TimbreStealer Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (301)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en276
es12
de12
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us80
es12
cn10
de8
id2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

TimbreStealer18
Cobalt Strike2
Bashlite1
Indexsinas1
Responder1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined140
Content Management System14
Network Management Software12
Web Browser10
Backup Software10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined78
Insteon12
Quest10
Microsoft8
Google8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Insteon Hub12
Quest DR Series Disk Backup10
Google Chrome8
Apple watchOS6
Tongda OA 20174

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Bitcoin Core bitcoin-qt state issue6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.010050.00CVE-2021-3401
2D-Link DAR-7000/DAR-8000 web.php unrestricted upload7.17.0$5k-$25k$0-$5kProof-of-ConceptUnavailable0.001140.03CVE-2023-5150
3GE Voluson S8 Service Browser users.cgi improper authentication5.95.8$0-$5k$0-$5kFunctionalUnavailable0.000440.03CVE-2020-36548
4SourceCodester Simple Chat System POST Parameter sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.06CVE-2023-3004
5SourceCodester Local Service Search Engine Management System POST Parameter cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000720.06CVE-2023-3005
6SourceCodester Online Flight Booking Management System POST Parameter review_search.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001340.06CVE-2023-0283
7nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.65CVE-2020-12440
8request-baskets API Request {name} server-side request forgery6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.081090.05CVE-2023-27163
9Moodle Lesson Question Import path traversal6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.002930.00CVE-2022-35650
10Genetechsolutions Pie Register User Account pie-register.php access control5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.088230.04CVE-2014-8802
11RedKernel Referrer Tracker rkrt_stats.php Stored cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.003150.02CVE-2006-0317
12dns-stats hedgehog DSCIOManager.cpp dsc_import_input_from_source sql injection [Disputed]5.75.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001450.06CVE-2021-4276
13TP-Link WRD4300 Web Interface information disclosure4.34.3$0-$5k$0-$5kNot DefinedOfficial Fix0.194930.07CVE-2020-35575
14WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.00CVE-2006-5509
15Kentico CMS os command injection6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.004220.00CVE-2018-7046
16Parsedown Safe Mode code injection6.26.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002240.00CVE-2019-10905
17nginx HTTP/2 resource consumption6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.083940.04CVE-2018-16843
18Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
19Apache HTTP Server mod_cache null pointer dereference5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.041470.06CVE-2013-4352
20PmWiki PageListSort code injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.897040.03CVE-2011-4453

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
124.144.96.15TimbreStealer02/27/2024verifiedHigh
224.199.98.128TimbreStealer02/27/2024verifiedHigh
345.55.65.159TimbreStealer02/27/2024verifiedHigh
464.225.29.249TimbreStealer02/27/2024verifiedHigh
5104.131.67.109TimbreStealer02/27/2024verifiedHigh
6XXX.XXX.XXX.XXXXxxxxxxxxxxxx02/27/2024verifiedHigh
7XXX.XXX.XXX.XXXxxxxxxxxxxxx02/27/2024verifiedHigh
8XXX.XXX.XXX.XXXXxxxxxxxxxxxx02/27/2024verifiedHigh
9XXX.XXX.XX.XXXXxxxxxxxxxxxx02/27/2024verifiedHigh
10XXX.XX.XX.XXXXxxxxxxxxxxxx02/27/2024verifiedHigh
11XXX.XXX.XXX.XXXXxxxxxxxxxxxx02/27/2024verifiedHigh
12XXX.XXX.XXX.XXXXxxxxxxxxxxxx02/27/2024verifiedHigh
13XXX.XXX.XXX.XXXxxxxxxxxxxxx02/27/2024verifiedHigh
14XXX.XXX.XXX.XXXXxxxxxxxxxxxx02/27/2024verifiedHigh
15XXX.XXX.X.XXxxxxxxxxxxxx.xxxXxxxxxxxxxxxx02/27/2024verifiedHigh
16XXX.XX.XX.XXXxxx-xxxxxxxxxxx-xx-xxxxxxxx.xxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxxxxxxx02/27/2024verifiedHigh
17XXX.XX.XX.XXXXxxxxxxxxxxxx02/27/2024verifiedHigh
18XXX.XX.XXX.XXXXxxxxxxxxxxxx02/27/2024verifiedHigh
19XXX.XXX.XX.XXXXxxxxxxxxxxxx02/27/2024verifiedHigh
20XXX.XXX.XXX.XXXXxxxxxxxxxxxx02/27/2024verifiedHigh
21XXX.XX.XX.XXXxxxxxxxxxxxx02/27/2024verifiedHigh
22XXX.XX.XXX.XXXXxxxxxxxxxxxx02/27/2024verifiedHigh
23XXX.XX.XXX.XXXXxxxxxxxxxxxx02/27/2024verifiedHigh
24XXX.XX.XXX.XXXXxxxxxxxxxxxx04/23/2024verifiedHigh
25XXX.XXX.XXX.XXXXxxxxxxxxxxxx02/27/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-24Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94, CWE-1321Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (159)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/?page=user/listpredictiveHigh
2File/admin/action/delete-vaccine.phppredictiveHigh
3File/admin/action/new-feed.phppredictiveHigh
4File/admin/action/update-deworm.phppredictiveHigh
5File/admin/ajax.php?action=save_areapredictiveHigh
6File/admin/pages/yearlevel.phppredictiveHigh
7File/admin/upload/imgpredictiveHigh
8File/admin1/file/downloadpredictiveHigh
9File/ajax.php?action=read_msgpredictiveHigh
10File/api/baskets/{name}predictiveHigh
11File/api/public/register/familypredictiveHigh
12File/application/index/controller/Databasesource.phppredictiveHigh
13File/application/index/controller/Datament.phppredictiveHigh
14File/application/index/controller/File.phppredictiveHigh
15File/application/index/controller/Pay.phppredictiveHigh
16File/ext/collect/filter_text.dopredictiveHigh
17File/file-manager/rename.phppredictiveHigh
18File/file-manager/upload.phppredictiveHigh
19File/xxxxx/xxxxx-xxxxxxxxpredictiveHigh
20File/xxxxx/xxxx.xxxpredictiveHigh
21File/xxxxxxx/xxxxx/xxxxxx/xxxxxx.xxxpredictiveHigh
22File/xxxx.xxxpredictiveMedium
23File/xxx/xxxxxxxx.xxxpredictiveHigh
24File/xxxxxxxxxxxx/xxxxxxxxpredictiveHigh
25File/xxxxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
26File/xxxxx/xxxxxxxxxxx/xxxxpredictiveHigh
27File/xxxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
28File/xxxxxxxx/xxxxxx_xxxxpredictiveHigh
29File/xxxxxxxx/xxxx_xxxxxxpredictiveHigh
30File/xxxxxxx.xxxpredictiveMedium
31File/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
32File/xxxx/xxx/xxxxxxxxxxxpredictiveHigh
33File/xxxxx-xxx/xxxxx.xxxpredictiveHigh
34File/xxxxxxxx/xxx.xxxpredictiveHigh
35File/xxxxxpredictiveLow
36File/xxx/xxx/xxxxxpredictiveHigh
37File/xxxxxxxpredictiveMedium
38File/xxxxxxxxx/xxxxxxxxxxxxxxxx/predictiveHigh
39File/xxxxxx/xxxxx.xxx/xxxxx/xxxxx/xxx_xxxxxx_xxxxxxxx.xxxxpredictiveHigh
40Filexxxxxxxx.xxxpredictiveMedium
41Filexxxxx.xxxpredictiveMedium
42Filexxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
43Filexxxxxxxxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
44Filexxxxxxxxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
45Filexxxxxxxxxxx/xxxxx/xxxxxxxxxx/xxx/xxxxx.xxxpredictiveHigh
46Filexxxxxxxxxxx/xxxxx/xxxxxxxxxx/x/xxx.xxxpredictiveHigh
47Filexxxxxxxx\xxxxx.xxxpredictiveHigh
48Filexxxxxxx.xxpredictiveMedium
49Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
50Filexxxxxx.xxxpredictiveMedium
51Filexxxxx.xxxpredictiveMedium
52Filexxxxxx/xxx.xpredictiveMedium
53Filexxxxxx/xxx.xpredictiveMedium
54Filexxx/xxxxxx/xxxxxx/xxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
55Filexxxxxxxxxxxxxxxxxxxxxxx.xpredictiveHigh
56Filexxxxxxxxx/xxxxxxxxxxxxxx.xxxpredictiveHigh
57Filexxxxxxx.xpredictiveMedium
58Filexxxx/xxxxxxxxxx.xxxpredictiveHigh
59Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
60Filexxxxxxx/xxx/xxxxxxxx/xxxxxxx/xxxxx/xxxxx_xxxxxxx.xpredictiveHigh
61Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveHigh
62Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
63Filexxxxxxxxxxxxxx.xxxpredictiveHigh
64Filexxxxxxxxxxxx.xxxpredictiveHigh
65Filexxx/xxx.xpredictiveMedium
66Filexxxx.xxxpredictiveMedium
67Filexxxxxxx/xxxxxxx/xxxxxxx/xxxxxx_xxxxxx.xxxpredictiveHigh
68Filexxxxxxx/xxxx/xxxxxx/xxxxxx.xxxpredictiveHigh
69Filexxxxxxx/xxxx_xxxx/xxxxxx/xxxxxx_xxx.xxxpredictiveHigh
70Filexxxxxx\xxxxx\xxxxxx_xxxx.xxpredictiveHigh
71Filexx.xxxpredictiveLow
72Filexxx/xxxxxx.xxxpredictiveHigh
73Filexxxxx.xxxpredictiveMedium
74Filexxxxxxxxx/xxxxx/xxx/xxx.xxxpredictiveHigh
75Filexxx/xxxxxxx/xxxxx-xxxxxxxx.xxxpredictiveHigh
76Filexxxxxx_xxxx.xxxpredictiveHigh
77Filexxxxxxx.xxxpredictiveMedium
78Filexxx_xxxx.xxxpredictiveMedium
79Filexxxxxxxx\xxxxxxxx\xxxxxxxxx\xxxx.xxxpredictiveHigh
80Filexxxxxxxx/xxxxx.xxxpredictiveHigh
81Filexxx-xxxxxxxx.xxxpredictiveHigh
82Filexxxxxxx/xxxxxxx/xxx.xxxpredictiveHigh
83Filexxxxxxx.xxxpredictiveMedium
84Filexxx.xpredictiveLow
85Filexxxxxx/xxxxxxx.xxxpredictiveHigh
86Filexxxxxxxxxx.xxxpredictiveHigh
87Filexxxxxx_xxxxxx.xxxpredictiveHigh
88Filexxxx_xxxxx.xxxpredictiveHigh
89Filexxxxxx_xxxx.xxxpredictiveHigh
90Filexxxxxxxxxxx.xxxpredictiveHigh
91Filexxxxxx-xxxxxxx.xxxpredictiveHigh
92Filexxxxxxxx.xxxpredictiveMedium
93Filexxx/xxxxxxxxxxxx.xxxpredictiveHigh
94Filexxx/xxxxxxx.xpredictiveHigh
95Filexxxx-xxxxxxxx.xxxpredictiveHigh
96Filexxxx-xxxxxxxx.xxxpredictiveHigh
97Filexxx/xx/xxx.xpredictiveMedium
98Filexxxx.xxxpredictiveMedium
99Filexxxx/xxxxxxx.xxxpredictiveHigh
100Filexxxx/xxxxxxxxx.xpredictiveHigh
101Filexxx.xxxpredictiveLow
102Libraryxxx/xxxxxx/xxxxxxxxx/xxxxxx.xpredictiveHigh
103Libraryxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
104Libraryxxxxxxxx.xxxpredictiveMedium
105Argument$xxxxpredictiveLow
106ArgumentxxxxxxxpredictiveLow
107ArgumentxxxxxxpredictiveLow
108ArgumentxxxpredictiveLow
109ArgumentxxxxpredictiveLow
110ArgumentxxxxxxxxpredictiveMedium
111Argumentxxxxxxxx_xxxxxpredictiveHigh
112ArgumentxxxpredictiveLow
113ArgumentxxxxxxxxxxpredictiveMedium
114ArgumentxxxpredictiveLow
115Argumentxxxxx_xxpredictiveMedium
116ArgumentxxxxxxxxxpredictiveMedium
117Argumentxxxxxx_xxxpredictiveMedium
118ArgumentxxxxxxxpredictiveLow
119ArgumentxxxxpredictiveLow
120ArgumentxxxxxxxxpredictiveMedium
121ArgumentxxxxxxxxpredictiveMedium
122Argumentxxxx_xxxxpredictiveMedium
123Argumentxxxx_xxxxxxpredictiveMedium
124Argumentxxxxx xxxx/xxxx xxxx/xxxxxxxxpredictiveHigh
125ArgumentxxxxxxxxpredictiveMedium
126ArgumentxxxpredictiveLow
127ArgumentxxpredictiveLow
128ArgumentxxxxxxxxxpredictiveMedium
129ArgumentxxxxxpredictiveLow
130ArgumentxxxpredictiveLow
131ArgumentxxxxpredictiveLow
132ArgumentxxxxxxxpredictiveLow
133Argumentxxxx/xxxxxpredictiveMedium
134Argumentxxx_xxxxxxpredictiveMedium
135ArgumentxxxxxxxpredictiveLow
136ArgumentxxxxxpredictiveLow
137ArgumentxxxxxxxpredictiveLow
138Argumentxxxxxxxx/xxxx/xxxxx/xxxx/xxxxxxxxx/xxxxxxxxxxxx/xxpredictiveHigh
139ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
140Argumentxxxxx_xxxxxxpredictiveMedium
141ArgumentxxxpredictiveLow
142ArgumentxxxxxxxxxxpredictiveMedium
143ArgumentxxxxxxxxpredictiveMedium
144ArgumentxxxxxxxxpredictiveMedium
145ArgumentxxxxpredictiveLow
146ArgumentxxxxxxxxxpredictiveMedium
147ArgumentxxxxxxxpredictiveLow
148ArgumentxxxxxxxxpredictiveMedium
149ArgumentxxxxxpredictiveLow
150ArgumentxxxpredictiveLow
151ArgumentxxxxxxxxxpredictiveMedium
152Argumentxxxx_xxxxpredictiveMedium
153ArgumentxxxpredictiveLow
154Argumentxxxxx_xxxxxxpredictiveMedium
155Argumentxxxxx_xxxxxxxxpredictiveHigh
156Argumentxx_xxpredictiveLow
157Argumentxxxx xxxxx/xxxxxxxpredictiveHigh
158Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveHigh
159Input Valuexxx.xxx[xxxxx]predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!