XtremeRAT Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en916
ru30
zh20
de8
es8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn380
us314
vn226
ru34
ie10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Mirai4
XtremeRAT2
Indexsinas2
Venom RAT1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined284
Operating System56
Content Management System48
Web Browser32
Router Operating System28

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined226
Microsoft68
Oracle30
Apple30
Google22

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows30
Linux Kernel14
WordPress14
Google Android12
Apple iOS10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.14CVE-2020-15906
2PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.019600.03CVE-2007-1287
3DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.73CVE-2010-0966
4TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010757.35CVE-2006-6168
5Microsoft Windows win32k.sys xxxMenuWindowProc denial of service5.55.0$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000000.03
6Apple CUPS Interface cross site scripting4.34.1$5k-$25k$0-$5kHighOfficial Fix0.008640.00CVE-2014-2856
7Apache Superset External URL redirect4.94.9$5k-$25k$0-$5kNot DefinedNot Defined0.004360.03CVE-2021-28125
8AWStats Config awstats.pl Privilege Escalation5.04.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000000.06
9MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.62CVE-2007-0354
10Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.59
11Ivanti Secure Access Client config8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.05CVE-2023-35080
12LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.38
13Oracle PeopleSoft Enterprise PeopleTools Integration Broker access control6.55.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.007990.05CVE-2017-3548
14nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.73CVE-2020-12440
15Pirelli DRG A115 v3 ADSL Router DNS privileges management7.36.6$0-$5k$0-$5kFunctionalWorkaround0.000000.02
16NotificationX Plugin SQL Statement sql injection5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.024140.05CVE-2022-0349

IOC - Indicator of Compromise (76)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
12.81.154.116bl20-154-116.dsl.telepac.ptXtremeRAT05/08/2023verifiedHigh
25.79.71.205XtremeRAT04/14/2022verifiedHigh
313.107.21.200XtremeRAT04/14/2022verifiedHigh
420.36.253.92XtremeRAT04/14/2022verifiedHigh
520.72.235.82XtremeRAT02/06/2023verifiedHigh
623.7.178.157a23-7-178-157.deploy.static.akamaitechnologies.comXtremeRAT05/08/2023verifiedHigh
723.32.81.118a23-32-81-118.deploy.static.akamaitechnologies.comXtremeRAT04/14/2022verifiedHigh
823.62.7.138a23-62-7-138.deploy.static.akamaitechnologies.comXtremeRAT04/14/2022verifiedHigh
923.62.230.159a23-62-230-159.deploy.static.akamaitechnologies.comXtremeRAT05/08/2023verifiedHigh
1023.202.2.105a23-202-2-105.deploy.static.akamaitechnologies.comXtremeRAT04/17/2023verifiedHigh
1123.202.81.150a23-202-81-150.deploy.static.akamaitechnologies.comXtremeRAT08/27/2022verifiedHigh
1252.8.126.80ec2-52-8-126-80.us-west-1.compute.amazonaws.comXtremeRAT05/08/2023verifiedMedium
1362.90.21.5462-90-21-54.barak.net.ilXtremeRAT05/07/2022verifiedHigh
1464.29.151.221hostedc40.carrierzone.comXtremeRAT05/07/2022verifiedHigh
1565.55.44.109XtremeRAT04/14/2022verifiedHigh
1666.163.170.52smtp-yahoo.mail-prod1.omega.vip.ne1.yahoo.comXtremeRAT02/06/2023verifiedHigh
17XX.XXX.XX.XXXxxxx-xxxxx.xxxx-xxxxx.xxxxx.xxx.xxx.xxxxx.xxxXxxxxxxxx02/06/2023verifiedHigh
18XX.XXX.X.XXxxx.xxxxxxx.xxxXxxxxxxxx05/08/2023verifiedHigh
19XX.XX.XXX.XXXxxx-xxx-xxx-xxx.xxx.xxxxxxxx.xxxXxxxxxxxx05/07/2022verifiedHigh
20XX.XXX.XX.XXXx-xx-xxx-xx-xxx.xxxx.xx.xxxxxxx.xxxXxxxxxxxx05/07/2022verifiedHigh
21XX.XX.XXX.XXXXxxxxxxxx04/14/2022verifiedHigh
22XX.XXX.XXX.XXxxxx-xxx-xxx-xx.xx.xx.xxx.xxxXxxxxxxxx05/07/2022verifiedHigh
23XX.X.XX.XXxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx.xxxXxxxxxxxx02/06/2023verifiedHigh
24XX.XXX.XXX.Xx-xx-xxx-xxx-x.xxxx.xx.xxxxxxx.xxxXxxxxxxxx05/07/2022verifiedHigh
25XX.XX.XX.XXXxxxxxxxx05/07/2022verifiedHigh
26XX.XX.XXX.XXXxxxxxxxx05/07/2022verifiedHigh
27XX.XXX.XXX.XXXxxxxx-xxx-xxx-xx.xxxxx.xxx.xxxxxx.xxxXxxxxxxxx02/06/2023verifiedHigh
28XX.XX.XXX.XXXxxxxxxxxxXxxxxxxxx05/07/2022verifiedHigh
29XX.XXX.XXX.XXXXxxxxxxxx05/07/2022verifiedHigh
30XX.XXX.XXX.XXXXxxxxxxxx05/07/2022verifiedHigh
31XX.XXX.XXX.XXxx-xxx-xxx-xx.xxxxx.xxxxxxx.xxxxxx.xxXxxxxxxxx05/07/2022verifiedHigh
32XX.XX.XX.XXxxxx-xx.xx.xx.xx.xxxxxx.xx.xxXxxxxxxxx05/07/2022verifiedHigh
33XX.XX.XX.XXXxxxxxxxx04/14/2022verifiedHigh
34XX.XX.XX.XXXXxxxxxxxx04/14/2022verifiedHigh
35XX.XX.XXX.XXXXxxxxxxxx05/07/2022verifiedHigh
36XX.XXX.XXX.XXXxxxxxxxx05/07/2022verifiedHigh
37XX.XX.XXX.XXXXxxxxxxxx05/07/2022verifiedHigh
38XX.XXX.XXX.XXXxxxxxxxx05/07/2022verifiedHigh
39XX.XXX.XXX.XXXxxxx-xx-xxx-xxx-xxx.xxxxxxx.xx.xxXxxxxxxxx05/07/2022verifiedHigh
40XX.XX.XX.XXXXxxxxxxxx05/05/2022verifiedHigh
41XX.XXX.XXX.XXXxxxx.xxxx.xxXxxxxxxxx04/14/2022verifiedHigh
42XX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxxx04/14/2022verifiedHigh
43XX.XX.XXX.XXXxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx.xxxXxxxxxxxx02/06/2023verifiedHigh
44XXX.XXX.X.XXxxxx-xxx-x-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxxx04/14/2022verifiedHigh
45XXX.XXX.XXX.XXxxxx-xxx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxxx04/17/2023verifiedHigh
46XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxx05/08/2023verifiedHigh
47XXX.XXX.XX.XXXxx-xxx-xxx-xxx-xx-xxx.xxxx.xxx.xxXxxxxxxxx05/07/2022verifiedHigh
48XXX.XX.XXX.XXXxxxxxx-xxx.xxxxxx.xx.xxxXxxxxxxxx05/07/2022verifiedHigh
49XXX.XXX.XX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxxxx05/08/2023verifiedHigh
50XXX.XXX.X.XXXXxxxxxxxx04/14/2022verifiedHigh
51XXX.XXX.XX.XXXXxxxxxxxx04/14/2022verifiedHigh
52XXX.XXX.XXX.XXXXxxxxxxxx04/14/2022verifiedHigh
53XXX.XXX.X.XXXxxxxxxxx04/14/2022verifiedHigh
54XXX.XXX.XXX.XXXxxxxxxxx05/07/2022verifiedHigh
55XXX.XXX.X.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxxxx04/14/2022verifiedHigh
56XXX.XXX.XXX.XXXxxxxxxx-xxxx-xxx-xxx-xxx-xxx.xxxx.xxx.xxXxxxxxxxx04/14/2022verifiedHigh
57XXX.XXX.XXX.XXXXxxxxxxxx04/14/2022verifiedHigh
58XXX.XX.XXX.XXXxxxxxx-xx-xxxxxxxxxxxxxx.xxxxx.xxx.xxXxxxxxxxx03/05/2022verifiedHigh
59XXX.XXX.XX.XXxxx-xxx-xxx-xx-xx.xxx.xxx.xxXxxxxxxxx04/28/2022verifiedHigh
60XXX.XX.XXX.XXxxxxxxx-xx-xxxxxxxxxx.xxxxx.xxx.xxXxxxxxxxx04/28/2022verifiedHigh
61XXX.XX.XXX.XXxxxxxx-xx-xxxxxxxxxx.xxxxx.xxx.xxXxxxxxxxx04/14/2022verifiedHigh
62XXX.XX.XXX.XXXXxxxxxxxx04/14/2022verifiedHigh
63XXX.XXX.XX.XXxxxxxxxx.xxxx.xxxXxxxxxxxx04/14/2022verifiedHigh
64XXX.XXX.XXX.XXXxxxxxxxx.xxxxxx.xxxXxxxxxxxx04/14/2022verifiedHigh
65XXX.XX.XX.Xxxxxxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxx05/08/2023verifiedHigh
66XXX.X.XX.XXxxxxxxxx05/08/2023verifiedHigh
67XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxxxxxx04/14/2022verifiedHigh
68XXX.XX.XX.XXXXxxxxxxxx04/17/2023verifiedHigh
69XXX.XXX.XX.XXXxxxx-x.xxxxxxxxxxxxXxxxxxxxx04/14/2022verifiedHigh
70XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxx04/14/2022verifiedHigh
71XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxx-xxxxxx-xxx.xxxxx.xxxXxxxxxxxx04/14/2022verifiedHigh
72XXX.XXX.XXX.XXXxxxxxxxx05/07/2022verifiedHigh
73XXX.XX.XXX.XXXxxxxxxxx05/07/2022verifiedHigh
74XXX.XX.XXX.XXXxxx.xx.xxxxxxxxxxx.xxxxxx.xxXxxxxxxxx05/08/2023verifiedHigh
75XXX.XX.XXX.XXXxxxx.xxxx.xxXxxxxxxxx04/14/2022verifiedHigh
76XXX.XXX.XXX.XXXXxxxxxxxx05/07/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (25)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-24, CWE-29Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94, CWE-1321Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-492CWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-108CWE-XX, CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
17TXXXX.XXXCAPEC-154CWE-XXXXxxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
19TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
20TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
21TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
22TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
23TXXXX.XXXCAPEC-CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
24TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh
25TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (342)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/predictiveLow
2File/admin/admin_user.phppredictiveHigh
3File/admin/category/savepredictiveHigh
4File/admin/list_ipAddressPolicy.phppredictiveHigh
5File/admin/subject.phppredictiveHigh
6File/auth/auth.php?user=1predictiveHigh
7File/boaform/device_reset.cgipredictiveHigh
8File/cgi-bin/cstecgi.cgipredictiveHigh
9File/cgi-bin/cstecgi.cgi?action=loginpredictiveHigh
10File/cgi-bin/cstecgi.cgi?action=login&flag=1predictiveHigh
11File/cgi-bin/nas_sharing.cgipredictiveHigh
12File/cgi-bin/system_mgr.cgipredictiveHigh
13File/cgi-bin/wlogin.cgipredictiveHigh
14File/cgi/cpaddons_report.plpredictiveHigh
15File/common/dict/listpredictiveHigh
16File/debug/pprofpredictiveMedium
17File/DXR.axdpredictiveMedium
18File/forum/away.phppredictiveHigh
19File/goform/goform_get_cmd_processpredictiveHigh
20File/HNAP1/predictiveLow
21File/importexport.phppredictiveHigh
22File/install/predictiveMedium
23File/Interface/DevManage/VM.phppredictiveHigh
24File/main/doctype.phppredictiveHigh
25File/main/webservices/additional_webservices.phppredictiveHigh
26File/mcpredictiveLow
27File/ndmComponents.jspredictiveHigh
28File/net/bluetooth/rfcomm/core.CpredictiveHigh
29File/oauth/idp/.well-known/openid-configurationpredictiveHigh
30File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
31File/pdfpredictiveLow
32File/register.phppredictiveHigh
33File/remote/put_filepredictiveHigh
34File/setting/NTPSyncWithHostpredictiveHigh
35File/spip.phppredictiveMedium
36File/squashfs-root/etc_ro/custom.confpredictiveHigh
37File/src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.cpredictiveHigh
38File/staff/bookdetails.phppredictiveHigh
39File/xxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
40File/xxxxxxxx/xxxxxx-xxxxxxx.xxxpredictiveHigh
41File/xxxxxx-xxxxxxxx-xxxx/predictiveHigh
42File/xxxxxxx/xxxx.xxxpredictiveHigh
43File/xxx/xxx/xxxx-xx/xxpredictiveHigh
44File/xxx/xxx/xxxx/xxxx-xxx-xxxxxxxxpredictiveHigh
45File/xxx/xxxxxxxx.xxxpredictiveHigh
46File/xx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
47Filexxxxxxxxxxx.xxxpredictiveHigh
48Filexxxxxx/xxxx/xxxxxx.xxxxpredictiveHigh
49Filexxxxxxx.xxxpredictiveMedium
50Filexxx.xxxpredictiveLow
51Filexxxxx.xxxpredictiveMedium
52Filexxxxx.xxxxpredictiveMedium
53Filexxxxx.xxx?x=xxxxxx&x=xxxxxx&x=xxxxxxpredictiveHigh
54Filexxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
55Filexxxxx/xxxxxxx/xxxxxxx_xxxx_xxxx.xxxpredictiveHigh
56Filexxxxx/xxxx/xxxxxx/xxxxxxx/xxxxxx/xxxx_xxxxxxxxxx.xxxpredictiveHigh
57Filexxxxxxx.xxxpredictiveMedium
58Filexxxxx_xxxxxx.xxxpredictiveHigh
59Filexxxxxxxx.xxxpredictiveMedium
60Filexxx/xxxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
61Filexxx/xxxxxxx/xxxxxxxxxxx_xxxxxx.xxpredictiveHigh
62Filexxxx/xxx/xxxxxx/xxx-xxxxxx.xpredictiveHigh
63Filexxxxxxx.xpredictiveMedium
64Filexxxxxxxx.xxxxpredictiveHigh
65Filexxxxxxxxxxxxxxxx.xxxxpredictiveHigh
66Filexxxxxxx.xxpredictiveMedium
67Filexxxxxxx/xxxxx/xxxx/predictiveHigh
68Filexxxxxxx.xxxxpredictiveMedium
69Filexxx/xxxxxpredictiveMedium
70Filexxxxxx.xpredictiveMedium
71Filexxxxx/xxx-xxxxxx.xpredictiveHigh
72Filexxxxxxxxxx/xxx/xxxxxxx.xxxxpredictiveHigh
73Filexxxxxxx/xxxxxxx/xxxxxxx.xxxx?xxxxpredictiveHigh
74Filexxxx.xpredictiveLow
75Filexxx-xxxx.xxxpredictiveMedium
76Filexxx-xxx/xxxxxxx_xxxxxxxxpredictiveHigh
77Filexxx-xxx/xxxxx/xxxxx/xxxxx/xxx_xxxx/xxxx_xxxx/predictiveHigh
78Filexxxxxxxx/xxxxxxxxxxx/xxxxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
79Filexxxxx.xxxpredictiveMedium
80Filexxx.xxx?xxx=xxxxx_xxxxpredictiveHigh
81Filexxxxxx/xxx.xpredictiveMedium
82Filexxxxxx/xxx.xpredictiveMedium
83Filexxxxx-xxxxxxx.xxxpredictiveHigh
84Filexxxxxx.xxxpredictiveMedium
85Filexxxxxx.xxxpredictiveMedium
86Filexxxxxx/x.xpredictiveMedium
87Filexxxx/xxxxxx.xxxxpredictiveHigh
88Filexxxxxxxx.xxxpredictiveMedium
89Filexxxxxxx.xxxpredictiveMedium
90Filexxxxxxx.xxxpredictiveMedium
91Filexxxxxxx.xxxpredictiveMedium
92Filexxxxx.xxxpredictiveMedium
93Filexxxxxxxxxxxxxxxx-xxx/xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxxxxxx/xxx/xxxxxxxx/xxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
94Filexxxxxxx/xxx/xxx/xxx_xxxxxx.xpredictiveHigh
95Filexxxxxxx/xxxx/xxxxxx/xxx.xpredictiveHigh
96Filexxxxxxx/xxxxx/xxxxx/xxxxxx-xxx.xpredictiveHigh
97Filexxxxx.xxxpredictiveMedium
98Filexxxxx_xx.xxpredictiveMedium
99Filexxxxxxx.xpredictiveMedium
100Filexx/xxx/xxxxxx/xxxxxxx.xpredictiveHigh
101Filexxxx.xxxpredictiveMedium
102Filexxxxxx/xxxxx/xxxx.xxxxxxxx.xxxpredictiveHigh
103Filexxxxxxxxxx.xxxpredictiveHigh
104Filexxxxxx.xxxxpredictiveMedium
105Filexx-xxxxxxx/xxxxxxxpredictiveHigh
106Filexxxxxx/xxxxxxxxxxxxxpredictiveHigh
107Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
108Filexxxxxxxxx.xxxpredictiveHigh
109Filexxxxxx_xxxx_xxxxxx.xxxpredictiveHigh
110Filexxxx.xxxpredictiveMedium
111Filexxxx.xpredictiveLow
112Filexxxx_xxxx.xpredictiveMedium
113Filexxxxxx_xxxxxxx.xxxxpredictiveHigh
114Filexxx/xxxxxx.xxxpredictiveHigh
115Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
116Filexxxxx.xxxpredictiveMedium
117Filexxxxx.xxxxpredictiveMedium
118Filexxxxx.xxxpredictiveMedium
119Filexxxxxxxx.xxxpredictiveMedium
120Filexxxxxxx.xpredictiveMedium
121Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
122Filexxxxxxxxxxxxx.xxxpredictiveHigh
123Filexxxxx.xpredictiveLow
124Filexxx/xxxxxx.xxxpredictiveHigh
125Filexxxx.xpredictiveLow
126Filexxxxxxxxxx/xxxxxxxxxxxxx.xpredictiveHigh
127Filexxxxxxx/xxxx.xpredictiveHigh
128Filexxxxxxx.xxpredictiveMedium
129Filexxxxx.xxxpredictiveMedium
130Filexxxxxxxxxx/xx.xpredictiveHigh
131Filexxxx.xxxpredictiveMedium
132Filexxxxxxxx.xxxpredictiveMedium
133Filexxxx/xxxxxxxxxx.xxxpredictiveHigh
134Filexxxxxx.xxxpredictiveMedium
135Filexxxxx.xxx.xxxpredictiveHigh
136Filexxx_xxxxx.xxxx/xxx_xxxxxxxx.xxxxpredictiveHigh
137Filexxx/xxxxxxxxx/xxx_xxxxxxxxx.xpredictiveHigh
138Filexxxxxx.xxxpredictiveMedium
139Filexxx_xxxx.xxxpredictiveMedium
140Filexxx/xx/xxx/xxxxxxxxxxpredictiveHigh
141Filexx/xxxxxxx/xxxxxxxx/xxx-xxxxxx.xpredictiveHigh
142Filexx/xxxxxxx/xxxxxxxx/xxx.xpredictiveHigh
143Filexxxxx.xxxpredictiveMedium
144Filexxxxxxxx-xxxxxxxx.xxxpredictiveHigh
145Filexxxxxxxxxxx.xxxxpredictiveHigh
146Filexxxxxxx.xxxpredictiveMedium
147Filexxxxxxx-xxxxxx.xxxpredictiveHigh
148Filexxxxxx/xxxxxxxxxx/xxx/xxxx.xxxpredictiveHigh
149Filexxxxxxx/xxx/xxxxxxx/xxxxxx/xxxx-xxxxxxxxxx/<xxxxxx>/xx.xxxpredictiveHigh
150Filexxxxxxx.xxxpredictiveMedium
151Filexxx.xxxxx.xxxpredictiveHigh
152Filexxxxx.xxxpredictiveMedium
153Filexxxxx.xxxpredictiveMedium
154Filexxxxxxxx.xxxpredictiveMedium
155Filexxxxxxxxxx.xxxpredictiveHigh
156Filexxxxxxxxxxxx.xxxpredictiveHigh
157Filexxxxxxx.xxpredictiveMedium
158Filexxx.xxxpredictiveLow
159Filexx_xxx.xxpredictiveMedium
160Filexxxxxx.xxpredictiveMedium
161Filexxxxxxx/xxxxxxxxxxpredictiveHigh
162Filexxxxxx.xxxpredictiveMedium
163Filexxxxxx-xxxxx.xxxpredictiveHigh
164Filexxxxxx_xxxxxxxxx.xxxpredictiveHigh
165Filexxxxxxx.xxxpredictiveMedium
166Filexxxx_xxxxxxx.xxxpredictiveHigh
167Filexx_xxxxx_xxxx.xxxpredictiveHigh
168Filexxxxxxxx_xxxxxxxxx.xxxpredictiveHigh
169Filexxx.xxxxpredictiveMedium
170Filexxxxxxx.xxxpredictiveMedium
171Filexxx/xxxx/xxxx/xx/xxxxx/xxxxx/xxxx/xxxxxxxxxxxx.xxxxpredictiveHigh
172Filexxx/xxxx/xxxx/xxx/xxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
173Filexxxxxxxx.xxxpredictiveMedium
174Filexxx_xxxxxxx.xpredictiveHigh
175Filexxxx-xxxxx.xxxpredictiveHigh
176Filexxxx-xxxxx.xxxpredictiveHigh
177Filexxxx-xxxxxxxx.xxxpredictiveHigh
178Filexxxxx/xxxxx/xxxxxxxxx/xxxxxx.xxxpredictiveHigh
179Filexxxxx_xxx_xxxxxxx.xxxpredictiveHigh
180Filexxxxx.xxxpredictiveMedium
181Filexx/x.x.xx.xxxxxx/xxxxxxx/xx/xxxxx.xx.xxxxxxxxxpredictiveHigh
182Filexxxxxx/xxxxx.xxx/xxxx/xxxxpredictiveHigh
183Filexxxxxxxx/xxxxxxxxpredictiveHigh
184Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
185Filexxxx_xxxxx.xxxpredictiveHigh
186Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
187Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
188Filexx/xxxxxxxxx/xxpredictiveHigh
189Filexxxxxx.xxxpredictiveMedium
190Filexxx_xxxxx.xxxxpredictiveHigh
191Filexxxxx.xxxxxx.xxxxxxx.xxxpredictiveHigh
192Filexxxxxx.xxxpredictiveMedium
193Filexxxxxxxx.xxxpredictiveMedium
194Filexxxxxx.xxxpredictiveMedium
195Filexx.xxxxxx/xxxxxxx/predictiveHigh
196Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
197Filexx-xxxxxxx/xxxxxxx/xxxx-xx-xxxx/predictiveHigh
198Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
199Filexx-xxxxxxxxxxx.xxxpredictiveHigh
200Filexx/xx/xxxxxpredictiveMedium
201Filexxxx.xxpredictiveLow
202File\xx_xxxx\xxx\xxxxxxxx\xxxxxxxx_xxxxxxx.xxpredictiveHigh
203File{{xxxxxxxx}}/xxxxxpredictiveHigh
204Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
205Libraryxx/xxx/xxxx_xxxxxx.xxxpredictiveHigh
206Libraryx:/xxxxxxx xxxxx/xxxxx/xxxxxxx.xxxpredictiveHigh
207Libraryxxxxxxxx.xxxpredictiveMedium
208Libraryxxxxxxx.xxxpredictiveMedium
209Libraryxxxxxx_xxxxxxxx.xxxpredictiveHigh
210Libraryxxxxxxx-xxxxxx.xxxpredictiveHigh
211Libraryxxx/xxxx.xpredictiveMedium
212Libraryxxx/xx/xxxxx/xxxxxxxxxx/xxxx.xxpredictiveHigh
213Libraryxxx/xxx.xpredictiveMedium
214Libraryxxxxxx.xxxpredictiveMedium
215Libraryxxxxx.xxxpredictiveMedium
216Libraryxxxxxx.xxx.xxx.xxxpredictiveHigh
217Libraryxxxxxxx.xxxpredictiveMedium
218Libraryxxxxxx.xxxpredictiveMedium
219Argument.xxxxxxxxpredictiveMedium
220Argumentxx/xxpredictiveLow
221ArgumentxxxxxxpredictiveLow
222ArgumentxxxxxpredictiveLow
223ArgumentxxxxpredictiveLow
224ArgumentxxxxxxxxxxxxxpredictiveHigh
225ArgumentxxxxxxxxxxxxxxpredictiveHigh
226ArgumentxxxxxxxxpredictiveMedium
227Argumentxxxx_xxxpredictiveMedium
228ArgumentxxxxxpredictiveLow
229ArgumentxxxxxxpredictiveLow
230ArgumentxxxxxxxpredictiveLow
231ArgumentxxxxxxxxxxpredictiveMedium
232ArgumentxxxpredictiveLow
233ArgumentxxxxxxxpredictiveLow
234Argumentxxxxxxx xxxx/xxxxxxxxxxxpredictiveHigh
235ArgumentxxxxxxpredictiveLow
236ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
237Argumentxxxx_xxpredictiveLow
238ArgumentxxxxxpredictiveLow
239Argumentxxxxxxxxx_xxxxxx/xxxxxxxxx_xxxxxxpredictiveHigh
240ArgumentxxxxxxxxxpredictiveMedium
241ArgumentxxxxxxxpredictiveLow
242ArgumentxxxxxxpredictiveLow
243ArgumentxxxxxxxxxxxxpredictiveMedium
244ArgumentxxxxxpredictiveLow
245ArgumentxxxpredictiveLow
246ArgumentxxxxpredictiveLow
247ArgumentxxxxpredictiveLow
248ArgumentxxxxxxxxpredictiveMedium
249Argumentxxxxxxxx/xxxxxxx/xxxxxpredictiveHigh
250ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
251Argumentxxxxxxxxx/xxxxxxxx/xxxxxxxxpredictiveHigh
252Argumentxx_xxxxpredictiveLow
253ArgumentxxxxxxxpredictiveLow
254ArgumentxxxxxpredictiveLow
255Argumentxxxxxxxxx/xxxxxxpredictiveHigh
256Argumentxx=xxxxxx)predictiveMedium
257ArgumentxxxxpredictiveLow
258ArgumentxxxxxxxpredictiveLow
259Argumentxxxx_xxxxpredictiveMedium
260ArgumentxxxxpredictiveLow
261ArgumentxxpredictiveLow
262ArgumentxxpredictiveLow
263ArgumentxxpredictiveLow
264ArgumentxxxxxxxxxpredictiveMedium
265ArgumentxxxpredictiveLow
266Argumentxxx_xxxxxxxxpredictiveMedium
267ArgumentxxxxxxxpredictiveLow
268ArgumentxxxxxxxxxxxxxxpredictiveHigh
269Argumentxxxxxxxxx/xxxxxpredictiveHigh
270ArgumentxxxxxxxpredictiveLow
271ArgumentxxxxpredictiveLow
272ArgumentxxxxpredictiveLow
273ArgumentxxxxxxxxxxpredictiveMedium
274ArgumentxxxxxxxpredictiveLow
275ArgumentxxxxxxxxxpredictiveMedium
276Argumentxxx_xxxxxxx_xxxpredictiveHigh
277ArgumentxxxxxxxxxpredictiveMedium
278Argumentxxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxxpredictiveHigh
279ArgumentxxxxxxxxxpredictiveMedium
280Argumentxxxxxxxxxx/xxxxxxx/xxxxxxxxxxxxxpredictiveHigh
281Argumentxxx_xxxpredictiveLow
282ArgumentxxxxxxxxxpredictiveMedium
283Argumentxx_xxpredictiveLow
284Argumentxxxxxx/xxxxx/xxxxpredictiveHigh
285ArgumentxxpredictiveLow
286ArgumentxxxxxxxxpredictiveMedium
287Argumentxxxxx_xxxx_xxxxpredictiveHigh
288Argumentxxx_xxxxxxxxpredictiveMedium
289Argumentxxxx_xxxx_xxxxpredictiveHigh
290Argumentxxx/xxxxpredictiveMedium
291ArgumentxxxxxxxxxxxxxxxpredictiveHigh
292Argumentxxxxxxx_xx[xxxxx]predictiveHigh
293ArgumentxxxxxxxxxxxxpredictiveMedium
294Argumentxxxx_xxxpredictiveMedium
295ArgumentxxxxxxpredictiveLow
296ArgumentxxxxxxxxxxpredictiveMedium
297Argumentxxxxxxxx_xxxxxx_xxxxxpredictiveHigh
298Argumentxxxx_xxxxpredictiveMedium
299Argumentxxxxxx_xxpredictiveMedium
300ArgumentxxxxxxxxxpredictiveMedium
301ArgumentxxxpredictiveLow
302ArgumentxxxxxxxxxxxpredictiveMedium
303Argumentxxxxxxxx_xxxxxxx_xxxxxxx/xxxxxxxx_xxxxxx_xxxxxxxpredictiveHigh
304Argumentxxxx_xxpredictiveLow
305Argumentxxxx/xxxxxx/xxxxxxx/xxxxxxxxxxpredictiveHigh
306ArgumentxxxxxxpredictiveLow
307Argumentxxxxxxx[]predictiveMedium
308Argumentxxx_xxxxxpredictiveMedium
309ArgumentxxxxxxpredictiveLow
310ArgumentxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
311ArgumentxxxxxxxxxxxxxxxpredictiveHigh
312Argumentxxxxxxxxxx_xxxx_xxxxxxpredictiveHigh
313ArgumentxxpredictiveLow
314ArgumentxxxxxxpredictiveLow
315ArgumentxxxpredictiveLow
316ArgumentxxxxxxxxpredictiveMedium
317ArgumentxxxxxxxxpredictiveMedium
318Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
319ArgumentxxxxxxxxxpredictiveMedium
320Argumentxxx_xxxxpredictiveMedium
321ArgumentxxxxpredictiveLow
322ArgumentxxpredictiveLow
323ArgumentxxxpredictiveLow
324ArgumentxxxxxxpredictiveLow
325Argumentx-xxxxxxxxx-xxxpredictiveHigh
326Argumentx-xxxxxxxxx-xxxxpredictiveHigh
327ArgumentxxxpredictiveLow
328ArgumentxxxxpredictiveLow
329Input Value"><xxxxxx xxx="xxxxx://xx.xxx/xxxxxxxxxx"></xxxxxx>predictiveHigh
330Input Value%xxpredictiveLow
331Input Value%xxxxxxxx%xxxxxxx%xxxxxxxx.xxxxxxxxxxxx%xxxxx,%xxxxx,%xxxxx%xx%xx%xx/xxxxxx%xxpredictiveHigh
332Input Value../../../xxx/xxxxxxpredictiveHigh
333Input Value/%xxpredictiveLow
334Input Valuex%xx"()%xx%xx<xxx><xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveHigh
335Input Value<xxxxxx>xxxxx('xxxxxxxx.xxxxxx='+xxxxxxxx.xxxxxx)</xxxxxx>.xxxxxpredictiveHigh
336Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
337Input Value<xxxxx/xxx=x xxxxxxx=xxxxx(xxxxxxxx.xxxxxx)>predictiveHigh
338Input ValuexxxxxxpredictiveLow
339Input Value\xpredictiveLow
340Pattern|xx|predictiveLow
341Network Portxxx/xxx (xxx)predictiveHigh
342Network Portxxx xxxxxx xxxxpredictiveHigh

References (11)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!