AMOS Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en164
ru96
zh96
pl92
es80

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

pl92
ru82
es80
fr74
sv72

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

AMOS5
RedLine Stealer3
Raccoon3
Cobalt Strike3
DCRat2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined66
WordPress Plugin34
Operating System14
E-Commerce Management Software6
Connectivity Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined48
Tenda14
Campcodes8
Microsoft8
Apache4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Campcodes Complete Web-Based School Management Sys ...8
MailCleaner8
Tenda i216
Microsoft Windows6
OpenSSH4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Apryse WebViewer PDF Document cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.12CVE-2024-4327
2MailCleaner Email os command injection9.89.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.18CVE-2024-3191
3osCommerce all-products cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000650.24CVE-2024-4348
4MailCleaner Admin Interface cross site scripting6.56.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.18CVE-2024-3192
5SourceCodester Pisay Online E-Learning System controller.php unrestricted upload7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.41CVE-2024-4349
6MailCleaner Admin Endpoints os command injection8.88.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.06CVE-2024-3193
7Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.003394.07CVE-2015-5911
8BloomPixel Max Addons Pro for Bricks Plugin authorization6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.08CVE-2024-32951
9Extend Themes Teluro Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33688
10Elementor ImageBox Plugin cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.08CVE-2024-3074
11Apache HTTP Server mod_lua Multipart Parser r:parsebody out-of-bounds write8.58.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.088080.03CVE-2021-44790
12Dell Wyse Proprietary OS Telemetry Dashboard information disclosure4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-28963
13Apache Parquet Parquet-MR denial of service3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.00CVE-2021-41561
14Foliovision FV Flowplayer Video Player Plugin server-side request forgery5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-32955
15Dell Repository Manager API Module improper authorization8.38.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-28976
16Jegstudio Financio Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33690
17ThemeNcode Fan Page Widget by Plugin cross site scripting4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33695
18Pavex Embed Google Photos Album Plugin server-side request forgery5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.08CVE-2024-32775
19AnnounceKit Plugin cross site scripting2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-3023
20Repute Infosystems ARMember Plugin authorization7.87.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-32948

IOC - Indicator of Compromise (45)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.42.64.45AMOS01/31/2024verifiedHigh
25.42.64.83AMOS04/15/2024verifiedHigh
35.42.65.55AMOS12/07/2023verifiedHigh
45.42.65.102AMOS04/15/2024verifiedHigh
55.42.65.106AMOS04/15/2024verifiedHigh
65.42.65.107AMOS02/04/2024verifiedHigh
75.42.65.108AMOS01/17/2024verifiedHigh
85.42.66.22AMOS04/15/2024verifiedHigh
95.42.67.1AMOS04/15/2024verifiedHigh
10X.XX.XX.XXXXxxx05/19/2024verifiedHigh
11X.XX.XX.XXXXxxx05/19/2024verifiedHigh
12X.XXX.XX.Xxxxxxxxx-xxxxxx.xxxx.xxxxxxxXxxx12/23/2023verifiedHigh
13X.XXX.XXX.XXXXxxx05/12/2024verifiedHigh
14XX.XX.XXX.XXXxxxxxxxxx.xxxxxxx.xxx.xxXxxx04/15/2024verifiedHigh
15XX.XX.XXX.XXXxxxxxxxxx.xxxxxxx.xxx.xxXxxx04/15/2024verifiedHigh
16XX.XXX.XX.XXxxx-xx-xxx-xx-xx.xxxxx-xxxx.xxXxxx08/15/2023verifiedHigh
17XX.XXX.XXX.XXXxxx05/07/2024verifiedHigh
18XX.XXX.XXX.XXXxxx05/19/2024verifiedHigh
19XX.XXX.XXX.X.Xxxx04/10/2024verifiedHigh
20XX.XXX.XXX.XXXxxx-xxxxxx.xxxx.xxxxxxxXxxx01/08/2024verifiedHigh
21XX.XXX.XXX.XXXxxx04/15/2024verifiedHigh
22XX.XXX.XXX.XXXxxxxxxx.xxx.xxxxxx-xxxxxx.xxxxXxxx04/15/2024verifiedHigh
23XX.XXX.XXX.XXXxxxxxxxxxx-xxxx-xxxxxx.xxxx.xxxxxxxXxxx01/18/2024verifiedHigh
24XXX.XX.XX.XXXXxxx10/29/2023verifiedHigh
25XXX.XX.XXX.XXxxxxxx.xx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx04/15/2024verifiedHigh
26XXX.XX.XX.XXXxxxx.xxxxxxxxxxxx.xxxXxxx10/15/2023verifiedHigh
27XXX.XX.XXX.XXXXxxx10/29/2023verifiedHigh
28XXX.XXX.XX.XXXXxxx09/18/2023verifiedHigh
29XXX.XXX.XXX.XXXxxx12/17/2023verifiedHigh
30XXX.XXX.XXX.XXXXxxx03/10/2024verifiedHigh
31XXX.XXX.XXX.XXXXxxx12/07/2023verifiedHigh
32XXX.XXX.XXX.XXXxxx12/15/2023verifiedHigh
33XXX.XXX.XXX.XXXXxxx09/29/2023verifiedHigh
34XXX.XXX.XXX.Xxxxxxxxxxxxxx.xxxx.xxXxxx05/14/2024verifiedHigh
35XXX.XXX.XXX.XXXXxxx05/14/2024verifiedHigh
36XXX.XXX.X.XXXxxxxxxx.xxx.xxxxxx-xxxxxx.xxxxXxxx04/15/2024verifiedHigh
37XXX.XXX.XXX.XXXxxx05/13/2024verifiedHigh
38XXX.XXX.XXX.XXXXxxx05/01/2024verifiedHigh
39XXX.XXX.XXX.XXXXxxx05/07/2024verifiedHigh
40XXX.XXX.XXX.XXXXxxx03/19/2024verifiedHigh
41XXX.XXX.XXX.XXXXxxx03/19/2024verifiedHigh
42XXX.XXX.XXX.XXXXxxx04/17/2024verifiedHigh
43XXX.XXX.XXX.XXXXxxx03/19/2024verifiedHigh
44XXX.XX.XX.XXXxxx11/16/2023verifiedHigh
45XXX.XXX.XXX.XXXXxxx10/21/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (78)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/catalog/all-productspredictiveHigh
2File/changePasswordpredictiveHigh
3File/Employee/changepassword.phppredictiveHigh
4File/goform/addIpMacBindpredictiveHigh
5File/goform/DelDhcpRulepredictiveHigh
6File/goform/delIpMacBindpredictiveHigh
7File/goform/DelPortMappingpredictiveHigh
8File/goform/modifyDhcpRulepredictiveHigh
9File/goform/modifyIpMacBindpredictiveHigh
10File/goform/setBlackRulepredictiveHigh
11File/xxxxxx/xxxxxxxxxxpredictiveHigh
12File/xxxxxx/xxxxxxxxxpredictiveHigh
13File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
14File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
15File/xxxxxx/xxxxxxxxxxxxxpredictiveHigh
16File/xxxxxx/xxxxxxxxxxxpredictiveHigh
17File/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
18File/xxxxxxxxxxx.xxx/xxxxxxxxpredictiveHigh
19File/xxxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
20File/xxxxxxxx.xxxpredictiveHigh
21File/xxx/xxxxxxx/xxxpredictiveHigh
22File/xxxxxx-xxxxxx-xxxxxxx-xxxxxx/xxxxx/xxxxx.xxx?xxxx=xxxxxx_xxxxpredictiveHigh
23File/xxxx/xxxxxx_xxxxx_xxxxx_xxxxxx_xxxx.xxxpredictiveHigh
24File/xxxx/xxxxxxx xxxxxx/xxx/xxx_xxxx_xxxxxx.xxxpredictiveHigh
25File/xxxx/xxxx_xxxxxxxx.xxxpredictiveHigh
26File/xxxx/xxxxxxx_xxxxxxxxxx_xxxxxxxx.xxxpredictiveHigh
27File/xxxx/xxxxxxx_xxxx_xxxx_xxxxxx_xxxxx.xxxpredictiveHigh
28Filexxxxx/xxxxxxx/xxxxxxxxxxxxx.xxpredictiveHigh
29Filexxxxxxxxxxxx.xxxpredictiveHigh
30Filexxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
31Filexxx/xxxxxx.xxxpredictiveHigh
32Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
33Filexx/xxxxxx/xxxxxxxxxxpredictiveHigh
34Filexxxxx.xxxpredictiveMedium
35Filexxxxxx_xxxx.xxxpredictiveHigh
36Filexxxxxxxx.xxxpredictiveMedium
37Filexxxxxxxx.xxxpredictiveMedium
38Filexxxxxxxx.xxxpredictiveMedium
39Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
40Filexxxxxxx_xxxxxxxx.xxxpredictiveHigh
41Argumentxxxxx_xxxxxpredictiveMedium
42ArgumentxxxxxxxxpredictiveMedium
43ArgumentxxxxxxxxxxxxxpredictiveHigh
44ArgumentxxxpredictiveLow
45ArgumentxxxxxxxxxpredictiveMedium
46ArgumentxxxxxxxxxxxxpredictiveMedium
47ArgumentxxxxxxxxxxpredictiveMedium
48ArgumentxxxxxxxpredictiveLow
49Argumentxxxxx_xxxpredictiveMedium
50ArgumentxxxxpredictiveLow
51ArgumentxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
52Argumentxx/xxxxpredictiveLow
53ArgumentxxxxxpredictiveLow
54ArgumentxxxxxxxpredictiveLow
55ArgumentxxpredictiveLow
56ArgumentxxpredictiveLow
57ArgumentxxxxxxxxxxxxxxpredictiveHigh
58ArgumentxxxxxxxxxxxxxpredictiveHigh
59Argumentxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
60ArgumentxxxxxxxxxxpredictiveMedium
61ArgumentxxxxxxxxxxxxpredictiveMedium
62Argumentxx_xxxxxx_xxxxxxxxxxxxpredictiveHigh
63ArgumentxxxxpredictiveLow
64Argumentxxxx/xxxxxx/xxxxxxxpredictiveHigh
65ArgumentxxxxpredictiveLow
66ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
67Argumentxxxxxxx_xxxxxxx_xxxxx_xxxxx_xxxxxpredictiveHigh
68ArgumentxxxxxxpredictiveLow
69ArgumentxxxxxxxxpredictiveMedium
70ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
71Argumentxxxxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxpredictiveHigh
72ArgumentxxxxxxxxxpredictiveMedium
73ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
74ArgumentxxxxpredictiveLow
75ArgumentxxxxxxxxxxpredictiveMedium
76Argumentxxxxxx_xxxxxxxx/xxxxxx_xxxxxxxx/xxxxxxxxxx_xxxxxxxxpredictiveHigh
77ArgumentxxxxpredictiveLow
78Argumentxxxx/xxxxx/xxx/xxxx/xxxxxx/xxxxxxpredictiveHigh

References (14)

The following list contains external sources which discuss the actor and the associated activities:

Samples (14)

The following list contains associated samples:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!