Satori Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (180)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en166
es12
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us104
ru28
gb6
io6
es6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Satori6
FIN74
Rhadamanthys4
RedLine Stealer3
LaplasClipper3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined60
Content Management System12
WordPress Plugin8
Web Browser6
Database Administration Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined64
Cisco10
Microsoft8
Oracle8
Google4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

phpMyAdmin6
Cisco Registered Envelope Service6
Danneo CMS4
Liebert MultiLink Automated Shutdown2
Hotel Booking Lite Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.34CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
3Online Book Store admin_add.php unrestricted upload6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.035330.00CVE-2020-19113
4Campcodes Online Thesis Archiving System manage_user.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001460.04CVE-2023-2149
5GFI Kerio Control Login Page DOM-Based cross site scripting6.16.0$0-$5k$0-$5kFunctionalNot Defined0.002000.04CVE-2019-16414
6OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.31CVE-2016-6210
7Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.03CVE-2017-0055
8Progress MOVEit Automation Web Admin Application cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.004350.04CVE-2020-12677
9phpMyAdmin grab_globals.lib.php path traversal4.84.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.023340.04CVE-2005-3299
10Redis redis-cli memory corruption7.16.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.005840.05CVE-2018-12326
11Wazzum Wazzum Dating Software profile_view.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.00CVE-2009-0293
12LimeSurvey File Upload path traversal7.16.9$0-$5k$0-$5kNot DefinedOfficial Fix0.002830.02CVE-2018-1000659
13Apache HTTP Server ap_some_auth_required access control3.73.2$25k-$100k$0-$5kUnprovenOfficial Fix0.003680.00CVE-2015-3185
14Synacor Zimbra Collaboration xml external entity reference8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004410.00CVE-2016-9924
15Samba Shared Library is_known_pipename SambaCry code injection9.89.6$25k-$100k$0-$5kHighOfficial Fix0.972640.07CVE-2017-7494
16Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.24
17CodeAstro Vehicle Booking System User Registration usr-register.php cross site scripting4.94.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.10CVE-2024-0345
18MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.51CVE-2007-0354
19MikroTik RouterOS Winbox/HTTP Interface privileges management7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000550.14CVE-2023-30799
20Oracle WebLogic Server jQuery cross site scripting6.16.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.006600.04CVE-2015-9251

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • CVE-2014-8361 / CVE 2017-17215

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
195.211.123.69Satori02/12/2022verifiedHigh
295.215.62.169169-62-215-95.cust.briod.netSatori02/11/2022verifiedHigh
3123.207.251.95Satori02/11/2022verifiedHigh
4XXX.XXX.XXX.XXXXxxxxx02/12/2022verifiedHigh
5XXX.XX.XX.XXXXxxxxx02/12/2022verifiedHigh
6XXX.XXX.XX.XXXxxxxxXxx-xxxx-xxxx / Xxx Xxxx-xxxxx09/02/2021verifiedHigh
7XXX.XXX.XXX.XXXXxxxxx02/11/2022verifiedHigh
8XXX.XX.XX.XXXXxxxxxXxx-xxxx-xxxx / Xxx Xxxx-xxxxx09/02/2021verifiedHigh
9XXX.XX.XXX.XXXxxxx.xxxxxXxxxxx02/11/2022verifiedHigh
10XXX.XXX.XX.XXXXxxxxxXxx-xxxx-xxxx / Xxx Xxxx-xxxxx09/02/2021verifiedHigh
11XXX.XXX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxxxx.xxxXxxxxxXxx-xxxx-xxxx / Xxx Xxxx-xxxxx09/02/2021verifiedHigh
12XXX.X.XX.XXXXxxxxx02/12/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-59CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
16TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (90)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/user/manage_user.phppredictiveHigh
2File/anony/mjpg.cgipredictiveHigh
3File/plainpredictiveLow
4File/public/login.htmpredictiveHigh
5File/uncpath/predictiveMedium
6File/wbms/classes/Master.php?f=delete_clientpredictiveHigh
7File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveHigh
8Fileadmin_add.phppredictiveHigh
9Fileawstats.plpredictiveMedium
10Filebooks.phppredictiveMedium
11Filec-client/imap4r1.cpredictiveHigh
12Filexxxx/xxxxxx/xxxxxx/xxxxxxxxxxxxxx.xxxxpredictiveHigh
13Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxx/xxxxxxxx.xxxpredictiveHigh
15Filexxxxxxxxx.xxxpredictiveHigh
16Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxx.xxxpredictiveMedium
18Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
19Filexxxxx_xxx_xxxxx.xxxpredictiveHigh
20Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
21Filexxx/xxxxxx.xxxpredictiveHigh
22Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
23Filexxxxxxxx/xxxxxxx.xxxpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxxxx.xxx?xx=xxxxxxx&xxx=xxxpredictiveHigh
26Filexxxx_xxxx.xxxpredictiveHigh
27Filexxxxxx/xxxxxx/xxxx.xpredictiveHigh
28Filexxxxxxxxx/xxxxxxx.xpredictiveHigh
29Filexxxxxxxxx.xxxpredictiveHigh
30Filexxxxx/?xxxxxx=xxxxxxx&xxxxpredictiveHigh
31Filexxx_xxxxx_xxxxx.xpredictiveHigh
32Filexxxxxxxx.xxxxxpredictiveHigh
33Filexxxxxxx.xxxpredictiveMedium
34Filexxxxxxx.xxxpredictiveMedium
35Filexxxxxxxx.xxxpredictiveMedium
36Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
37Filexxxxxxx_xxxx.xxxpredictiveHigh
38Filexxxxx_xxxxxxx.xxxpredictiveHigh
39Filexxxxxxxxx.xxxxpredictiveHigh
40Filexxxxx.xxxpredictiveMedium
41Filexxxxx-xxxx.xxxpredictiveHigh
42Filexxxxxxxxx.xxxpredictiveHigh
43Filexxx/xxx-xxxxxxxx.xxxpredictiveHigh
44Filexxxxxxxx/xxxxxx.xxxxxxxxpredictiveHigh
45Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
46Filexx-xxxxx.xxxpredictiveMedium
47Filexxxxxxx.xxxpredictiveMedium
48Library/xxx/xxxxx/xxxxxxxxx.xxpredictiveHigh
49Libraryxxx.xxxpredictiveLow
50Libraryxxxxx/xxxxxx/xxx/xxxxx/xxxxx.xxxxx_xx.xxxpredictiveHigh
51Libraryxxx/xxx/xxxx/predictiveHigh
52Libraryxx-xxxxxxx/xxxxxxx/xxxxxx/xxx_xxxx.xxxpredictiveHigh
53Argument-xpredictiveLow
54Argument-xxxxxxxxxxxxxpredictiveHigh
55Argument-xpredictiveLow
56ArgumentxxxxxxxxpredictiveMedium
57ArgumentxxxxxxpredictiveLow
58ArgumentxxxpredictiveLow
59Argumentxxxx_xxpredictiveLow
60ArgumentxxxxxxxpredictiveLow
61ArgumentxxxxxxpredictiveLow
62ArgumentxxxxxxxxxxxpredictiveMedium
63Argumentxxxxxxxxx_xxxxxx_xxxxpredictiveHigh
64ArgumentxxxxpredictiveLow
65Argumentxxxx_xxxx/xxxx_xxxx/xxxxxxxpredictiveHigh
66ArgumentxxxxpredictiveLow
67ArgumentxxxxxxxxpredictiveMedium
68ArgumentxxpredictiveLow
69ArgumentxxxpredictiveLow
70ArgumentxxxxxxpredictiveLow
71ArgumentxxxxxxxpredictiveLow
72ArgumentxxxpredictiveLow
73ArgumentxxxxxxxxxpredictiveMedium
74ArgumentxxxxxpredictiveLow
75ArgumentxxxxpredictiveLow
76ArgumentxxxxxpredictiveLow
77ArgumentxxxxpredictiveLow
78ArgumentxxxxxxxxpredictiveMedium
79ArgumentxxxxxxxpredictiveLow
80ArgumentxxxpredictiveLow
81Argumentxxxxx_xxxx/xxxxx_xxxxxx/xxx_xxxx/xxx_xxxxxx/xxxxxxxxpredictiveHigh
82Argumentxxxx_xxpredictiveLow
83ArgumentxxxxxxpredictiveLow
84Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
85Input Value../predictiveLow
86Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveHigh
87Network Portxxx/xxxpredictiveLow
88Network Portxxx/xxxxpredictiveMedium
89Network Portxxx/xxx (xxx)predictiveHigh
90Network Portxxx xxxxxx xxxxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!