ScanBox Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (97)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en74
zh22
jp2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn64
us26
ca4
th4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

ScanBox9
UAC-00101
3CX Backdoor1
Emotet1
PhotoLoader1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined46
Content Management System10
Operating System10
Web Server4
Forum Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined24
Microsoft6
Oracle6
Apache4
Apple4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft IIS4
Linux Kernel4
Juniper Web Device Manager2
Discuz!ML2
CA eTrust SiteMinder2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1October CMS fromData race condition6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.004050.00CVE-2022-24800
2DeDeCMS recommend.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.024880.00CVE-2017-17731
3Fortinet FortiOS/FortiPAM/FortiProxy HTTP Request out-of-bounds write9.89.6$25k-$100k$25k-$100kNot DefinedOfficial Fix0.000910.03CVE-2023-42789
4Oracle Identity Management Suite Apache Log4j deserialization9.89.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.873840.02CVE-2017-5645
5VMware Cloud Director Privilege Escalation7.26.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.002520.03CVE-2022-22966
6Google Android Lockscreen KeyguardServiceWrapper.java race condition2.01.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2022-20006
7Boa Webserver GET wapopen path traversal6.46.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.735400.05CVE-2017-9833
8Microsoft ASP.NET Forms Authentication path traversal9.89.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.939760.02CVE-2004-0847
9Oracle MySQL Enterprise Monitor Monitoring path traversal9.18.9$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001270.04CVE-2022-37865
10SpringBlade sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001710.03CVE-2022-27360
11Cuppa CMS File Manager copy access control5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.002050.00CVE-2022-25401
12JCK Editor links.php sql injection8.58.3$0-$5k$0-$5kHighNot Defined0.816230.03CVE-2018-17254
13Yii Yii2 path traversal7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000910.00CVE-2015-5467
14Umbraco FeedProxy.aspx.cs Page_Load server-side request forgery7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005110.04CVE-2015-8813
15WPS Hide Login Plugin Secret Login Page options.php access control6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.029330.07CVE-2021-24917
16jeecg-boot information disclosure6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.007030.00CVE-2021-37304
17SSH SSH-1 Protocol cryptographic issues7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002580.08CVE-2001-1473
18Linux Kernel nftables nft_byteorder.c nft_byteorder out-of-bounds write6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.04CVE-2023-35001
19emlog index.php information disclosure5.55.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.003000.02CVE-2021-3293
20Linux Kernel DECnet Socket null pointer dereference5.45.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.005040.00CVE-2023-3338

IOC - Indicator of Compromise (26)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
11.9.5.38ScanBox12/24/2020verifiedHigh
245.77.237.24345.77.237.243.vultrusercontent.comScanBox02/16/2024verifiedHigh
350.2.24.211ScanBox12/24/2020verifiedHigh
466.197.231.62ScanBox01/01/2021verifiedHigh
569.197.146.80ScanBox01/01/2021verifiedHigh
669.197.183.142us-mci1-16.renders.prerender.ioScanBox01/01/2021verifiedHigh
7XX.XXX.XXX.XXXXxxxxxx01/01/2021verifiedHigh
8XX.XXX.XXX.XXXXxxxxxx01/01/2021verifiedHigh
9XX.XXX.XXX.XXXxx-xxxx-xx.xxxxxxx.xxxxxxxxx.xxXxxxxxx01/01/2021verifiedHigh
10XX.XX.XXX.XXXxxxxxxxxxxxxxxxxxxxxxxxxx.xxxXxxxxxx12/24/2020verifiedHigh
11XXX.XX.XXX.XXXXxxxxxx12/24/2020verifiedHigh
12XXX.XXX.XXX.XXXXxxxxxx12/24/2020verifiedHigh
13XXX.XX.XX.XXXXxxxxxx12/24/2020verifiedHigh
14XXX.XX.XX.XXXXxxxxxx01/01/2021verifiedHigh
15XXX.XX.XX.XXXXxxxxxx02/16/2024verifiedHigh
16XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx02/16/2024verifiedHigh
17XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxx02/16/2024verifiedHigh
18XXX.XXX.XXX.XXxx.xx.xxxx.xxxxxx.xxxxxxxxx.xxxXxxxxxx12/24/2020verifiedHigh
19XXX.XX.XX.XXXxxxxxxx.xxxxxxxxxxxxxx.xx.xxXxxxxxx01/01/2021verifiedHigh
20XXX.XX.XXX.XXXxxx-xx-xxx-x.xx.xxx.xxxxx-xxxxx.xxxxxxxxxx.xxxXxxxxxx01/01/2021verifiedHigh
21XXX.XX.XX.Xxxx-xx-xx-x.xx.xxxxxx.xxxxx-xxxxxx.xxxxxxxxxx.xxxXxxxxxx01/01/2021verifiedHigh
22XXX.XX.XXX.XXXxxx-xx-xxx-x.xx.xxxxxx.xxxxx-xxxxx.xxxxxxxxxx.xxxXxxxxxx01/01/2021verifiedHigh
23XXX.XXX.XX.XXx.x.xxxxx.xxXxxxxxx01/01/2021verifiedHigh
24XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx02/16/2024verifiedHigh
25XXX.X.XXX.XXXxxxxxx01/01/2021verifiedHigh
26XXX.X.XXX.XXXxxxxxx01/01/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
12TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (83)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/wapopenpredictiveHigh
2File/proc/self/setgroupspredictiveHigh
3File/secure/QueryComponent!Default.jspapredictiveHigh
4File/userRpm/PingIframeRpm.htmpredictiveHigh
5File/webman/info.cgipredictiveHigh
6File/wp-admin/options.phppredictiveHigh
7Fileadclick.phppredictiveMedium
8Fileaddentry.phppredictiveMedium
9Fileand/orpredictiveLow
10Filexxxxxx.xxxxxx.xxxpredictiveHigh
11Filexxx.xxxpredictiveLow
12Filexxxxxx.xpredictiveMedium
13Filexxx-xxx/xxxxxxpredictiveHigh
14Filexxxxxx.xxx.xxxpredictiveHigh
15Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxx-xxxxx.xxxpredictiveHigh
17Filexxxxxxxxx.xxx.xxxpredictiveHigh
18Filexxxxxxx.xxxpredictiveMedium
19Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
20Filexxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
21Filexxx/xxxxxx.xxxpredictiveHigh
22Filexxxxx.xxxpredictiveMedium
23Filexxxx_xxxx.xxxpredictiveHigh
24Filexxx.xxxxpredictiveMedium
25Filexxxxxxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
26Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
27Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
28Filexxxxxx.xxxpredictiveMedium
29Filexxx/xxxxxxxxx.xxpredictiveHigh
30Filexxxxxx.xxxpredictiveMedium
31Filexxx/xxx/xx_xxx.xpredictiveHigh
32Filexxx/xxxxxxxxx/xxx_xxxxxxxxx.xpredictiveHigh
33Filexxxxxxx.xxxpredictiveMedium
34Filexxxxxxxxxx.xxxpredictiveHigh
35Filexxxx/xxxxxxxxx.xxxpredictiveHigh
36Filexxxxx.xxxpredictiveMedium
37Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
38Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
39Filexxxxxxxx.xxxpredictiveMedium
40Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
41Filex/xxxxx.xxxpredictiveMedium
42Filexxx_xxxx_xxxxxx.xxxpredictiveHigh
43Filexxxxxxx.xxx/xxxxxxx.xxxxxxxxxxxx/xxxxxxx/xxxxxxxxx/xxxxxxxxx.xxxx.xxpredictiveHigh
44Filexxxx-xxxxxxx.xxxpredictiveHigh
45Filexxxx.xxxxx.xxxxxxpredictiveHigh
46Filexx-xxxxx.xxxpredictiveMedium
47Libraryxxx/xxxxxxxxx.xxpredictiveHigh
48Libraryxxxx.xxxxxpredictiveMedium
49Argument$_xxxxxpredictiveLow
50Argumentxxxxx_xxxxpredictiveMedium
51ArgumentxxxxxxxxpredictiveMedium
52ArgumentxxxxxxxxpredictiveMedium
53ArgumentxxxxxxxxxxpredictiveMedium
54ArgumentxxxxxpredictiveLow
55Argumentxxxx_xxpredictiveLow
56ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
57Argumentx_xxpredictiveLow
58ArgumentxxxxxxxxxxpredictiveMedium
59ArgumentxxxxxxxxpredictiveMedium
60ArgumentxxxxpredictiveLow
61Argumentxxxx/xxxxxx/xxxpredictiveHigh
62ArgumentxxpredictiveLow
63ArgumentxxxxxxxxpredictiveMedium
64Argumentxxx_xxxxxxx_xxxpredictiveHigh
65Argumentxxxx/xxxxxxxx/xxx/xxx/xxxxxxxx/xxxxxxxpredictiveHigh
66ArgumentxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
67ArgumentxxxxxxpredictiveLow
68ArgumentxxxxpredictiveLow
69ArgumentxxxxxxxxpredictiveMedium
70ArgumentxxxxxxpredictiveLow
71Argumentxxxx_xxxxxpredictiveMedium
72Argumentxxxxxxxxxx_xxxxpredictiveHigh
73ArgumentxxxxxxxxxxxpredictiveMedium
74ArgumentxxxxpredictiveLow
75ArgumentxxxxxxpredictiveLow
76Argumentxxxxxxxxx: xpredictiveMedium
77ArgumentxxxpredictiveLow
78ArgumentxxxxxxpredictiveLow
79ArgumentxxxxxxxxpredictiveMedium
80Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
81ArgumentxxxxpredictiveLow
82Input Value../..predictiveLow
83Network Portxxx/xxxxpredictiveMedium

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!