Sality Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (40)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en32
de4
it2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us14
ru10
pt6
de4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Sality2
SmokeLoader1
StealthWorker1
Cobalt Strike1
RisePro1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Content Management System6
Not Defined6
Operating System4
Router Operating System4
SSH Server Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined12
Paramiko2
Microsoft2
Maianscriptworld2
Google2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress4
Paramiko SSH Server2
Microsoft Windows2
phpRaid2
Maianscriptworld Maian Recipe2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1WordPress wp-trackback.php mb_convert_encoding cryptographic issues5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.033580.04CVE-2009-3622
2Dragon Path Bharti Airtel Routers Hardware BDT-121 Admin Page cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000530.00CVE-2022-28507
3YaPiG view.php cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.013350.00CVE-2005-1886
4WordPress wp-register.php cross site scripting4.34.2$5k-$25k$0-$5kHighUnavailable0.003220.00CVE-2007-5105
5MetInfo URL Redirector login.php redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001070.00CVE-2017-11718
6phpRaid register.php privileges management5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
7vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002380.14CVE-2007-6138
8DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.79CVE-2010-0966
9Symantec Endpoint Protection Manager SAP XML Parser xml external entity reference7.36.6$5k-$25k$0-$5kHighOfficial Fix0.831770.00CVE-2013-5014
10Mozilla Firefox/Thunderbird/Firefox ESR NPAPI Plugin cross-site request forgery6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.004190.00CVE-2019-11712
11Linux Kernel oom_kill.c __oom_reap_task_mm use after free4.74.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.03CVE-2017-18202
12Node.js HTTP Header resource consumption6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.016470.00CVE-2018-12121
13TestLink Plugin summary.jelly cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000540.00CVE-2018-1000113
14Microsoft Windows Windows Media Player information disclosure2.52.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001840.03CVE-2017-11768
15W3C Jigsaw Host Header cross site scripting6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010340.00CVE-2002-1053
16Microsoft Windows Subsystem for Linux access control6.45.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.002130.00CVE-2018-0743
17Microsoft Windows DirectX information disclosure5.14.9$25k-$100k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2019-0837
18WordPress wpdb->prepare sql injection8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.003890.03CVE-2017-16510
19Microsoft Lync/Skype for Business Security Feature 7pk security7.06.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.002840.03CVE-2018-8238
20Iptanus File Upload Plugin Shortcode cross site scripting6.05.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001850.00CVE-2018-9172

IOC - Indicator of Compromise (31)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.101.0.44Sality04/12/2022verifiedHigh
220.53.203.50Sality08/01/2022verifiedHigh
320.72.235.82Sality08/01/2022verifiedHigh
420.81.111.85Sality08/01/2022verifiedHigh
520.84.181.62Sality08/01/2022verifiedHigh
620.103.85.33Sality08/01/2022verifiedHigh
720.109.209.108Sality08/01/2022verifiedHigh
8XX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxx08/01/2022verifiedHigh
9XX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxx08/01/2022verifiedHigh
10XX.XXX.XXX.XXXxxxxx04/08/2022verifiedHigh
11XX.XX.XXX.XXXxxxxxxxxxxx.xxxxxxx-xxxx.xxx.xxxXxxxxx04/12/2022verifiedHigh
12XX.XX.X.XXxxxxxxx.x.xxxxxxxxx.xxxXxxxxx04/12/2022verifiedHigh
13XX.XXX.XXX.XXXxxxxx04/08/2022verifiedHigh
14XX.XX.XXX.XXXxxxxxxxxx.xxxxxxxxxxx.xxxXxxxxx04/08/2022verifiedHigh
15XX.XXX.XXX.XXXXxxxxx04/12/2022verifiedHigh
16XX.XXX.XX.XXXxx-xxx-xx-xxx-xxxxxx.xxxxxxx.xxxXxxxxx10/29/2023verifiedHigh
17XX.XXX.XXX.XXxx-xxxxx.xx.xxxxxxxxxxxxx.xxXxxxxx04/12/2022verifiedHigh
18XX.XX.XXX.XXXxx-xx-xxx-xxx.xxxxx.xxx.xxXxxxxx04/12/2022verifiedHigh
19XXX.XX.XX.XXxxxxxxxxxxx.x.xxxxxxxxx.xxxXxxxxx04/12/2022verifiedHigh
20XXX.XXX.XXX.XXXxx-xxx-xxx.xxxxx.xxxXxxxxx04/12/2022verifiedHigh
21XXX.XXX.XX.XXXxx-xxx-xxx-xx-xxx.xx.xxxxxxxxxxxx.xxxXxxxxx04/12/2022verifiedHigh
22XXX.X.XXX.XXXXxxxxx04/12/2022verifiedHigh
23XXX.XXX.XX.XXx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxx04/12/2022verifiedHigh
24XXX.XX.XXX.Xxx-xxxxx.xxx.xx.xxXxxxxx04/12/2022verifiedHigh
25XXX.XX.XX.XXXXxxxxx04/08/2022verifiedHigh
26XXX.XX.XXX.XXXXxxxxx04/08/2022verifiedHigh
27XXX.XX.XXX.XXXXxxxxx04/08/2022verifiedHigh
28XXX.XXX.XX.XXXxxxx-x.xxxxxxxxxxxxXxxxxx04/08/2022verifiedHigh
29XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxx.xxxx-xxxx.xxxXxxxxx04/08/2022verifiedHigh
30XXX.XX.XX.XXxxxx.xxxxxxx.xxXxxxxx04/08/2022verifiedHigh
31XXX.XX.XX.XXXxxx.xxxxxxx.xxXxxxxx04/12/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
5TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (35)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/getcfg.phppredictiveMedium
2File/settings/avatarpredictiveHigh
3Filebin/icingapredictiveMedium
4Fileinc/config.phppredictiveHigh
5Fileindex.phppredictiveMedium
6Filexxxxxx/xxxxx.xxxpredictiveHigh
7Filexxxxxx.xxpredictiveMedium
8Filexx/xxx_xxxx.xpredictiveHigh
9Filexxx.xxxpredictiveLow
10Filexxxxx.xxxpredictiveMedium
11Filexxxxxxxx.xxxpredictiveMedium
12Filexxxxxxxxxxxxxxxxxxx/xxxxxxx.xxxxxpredictiveHigh
13Filexxxxxxxxx.xxpredictiveMedium
14Filexxxx/xxxxxxxxxxxx.xpredictiveHigh
15Filexxxx.xxxpredictiveMedium
16Filexx-xxxxxxxx.xxxpredictiveHigh
17Filexx-xxxxxxxxx.xxxpredictiveHigh
18ArgumentxxxxxxxxpredictiveMedium
19ArgumentxxxxxxxxxpredictiveMedium
20ArgumentxxxxxxxpredictiveLow
21ArgumentxxxxxxxxxxxpredictiveMedium
22ArgumentxxxxxpredictiveLow
23ArgumentxxpredictiveLow
24ArgumentxxxxxxpredictiveLow
25ArgumentxxxxxxxxpredictiveMedium
26ArgumentxxxxpredictiveLow
27Argumentxxxxxxx_xxxpredictiveMedium
28ArgumentxxxxxxxxpredictiveMedium
29ArgumentxxxxxxxxxxxxxpredictiveHigh
30Argumentxxxx_xxxxxpredictiveMedium
31Argument_xxxxxxxpredictiveMedium
32Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
33Pattern|xx|xx|xx|predictiveMedium
34Network Portxxx/xxxx (xxxx) / xxx/xxxx (xxxxx)predictiveHigh
35Network Portxxx xxxxxx xxxxpredictiveHigh

References (6)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!