RedEnergy Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (218)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en216
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ca112

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

RedEnergy1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined62
Web Browser16
Programming Language Software10
Web Server8
File Transfer Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined34
Microsoft12
Oracle12
IBM10
Cisco6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Oracle Java SE6
Google Chrome4
Microsoft SQL Server Management Studio4
webpagetest4
Adobe Acrobat Reader4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Apache2Triad session fixiation8.07.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.011810.07CVE-2017-12965
2Apache2Triad users.php cross site scripting5.25.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.002740.00CVE-2017-12971
3Ensim WEBppliance access control5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002960.00CVE-2002-2344
4Apache2Triad users.php cross-site request forgery6.56.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.007730.00CVE-2017-12970
5Web2py information disclosure6.46.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.006260.01CVE-2016-4806
6Splunk Enterprise splunk-launch.conf access control7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2017-18348
7Oracle Java SE Networking information disclosure5.95.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.005930.00CVE-2016-5597
8Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.26CVE-2017-0055
9IBM AIX WebSM denial of service5.35.0$5k-$25k$0-$5kProof-of-ConceptNot Defined0.007670.00CVE-2007-2995
10Fleugel myu-s cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002000.00CVE-2012-5186
11webpagetest index.php cross site scripting5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.000980.00CVE-2017-6538
12webpagetest viewtest.php cross site scripting5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.000980.00CVE-2017-6541
13BACnet Protocol Stack bacserv Daemon bacdcode.c out-of-bounds6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.065660.04CVE-2019-12480
14Revive Adserver CSRF Protection redirect5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001810.00CVE-2020-8143
15Nagios MagpieRSS fetch access control8.58.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.262690.04CVE-2016-9565
16NGSEC StackDefender ZwProtectVirtualMemory denial of service5.34.6$0-$5k$0-$5kUnprovenOfficial Fix0.001320.00CVE-2004-0766
17Intel Graphics Driver Content Protection HECI Service type conversion6.56.2$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000740.03CVE-2017-5717
18Libssh2 packet.c integer overflow7.27.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004080.02CVE-2019-17498
19Apple Mac OS X CoreCapture null pointer dereference8.37.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.004540.00CVE-2016-1803
20IBM QRadar SIEM improper authentication7.77.7$5k-$25k$5k-$25kNot DefinedNot Defined0.000880.00CVE-2019-4210

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
151.68.11.192ftp.cluster003.hosting.ovh.netRedEnergy06/23/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
3T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
4T1083CAPEC-150CWE-552File and Directory Information ExposurepredictiveHigh
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
11TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
12TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-20CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (67)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File$SPLUNK_HOME/etc/splunk-launch.confpredictiveHigh
2File/employee.htmlpredictiveHigh
3File/phppath/phppredictiveMedium
4File/uncpath/predictiveMedium
5Fileadd_headers.phppredictiveHigh
6Fileadmin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=userpredictiveHigh
7Fileadmin/mcart_xls_import.phppredictiveHigh
8Filebacdcode.cpredictiveMedium
9Filexxxxxxxx_xxxx.xxxpredictiveHigh
10Filexxx.xpredictiveLow
11Filexxxxxxxx.xxxpredictiveMedium
12Filexxxxx/xxxxxxx.xxpredictiveHigh
13Filexxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxxxxx.xxxpredictiveMedium
15Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxx.xpredictiveLow
17Filexxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxx.xxxpredictiveMedium
19Filexxx/xxx/xxx.xpredictiveHigh
20Filexxxxxx.xpredictiveMedium
21Filexxxx/xxxxxxxxx.xxxpredictiveHigh
22Filexxxxxxxx/xxxxx.xxxpredictiveHigh
23Filexxxxx.xxxpredictiveMedium
24Filexxxxxx_xxxx.xxxpredictiveHigh
25Filexxxxxx/xxxxxxxx.xxxxpredictiveHigh
26Filexxxx.xxxpredictiveMedium
27Filexxxxxxx.xxpredictiveMedium
28Filexxx.xxxxxxxx.xxxpredictiveHigh
29Filexxxxxxxxxxx-xxxxxx/xxx/xxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
30Filexxxxxxxxxxx-xxxxxx/xxx/xxxxxxxxxx/xxxx.xxxpredictiveHigh
31Filexxxxxxxxxxx-xxxxxx/xxx/xxxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
32Filexxxxxxxxxxx-xxxxxx/xxx/xxxxxxxxxx/xxxxx.xxxpredictiveHigh
33Libraryxxxxxx.xxxpredictiveMedium
34Libraryxxxxxx.xxxpredictiveMedium
35Libraryxxxxxxxxxxxxxx_xx.xxxpredictiveHigh
36Libraryxxxxxxx.xxxpredictiveMedium
37Libraryxxxxxx.xxxpredictiveMedium
38Libraryxxx.xxxpredictiveLow
39Libraryxxxxxxxx.xxxpredictiveMedium
40ArgumentxxxxxxxpredictiveLow
41ArgumentxxxxxxxxxxxpredictiveMedium
42ArgumentxxxxxxxxxpredictiveMedium
43Argumentxxxxxxxxx/xxxxpredictiveHigh
44ArgumentxxxxxxpredictiveLow
45ArgumentxxxxxxxpredictiveLow
46ArgumentxxxxxxxxpredictiveMedium
47Argumentxxxxx_xxxxpredictiveMedium
48ArgumentxxxxpredictiveLow
49ArgumentxxxxxxxxpredictiveMedium
50Argumentxxxxx_xxpredictiveMedium
51ArgumentxxxxxxxxxpredictiveMedium
52ArgumentxxxxpredictiveLow
53ArgumentxxxxpredictiveLow
54ArgumentxxxxxxxxxpredictiveMedium
55ArgumentxxxpredictiveLow
56ArgumentxxxxpredictiveLow
57ArgumentxxxxxxxxxxpredictiveMedium
58ArgumentxxxxxxxxxxxxpredictiveMedium
59ArgumentxxxxxpredictiveLow
60Argumentxxx_xxxxxx_xxxxxxx_xx_xxxpredictiveHigh
61Input Value..predictiveLow
62Input Value<xxxxxxxx>.predictiveMedium
63Input Valuexxxx -xpredictiveLow
64Input Valuexxxxx ?????????????????? ? ?x ? ? ?predictiveHigh
65Pattern|xx xx|predictiveLow
66Network Portxxx/xx (xxxxxx)predictiveHigh
67Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!