Whiteshadow Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (386)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en336
de14
fr12
pl6
it4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us290
gb10
es6
fr4
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Whiteshadow14
Remcos4
Cobalt Strike3
Ave Maria3
BianLian2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined106
Content Management System18
Operating System14
Router Operating System10
WordPress Plugin10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined84
Microsoft12
Google10
Apple10
Cisco8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

DokuWiki6
Google Android6
Google Chrome4
Virtual Programming VP-ASP4
Apple Mac OS X Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.49CVE-2010-0966
3All Enthusiast Inc Reviewpost Php Pro showproduct.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.005010.00CVE-2004-2175
4AWStats Config awstats.pl Privilege Escalation5.04.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000000.04
5DokuWiki Media File Fetching HTTPClient.php HttpClient Port server-side request forgery8.68.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001030.02CVE-2016-7964
6AOL Client Software deskbar.dll denial of service7.56.5$0-$5k$0-$5kUnprovenOfficial Fix0.015160.00CVE-2007-1767
7jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
8AWStats awstats.pl privileges management7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.14
9Yahoo! Messenger JPEG2000 Image memory corruption7.36.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.063420.00CVE-2007-4391
10Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.03CVE-2017-0055
11WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.00CVE-2006-5509
12PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.49CVE-2015-4134
13PhotoPost PHP Pro showproduct.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002760.04CVE-2004-0250
14Online Banking System send_funds.php sql injection8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.002120.00CVE-2022-40113
15OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.32CVE-2016-6210
16Smartisoft phpBazar classified_right.php file inclusion6.56.2$0-$5k$0-$5kProof-of-ConceptUnavailable0.009330.09CVE-2006-2528
17Apple iOS/iPadOS CoreGraphics FORCEDENTRY integer overflow7.06.9$25k-$100k$5k-$25kHighOfficial Fix0.002330.04CVE-2021-30860
18BitTorrent uTorrent Bencoding Parser input validation6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.008670.04CVE-2020-8437
19Alt-N MDaemon Worldclient injection4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.04CVE-2021-27182
20TP-LINK TL-WR940N PingIframeRpm.htm ipAddrDispose memory corruption7.57.5$0-$5k$0-$5kProof-of-ConceptWorkaround0.054510.00CVE-2019-6989

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.92.156.76Whiteshadow09/29/2019verifiedHigh
245.138.172.161Whiteshadow09/29/2019verifiedHigh
346.246.85.129c-46-246-85-129.ip4.frootvpn.comWhiteshadow09/29/2019verifiedHigh
451.254.228.144Whiteshadow09/29/2019verifiedHigh
5XX.XXX.XXX.XXXxxxxxxxxxx09/29/2019verifiedHigh
6XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xx.xxxxxxxxxxxxx.xxx.xxXxxxxxxxxxx09/29/2019verifiedHigh
7XXX.XXX.XX.XXXxxxxxxxxxx09/29/2019verifiedHigh
8XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxx-xxxXxxxxxxxxxx09/29/2019verifiedHigh
9XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxx-xxxXxxxxxxxxxx09/29/2019verifiedHigh
10XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxx-xxxXxxxxxxxxxx09/29/2019verifiedHigh
11XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xx.xxxxxxxxxxxxx.xxx.xxXxxxxxxxxxx09/29/2019verifiedHigh
12XXX.XXX.XXX.XXXxxxxxxx.xxXxxxxxxxxxx09/29/2019verifiedHigh
13XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxx-xxxXxxxxxxxxxx09/29/2019verifiedHigh
14XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxx09/29/2019verifiedHigh
15XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxx-xxxXxxxxxxxxxx09/29/2019verifiedHigh
16XXX.XXX.XX.Xxxx.xxx.xx.x.xxxxxxxxx-xxxXxxxxxxxxxx09/29/2019verifiedHigh

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
12TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (178)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/edit_category.phppredictiveHigh
2File/admin/inventory/manage_stock.phppredictiveHigh
3File/admin/maintenance/view_designation.phppredictiveHigh
4File/classes/Master.phppredictiveHigh
5File/devices.phppredictiveMedium
6File/etc/fstabpredictiveMedium
7File/etc/sudoerspredictiveMedium
8File/EXCU_SHELLpredictiveMedium
9File/fastfood/purchase.phppredictiveHigh
10File/forum/away.phppredictiveHigh
11File/inc/HTTPClient.phppredictiveHigh
12File/inc/parser/xhtml.phppredictiveHigh
13File/loginVaLidation.phppredictiveHigh
14File/net-banking/send_funds.phppredictiveHigh
15File/Security/Transactions/Transactions.aspxpredictiveHigh
16File/uncpath/predictiveMedium
17Fileaccountlogon.cfmpredictiveHigh
18Fileaddentry.phppredictiveMedium
19Fileadd_customer.phppredictiveHigh
20Fileadmin/bad.phppredictiveHigh
21FileAdmin/edit-admin.phppredictiveHigh
22Filexxx_xxxxxx_xxxxxx.xxxpredictiveHigh
23Filexxx/xxxxx/xxxxxx/xxxxx/xxxxx.xxxpredictiveHigh
24Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
25Filexxxxxxx.xxpredictiveMedium
26Filexxxxxxxx.xxxpredictiveMedium
27Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
28Filexxxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxx/x-xxxxxxx/xxxxxxx/xxx/xxx/xxxxxxx.xxxpredictiveHigh
29Filexxxxxx.xxxpredictiveMedium
30Filexxxx_xxxxxx.xxxpredictiveHigh
31Filexxx.xxxpredictiveLow
32Filexxxxxxxx.xxxpredictiveMedium
33Filexxx.xpredictiveLow
34Filexxx-xxx/predictiveMedium
35Filexxxx.xxxpredictiveMedium
36Filexxxxxxxx.xxxpredictiveMedium
37Filexxxxxxxxxx_xxxxx.xxxpredictiveHigh
38Filexxxxxxxxxx/xxxxxxxxxxxxx/xxxxx/xxxxxx.xxxxpredictiveHigh
39Filexxxxxxxxx.xxxxpredictiveHigh
40Filexxxxxxx/x-xxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
41Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
42Filexxxxxxx.xxx/xxxxxxxxxx.xxxpredictiveHigh
43Filexxxxxxx.xxxpredictiveMedium
44Filexxxxxx.xxxpredictiveMedium
45Filexxxx.xxxpredictiveMedium
46Filexxxxxxxx.xxxxpredictiveHigh
47Filexxxxx.xxxpredictiveMedium
48Filexxxx/xxxxxxxxxx/xxxxxx-xxxxxxx.xpredictiveHigh
49Filexxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
50Filexxx_xx/xxx/xxxxxx.xxxpredictiveHigh
51Filexxxxx_xxx_xxxxx.xxxpredictiveHigh
52Filexxxx.xxxpredictiveMedium
53Filexxxxxxxxxxxxxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
54Filexxxxxxxxxxx/xxxxx.xxxpredictiveHigh
55Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
56Filexxxxx.xxxpredictiveMedium
57Filexxxxxxx.xxxpredictiveMedium
58Filexxxxxxx-xxxxxx/xxxxxxxx/xxxxx/xxxxxxxx/xxxxxxx_xxxxxxx.xxxpredictiveHigh
59Filexxxx.xxxpredictiveMedium
60Filexxxx.xxxxpredictiveMedium
61Filexx/xxxxxxx/xxx_xx.xpredictiveHigh
62Filexxxxx.xxxpredictiveMedium
63Filexxx/xxxxxx.xxxpredictiveHigh
64Filexxx_xxxxxxxxxxxxxx.xxxpredictiveHigh
65Filexxxxx.xxxpredictiveMedium
66Filexxxxx.xxxpredictiveMedium
67Filexxxxxxx.xxxpredictiveMedium
68Filexxxxx/xxxxxxxx.xpredictiveHigh
69Filexxxxx.xxxpredictiveMedium
70Filexxxxx.xxxxpredictiveMedium
71Filexxxxx.xxxpredictiveMedium
72Filexxxx.xxxpredictiveMedium
73Filexxxx/xxx_xxxx_xxxxxxxxx_xxxx.xpredictiveHigh
74Filexxxxxx.xxxpredictiveMedium
75Filexxxxxxx.xxxpredictiveMedium
76Filexxx-xxxxx.xxpredictiveMedium
77Filexxxxxx.xxxpredictiveMedium
78Filexxxx.xxxpredictiveMedium
79Filexxx.xxpredictiveLow
80Filexxxxxxxxxxxxx.xxxpredictiveHigh
81Filexxxxxxx_xxxxx.xxxpredictiveHigh
82Filexxxxxxxxxxx.xxxxpredictiveHigh
83Filexxxx.xpredictiveLow
84Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
85Filexxxxxx.xxxpredictiveMedium
86Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
87Filexxxxxxx.xxxxpredictiveMedium
88Filexxxxxx.xxxpredictiveMedium
89Filexxxx_xxxxxxxxx.xxxpredictiveHigh
90Filexxxx$xx.xxxpredictiveMedium
91Filexxxx.xxxpredictiveMedium
92Filexxxxxxxxx.xxxpredictiveHigh
93Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
94Filexxxxxxxxxxx.xxxpredictiveHigh
95Filexxxxxx.xxxxpredictiveMedium
96Filexxxxxx.xxxpredictiveMedium
97Filexxxxxxxxx_xxxpredictiveHigh
98Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
99Filexxxxx.xxxpredictiveMedium
100Filexxxxxx.xxxxpredictiveMedium
101Filexxxxxx.xxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
102Filexxxx.xxxpredictiveMedium
103Filexxxxxxxx.xxxpredictiveMedium
104Filexxxxxxx/xxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
105Filexxxxxx_xxxxxxxx.xxxpredictiveHigh
106Filexxxxxxxxxx.xxxpredictiveHigh
107Filexxxx_xxxx_xxxxxxx.xxxpredictiveHigh
108Filexx-xxxx/xxxxx.xxxpredictiveHigh
109File\xxxxx\xxxxxxxxxxxpredictiveHigh
110File_xxxxxxxx/xxxxxxxx.xxpredictiveHigh
111File~/xxxxxx/xxxxxx/xxxxxxx-xxxxxxx/xxxxxx/xxxxxxxx-xxxxxxx.xxxpredictiveHigh
112Libraryxxxxxxxxxxxxx.xxxpredictiveHigh
113Libraryxxxxxxx.xxxpredictiveMedium
114ArgumentxxxxxxpredictiveLow
115Argumentxxxxxxx_xxpredictiveMedium
116ArgumentxxxxxxxxpredictiveMedium
117ArgumentxxxpredictiveLow
118ArgumentxxxxxxxxxxpredictiveMedium
119ArgumentxxxxxpredictiveLow
120Argumentxxx_xxpredictiveLow
121ArgumentxxxxxxpredictiveLow
122Argumentxxxxxx$xxxxxxxxxxxxxxxx$xxxxxxxxxxxxxxxxxxxxxx$xxxxxxxxxx$xxxxxxxxxxxxxxxxpredictiveHigh
123ArgumentxxxxxxxxpredictiveMedium
124Argumentxxxxxx_xxpredictiveMedium
125Argumentxxxx_xxpredictiveLow
126Argumentxxxx_xxpredictiveLow
127ArgumentxxxxxxxxxxxpredictiveMedium
128ArgumentxxxpredictiveLow
129ArgumentxxxxpredictiveLow
130Argumentxxxxxx_xxxxxx_xxpredictiveHigh
131ArgumentxxxxpredictiveLow
132ArgumentxxxxxxxxxxpredictiveMedium
133ArgumentxxxxxxxxpredictiveMedium
134ArgumentxxpredictiveLow
135ArgumentxxpredictiveLow
136Argumentxx_xxxxxxxpredictiveMedium
137Argumentxxxx_xxpredictiveLow
138ArgumentxxxxxpredictiveLow
139ArgumentxxxxxxxxpredictiveMedium
140Argumentxxxxxx/xxpredictiveMedium
141Argumentxxxxxxxx_xxxpredictiveMedium
142ArgumentxxxxxxpredictiveLow
143ArgumentxxxxxxxpredictiveLow
144ArgumentxxxxxpredictiveLow
145ArgumentxxxxxxxxpredictiveMedium
146ArgumentxxxxxpredictiveLow
147ArgumentxxxpredictiveLow
148ArgumentxxxxxxpredictiveLow
149ArgumentxxxxxxpredictiveLow
150ArgumentxxxxxpredictiveLow
151ArgumentxxxxxpredictiveLow
152ArgumentxxxxxpredictiveLow
153Argumentxxxxx_xxpredictiveMedium
154ArgumentxxxxpredictiveLow
155Argumentxxxx/xxxxxx/xxxxxx_xx/xxxxxxxxpredictiveHigh
156ArgumentxxxxxxxxpredictiveMedium
157ArgumentxxxxxxxxxxxxpredictiveMedium
158ArgumentxxxxpredictiveLow
159ArgumentxxxxxxxxpredictiveMedium
160ArgumentxxxxxxxxpredictiveMedium
161ArgumentxxxxxxxxxpredictiveMedium
162ArgumentxxxpredictiveLow
163ArgumentxxxxxxpredictiveLow
164Argumentxxxx$xx.xxxpredictiveMedium
165ArgumentxxxxxxxxxxxpredictiveMedium
166ArgumentxxxxxpredictiveLow
167ArgumentxxxpredictiveLow
168ArgumentxxxpredictiveLow
169Argumentxxxx/xxxpredictiveMedium
170ArgumentxxxxxxxxpredictiveMedium
171ArgumentxxxxxxxxpredictiveMedium
172ArgumentxxxxxxxxpredictiveMedium
173Argument_xxxxpredictiveLow
174Input Value../predictiveLow
175Input Valuexxx xxxxxxxxpredictiveMedium
176Input Valuexxx "><xxx xxx="" xxxxxxx="xxxxx(xxxxxxxx.xxxxxx)">predictiveHigh
177Pattern|xx xx xx xx|predictiveHigh
178Network Portxxx/xx (xxxxxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!