SpeakUp Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (109)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en104
zh2
fr2
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us30
cn12
pl4
ie2
br2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

SpeakUp3
Cobalt Strike2
Agrius1
Bashlite1
Mirai1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined42
Operating System6
Smartphone Operating System4
Bug Tracking Software4
Content Management System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined38
Microsoft6
HP4
Atlassian4
Google4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
Netgear RBK7524
Atlassian JIRA4
PrestaShop4
vim2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2Rittal PDU-3C002DEC/CMCIII-PU-9333E0FB os command injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001710.00CVE-2020-11953
3SmarterTools SmarterMail Email Stored cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000840.00CVE-2019-7211
4Backdoor.Win32.Psychward.b Service Port 8888 hard-coded credentials7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.00
5Echelon SmartServer 1/SmartServer 2/i.LON 100/i.LON 600 improper authentication8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002050.00CVE-2018-8859
6Cybozu Garoon behavioral workflow5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000820.00CVE-2022-27661
7GitLab Community Edition/Enterprise Edition Rrunner Jobs API access control4.34.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000810.00CVE-2022-2227
8Barco TransForm N Control Room Management Suite Web Application cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000780.00CVE-2022-26974
9BigBlueButton Chat Message information disclosure5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000690.00CVE-2022-29232
10wolfSSL BASE64 PEM File Decoding timing discrepancy2.22.2$0-$5k$0-$5kNot DefinedNot Defined0.000630.00CVE-2021-24116
11Google Go IP Address net.ParseCIDR access control7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.002260.06CVE-2021-29923
12Camunda Modeler IPC Message writeFile state issue7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.008710.02CVE-2021-28154
13cocoapods-downloader argument injection6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001310.00CVE-2022-21223
14Deno privileges management8.68.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001970.00CVE-2022-24783
15Rockwell Automation ISaGRAF Runtime credentials storage5.55.5$0-$5kCalculatingNot DefinedNot Defined0.000450.00CVE-2020-25184
16Cost Calculator Plugin Cost Calculator Post's Layout path traversal5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000650.00CVE-2021-24820
17Zabbix SAML authentication spoofing8.28.2$0-$5k$0-$5kHighNot Defined0.971740.04CVE-2022-23131
18Shared Groovy Libraries Plugin protection mechanism5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.001040.00CVE-2022-25183
19Sangoma Corporation Switchvox access control4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001090.00CVE-2021-45310
20Samsung Smartphone Edge Panel information disclosure2.72.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000470.00CVE-2022-24001

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.2.73.127SpeakUp02/12/2022verifiedHigh
2X.XXX.XX.XXxxxxxxxx.xxxxxxx.xxxXxxxxxx02/12/2022verifiedHigh
3XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxxx.xxxXxxxxxx02/12/2022verifiedHigh
4XXX.XX.XXX.XXXXxxxxxx02/12/2022verifiedHigh
5XXX.XX.XXX.XXXxxx.xxxxx.xxXxxxxxx02/12/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (34)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/kerbynetpredictiveHigh
2File/damicms-master/admin.php?s=/Article/doeditpredictiveHigh
3File/etc/quaggapredictiveMedium
4File/main?cmd=invalid_browserpredictiveHigh
5Filebackend/upcean.cpredictiveHigh
6Filexxxxxxxxx.xxxpredictiveHigh
7Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
9Filexxxx-xxxxxxxx-xxxxxx.xxxpredictiveHigh
10Filexxxx/xxxx_xxxxxxxx_xxx/xxx_xxxxpredictiveHigh
11Filexxxxxxxxx.xxxpredictiveHigh
12Filexx_xxx_xx.xpredictiveMedium
13Filexxx/xxxxx/xxxx-xxxxxxxx.xxxpredictiveHigh
14Filexxxxx.xxxpredictiveMedium
15Filexxxxxxx.xxxpredictiveMedium
16Filexxxxxxx.xxxpredictiveMedium
17Filexxxx/xxxxxxxxxxxxxx.xxxxpredictiveHigh
18Filexxxxxxx:xxxxxxxxxxxxxxxxpredictiveHigh
19Filexx_xxxx/xx/predictiveMedium
20Filexxxx.xxxpredictiveMedium
21FilexxxxxxxpredictiveLow
22Libraryxxxxxxxxxx.xxxpredictiveHigh
23ArgumentxxxpredictiveLow
24ArgumentxxxxxxxxxxxxxxxpredictiveHigh
25ArgumentxxxxxxxxxxxxpredictiveMedium
26ArgumentxxxxxxpredictiveLow
27Argumentxxxxxx_xxxxx_xxxpredictiveHigh
28ArgumentxxpredictiveLow
29ArgumentxxpredictiveLow
30Argumentxxxx xxxxxpredictiveMedium
31ArgumentxxxxxxxxxxxxxxxxxxxpredictiveHigh
32ArgumentxxxxxxxpredictiveLow
33ArgumentxxxxpredictiveLow
34Input Value%xx%xxxxx%xx/xxx/xxxxxx%xx%xxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!