FlawedAmmyy Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (28)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

de8
sv8
en6
it6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

de26
us2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

FlawedAmmyy1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined12
Forum Software2
Joomla Component2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
Matt Wright2
Basti2web2
Lars Ellingsen2
Palo Alto2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Matt Wright Matt Wright Guestbook2
SignKorn Guestbook2
Flat PHP Board2
jdownloads2
Basti2web Book Panel2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Basti2web Book Panel books.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.000640.05CVE-2009-4889
2Matt Wright Matt Wright Guestbook guestbook.pl cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.009910.05CVE-2006-1697
3Matt Wright Matt Wright Guestbook cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.002750.04CVE-2006-1698
4SmartISoft phpBazar picturelib.php code injection7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.007180.02CVE-2010-2315
5DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.78CVE-2010-0966
6Lars Ellingsen Guestserver guestbook.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001690.20CVE-2005-4222
7SignKorn Guestbook admin.php privileges management5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.03
8LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.30
9Csphere ClanSphere Error Message information disclosure5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003180.00CVE-2011-3714
10JContentSubscription register.php Local Privilege Escalation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.06
11Flat PHP Board path traversal3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.01
12Linux Kernel NFS Export nfs3xdr.c no_subtree_check path traversal6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001970.03CVE-2021-3178
13jdownloads categories.php order sql injection7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001240.00CVE-2020-19455
14ProFTPD link following5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.04CVE-2017-7418
15Palo Alto Network Traps ESM Console Agent License input validation6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.003100.00CVE-2017-7408

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1136.243.104.235static.235.104.243.136.clients.your-server.deFlawedAmmyy10/31/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-18CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2Fileadmin/admin.phppredictiveHigh
3Filebooks.phppredictiveMedium
4Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
5Filexx/xxxx/xxxxxxx.xpredictiveHigh
6Filexxxxxxxxx.xxxpredictiveHigh
7Filexxxxxxxxx.xxpredictiveMedium
8Filexxx/xxxxxx.xxxpredictiveHigh
9Filexxxx/xxxxxxxx.xxxpredictiveHigh
10Libraryxxxxxxxxxx.xxxpredictiveHigh
11ArgumentxxxxxxxxpredictiveMedium
12ArgumentxxxxxxpredictiveLow
13ArgumentxxxpredictiveLow
14Argumentxxx_xxxxpredictiveMedium
15Argumentxxxxxx_xxxxxpredictiveMedium
16Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
17ArgumentxxxxxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!