BazarLoader Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (251)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en188
zh42
ru6
pt4
de4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us80
cn72
ru28
gb8
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike7
Mirai4
IcedID3
BazarLoader3
Bashlite2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined92
Programming Language Software10
Content Management System10
Smartphone Operating System8
Router Operating System8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined84
Google8
Cisco8
Microsoft8
Linux4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android6
Magento6
Linux Kernel4
Netgear RAX404
PHP4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2Zyxel NAS326/NAS542 Web Server os command injection9.89.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000680.04CVE-2023-4473
3phpMyAdmin Privileges.php sql injection7.17.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001450.05CVE-2020-10804
4Linux Kernel fbcon vt.c KD_FONT_OP_COPY out-of-bounds5.04.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2020-28974
5Magento Sitemap code injection5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.002640.00CVE-2019-7932
6CKFinder File Name unrestricted upload7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001550.07CVE-2019-15862
7Cisco IOS XE Web UI Remote Code Execution9.99.7$25k-$100k$5k-$25kHighOfficial Fix0.873280.04CVE-2023-20198
8Linux Kernel OverlayFS Subsystem permissions6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000420.02CVE-2021-3847
9Magento Search Module sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000700.02CVE-2021-21024
10Oracle JavaFX Remote Code Execution9.89.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.012400.00CVE-2013-1477
11Mavili Guestbook access control5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.005060.00CVE-2012-5298
12Mavili Guestbook edit.asp access control7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.009340.00CVE-2012-5299
13Saphp SaphpLesson misc.php sql injection7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.005720.02CVE-2006-3161
14Zoho ManageEngine ServiceDesk Plus FileDownload.jsp path traversal5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.008310.00CVE-2011-2757
15EasyVista sql injection7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000740.00CVE-2022-38492
16Liferay Portal/DXP Java2WsddTask._format xml external entity reference6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-25606
17ThingsBoard Host Header injection6.36.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002720.04CVE-2020-27687
18Netwave IP Camera Network Configuration kcore information disclosure4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002190.04CVE-2018-17240
19linlinjava litemall AdminOrdercontroller.java sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-24323
20Yii Yii2 path traversal7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000910.00CVE-2015-5467

Campaigns (3)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (162)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
13.101.57.185ec2-3-101-57-185.us-west-1.compute.amazonaws.comBazarLoader04/26/2022verifiedMedium
25.45.97.127v22018107054674935.goodsrv.deBazarLoader05/11/2022verifiedHigh
35.135.183.146freya.stelas.deBazarLoader05/11/2022verifiedHigh
413.56.161.214ec2-13-56-161-214.us-west-1.compute.amazonaws.comContiBazarLoader04/26/2022verifiedMedium
513.225.230.232server-13-225-230-232.jfk51.r.cloudfront.netBazarLoader02/19/2022verifiedHigh
613.226.32.216server-13-226-32-216.ewr53.r.cloudfront.netBazarLoader02/19/2022verifiedHigh
718.67.60.164server-18-67-60-164.iad89.r.cloudfront.netBazarLoader02/19/2022verifiedHigh
823.56.10.219a23-56-10-219.deploy.static.akamaitechnologies.comBazarLoader02/19/2022verifiedHigh
923.62.25.178a23-62-25-178.deploy.static.akamaitechnologies.comBazarLoader02/19/2022verifiedHigh
1023.82.19.173BazarLoader04/26/2022verifiedHigh
1123.94.51.8023-94-51-80-host.colocrossing.comBazarLoaderAnchor04/26/2022verifiedHigh
1223.95.238.12223-95-238-122-host.colocrossing.comBazarLoader03/19/2022verifiedHigh
1323.106.160.77BazarLoader04/26/2022verifiedHigh
1423.106.215.61BazarLoader04/26/2022verifiedHigh
1523.106.223.174BazarLoader03/25/2022verifiedHigh
1623.152.0.22anahiem.netBazarLoaderDiavol04/26/2022verifiedHigh
1723.160.193.217unknown.ip-xfer.netBazarLoader02/19/2022verifiedHigh
1823.193.217.119a23-193-217-119.deploy.static.akamaitechnologies.comBazarLoader02/19/2022verifiedHigh
1931.14.40.160perico.cavepanel.comContiBazarLoader04/26/2022verifiedHigh
2031.41.44.153rodion.oftin.93.example.comBazarLoader01/06/2023verifiedHigh
2131.171.251.118ch.ns.mon0.liBazarLoader07/22/2021verifiedHigh
2231.214.240.203BazarLoader07/22/2021verifiedHigh
2334.209.40.84ec2-34-209-40-84.us-west-2.compute.amazonaws.comBazarLoader01/08/2021verifiedMedium
2434.210.71.206ec2-34-210-71-206.us-west-2.compute.amazonaws.comBazarLoaderAnchor04/26/2022verifiedMedium
2534.219.130.241ec2-34-219-130-241.us-west-2.compute.amazonaws.comContiBazarLoader04/26/2022verifiedMedium
2634.221.188.35ec2-34-221-188-35.us-west-2.compute.amazonaws.comBazarLoader07/22/2021verifiedMedium
2734.222.222.126ec2-34-222-222-126.us-west-2.compute.amazonaws.comBazarLoader03/19/2022verifiedMedium
2835.165.197.209ec2-35-165-197-209.us-west-2.compute.amazonaws.comBazarLoader04/26/2022verifiedMedium
2940.76.4.15BazarLoader02/19/2022verifiedHigh
3040.112.72.205BazarLoader02/19/2022verifiedHigh
3140.113.200.201BazarLoader02/19/2022verifiedHigh
3245.14.226.23BazarLoader02/19/2022verifiedHigh
3345.71.112.70host-45-71-112-70.nedetel.netBazarLoader07/22/2021verifiedHigh
34XX.XX.XXX.XXxx.xx.xxx.xx.xxxxx.xxxXxxxxxxxxxx07/22/2021verifiedMedium
35XX.XX.XX.XXXxxxxxxxx.xx.xxxxxxxXxxxxxxxxxx04/26/2022verifiedHigh
36XX.XX.XX.XXXxxxxxxxx.xx.xxxxxxxXxxxxxxxxxx03/25/2022verifiedHigh
37XX.XX.XX.XXXxxxxxxxx.xx.xxxxxxxXxxxxxxxxxx03/25/2022verifiedHigh
38XX.XX.XX.XXXxxxxxxxx.xx.xxxxxxxXxxxxxxxxxx03/25/2022verifiedHigh
39XX.XX.XX.XXXxxxx.xxXxxxxxxxxxx03/25/2022verifiedHigh
40XX.XX.XX.XXXxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxxxx03/25/2022verifiedHigh
41XX.XX.XX.XXXxxxxxxx.xxxXxxxxxxxxxx03/25/2022verifiedHigh
42XX.XXX.XXX.XXXXxxxxxxxxxx04/26/2022verifiedHigh
43XX.XXX.XX.XXXxxxxx.xx-xx-xxx-xx.xxXxxxxxxxxxx03/19/2022verifiedHigh
44XX.XXX.XXX.XXXxxx.xxx.xxx.xx.xxxxxxxx-xxxx.xxxXxxxxxxxxxx05/11/2022verifiedHigh
45XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxxXxxxxx04/26/2022verifiedMedium
46XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx04/26/2022verifiedMedium
47XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx03/25/2022verifiedMedium
48XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx01/08/2021verifiedMedium
49XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxxXxxxxx04/26/2022verifiedMedium
50XX.XXX.XX.XXXxxxxxxxxxx02/19/2022verifiedHigh
51XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxxXxxxxx04/26/2022verifiedMedium
52XX.XXX.XX.XXXXxxxxxxxxxx07/13/2022verifiedHigh
53XX.XXX.XX.XXXxxxx.xxxxxx.xxxXxxxxxxxxxx07/22/2021verifiedHigh
54XX.XXX.XXX.XXXxxxxxxxxxxxxxxxxx.xxxxxxx.xxxXxxxxxxxxxx01/06/2023verifiedHigh
55XX.XXX.XXX.XXXxxxxxxxxxxxxxxx.xxxxxxx.xxxXxxxxxxxxxx01/06/2023verifiedHigh
56XX.XXX.XXX.XXXxxxxxxxxxxXxxxxx04/26/2022verifiedHigh
57XX.XXX.XX.XXXxxxxxxxxxx04/26/2022verifiedHigh
58XX.XXX.XX.XXxxxxx-xxx-xxxxxx-xxxxxxxx.xxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxxxxx04/26/2022verifiedHigh
59XX.XXX.XXX.XXxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxxx05/11/2022verifiedHigh
60XX.XX.XX.XXXXxxxxxxxxxx07/22/2021verifiedHigh
61XX.X.XXX.XXxxxxx-xxxxxx-xxxx.xxxx.xxxxx.xxx.xxx.xxxxx.xxxXxxxxxxxxxx02/19/2022verifiedHigh
62XX.X.XXX.XXxxxxx-xxxxxx-xxxx.xxxx.xxxxx.xxx.xxx.xxxxx.xxxXxxxxxxxxxx02/19/2022verifiedHigh
63XX.X.XXX.XXxxxxx-xxxxxx-xxxx.xxxx.xxxxx.xxx.xxx.xxxxx.xxxXxxxxxxxxxx02/19/2022verifiedHigh
64XX.XXX.XXX.XXxxxxxxxxx.xxxxxx.xxxXxxxxxxxxxx07/22/2021verifiedHigh
65XX.XX.XXX.XXXxxxxxxxxxxxxxx.xxxx.xxxxxxxXxxxxxxxxxx07/06/2022verifiedHigh
66XX.XX.XX.XXXXxxxxxxxxxx07/22/2021verifiedHigh
67XX.XXX.XX.XXxxxxxxxxxx.xxxxx.xxXxxxxxxxxxx05/11/2022verifiedHigh
68XX.XXX.XXX.XXXXxxxxxxxxxx07/13/2022verifiedHigh
69XX.XX.XXX.XXXxxxxxxxxxx03/19/2022verifiedHigh
70XX.XX.XX.XXXxxxxxxxxxx05/11/2022verifiedHigh
71XX.XX.XXX.XXXXxxxxxxxxxx03/25/2022verifiedHigh
72XX.XXX.XXX.XXxxxx.xxxxxxx.xxXxxxxxxxxxx07/22/2021verifiedHigh
73XX.XXX.XX.XXXxxxxx.xx-xx-xxx-xx.xxXxxxxxxxxxx07/22/2021verifiedHigh
74XX.XX.XXX.XXXxxxx.xxxxxx-xxxxxxx.xxXxxxxxxxxxx03/19/2022verifiedHigh
75XX.XXX.XXX.XXXXxxxxxxxxxx05/11/2022verifiedHigh
76XX.XXX.XXX.XXXxxxxxxxxxx06/12/2022verifiedHigh
77XX.XXX.XX.XXXxxxxxxxx.xxx-xxxxxxxx.xxXxxxxxxxxxx07/22/2021verifiedHigh
78XX.XXX.XX.XXXXxxxxxxxxxx03/19/2022verifiedHigh
79XX.XX.XX.XXXxxx-xx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxxxxx02/19/2022verifiedHigh
80XX.XXX.XX.XXXxxxxx-xxxxxx-xxxx.xxxx.xxxxx.xxx.xxx.xxxxx.xxxXxxxxxxxxxx02/19/2022verifiedHigh
81XX.XXX.XX.XXXxxxxx-xxxxxx-xxxx.xxxx.xxxxx.xxx.xxx.xxxxx.xxxXxxxxxxxxxx02/19/2022verifiedHigh
82XXX.XX.XX.XXxxxxxxxxxx03/25/2022verifiedHigh
83XXX.XX.XX.XXXXxxxxxxxxxx06/12/2022verifiedHigh
84XXX.XX.XX.XXXXxxxxxxxxxx03/25/2022verifiedHigh
85XXX.XX.XXX.XXXxxx.xxx.xx.xxx.xx-xxxx.xxxxXxxxxxxxxxx07/22/2021verifiedHigh
86XXX.XX.XX.XXXxxxx-xx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxxxxx02/19/2022verifiedHigh
87XXX.XXX.XXX.XXxxxx-xxx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxxxxx02/19/2022verifiedHigh
88XXX.XXX.XX.XXXxxxx-xxx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxxxxx02/19/2022verifiedHigh
89XXX.XXX.XX.XXXXxxxxxxxxxx07/06/2022verifiedHigh
90XXX.XXX.XXX.XXXxxxxxxxxxx02/19/2022verifiedHigh
91XXX.XXX.XX.XXXXxxxxxxxxxx06/11/2022verifiedHigh
92XXX.XXX.XX.Xxx-xxxxxxx-xxxx-xxxxxx-xxx-xxxxxxxx.xxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxxxxx06/11/2022verifiedHigh
93XXX.XXX.XX.XXXXxxxxxxxxxx05/11/2022verifiedHigh
94XXX.XXX.XX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxxx07/22/2021verifiedHigh
95XXX.XXX.XX.XXXxxxxxxxxxx03/25/2022verifiedHigh
96XXX.X.XXX.XXXxxxxx.xx-xxx-x-xxx.xxxXxxxxxxxxxx05/11/2022verifiedHigh
97XXX.X.XXX.XXxxxxx.xx-xxx.xxxxxx.xxxXxxxxxxxxxx05/11/2022verifiedHigh
98XXX.XX.XXX.XXxxxxxxx.xxxx.xxxXxxxxxxxxxx03/19/2022verifiedHigh
99XXX.XXX.XX.XXXxxxxxxxxxxXxxxxx04/26/2022verifiedHigh
100XXX.XX.XXX.XXXXxxxxxxxxxx04/26/2022verifiedHigh
101XXX.XX.XXX.XXXxxxxxxxxxx.xxxxxxx.xxxxXxxxxxxxxxx03/25/2022verifiedHigh
102XXX.XX.XXX.XXXxxxxxxxxxx04/26/2022verifiedHigh
103XXX.XX.XXX.XXXXxxxxxxxxxx07/06/2022verifiedHigh
104XXX.XX.XXX.XXXXxxxxxxxxxx07/06/2022verifiedHigh
105XXX.XX.XX.XXXxxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxxx07/06/2022verifiedHigh
106XXX.XXX.XX.XXXxxxx.xxxxxxxxxxxxx.xx.xxXxxxxXxxxxxxxxxx04/26/2022verifiedHigh
107XXX.XXX.XXX.XXxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxx05/11/2022verifiedHigh
108XXX.XX.XXX.XXXxxxxxxxx.xxxxxxxxx.xxx.xxXxxxxxxxxxx07/22/2021verifiedHigh
109XXX.XXX.XXX.XXxx-xxx-xxx-xxx.xxxxxxxxx.xxx.xxxxxXxxxxxxxxxx07/22/2021verifiedHigh
110XXX.XX.XXX.XXXxxxxxxxxxx06/12/2022verifiedHigh
111XXX.XX.XXX.XXxxxxxxxx.xxxXxxxxxxxxxx06/12/2022verifiedHigh
112XXX.XX.XXX.XXXxxxxxxxxxx07/06/2022verifiedHigh
113XXX.XX.XXX.XXXXxxxxxxxxxx07/22/2021verifiedHigh
114XXX.XXX.XXX.XXXxxxx.xxxxxx.xxxXxxxxxxxxxx06/11/2022verifiedHigh
115XXX.XXX.XXX.XXxxxxxxxxxxx.xx-xxxxxXxxxxxxxxxx06/11/2022verifiedHigh
116XXX.XXX.XX.XXXxxxxxxxxxx07/06/2022verifiedHigh
117XXX.XXX.XXX.XXXxxxxxx.xxxxx.xxXxxxxxxxxxx05/11/2022verifiedHigh
118XXX.XX.XXX.XXXXxxxxxxxxxx03/25/2022verifiedHigh
119XXX.XX.XXX.XXXXxxxxxxxxxx06/12/2022verifiedHigh
120XXX.XX.XXX.XXXXxxxxxxxxxx03/25/2022verifiedHigh
121XXX.XX.XXX.XXXxxxxxxxxxx07/22/2021verifiedHigh
122XXX.XX.XXX.XXxxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxx07/22/2021verifiedHigh
123XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxxx07/22/2021verifiedHigh
124XXX.XX.XXX.XXXXxxxxxxxxxx02/19/2022verifiedHigh
125XXX.XX.XXX.XXxxxxxxxxxx01/06/2023verifiedHigh
126XXX.XX.XXX.XXxxxxxxxxxx01/06/2023verifiedHigh
127XXX.XXX.XXX.XXXxxxxxxxxxx03/25/2022verifiedHigh
128XXX.XXX.XX.XXXxxxxxxx.xxxx.xxxxXxxxxxxxxxx03/19/2022verifiedHigh
129XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxxxxx03/19/2022verifiedHigh
130XXX.XX.X.XXXxxx-xxx-xx-x-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx03/25/2022verifiedMedium
131XXX.XX.XXX.XXXXxxxxxxxxxx05/11/2022verifiedHigh
132XXX.XX.XXX.XXXxxx.xx.xxxxxxxxxx.xxxXxxxxxxxxxx02/19/2022verifiedHigh
133XXX.XXX.XXX.XXXxxxxxxxxxxxxx.xxxxxxx.xxXxxxxxxxxxx03/19/2022verifiedHigh
134XXX.XXX.XXX.XXXxxxxxx.xxxxx.xxXxxxxxxxxxx03/19/2022verifiedHigh
135XXX.XXX.XX.XXXxxxxxxx.xxxXxxxxxxxxxx07/06/2022verifiedHigh
136XXX.XXX.XXX.XXXXxxxxxxxxxx05/11/2022verifiedHigh
137XXX.XXX.XXX.XXXxxxxx.xxxXxxxxxxxxxx08/10/2022verifiedHigh
138XXX.XX.XXX.XXXxxxx.xxxxxxxxxxxxxx.xxXxxxxxxxxxxXxxxxx04/26/2022verifiedHigh
139XXX.XX.XXX.XXXxxx-xxx-xx-xxx-xxx.xxxxxxxxx.xxxXxxxxxxxxxx03/19/2022verifiedHigh
140XXX.XX.XX.XXXxxxxx.xx-xxx-xx-xx.xxxXxxxxxxxxxx05/11/2022verifiedHigh
141XXX.XXX.XXX.XXXxxxx.xxxxxxx.xxxXxxxxxxxxxx05/11/2022verifiedHigh
142XXX.XXX.XX.XXXXxxxxxxxxxx04/26/2022verifiedHigh
143XXX.XXX.XXX.XXXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxx05/11/2022verifiedHigh
144XXX.X.XXX.XXXxxxxxxxxx.xxx-xxxx.xxXxxxxxxxxxx01/06/2023verifiedHigh
145XXX.XXX.XX.XXXxxxxxxxxxx03/19/2022verifiedHigh
146XXX.X.XXX.XXXXxxxxxxxxxx07/22/2021verifiedHigh
147XXX.XX.XXX.XXXXxxxxxxxxxx06/11/2022verifiedHigh
148XXX.XX.XXX.XXXxxxxx.xxxXxxxxxxxxxx07/06/2022verifiedHigh
149XXX.XX.XXX.XXXxxxxxx.xxxxxxxxxxxxxxxxxxx.xxxXxxxxxxxxxx03/25/2022verifiedHigh
150XXX.XX.XXX.XXxxxx.xxxxxxxxx.xxXxxxxxxxxxx07/22/2021verifiedHigh
151XXX.XX.XXX.XXXXxxxxxxxxxx03/19/2022verifiedHigh
152XXX.XXX.XXX.XXxxxx-xxxxxxxxxx.xxxxxxxxxxx.xxxXxxxxxxxxxxXxxxxx04/26/2022verifiedHigh
153XXX.XXX.XXX.Xxxxxxxxxxxxxxxxxx.xxxxxxx.xxXxxxxxxxxxx07/22/2021verifiedHigh
154XXX.XX.XXX.XXXxxx.xx.xxx.xxxxxxx.xxxxxxxxxx.xxxXxxxxxxxxxx07/22/2021verifiedHigh
155XXX.XXX.XXX.XXxxxx.xx-xxx-xxx-xxx.xxXxxxxxxxxxx03/25/2022verifiedHigh
156XXX.XXX.XXX.XXXxx-xxxxxxx-xx-xxxxxxxx.xxxxxxx.xxx.xxxxxx.xxxXxxxxxxxxxx02/19/2022verifiedHigh
157XXX.XXX.XX.XXXXxxxxxxxxxxXxxxxx04/26/2022verifiedHigh
158XXX.XX.XXX.XXXxxx.xxxxxxxx.xxxXxxxxxxxxxx05/11/2022verifiedHigh
159XXX.XX.XXX.XXXxxx.xxxxxxxx.xxxXxxxxxxxxxx05/11/2022verifiedHigh
160XXX.XXX.XX.XXXxxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxXxxxxx04/26/2022verifiedHigh
161XXX.XX.XXX.XXxxxxx.xxxxxxx.xxxXxxxxxxxxxx05/11/2022verifiedHigh
162XXX.XX.XX.XXXxxxxxxxxxxxxxxxxxxxx.xxxxx.xxxXxxxxxxxxxx07/22/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
19TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (118)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File//proc/kcorepredictiveMedium
2File/apipredictiveLow
3File/api/sys_username_passwd.cmdpredictiveHigh
4File/forum/away.phppredictiveHigh
5File/home/cavesConsolepredictiveHigh
6File/inc/parser/xhtml.phppredictiveHigh
7File/include/makecvs.phppredictiveHigh
8File/PluXml/core/admin/parametres_edittpl.phppredictiveHigh
9File/requests.phppredictiveHigh
10File/usr/local/psa/admin/sbin/wrapperpredictiveHigh
11File/wp-admin/admin.php?page=wp_file_manager_propertiespredictiveHigh
12Fileadd.phppredictiveLow
13Fileadmin/admin.shtmlpredictiveHigh
14FileAdminOrdercontroller.javapredictiveHigh
15Filexxxxx_xxx.xxxpredictiveHigh
16Filexxx/xxxx/xxxxxxxxxx/xxxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxxx\xxxxx.xxxpredictiveHigh
18Filexxxxxxxxxxxxxxxx.xxxxpredictiveHigh
19Filexxx-xxxxxx-xxxxxx.xpredictiveHigh
20Filexxx.xxxpredictiveLow
21Filexxx.xxxpredictiveLow
22Filexxxxxxx/xxxxx.xxxpredictiveHigh
23Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
24Filexxxxxxxxxx.xxxpredictiveHigh
25Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
26Filexxx.xxxpredictiveLow
27Filexxxxxxxx/xxx.xxx?xxxx=xxxxxxxpredictiveHigh
28Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
29Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictiveHigh
30Filexxxxxx/xx/xx_xxxxx.xpredictiveHigh
31Filexxxx:x.x/xx:x/xx:x/xx:x/xx:x/x:x/x:x/x:x/x:xpredictiveHigh
32Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
33Filexxxxxxx.xxxpredictiveMedium
34Filexxxxxx.xxxpredictiveMedium
35Filexxxxx_xxxxxxx_xxxx.xxxxx.xxxpredictiveHigh
36Filexxxxxxx/xxx/xx/xx.xpredictiveHigh
37Filexxxx.xxxpredictiveMedium
38Filexxxxx.xxxpredictiveMedium
39Filexxx.xpredictiveLow
40Filexxxx/xxxxxxxxxx/xxxxxx-xxxxxxxxx.xpredictiveHigh
41Filexxxxxx.xxxpredictiveMedium
42Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
43Filexxxxxxxxxxxx.xxxpredictiveHigh
44Filexxxx.xxxpredictiveMedium
45Filexxxxxxx/xxxxxx.xxxpredictiveHigh
46Filexxx/xxxxxx.xxxpredictiveHigh
47Filexxxxx.xxxpredictiveMedium
48Filexxxx.xxxpredictiveMedium
49Filexxxxxx\xxxxxxxxx\xxxxxx\xxxxxxx\xxxxxxxxxpredictiveHigh
50Filexx.xxxpredictiveLow
51Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
52Filexxxxx_xx.xxxxpredictiveHigh
53Filexxxxxxxx_xxxxxxx.xxxpredictiveHigh
54Filexxxx.xxxpredictiveMedium
55Filexxxxxxx.xxxpredictiveMedium
56Filexxxxxx.xxx/xxxx_xxxx_xxxx.xxxpredictiveHigh
57Filexxxxxxxx/xxxxxx-xxxxx/xxxxxxxxxxx/xxxx.xxpredictiveHigh
58Filexxxxxxx.xxxpredictiveMedium
59Filexxxxxxx/xxx/xxxxx/xxxxx.xxxxxx.xxxpredictiveHigh
60Filexxxxx_xxxxxxxx.xxxpredictiveHigh
61Filexxxxxxx.xxxpredictiveMedium
62Filexxxxxxxxxxx.xxxpredictiveHigh
63Filexxxxx.xxxpredictiveMedium
64Filexxxxxxxx.xxxpredictiveMedium
65Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
66Filexx_xxx.xxpredictiveMedium
67Filexxxxxxxx.xx?xxxxxxxxxxxx=xxxxxxxx&xxxx=x-xxxx&xxxxxxxx=xxxxxxxxxx&xxpredictiveHigh
68Filexxxx.xxxpredictiveMedium
69Filexxxxxx.xxxxx.xxxpredictiveHigh
70Filexxxxxx/xxxxx/xx/xxxxxxxxxx/xxxxxxx/xxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxpredictiveHigh
71Filexxxx-xxxxx.xxxpredictiveHigh
72Filexxxxxxxx.xxxpredictiveMedium
73Filexx-xxxxx/xxxxxxx.xxxpredictiveHigh
74Filexx-xxxxxx.xxxpredictiveHigh
75Filexx-xxxxxxxx.xxxpredictiveHigh
76File~/xxxxxxxxx/predictiveMedium
77Libraryxxx/xxxxxx.xxpredictiveHigh
78Libraryxxx/xxx_xxx.xpredictiveHigh
79Libraryxxxxxxxxx/xxx-xxxxxx/xxxxxxxx.xxxpredictiveHigh
80ArgumentxxxxxxpredictiveLow
81ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
82ArgumentxxxxxxxxpredictiveMedium
83ArgumentxxxpredictiveLow
84ArgumentxxxxxxxpredictiveLow
85ArgumentxxxxpredictiveLow
86Argumentxxxxxxxxxxx(xxxxxx)predictiveHigh
87Argumentxxxx/xxxxxx/xxxpredictiveHigh
88ArgumentxxxxxpredictiveLow
89ArgumentxxxxxxxxpredictiveMedium
90ArgumentxxxxxxxxxxxxpredictiveMedium
91Argumentxxxxx_xxpredictiveMedium
92ArgumentxxxxpredictiveLow
93ArgumentxxpredictiveLow
94Argumentxx_xxxxxxxxpredictiveMedium
95ArgumentxxxxpredictiveLow
96ArgumentxxxxxxpredictiveLow
97ArgumentxxxxxxpredictiveLow
98Argumentxxxxx[xxxxx][xx]predictiveHigh
99ArgumentxxxxxpredictiveLow
100ArgumentxxxxpredictiveLow
101Argumentxxxx_xxxxpredictiveMedium
102ArgumentxxxxpredictiveLow
103ArgumentxxxxxxxxpredictiveMedium
104ArgumentxxxxxxxxxpredictiveMedium
105ArgumentxxxxxxpredictiveLow
106Argumentxxxxxxxx/xxxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
107ArgumentxxxxpredictiveLow
108ArgumentxxxxxxxxpredictiveMedium
109ArgumentxxxxxxxxxxpredictiveMedium
110Argumentxxxxxxxxxx_xxxxpredictiveHigh
111ArgumentxxxpredictiveLow
112ArgumentxxxpredictiveLow
113Argumentxxxx-xxxxxpredictiveMedium
114Argumentxxxx_xxxxxpredictiveMedium
115ArgumentxxxxpredictiveLow
116ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
117Argumentxxxx->xxxxxxxpredictiveHigh
118Network Portxxx/xxx (xxxx)predictiveHigh

References (27)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!