RudeBird Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (163)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en142
ja6
fr4
ru4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us30
ru10
fr4
gb4
it4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike2
RudeBird2
Ave Maria1
Gozi1
ISFB1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined86
Content Management System6
Router Operating System6
Web Server4
Chip Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined48
Adobe6
D-Link6
Siemens6
IBM6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

nginx4
Qualcomm Snapdragon Mobile4
GitLab Enterprise Edition4
Adobe Experience Manager4
D-Link DIR-605L4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.41CVE-2020-12440
2WordPress User Search REST Endpoint information disclosure4.44.3$5k-$25k$0-$5kNot DefinedNot Defined0.000630.07CVE-2023-5561
3Storytlr cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001340.04CVE-2014-100037
4Synology DiskStation Manager Change Password password recovery7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000680.03CVE-2018-8916
5Campcodes Online College Library System HTTP POST Request category_row.php sql injection6.15.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000760.03CVE-2023-7179
6Apache HTTP Server HTTP/2 resource consumption5.65.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.001770.06CVE-2023-45802
7Slsknet Soulseek memory corruption10.09.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.184740.00CVE-2009-1830
8Ettercap ec_strings.c strescape memory corruption8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.006350.00CVE-2017-8366
9SourceCodester Internship Portal Management System edit_admin.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.25CVE-2024-3254
10Arecont Vision AV1355DN MegaDome camera denial of service7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001550.00CVE-2013-0139
11Lenovo Synaptics Fingerprint Readers security check6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000530.04CVE-2024-23592
12Campcodes Complete Online DJ Booking System booking-bwdates-reports-details.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.77CVE-2024-2714
13SourceCodester Online Library System deweydecimal.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.22CVE-2024-3361
14IBM Watson CP4D Data Stores missing encryption3.63.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2023-27291
15NVIDIA Omniverse Kit Create/Audio2Face/Isaac Sim/View/Code/Machinima injection8.38.3$0-$5k$0-$5kNot DefinedNot Defined0.000700.04CVE-2022-42268
16Ivanti Avalanche unrestricted upload7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.010860.02CVE-2023-46264
17EuroTel ETL3100 access control8.88.8$0-$5k$0-$5kNot DefinedNot Defined0.000910.00CVE-2023-6930
18WC Vendors WooCommerce Multi-Vendor Plugin sql injection6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000500.00CVE-2023-48327
19GuardGiant Brute Force Protection Plugin sql injection6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000500.00CVE-2023-48764
20WooCommerce GoCardless Plugin authorization7.77.6$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2023-37871

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.90.58.103vds-671568.hosted-by-itldc.comRudeBird10/29/2023verifiedHigh
2XXX.XXX.XXX.XXXXxxxxxxx10/29/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (65)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/booking-bwdates-reports-details.phppredictiveHigh
2File/admin/category_row.phppredictiveHigh
3File/bin/boapredictiveMedium
4File1.user.phppredictiveMedium
5Fileadmin.cgi?action=config_restorepredictiveHigh
6Fileadmin.cgi?action=upgradepredictiveHigh
7Fileadmin/books/deweydecimal.phppredictiveHigh
8Fileadmin/edit_admin.phppredictiveHigh
9Filexxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
10Filexxxxx.xxxpredictiveMedium
11Filexxx_xxx.xxpredictiveMedium
12FilexxxpredictiveLow
13Filexxxxx-xx-xxxxxx-xxxxx.xxxpredictiveHigh
14Filexxxxxx.xpredictiveMedium
15Filexxxxxxx/xxx/xxxxxxxx/xxx/xxxxx/xxx_xxx.xpredictiveHigh
16Filexx_xxxxxxx.xpredictiveMedium
17Filexxxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxxxx/xxxxxxx/xxxxx/xxxxxx.xxxpredictiveHigh
19Filexxx_xxx.xxxpredictiveMedium
20Filexxxxxxxxx.xxxpredictiveHigh
21Filexxxxx.xxxpredictiveMedium
22Filexxxxx.xxxpredictiveMedium
23Filexxxxxxxx.xxxpredictiveMedium
24Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
25Filexxxx.xxxpredictiveMedium
26Filexxxxxxxxx.xxxpredictiveHigh
27Filexxxx-xxxxx-xxxxx.xxxpredictiveHigh
28Filexxxxxx.xpredictiveMedium
29Filexxxxxxxx.xxxpredictiveMedium
30Filexxxxxxxx.xxxpredictiveMedium
31Filexxxxxx.xxxpredictiveMedium
32Filexxx_xxxxx.xpredictiveMedium
33Filexxxxxxxx.xpredictiveMedium
34Filexxxx-xxxxxxxx.xxxpredictiveHigh
35Filexxxxx/xxxxx.xxpredictiveHigh
36Libraryxxxx.xxxpredictiveMedium
37Libraryxxxxxxxxxxxx.xxxpredictiveHigh
38Libraryxxxxxxx.xxxpredictiveMedium
39Argumentxxxxx_xxpredictiveMedium
40Argumentxxx_xxxxxx.xxxpredictiveHigh
41ArgumentxxxxxxpredictiveLow
42ArgumentxxxxxxxxpredictiveMedium
43Argumentxxx_xxxxpredictiveMedium
44ArgumentxxxxxpredictiveLow
45ArgumentxxxxpredictiveLow
46ArgumentxxxxxxxxpredictiveMedium
47Argumentxxx-xxxxpredictiveMedium
48ArgumentxxxxpredictiveLow
49ArgumentxxpredictiveLow
50ArgumentxxxxxxpredictiveLow
51Argumentxxxx_xxxxpredictiveMedium
52Argumentxxxxxxxxxx_xxxxxxxx_xxxxxpredictiveHigh
53Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
54Argumentxxxx/xxxxxxxpredictiveMedium
55ArgumentxxxxpredictiveLow
56ArgumentxxxxxxpredictiveLow
57ArgumentxxxxxxpredictiveLow
58ArgumentxxpredictiveLow
59Argumentxxx xxx_xx/xxxxxx/xxx/xxx/xxxxxxxxxx/xxxxxxxxxxpredictiveHigh
60Argumentxxxx_xxpredictiveLow
61Argumentxx_xxpredictiveLow
62Network PortxxxxpredictiveLow
63Network PortxxxxxpredictiveLow
64Network Portxxx xxxxxpredictiveMedium
65Network Portxxx/xx (xxxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!