SessionManager Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (25)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

zh	14
en	12

Country

cn	24
ir	2

Actors

Gelsemium	2
Cobalt Strike	2

Activities

Interest

Timeline

Type

Not Defined	16
Operating System	2
WordPress Plugin	2
Programming Language Software	2

Vendor

Not Defined	10
ZCMS	2
NVIDIA	2
Huawei	2
Microsoft	2

Product

ZCMS	4
ZCMS ThinkPHP	2
NVIDIA GeForce Experience	2
Huawei SXXXX	2
Microsoft Windows	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	ZCMS ThinkPHP sql injection	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00209	0.05	CVE-2020-19705
2	sentry-sdk Session information exposure	5.6	5.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00090	0.02	CVE-2023-28117
3	IBM CTSS Text Editor Password information disclosure	3.3	3.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.08
4	Permalink Manager Lite Plugin cross site scripting	4.8	4.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00045	0.04	CVE-2024-2738
5	Michael Leithold DSGVO All in One for WP Plugin cross-site request forgery	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00043	0.00	CVE-2024-27967
6	Google Chrome V8 Remote Code Execution	7.5	7.4	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00056	0.04	CVE-2024-2625
7	Huawei SXXXX XML Parser input validation	3.6	3.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00056	0.03	CVE-2017-15346
8	prototypejs Prototype JavaScript framework Remote Code Execution	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00406	0.00	CVE-2008-7220
9	NVIDIA GeForce Experience nvcontainer.exe access control	7.0	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2020-5978
10	Microsoft Windows Runtime Remote Code Execution	8.1	7.7	$25k-$100k	$5k-$25k	High	Official Fix	0.38267	0.00	CVE-2022-21971
11	Parallels Plesk Panel index.htm cross site scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00112	0.02	CVE-2019-18793
12	Discuz! admin.php cross site scripting	3.6	3.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00054	0.06	CVE-2018-19464
13	ZCMS sql injection	8.5	8.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00386	0.00	CVE-2015-7346
14	ZCMS cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00058	0.02	CVE-2019-9078
15	Microsoft Windows Print Spooler Local Privilege Escalation	7.5	6.9	$25k-$100k	$0-$5k	High	Official Fix	0.96825	0.00	CVE-2021-1675
16	Jfinal CMS FileManagerController.java FileManager.rename access control	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00202	0.00	CVE-2020-19155
17	Redis BIT Command out-of-bounds	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01713	0.03	CVE-2021-32761
18	OpenLiteSpeed WebAdmin Console input validation	9.8	9.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00244	0.04	CVE-2020-5519
19	FileZilla Server PORT confused deputy	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00052	0.15	CVE-2015-10003
20	ThinkPHP index.php sql injection	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00179	0.02	CVE-2018-10225

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	202.182.123.185	202.182.123.185.vultrusercontent.com	SessionManager		07/05/2022	verified	High
2	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxxxxxx		07/05/2022	verified	High

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	High
2	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
3	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
4	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (10)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	admin.php	predictive	Medium
2	File	index.php	predictive	Medium
3	File	xxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxx	predictive	High
4	File	xxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	High
5	File	xxxxxxxxxxx.xxx	predictive	High
6	File	xxxxxx/xxxxxxx/xx-xx/xxxx/xxxxx.xxx	predictive	High
7	File	xxxx/xxx.xxx?xx=xxxxxx	predictive	High
8	Argument	xxxxxxxx	predictive	Medium
9	Argument	xxxxxxxx	predictive	Medium
10	Input Value	xxxxxx	predictive	Low

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!