VPNFilter Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en878
fr114
it4
ru2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us784
fr112
de34
gb4
ir2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

VPNFilter5
Wannacry1
FIN71
Upatre1
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined128
Hosting Control Software32
WordPress Plugin12
Web Browser12
Content Management System12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined120
Google18
Synology12
Trend Micro10
Adobe10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

cPanel30
Google Chrome12
Adobe Acrobat Reader8
Trend Micro Apex One8
Trend Micro OfficeScan XG8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Discuz! admin.php cross site scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000540.06CVE-2018-19464
2Simple Machines Forum Access Restriction PersonalMessage.php MessageSearch2 access control8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001820.00CVE-2018-10305
3DM Guestbook guestbook.php path traversal7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.044030.00CVE-2007-5821
4PHPNews news.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001560.00CVE-2005-2156
5University of Cambridge Exim Batched SMTP Mode format string7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.196070.04CVE-2001-0690
6phpBB redirect6.15.7$0-$5k$0-$5kUnprovenOfficial Fix0.002560.05CVE-2015-3880
7Discuz!ML Cookie code injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.040150.02CVE-2019-13956
8phpBB startup.php cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002870.02CVE-2015-1431
9Dokeos Open Source Learning And Knowledge Management Tool viewthread.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004090.00CVE-2007-6574
10Microsoft Windows NTFS Local Privilege Escalation7.87.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.002510.00CVE-2023-29346
11Revive Adserver afr.php cross site scripting4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.006050.03CVE-2021-22872
12Trojan-Proxy.Win32.Ranky.dh Service Port 17503 backdoor7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.00
13WordPress XML-RPC access control7.67.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002880.05CVE-2020-28035
14Plesk Obsidian Reflected cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001510.00CVE-2020-11583
15PHPList template.php cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000770.00CVE-2020-12639
16Kunena news.php sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001350.04CVE-2012-4868
17PHP http_fopen_wrapper.c php_stream_url_wrap_http_ex memory corruption8.07.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.798890.04CVE-2018-7584
18WP GDPR Plugin controller-comments.php Stored cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001160.00CVE-2020-20628
19Advanced Guestbook admin.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.003270.04CVE-2005-3588
20phpBB sessions.php information disclosure7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.049210.00CVE-2005-0614

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.149.250.54columb.dp.uaVPNFilter06/10/2018verifiedHigh
246.151.209.33timelypromotions.netVPNFilter06/10/2018verifiedHigh
362.210.180.229sully.siptology.comVPNFilter06/10/2018verifiedHigh
4XX.XXX.XXX.XXXXxxxxxxxx06/10/2018verifiedHigh
5XX.XXX.XXX.XXXxxxxxxxxx.xx-xx-xxx-xxx.xxXxxxxxxxx06/10/2018verifiedHigh
6XX.XXX.XX.XXXxxxxxxxx06/10/2018verifiedHigh
7XX.XXX.XXX.XXXXxxxxxxxx06/10/2018verifiedHigh
8XX.XXX.XX.XXxxx-xx-xxx-xx-xx.xxxx.xxxxxxxxxx.xxxXxxxxxxxx06/10/2018verifiedHigh
9XX.XXX.XXX.XXXxxxxxxxx06/10/2018verifiedHigh
10XX.XXX.XXX.XXXxxxxxxxxxx.xxxXxxxxxxxx06/10/2018verifiedHigh
11XXX.XXX.XXX.XXxxxxxxxxxxxxxxxxx.xxxXxxxxxxxx06/10/2018verifiedHigh
12XXX.XX.XXX.XXxxx-xx.xxxxxx.xxxXxxxxxxxx06/10/2018verifiedHigh
13XXX.XX.XXX.XXXxxxxxxxx06/10/2018verifiedHigh

TTP - Tactics, Techniques, Procedures (24)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
12TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
13TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
18TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
20TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
21TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
22TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
23TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
24TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (126)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/markdownpredictiveHigh
2File/atheme/src/crypto-benchmark/main.cpredictiveHigh
3File/cgi-bin/kerbynetpredictiveHigh
4File/cgi-bin/touchlist_sync.cgipredictiveHigh
5File/Core/Ap4Stz2Atom.cpppredictiveHigh
6File/etc/config/cameopredictiveHigh
7File/etc/fstabpredictiveMedium
8File/goform/aspFormpredictiveHigh
9File/ofrs/admin/?page=user/manage_userpredictiveHigh
10File/user/dls_download.phppredictiveHigh
11File/xxl-job-admin/jobinfopredictiveHigh
12FileAAVCAssembler.cpppredictiveHigh
13Fileadmin.phppredictiveMedium
14FileAdmin.phppredictiveMedium
15Fileadmin/admin.guestbook.phppredictiveHigh
16Fileadmin/comment.phppredictiveHigh
17Filexxx.xxxpredictiveLow
18Filexxxxx_xxx.xxxpredictiveHigh
19Filexxxxxxxxxx.xxxpredictiveHigh
20Filexxxx.xxxpredictiveMedium
21Filexxxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxxpredictiveHigh
22Filexxx-xxxx.xxxpredictiveMedium
23Filexxx.xxxpredictiveLow
24Filexxxxxxxxx/xxxxxx/xxxxxxx/xxxx/xxxxx.xpredictiveHigh
25Filexxxxxxx.xxxpredictiveMedium
26Filexxxxxxxxxx/xxxxxxxxxx-xxxxxxxx.xxxpredictiveHigh
27Filexxxxxxx_xxxxx.xxxpredictiveHigh
28Filexxxxxx.xxxpredictiveMedium
29Filexxx/xxxxxxxxxxx.xxxpredictiveHigh
30Filexxxxxxxxxxxxx.xxxpredictiveHigh
31Filex-xxxxx_xxxx.xxpredictiveHigh
32Filexxxxxxx/xxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
33Filexxx/xxxxxxxx/xxxx_xxxxx_xxxxxxx.xpredictiveHigh
34Filexxxxx/xxxxxxxxxx.xxxpredictiveHigh
35Filexx/xx_xxxxx.xpredictiveHigh
36Filexxxxxxx.xxxpredictiveMedium
37Filexxxxxxxxx.xxxpredictiveHigh
38Filexxxxxxxxx.xxpredictiveMedium
39Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
40Filexxxxxxx/xxxxxxx.xxxpredictiveHigh
41Filexxxxx.xxxpredictiveMedium
42Filexxxxx.xxxpredictiveMedium
43Filexxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
44Filexxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
45Filexxxxxxxx/xxxxxxx.xxxpredictiveHigh
46Filexxxxx.xxxpredictiveMedium
47Filexxxxxxx.xxxpredictiveMedium
48Filexxxxxx\xxx\xxxxxxxx\xxxx.xxxpredictiveHigh
49Filexxxxx/xxxxx/xxxxxxxx.xxxpredictiveHigh
50Filexxxxx.xxxpredictiveMedium
51Filexxx_xxxxx_xxxxxx_xxxxx.xxxpredictiveHigh
52Filexxxxxxxx.xxxpredictiveMedium
53Filexxxx.xxxpredictiveMedium
54Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
55Filexxxxxx.xxxpredictiveMedium
56Filexxxxxxxx.xxxpredictiveMedium
57Filexxxxx/xxxxx.xxxpredictiveHigh
58Filexxxxxxxxxxxxxxxxxx/xxx.xxpredictiveHigh
59Filexxxxxxxx.xxxpredictiveMedium
60Filexxxx/xx.xxxpredictiveMedium
61Filexxxx/xxxxxxxpredictiveMedium
62Filexxxx.xxxpredictiveMedium
63Filexxxxxxxxx.xxxpredictiveHigh
64Filexxxxxxxxxxx.xxxpredictiveHigh
65Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
66Filexxxxxxxxxxxxxxxxx.xxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
67Filexx-xxxxxxxx/xxxxx-xx-xxxxxx-xxxxxx.xxxpredictiveHigh
68Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
69Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
70File~/xxxxxxxx-xxxxxxxx.xxxpredictiveHigh
71Libraryxxxxxxxx/xxx/xxxxxxxx.xxxpredictiveHigh
72Argument$xxxxpredictiveLow
73Argument(xxxxxx)predictiveMedium
74Argumentxx_xxpredictiveLow
75ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
76ArgumentxxxxxxxxxxxpredictiveMedium
77ArgumentxxxxxxxpredictiveLow
78ArgumentxxxxpredictiveLow
79ArgumentxxxxxxxxxxxxxxpredictiveHigh
80Argumentxxxxxx[xxxxxxxxxx]predictiveHigh
81Argumentxxxxxxx_xxxpredictiveMedium
82Argumentxxx_xxxx_xxxxpredictiveHigh
83ArgumentxxxxxxxxpredictiveMedium
84ArgumentxxxxpredictiveLow
85ArgumentxxxxxxxxxxpredictiveMedium
86ArgumentxxxxxpredictiveLow
87Argumentxxxx xxxx/xxxxx/xxxxxxxx/xxxxxxxxpredictiveHigh
88Argumentxxxxxxxxxxxxx/xxxxxxxpredictiveHigh
89ArgumentxxpredictiveLow
90ArgumentxxpredictiveLow
91Argumentxxx/xxxpredictiveLow
92Argumentxxxxxxxxx/xxxxxpredictiveHigh
93ArgumentxxpredictiveLow
94ArgumentxxxxpredictiveLow
95ArgumentxxxxpredictiveLow
96ArgumentxxxxxxxxxxpredictiveMedium
97Argumentxxxxxxxxxxxxx/xxxxxxxxxxpredictiveHigh
98Argumentxxxx_xxpredictiveLow
99ArgumentxxxxpredictiveLow
100ArgumentxxxxpredictiveLow
101Argumentxxxxx_xxxx_xxxpredictiveHigh
102Argumentxxxxx_xxxx_xxxxpredictiveHigh
103ArgumentxxxpredictiveLow
104Argumentxxxxxxxx_xxxxxpredictiveHigh
105ArgumentxxxxxxxxpredictiveMedium
106ArgumentxxxxxxxpredictiveLow
107ArgumentxxxxxxxxpredictiveMedium
108ArgumentxxxxxxxxxpredictiveMedium
109ArgumentxxxxxxxpredictiveLow
110Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
111ArgumentxxxxpredictiveLow
112ArgumentxxxxxxxxxpredictiveMedium
113ArgumentxxxxpredictiveLow
114ArgumentxxxxxxxxxxxxxxxpredictiveHigh
115ArgumentxxxxpredictiveLow
116ArgumentxxxxpredictiveLow
117Argumentxxxxxxxx[xxxx_xxxxxpredictiveHigh
118Argumentxxxxxxxx/xxxx_xxxxpredictiveHigh
119Argumentxxxxx/xx_xxxxxpredictiveHigh
120Argumentx/xpredictiveLow
121ArgumentxxxxxxxxpredictiveMedium
122Input Value%xx%xxxxx%xx/xxx/xxxxxx%xx%xxpredictiveHigh
123Input Value%xx%xxxxx%xx/xxx/xxxxxx%xx%xxpredictiveHigh
124Input Valuex" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="predictiveHigh
125Input Value<!-- xxxx -->predictiveHigh
126Network Portxxx/xxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!