Banload Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (150)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	148
fr	2

Country

us	140
ru	2
fr	2

Actors

Banload	5
njRAT	1
Tofsee	1

Activities

Interest

Timeline

Type

Not Defined	40
Web Browser	6
Content Management System	6
Router Operating System	4
Web Server	4

Vendor

Not Defined	30
Cisco	12
Microsoft	4
Apple	4
Apache	4

Product

Apple Safari	4
Cisco IP Interoperability	2
Cisco Collaboration System	2
Firejail	2
Cisco IOS XR	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Portainer API Credentials credentials management	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00431	0.04	CVE-2018-19466
2	Sophos Web Appliance Change Password Dialog Box index.php access control	7.5	6.5	$0-$5k	$0-$5k	High	Official Fix	0.22815	0.00	CVE-2014-2849
3	Facebook API authorize redirect	6.3	5.7	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00000	0.00
4	Microsoft Internet Explorer HTTP/HTTPS Request config	4.3	4.1	$25k-$100k	$0-$5k	Proof-of-Concept	Unavailable	0.06106	0.00	CVE-2013-1451
5	ObiHai ObiPhone 1032/ObiPhone 1062 HTTP Digest Authentication Implementation improper authentication	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00000	0.02
6	Microsoft Office RTF Document Necurs Dridex access control	7.0	6.9	$25k-$100k	$0-$5k	High	Official Fix	0.97455	0.05	CVE-2017-0199
7	SPIP URL headers.php redirect	6.1	5.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00170	0.00	CVE-2019-16393
8	Ping Identity Agentless Integration Kit authorization.oauth2 cross site scripting	5.2	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00379	0.00	CVE-2019-13564
9	SpamAssassin URI resource management	5.9	5.2	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02981	0.00	CVE-2007-0451
10	request-baskets API Request {name} server-side request forgery	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.08109	0.00	CVE-2023-27163
11	Icinga Web SSH Resource File path traversal	6.7	6.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00294	0.00	CVE-2022-24715
12	MyBB Template Password information disclosure	4.3	4.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00000	0.02
13	Adobe Graphics Server information disclosure	4.0	3.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00044	0.00	CVE-2006-1182
14	WordPress Password Reset wp-login.php mail password recovery	6.1	5.8	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.02827	0.06	CVE-2017-8295
15	Microsoft Internet Explorer gopher URI memory corruption	7.3	6.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.58261	0.00	CVE-2002-0371
16	Chamilo LMS Gradebook Dependencies Tool gradebook_list.tpl cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00054	0.00	CVE-2018-20327
17	Crypt_GPG GPG Call Privilege Escalation	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00061	0.00	CVE-2022-24953
18	Git path traversal	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00106	0.04	CVE-2023-23946
19	Gitea Git Backend argument injection	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00170	0.04	CVE-2022-42968
20	Mattermost Audit Log log file	5.6	5.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00105	0.03	CVE-2023-1831

IOC - Indicator of Compromise (85)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	5.57.226.202		Banload	04/23/2022	verified	High
2	13.107.21.200		Banload	07/22/2021	verified	High
3	23.218.129.107	a23-218-129-107.deploy.static.akamaitechnologies.com	Banload	04/16/2022	verified	High
4	31.13.66.19	xx-fbcdn-shv-01-iad3.fbcdn.net	Banload	07/24/2021	verified	High
5	34.102.185.99	99.185.102.34.bc.googleusercontent.com	Banload	07/24/2021	verified	Medium
6	34.212.89.14	ec2-34-212-89-14.us-west-2.compute.amazonaws.com	Banload	07/22/2021	verified	Medium
7	51.254.152.94	ns1861.webempresa.eu	Banload	04/16/2022	verified	High
8	52.95.165.35	s3-sa-east-1.amazonaws.com	Banload	07/22/2021	verified	Medium
9	52.216.76.254	s3-1.amazonaws.com	Banload	07/22/2021	verified	Medium
10	52.216.84.109	s3-1.amazonaws.com	Banload	07/22/2021	verified	Medium
11	52.216.129.45	s3-1.amazonaws.com	Banload	07/22/2021	verified	Medium
12	52.216.245.54	s3-1.amazonaws.com	Banload	07/22/2021	verified	Medium
13	52.217.33.190	s3-1.amazonaws.com	Banload	07/22/2021	verified	Medium
14	52.217.45.150	s3-1.amazonaws.com	Banload	07/22/2021	verified	Medium
15	52.217.48.70	s3-1.amazonaws.com	Banload	07/22/2021	verified	Medium
16	52.217.79.142	s3-1.amazonaws.com	Banload	07/22/2021	verified	Medium
17	52.217.85.222	s3-1.amazonaws.com	Banload	07/22/2021	verified	Medium
18	XX.XXX.XX.XX		Xxxxxxx	05/06/2022	verified	High
19	XX.XXX.XX.X	xxxxxx.xxxxxx.xxx	Xxxxxxx	04/16/2022	verified	High
20	XX.XXX.XXX.XXX		Xxxxxxx	07/24/2021	verified	High
21	XX.XXX.XXX.XX	xx-xx-xxx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
22	XX.XX.XXX.XX	xxxxxxxxx.xx-xx-xx-xxx.xx	Xxxxxxx	10/08/2022	verified	High
23	XXX.XXX.XX.XXX		Xxxxxxx	04/23/2022	verified	High
24	XXX.XXX.XX.XXX		Xxxxxxx	04/23/2022	verified	High
25	XXX.XXX.XX.X	xxxxxxxx-xx-xx.xxxxx.xxx	Xxxxxxx	07/24/2021	verified	High
26	XXX.XXX.XX.X	xxxxxxxx-xx-xx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
27	XXX.XXX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxxxxx	07/24/2021	verified	High
28	XXX.XXX.XX.XXX	xxxxxxxx-xx-xxx.xxxxx.xxx	Xxxxxxx	10/08/2022	verified	High
29	XXX.XXX.XX.XXX	xxxxxxxx-xx-xx.xxxxx.xxx	Xxxxxxx	10/08/2022	verified	High
30	XXX.XXX.XX.XXX	xxxxxxxx-xx-xxx.xxxxx.xxx	Xxxxxxx	10/08/2022	verified	High
31	XXX.XXX.XXX.XXX	xxxxxx-xxx-xxx-xxx-xxx.xxxxx.x.xxxxxxxxxx.xxx	Xxxxxxx	07/24/2021	verified	High
32	XXX.XXX.XXX.XXX		Xxxxxxx	07/24/2021	verified	High
33	XXX.XXX.XX.XX	xx-xxxxx-xxx-xx-xxxx.xxxxx.xxx	Xxxxxxx	07/24/2021	verified	High
34	XXX.XXX.XX.XX	xxxx-xxxx-xxxx-xxx-xx-xxxx.xxxxxxxx.xxx	Xxxxxxx	07/24/2021	verified	High
35	XXX.XXX.X.XX		Xxxxxxx	04/16/2022	verified	High
36	XXX.XXX.X.XX		Xxxxxxx	04/16/2022	verified	High
37	XXX.XX.XXX.XX		Xxxxxxx	07/22/2021	verified	High
38	XXX.XX.XXX.XX		Xxxxxxx	07/22/2021	verified	High
39	XXX.XXX.X.XXX	xxxxxxxx-xx-xx.xxxxx.xxx	Xxxxxxx	07/24/2021	verified	High
40	XXX.XXX.X.XXX	xxxxxxxx-xx-xxx.xxxxx.xxx	Xxxxxxx	07/24/2021	verified	High
41	XXX.XXX.X.XXX	xxxxxxxx-xx-xxx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
42	XXX.XXX.X.XXX	xxxxxxxx-xx-xx.xxxxx.xxx	Xxxxxxx	07/24/2021	verified	High
43	XXX.XXX.XX.X	xxxxxxxx-xx-xx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
44	XXX.XXX.XX.XX	xxxxxxxx-xx-xx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
45	XXX.XXX.XX.XX	xxxxxxxx-xx-xxx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
46	XXX.XXX.XX.XX	xxxxxxxx-xx-xx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
47	XXX.XXX.XX.XXX	xxxxxxxx-xx-xxx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
48	XXX.XXX.XX.XXX	xxxxxxxx-xx-xxx.xxxxx.xxx	Xxxxxxx	07/24/2021	verified	High
49	XXX.XXX.XX.XXX	xxxxxxxx-xx-xx.xxxxx.xxx	Xxxxxxx	07/24/2021	verified	High
50	XXX.XXX.XX.X	xxxxxxxx-xx-xx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
51	XXX.XXX.XX.XX	xxxxxxxx-xx-xx.xxxxx.xxx	Xxxxxxx	07/24/2021	verified	High
52	XXX.XXX.XX.XX	xxxxxxxx-xx-xx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
53	XXX.XXX.XX.XXX	xxxxxxxx-xx-xx.xxxxx.xxx	Xxxxxxx	07/24/2021	verified	High
54	XXX.XXX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
55	XXX.XXX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
56	XXX.XXX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
57	XXX.XXX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
58	XXX.XXX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
59	XXX.XXX.XXX.XX	xx-xx-xxx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
60	XXX.XXX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
61	XXX.XXX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
62	XXX.XXX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
63	XXX.XXX.XXX.XX	xx-xx-xxx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
64	XXX.XXX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
65	XXX.XXX.XXX.XX	xx-xx-xxx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
66	XXX.XXX.XXX.XX	xx-xx-xxx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
67	XXX.XXX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
68	XXX.XXX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
69	XXX.XXX.XX.XX	xxxx-xxx-xx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxxxxxx	07/24/2021	verified	High
70	XXX.XXX.XX.XXX	xx.xx.xxxx.xxxxxx.xxxxxxxxx.xxx	Xxxxxxx	04/23/2022	verified	High
71	XXX.XXX.XX.XXX	xx.xx.xxxx.xxxxxx.xxxxxxxxx.xxx	Xxxxxxx	04/23/2022	verified	High
72	XXX.XXX.XX.XXX		Xxxxxxx	07/22/2021	verified	High
73	XXX.XXX.XX.XX	xxxxxxx.xxxxxxxxxxx.xxx.xx	Xxxxxxx	05/06/2022	verified	High
74	XXX.XXX.XXX.X		Xxxxxxx	07/24/2021	verified	High
75	XXX.XX.XX.XX		Xxxxxxx	07/22/2021	verified	High
76	XXX.XX.XXX.XX	xxx-xx-xxx-xx.xxxxxxxx.xxx.xx	Xxxxxxx	07/24/2021	verified	High
77	XXX.XXX.XX.XXX	xxx-xxx-xx-xxx.xxxxxx.xxx.xxx.xx	Xxxxxxx	07/24/2021	verified	High
78	XXX.XXX.XXX.XXX	xxx.xxxxx.xxx	Xxxxxxx	07/24/2021	verified	High
79	XXX.XX.XX.XX	xxxxxxxx.xxx.xx	Xxxxxxx	04/16/2022	verified	High
80	XXX.XXX.XXX.XX	xxx.xxxxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
81	XXX.XX.XXX.XX	xxx.xxxxxxxxxxx.xxx	Xxxxxxx	04/23/2022	verified	High
82	XXX.XX.XXX.XX	xx-xx-xxx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
83	XXX.XX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
84	XXX.XX.XXX.XX	xx-xx-xxx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High
85	XXX.XX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxxxxx	07/22/2021	verified	High

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1059	CAPEC-137	CWE-88	Argument Injection	predictive	High
3	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	High
4	T1068	CAPEC-122	CWE-264, CWE-269, CWE-284	Execution with Unnecessary Privileges	predictive	High
5	TXXXX.XXX	CAPEC-16	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	High
6	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
7	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
8	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
9	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
10	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
11	TXXXX	CAPEC-50	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
12	TXXXX	CAPEC-37	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
13	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
14	TXXXX.XXX	CAPEC-	CWE-XX	Xxxxxxxxxxxxx	predictive	High
15	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High
16	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (60)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/api/baskets/{name}	predictive	High
2	File	/as/authorization.oauth2	predictive	High
3	File	/Forms/WLAN_General_1	predictive	High
4	File	/html/portal/flash.jsp	predictive	High
5	File	/index.php	predictive	Medium
6	File	/lua/set-passwd.lua	predictive	High
7	File	/oauth/authorize	predictive	High
8	File	/xxxxxxx/	predictive	Medium
9	File	/xxxx/xxxx/xxxx.xxx	predictive	High
10	File	/xxxxxx	predictive	Low
11	File	xxxxxxxxxxxxxx.xxxx	predictive	High
12	File	xxxxx.xxxxxxxxx.xxx	predictive	High
13	File	xxxxxxx_xxx.xxx	predictive	High
14	File	xxxx_xxxx.xxx	predictive	High
15	File	xxxxxx/xxx/xxxxxxx.xxx	predictive	High
16	File	xxxxxxxxxxxxx.xxx	predictive	High
17	File	xxxxxxxxx/xxxxxxx.xxx	predictive	High
18	File	xxxxxxxx/xxxx_xxxx	predictive	High
19	File	xxxxxxxxx.xx	predictive	Medium
20	File	xxxxx.xxx	predictive	Medium
21	File	xxxxxxxxx/xx_xxxx_xxxxxxxxx_xxxxx/xx_xxxx_xxxxxxxxx.xxx	predictive	High
22	File	xxxx.x	predictive	Low
23	File	xxxxxxxxxxx/xxxx.x	predictive	High
24	File	xxxx/xxxxxxxx/xxxxxxx/xxxxx/xxxxxxxxx_xxxx.xxx	predictive	High
25	File	xxxxxxx/xxxxxxxxxxx.xx	predictive	High
26	File	xxxxxxxx.xxx	predictive	Medium
27	File	xxxxxxx.xxx	predictive	Medium
28	File	xxxxxxxxxxx.xxxx	predictive	High
29	File	xxxxxxxx.xxx	predictive	Medium
30	File	xxxxx.xxxx	predictive	Medium
31	File	xxxxxx/xxx_xxxxxxx.xxx	predictive	High
32	File	xxxxxx.xxx	predictive	Medium
33	File	xxxxxx.xxx	predictive	Medium
34	File	xxxxxxxx.x	predictive	Medium
35	File	xx-xxxxx.xxx	predictive	Medium
36	Argument	xxxxxxxxx	predictive	Medium
37	Argument	xxxxxxxx	predictive	Medium
38	Argument	xxxxx_xx	predictive	Medium
39	Argument	x:xxxxxxxxx/x:xxxxxxxx/x:xxx	predictive	High
40	Argument	xxxx_xxxxxx=xxxx	predictive	High
41	Argument	xxxx	predictive	Low
42	Argument	xxxxx	predictive	Low
43	Argument	xxxxx	predictive	Low
44	Argument	xxxxxxx_xxxx	predictive	Medium
45	Argument	xxxx/xxxxxxx xxxx/xxxxxxxxxxx	predictive	High
46	Argument	xxxx/xxxxx/xxxxxxxx	predictive	High
47	Argument	xxxxxxx	predictive	Low
48	Argument	xxxxxxxx	predictive	Medium
49	Argument	xxxxxxxx_xxx	predictive	Medium
50	Argument	xxxxxxxx_xxxx/xxxxxx_xx/xxxxxxxx_xxx	predictive	High
51	Argument	xxxxxx	predictive	Low
52	Argument	xxxxxxxxxx	predictive	Medium
53	Argument	xxx	predictive	Low
54	Argument	xxxxxxxx	predictive	Medium
55	Input Value	.%xxxx	predictive	Low
56	Input Value	../	predictive	Low
57	Input Value	<xxxxxx>xxxxx('xxx');</xxxxxx>xxxxxxx.xxx	predictive	High
58	Input Value	xxxxxx_xxxxxxxx	predictive	High
59	Input Value	xxxx://xx%xx[x-xxxxxxxxxxxxxxxxxxxx	predictive	High
60	Input Value	xxxxx%xx%xx%xxxxx.xxxxxxx.xxx%xxxx&%xx%xx%xxxxxxxx%xxxxxxx(x)%xx%xxxxxxxx%xx	predictive	High

References (8)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!