RedFoxtrot Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (759)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en654
zh84
it8
ja6
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us156
cn138
kr4
gb4
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

RedFoxtrot20
Cobalt Strike5
IcedID3
Meterpreter1
ShadowPad1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined126
Operating System100
Web Browser82
Multimedia Player Software36
Database Software28

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Microsoft124
Not Defined120
Apple76
Oracle34
IBM34

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows48
Google Chrome26
Mozilla Firefox22
Linux Kernel20
Microsoft Internet Explorer20

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010759.30CVE-2006-6168
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.77CVE-2010-0966
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
4Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.43CVE-2020-15906
5Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform importexport.php os command injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000920.08CVE-2023-4873
6LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.36
7WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.03CVE-2022-21664
8SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002200.06CVE-2023-2090
9Drupal Database Connection Error Message information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
10Sun Java fontmanager.dll UIManager.getSystemLookAndFeelClassName memory corruption7.87.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.000000.00
11Citrix XenServer Web Self Service Management Interface Privilege Escalation6.36.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.000000.00
12WP Statistics Plugin class-wp-statistics-hits.php sql injection8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.269550.05CVE-2022-25149
13xrdp sesman Server integer underflow7.87.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000500.05CVE-2022-23613
14Liferay Portal CE JSON Payload deserialization7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.012890.02CVE-2019-16891
15Cisco ASA Command Line Interface EpicBanana/JetPlow privileges management7.87.6$5k-$25k$0-$5kHighOfficial Fix0.975070.00CVE-2016-6367
16Hikvision Product Message command injection5.55.5$0-$5k$0-$5kHighNot Defined0.974850.03CVE-2021-36260
17VMware ESXi/Workstation/Fusion vmxnet3 Virtual Network Adapter out-of-bounds write4.44.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2020-3971
18Mail Masta Plugin csvexport.php sql injection8.58.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.005970.00CVE-2017-6095
19Apple macOS out-of-bounds4.44.2$0-$5kCalculatingNot DefinedOfficial Fix0.000770.00CVE-2020-9944
20Apple tvOS out-of-bounds4.44.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000770.00CVE-2020-9943

IOC - Indicator of Compromise (22)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.32.22.22045.32.22.220.vultrusercontent.comRedFoxtrot10/12/2022verifiedHigh
245.32.146.17445.32.146.174.vultrusercontent.comRedFoxtrot10/12/2022verifiedHigh
345.76.216.6245.76.216.62.vultrusercontent.comRedFoxtrot10/12/2022verifiedHigh
445.77.178.76thematrix.devRedFoxtrot10/12/2022verifiedHigh
566.42.33.21466.42.33.214.vultrusercontent.comRedFoxtrot10/12/2022verifiedHigh
6XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx10/12/2022verifiedHigh
7XXX.XX.XXX.XXxxxxxxx-xxxx.xxxxxxxxxxxxxxxxXxxxxxxxxx10/12/2022verifiedHigh
8XXX.XXX.XXX.XXXXxxxxxxxxx10/12/2022verifiedHigh
9XXX.XXX.XXX.XXXxxxxxxxxx10/12/2022verifiedHigh
10XXX.XXX.XXX.XXXxx-xxxxxxx-xxxxxx-xxxxxxxx.xxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxxxx10/12/2022verifiedHigh
11XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx10/12/2022verifiedHigh
12XXX.XX.XXX.XXXXxxxxxxxxx10/12/2022verifiedHigh
13XXX.XXX.XXX.XXxxxxxxxxx10/12/2022verifiedHigh
14XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxx10/12/2022verifiedHigh
15XXX.XXX.XXX.XXXXxxxxxxxxx10/12/2022verifiedHigh
16XXX.XXX.XXX.XXXXxxxxxxxxx10/12/2022verifiedHigh
17XXX.XXX.XXX.XXXxxxxxxxxx10/12/2022verifiedHigh
18XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx10/12/2022verifiedHigh
19XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx10/12/2022verifiedHigh
20XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx10/12/2022verifiedHigh
21XXX.XXX.XXX.XXXXxxxxxxxxx10/12/2022verifiedHigh
22XXX.XXX.XXX.XXXxxxxxxxxxxxxxx.xxxxxXxxxxxxxxx10/12/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-24Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294, CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
12TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
13TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-154CWE-XXXXxxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh
21TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (195)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/maintenance/view_designation.phppredictiveHigh
2File/admin/sys_sql_query.phppredictiveHigh
3File/app/Http/Controllers/Admin/NEditorController.phppredictiveHigh
4File/cgi-bin/luci/api/wirelesspredictiveHigh
5File/cgi-bin/vitogate.cgipredictiveHigh
6File/forum/away.phppredictiveHigh
7File/getcfg.phppredictiveMedium
8File/group1/uploapredictiveHigh
9File/importexport.phppredictiveHigh
10File/inc/lists/csvexport.phppredictiveHigh
11File/server-statuspredictiveHigh
12File/sgmi/predictiveLow
13File/system/user/resetPwdpredictiveHigh
14File/tos/index.php?editor/fileGetpredictiveHigh
15File/uncpath/predictiveMedium
16File/user/updatePwdpredictiveHigh
17File/var/log/nginxpredictiveHigh
18Fileaddentry.phppredictiveMedium
19Fileadmin-ajax.php?action=get_wdtable order[0][dir]predictiveHigh
20Fileadmin/plib/api-rpc/Agent.phppredictiveHigh
21Fileapplications/core/modules/front/system/content.phppredictiveHigh
22Fileatt_protocol.ccpredictiveHigh
23Filexxxx-xxxx.xpredictiveMedium
24Filexxxxxxxxxxxxxx.xxxpredictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexxx.xpredictiveLow
27Filexxxxx/xxxxxxx.xxxpredictiveHigh
28Filexxxxx.xxxpredictiveMedium
29Filexxxxxxxx.xpredictiveMedium
30Filexxxxxxxxx.xxxpredictiveHigh
31Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
32Filexx.xxxpredictiveLow
33Filexxxxxxxx.xxxpredictiveMedium
34Filexxxx.xxxpredictiveMedium
35Filexx_xxxxxx.xxxpredictiveHigh
36Filexxxx/xx/xxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
37Filexxxxx.xxxpredictiveMedium
38Filexxx/xxxxxx/xxxxxx.xpredictiveHigh
39Filexxxx.xxxpredictiveMedium
40Filexxxxxxxx.xxxpredictiveMedium
41Filexxxxxxxx.xxxpredictiveMedium
42Filexx/xxxx/xxxxxxx.xpredictiveHigh
43Filexx/xxx/xxx_xxxxxxxx.xpredictiveHigh
44Filexxxxxx.xxxpredictiveMedium
45Filexxx_xxx.xxxpredictiveMedium
46Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
47Filexxxxxxxxxx.xxxpredictiveHigh
48Filexx_xxx.xxxpredictiveMedium
49Filexxx/xxxxxx.xxxpredictiveHigh
50Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
51Filexxxxx.xxxpredictiveMedium
52Filexxxxxxxxxxxxx.xxxpredictiveHigh
53Filexx/xxx/xxxxx.xxxpredictiveHigh
54Filexxxxxx.xpredictiveMedium
55Filexxxxxx/xxxxx.xpredictiveHigh
56Filexxxxxxxxxx.xxxpredictiveHigh
57Filexxxxx.xxxpredictiveMedium
58Filexxxxx.xxxpredictiveMedium
59Filexxxxxxxxxx/xxxxxxx.xpredictiveHigh
60Filexxxx-xxxxxx.xpredictiveHigh
61Filexxxxxxxx.xxxpredictiveMedium
62Filexxx/xxxxxx.xpredictiveMedium
63Filexxx.xxxpredictiveLow
64Filexxxxxx.xpredictiveMedium
65Filexxxxxxxx.xxxpredictiveMedium
66Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
67Filexxxxxxxx.xxxpredictiveMedium
68Filexxxxxxxx.xxxpredictiveMedium
69Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
70Filexxxxxxxxx/xxxxxxx/xxxx/xxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
71Filexxxxxxx.xxxpredictiveMedium
72Filexx_xxxx.xxpredictiveMedium
73Filexxxxxxxx.xxxpredictiveMedium
74Filexxxxxxx.xxxpredictiveMedium
75Filexxxxx.xxxpredictiveMedium
76Filexxxx-xxxxxx.xpredictiveHigh
77Filexxxx_xxxxxx_xxxxxx.xxxpredictiveHigh
78Filexxxxxx.xxpredictiveMedium
79Filexxx/xxxxxxxx/xxxx_xxxxxx.xpredictiveHigh
80Filexxxxxx.xxxpredictiveMedium
81Filexxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxxpredictiveHigh
82Filexxxxxx/xxxxxxx/xx-xx/xxxx/xxxxx.xxxpredictiveHigh
83Filexxxxxx/xxxxxxxxx/xxxxxxx.xpredictiveHigh
84Filexxxx-xxxxx.xxxpredictiveHigh
85Filexxxx-xxxxxxxx.xxxpredictiveHigh
86Filexxxxxxxx.xxxpredictiveMedium
87Filexxxxx/xxxxxx.xpredictiveHigh
88Filexxx.xxxpredictiveLow
89Filexxxxx/xxxxxxxx.xxxpredictiveHigh
90Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
91Filexxxxxxx.xxxpredictiveMedium
92Filexxxxxxx.xxxpredictiveMedium
93Filexxxxxx.xxxpredictiveMedium
94Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
95Filexx-xxxxx/xxxxx.xxxpredictiveHigh
96Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
97Filexx-xxxxxxxx/xxxxx.xxxpredictiveHigh
98File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxx.xxxpredictiveHigh
99Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxx.xxxpredictiveHigh
100Libraryxxxxxxxxxxx.xxxpredictiveHigh
101Libraryxxxxxxxxx/xxx-xxxxxx/xxxxxxxx.xxxpredictiveHigh
102Libraryxxxxxxxx.xxxpredictiveMedium
103Libraryxxxxxxxxxxx.xxxpredictiveHigh
104Libraryxxxxx.xxxpredictiveMedium
105Libraryxxxxxxxxxxxxxxxx.xxxpredictiveHigh
106Libraryxxx.xxxpredictiveLow
107Libraryxxxxxxx.xxxpredictiveMedium
108Libraryxxxxxxx.xxxpredictiveMedium
109Libraryxxxxxx.xxxpredictiveMedium
110Libraryxxx xxxxxxxxxpredictiveHigh
111Libraryxxxxxx/x/xxxxxxxxpredictiveHigh
112Argument$_xxxpredictiveLow
113Argument$_xxx['xxxx']predictiveHigh
114Argument-xpredictiveLow
115ArgumentxxxxxxxxxxpredictiveMedium
116ArgumentxxxpredictiveLow
117ArgumentxxxxxxxxxxxxxxpredictiveHigh
118ArgumentxxxxxxxxpredictiveMedium
119ArgumentxxxxxxpredictiveLow
120Argumentxxxxxxx_xxpredictiveMedium
121ArgumentxxxxxxxxxxpredictiveMedium
122Argumentxxxxxxx_xxxxxpredictiveHigh
123ArgumentxxxxxxxxxxxpredictiveMedium
124ArgumentxxxxxxpredictiveLow
125Argumentxxxx/xxxxpredictiveMedium
126ArgumentxxxxxxxxxxxxxpredictiveHigh
127ArgumentxxxxxpredictiveLow
128ArgumentxxxxpredictiveLow
129ArgumentxxxxxxxxpredictiveMedium
130ArgumentxxxxxxxxpredictiveMedium
131Argumentxxxx:predictiveLow
132ArgumentxxpredictiveLow
133Argumentxx_xxxxxxxxpredictiveMedium
134ArgumentxxpredictiveLow
135ArgumentxxxxxxxxxpredictiveMedium
136ArgumentxxpredictiveLow
137Argumentxxxx_xxpredictiveLow
138Argumentxxxxx[xxxxxxx]predictiveHigh
139ArgumentxxxxpredictiveLow
140ArgumentxxxxxxxxxxxpredictiveMedium
141ArgumentxxxpredictiveLow
142Argumentxxxxx/xxxxpredictiveMedium
143Argumentxxxxxxx/xxxxxpredictiveHigh
144ArgumentxxxxxxpredictiveLow
145Argumentxxxx_xxxpredictiveMedium
146Argumentxxxxxx_xxxxpredictiveMedium
147Argumentxxxxxxx xxxxxxpredictiveHigh
148Argumentxxx_xxpredictiveLow
149Argumentxxxx_xxxxpredictiveMedium
150ArgumentxxxxxxxxxxpredictiveMedium
151ArgumentxxxxxxpredictiveLow
152ArgumentxxxxxxxxxxpredictiveMedium
153Argumentxxxxxx_xxpredictiveMedium
154ArgumentxxxxxxxxpredictiveMedium
155ArgumentxxxpredictiveLow
156ArgumentxxxxxxxxxxpredictiveMedium
157ArgumentxxxpredictiveLow
158ArgumentxxxpredictiveLow
159ArgumentxxxxxxxxxxpredictiveMedium
160ArgumentxxxxxxxxxxxpredictiveMedium
161Argumentxxxxxx xxxxxxpredictiveHigh
162ArgumentxxxpredictiveLow
163ArgumentxxxpredictiveLow
164Argumentxxxx-xxxxxxxxpredictiveHigh
165Argumentxxxxxxxx/xxxxpredictiveHigh
166ArgumentxxxxpredictiveLow
167Argumentxxxxx/xxxxx/xxxxx/xxxx/xxxxxxpredictiveHigh
168Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
169Input Value../../predictiveLow
170Input Value/xxxxxx/..%xxpredictiveHigh
171Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
172Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
173Input ValuexxxxxxpredictiveLow
174Pattern+|xx xx xx xx xx xx xx|predictiveHigh
175Pattern/xxxxx/xxxxxxx.xxxpredictiveHigh
176Pattern/xxxxxxxxxx/predictiveMedium
177Patternxxxx|xx|predictiveMedium
178PatternxxxxpredictiveLow
179PatternxxxpredictiveLow
180PatternxxxxxxxxxxxpredictiveMedium
181Patternxxxxxxx|xx xx xx xx xx|predictiveHigh
182PatternxxxxpredictiveLow
183PatternxxxxpredictiveLow
184Patternxxxxxxxxx|xx|predictiveHigh
185PatternxxxxpredictiveLow
186Patternx|xx|x|xx|_|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|predictiveHigh
187Patternxxxxxx.xxxxxxpredictiveHigh
188Patternxxxxx/xxxxxxxxxpredictiveHigh
189Pattern|xx xx xx xx|predictiveHigh
190Pattern|xx xx|predictiveLow
191Pattern|xx xx xx xx|<|xx xx xx|xxxxpredictiveHigh
192Pattern|xx|x|xx xx|predictiveMedium
193Network Portxxx/xxpredictiveLow
194Network Portxxx/xxxx (xxx)predictiveHigh
195Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!