortxxxxpredictiveLow
253Network Portxxxx xxxxpredictiveMedium
254Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh
255Network Portxxx/xxxpredictiveLow
256Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!