Strider Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (52)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	42
pl	4
sv	2
es	2
de	2

Country

us	16
it	12
pl	4
sv	2
es	2

Actors

Sauron	4
Strider	3
Mirai	1

Activities

Interest

Timeline

Type

Not Defined	14
Content Management System	4
Operating System	4
Web Browser	4
Database Software	2

Vendor

Not Defined	8
IBM	6
Microsoft	4
Wikimedia	2
Phoenix Contact	2

Product

lshell	4
IBM DB2	2
IBM DB2 Connect Server	2
Wikimedia MediaWiki	2
Microsoft Windows	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Van Ons WP GDPR Compliance Plugin $wpdb->prepare direct request	8.5	8.2	$0-$5k	$0-$5k	High	Official Fix	0.97274	0.00	CVE-2018-19207
2	IBM Cognos Controller Web UI cross site scripting	4.8	4.8	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00050	0.00	CVE-2019-4136
3	lshell access control	8.1	8.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00348	0.01	CVE-2016-6902
4	lshell access control	8.1	8.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00352	0.05	CVE-2016-6903
5	OpenBSD OpenSSH PKCS 11 unquoted search path	7.4	7.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02999	0.05	CVE-2023-38408
6	Linux Kernel dr_domain.c dr_domain_init_resources return value	5.5	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00043	0.00	CVE-2023-23006
7	PHPStore Wholesales track.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00366	0.02	CVE-2008-5493
8	cpCommerce document.php sql injection	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00064	0.00	CVE-2009-1345
9	e107 CMS secure_img_render.php file inclusion	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02337	0.04	CVE-2004-2041
10	PHPOutsourcing IdeaBox include.php code injection	7.3	6.4	$0-$5k	$0-$5k	Unproven	Unavailable	0.17410	0.04	CVE-2008-5199
11	socialMPN article.php sql injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00146	0.05	CVE-2005-2031
12	Coppermine Photo Gallery init.inc.php file inclusion	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.08307	0.05	CVE-2004-1988
13	Pmachine lib.inc.php privileges management	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02869	0.04	CVE-2003-1086
14	Bitrix24 Web Application Firewall cross site scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00113	0.07	CVE-2020-13483
15	PrestaShop Authentication improper authentication	8.5	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00231	0.02	CVE-2020-4074
16	Trojan-Spy.Win32.WebCenter.a Service Port 80 web.exe information disclosure	5.3	4.9	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00000	0.00
17	Oracle Argus Safety Letters information disclosure	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00054	0.00	CVE-2021-2110
18	VMware ESXi/Workstation/Fusion XHCI USB Controller information disclosure	4.4	4.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00060	0.00	CVE-2020-3965
19	NVIDIA Windows GPU Display Driver DirectX 11 User Mode Driver x.dll out-of-bounds	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.05	CVE-2020-5965
20	Apple iOS/iPadOS WebRTC use after free	6.0	5.8	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00042	0.00	CVE-2019-2050

Campaigns (1)

These are the campaigns that can be associated with the actor:

ProjectSauron

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	37.252.125.88		Strider	ProjectSauron	12/20/2020	verified	High
2	54.209.129.218	ec2-54-209-129-218.compute-1.amazonaws.com	Strider	ProjectSauron	12/20/2020	verified	Medium
3	66.228.52.133	li294-133.members.linode.com	Strider	ProjectSauron	12/20/2020	verified	High
4	XX.X.XXX.XXX	xxxxxxxxxxx.xx.xx	Xxxxxxx	Xxxxxxxxxxxxx	12/20/2020	verified	High
5	XX.XXX.XX.XXX		Xxxxxxx	Xxxxxxxxxxxxx	12/20/2020	verified	High
6	XXX.XXX.XX.XX		Xxxxxxx	Xxxxxxxxxxxxx	12/20/2020	verified	High
7	XXX.X.XXX.XXX	xxxxxx.xxx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxx	Xxxxxxxxxxxxx	12/20/2020	verified	High
8	XXX.XX.XX.XXX	xxxxxxx-xx-xx-xxx.xxxxxx.xxxxxxx.xx	Xxxxxxx	Xxxxxxxxxxxxx	12/20/2020	verified	High
9	XXX.XXX.XX.XX	xxxxxxx.xxx	Xxxxxxx	Xxxxxxxxxxxxx	12/20/2020	verified	High
10	XXX.XXX.XXX.XXX		Xxxxxxx	Xxxxxxxxxxxxx	12/20/2020	verified	High
11	XXX.XXX.XXX.XXX	xxxxxxxxxxxxx.xxxxxxxxxx.xxxx	Xxxxxxx	Xxxxxxxxxxxxx	12/20/2020	verified	High

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-127	CWE-425	Path Traversal	predictive	High
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	High
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
4	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
6	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	High
7	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
8	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
9	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
10	TXXXX.XXX	CAPEC-	CWE-XXX	Xxxxxxxx Xxxxxx Xxxx	predictive	High
11	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
12	TXXXX	CAPEC-112	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	.procmailrc	predictive	Medium
2	File	article.php	predictive	Medium
3	File	BC_Logon.swf	predictive	Medium
4	File	C:\Windows\SysWOW64\webcenter\web.exe	predictive	High
5	File	xxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/	predictive	High
6	File	xxxxxxxx.xxx	predictive	Medium
7	File	xxxxxxx/xxx/xxxxxxxx/xxxxxxxx/xxxx/xxxx/xxxxxxxx/xx_xxxxxx.x	predictive	High
8	File	xxxxxxx.xxx	predictive	Medium
9	File	xxxxx.xxx	predictive	Medium
10	File	xxxx.xxx.xxx	predictive	Medium
11	File	xxxxxxx/xxxx.x	predictive	High
12	File	xxxxxxx/xxxxxxx/xxx_xxxxxxx.x	predictive	High
13	File	xxxxxx_xxx_xxxxxx.xxx	predictive	High
14	File	xxxxx.xxx	predictive	Medium
15	File	xx-xxxxxxxx/xxxxxxxxx.xxx	predictive	High
16	Library	x:\xxxxxxx\xxxxxxxx\xxxxxxxxxxx\xxxxxxxxxxxxxx\xxxxxxxx.xxx_xxxxx_xxxxxxxxxxxxxxxx\xxxxx\xxxxxxxxxxx.xxx	predictive	High
17	Library	xxx/xxxx/xxxxxxxxxxxxxxxxxxx.xxxxx.xxx	predictive	High
18	Library	xxxxxxxx/x.xxx	predictive	High
19	Library	xx/xxx.xxx.xxx	predictive	High
20	Argument	xxxxxxxx_xxxx	predictive	High
21	Argument	xxx_x_xxx	predictive	Medium
22	Argument	xxxxxx_xxxxx_xxx	predictive	High
23	Argument	xxxxxxxx	predictive	Medium
24	Argument	xx	predictive	Low
25	Argument	xx_xxxxxxxx	predictive	Medium
26	Argument	xxxxx[xxxxx][xx]	predictive	High
27	Argument	xxxx_xxx_xxxx_xxxx	predictive	High
28	Argument	xx_xxxx	predictive	Low
29	Argument	xxx	predictive	Low
30	Input Value	xxxxxxx	predictive	Low

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!