Latrodectus Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (139)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en88
zh22
ru14
de6
it6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us74
ru22
io16
cn16
de4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Latrodectus6
Cobalt Strike4
RecordBreaker3
Vidar3
RedLine Stealer3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined56
Content Management System14
Router Operating System8
Web Server4
Operating System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined48
Apache6
Apple6
Microsoft6
IBM4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache HTTP Server4
WordPress4
Apple QuickTime4
phpBG4
IBM Tivoli Storage Manager2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Ajax Load More Plugin admin-ajax.php sql injection6.76.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000870.04CVE-2021-24140
2Automattic WooCommerce Plugin API webhooks sql injection2.72.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000650.00CVE-2021-32790
3Eaton Intelligent Power Manager node_upgrade_srv.js downloadFirmware path traversal8.18.1$0-$5k$0-$5kNot DefinedNot Defined0.024760.04CVE-2018-12031
4Netgear DGN1000/DGN2200 setup.cgi memory corruption10.09.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000000.05
5DFD Cart customer.browse.list.php code injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.304370.02CVE-2007-5098
6Microsoft Visual Basic ActiveX Control mscomct2.ocx memory corruption7.36.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.967830.01CVE-2008-4255
7OpenBSD OpenSSH Signal race condition7.36.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.724510.04CVE-2006-5051
8Oracle WebLogic Server WebLogic Console unknown vulnerability5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.001790.06CVE-2013-1504
9ZyXEL P660HN-T1A Remote System Log Forwarder ViewLog.asp command injection8.58.5$0-$5k$0-$5kHighNot Defined0.975180.00CVE-2017-18368
10Ruijie RG-EW switch doSwitchApi Privilege Escalation6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.002670.04CVE-2021-43161
11IBM OpenPages GRC Platform Web UI cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000590.00CVE-2017-1147
12wpDataTables sql injection8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001740.00CVE-2021-26754
13XiongMai IP Camera/DVR NetSurveillance Web Interface memory corruption8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003720.04CVE-2017-16725
14Shenzhen Yunni Technology iLnkP2P Authentication improper authentication7.77.7$0-$5k$0-$5kNot DefinedNot Defined0.006690.05CVE-2019-11220
15Eye4 App vstc.vscam.client input validation8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.008130.04CVE-2019-11014
16BTicino Door Entry HOMETOUCH certificate validation5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.000910.00CVE-2022-46496
17Goahead Web Server HTTP GET Request system.ini information disclosure7.57.4$5k-$25k$0-$5kNot DefinedWorkaround0.076490.04CVE-2017-5674
18ManageEngine ADAudit Plus ExportReport.jsp cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001460.00CVE-2010-2049
19Forgejo RSS information exposure4.24.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000990.02CVE-2023-49948
20Cisco Small Business RV110W Request buffer overflow5.55.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.001290.00CVE-2022-20873

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.252.21.207vm2259505.stark-industries.solutionsLatrodectus04/04/2024verifiedHigh
274.119.193.200vm2161135.stark-industries.solutionsLatrodectus04/04/2024verifiedHigh
3XX.XX.XX.XXXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxxxxx04/04/2024verifiedHigh
4XX.XXX.X.XXXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxxxxx04/04/2024verifiedHigh
5XXX.XXX.XX.XXxxxxxx.xx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxxx04/04/2024verifiedHigh
6XXX.XX.XXX.XXxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxxxxx04/04/2024verifiedHigh
7XXX.XX.XXX.XXxxxxxx.xx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxxx04/04/2024verifiedHigh
8XXX.XX.XXX.XXXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxxxxx04/04/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (106)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/?ajax-request=jnewspredictiveHigh
2File/cgi-bin/luci/api/switchpredictiveHigh
3File/forum/away.phppredictiveHigh
4File/guest_auth/cfg/upLoadCfg.phppredictiveHigh
5File/jsonrpcpredictiveMedium
6File/mims/login.phppredictiveHigh
7File/SetTriggerWPS/PINpredictiveHigh
8File/status/status_log.syspredictiveHigh
9File/wp-admin/admin-ajax.phppredictiveHigh
10File/wp-json/wc/v3/webhookspredictiveHigh
11Fileadmin-ajax.php?action=get_wdtable order[0][dir]predictiveHigh
12Fileadmin.color.phppredictiveHigh
13Filexxxxx/xxxx.xxxpredictiveHigh
14Filexxxxxxx/xxxx/xxxxxxxxxx.xxxpredictiveHigh
15Filexx_xxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxxxxxxxxxxxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
18Filexxxxx-xxx.xpredictiveMedium
19Filexxxx_xxxxxxxx.xxxpredictiveHigh
20Filexxxx.xxxpredictiveMedium
21Filexxxxxxx.xxxpredictiveMedium
22Filexxxxxxxx.xxxx/xxxxxxxx.xxxxxx.xxxx.xxxpredictiveHigh
23Filexxxxxxxx.xxxx/xxxxxxxx.xxxxxx.xxxxxx.xxxpredictiveHigh
24Filexxxxxxx.xxxpredictiveMedium
25Filexxxx.xxxpredictiveMedium
26Filexxxxxxxxxxx.xxxxx.xxxpredictiveHigh
27Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
28Filexxxxxxxxxx.xxxpredictiveHigh
29Filex-xxxx.xxxpredictiveMedium
30Filexxxxxxx.xxxpredictiveMedium
31Filexxxxx.xxxpredictiveMedium
32Filexxxxxx/xxxx/xxxxxx_xxx.xxxpredictiveHigh
33Filexxxxxx/xxxxxx/xxxxx.xxxpredictiveHigh
34Filexxxxxx/xxxxxx/xxx_x.xxxpredictiveHigh
35Filexx/xxx/xxxxx.xxxpredictiveHigh
36Filexxx/xxxxx/xxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
37Filexxxxxx/xxxxx.xpredictiveHigh
38Filexxxx.xxxpredictiveMedium
39Filexxxxxxxx.xxx.xxxpredictiveHigh
40Filexxxxxxxx/xxxx_xxxxxxx/xxxx_xxxx_xxxxx.xxxpredictiveHigh
41Filexxxxxxxx.xxxpredictiveMedium
42Filexxxxxxx/xxx_xxxxxxxx.xxxpredictiveHigh
43Filexxxxxxxx.xxxpredictiveMedium
44Filexxxxxxxx.xxxpredictiveMedium
45Filexxxxxxxxx.xxx.xxxpredictiveHigh
46FilexxxpredictiveLow
47Filexxx%xx.xxxpredictiveMedium
48Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveHigh
49Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
50Filexxxxxx/xxxx_xxxxxxx_xxx.xxpredictiveHigh
51Filexxxxx.xxxpredictiveMedium
52Filexxxxxxxxx.xxxpredictiveHigh
53Filexxxxxx.xxxpredictiveMedium
54Filexxxxxx_xxx.xxxpredictiveHigh
55Filexxxxx/xxxx_xxxxxx_xxxxxx.xxxpredictiveHigh
56Filexxxxxx.xxxpredictiveMedium
57Filexxxxxxx.xxxpredictiveMedium
58Filexxxx.xxxxx.xxxxxxpredictiveHigh
59Filexxxxxx.xxxpredictiveMedium
60File~/xxx/xxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
61Libraryxxx/xxxx.xxxpredictiveMedium
62Libraryxxxxxx.xxxpredictiveMedium
63Libraryxxxxxxxx/xxxxxxx/xxxxx/xxx.xxxpredictiveHigh
64Libraryxxxx.xxxxxpredictiveMedium
65Argument?xxxx_xxxx=xxxxxxx.xxx/xxxx=xxxxxx/xxx=xxx+/xxx/.xxxxxxxx/xxxxxxx=//xxxxxxxxxxxxxx.xxx=xpredictiveHigh
66ArgumentxxxxxxpredictiveLow
67Argumentxxxxxxx[xxxxxxx]predictiveHigh
68ArgumentxxxpredictiveLow
69Argumentxxx_xxpredictiveLow
70ArgumentxxxxxxxxxxpredictiveMedium
71ArgumentxxxxxxxxxxpredictiveMedium
72Argumentxx_xxxxxxxpredictiveMedium
73ArgumentxxxxxxxxpredictiveMedium
74ArgumentxxxxxxxxpredictiveMedium
75ArgumentxxxxxxxpredictiveLow
76ArgumentxxxxxxpredictiveLow
77ArgumentxxxxxxxxpredictiveMedium
78ArgumentxxxxxxxxpredictiveMedium
79ArgumentxxxxxxpredictiveLow
80ArgumentxxxxpredictiveLow
81Argumentxxxxx_xxxpredictiveMedium
82Argumentxxxx_xxxxpredictiveMedium
83Argumentxxxx_xxxxpredictiveMedium
84Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
85Argumentxxxxxxxxx_xxxx_xxxxpredictiveHigh
86ArgumentxxxxxxxxxpredictiveMedium
87Argumentxxxxx_xxxx_xxxxpredictiveHigh
88Argumentxxxxxxx_xxxpredictiveMedium
89Argumentxxxxxx_xxxxpredictiveMedium
90ArgumentxxxxxxxxpredictiveMedium
91ArgumentxxxxxxxxxxpredictiveMedium
92ArgumentxxxxpredictiveLow
93ArgumentxxxxxxxpredictiveLow
94Argumentxxxx_xxxxpredictiveMedium
95ArgumentxxxxxxpredictiveLow
96Argumentxxx_xxxxxpredictiveMedium
97ArgumentxxxxxpredictiveLow
98Argumentxxx_xxxxxxxxxxxxpredictiveHigh
99ArgumentxxxxxxxxxpredictiveMedium
100ArgumentxxxpredictiveLow
101Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
102ArgumentxxxxxpredictiveLow
103Argumentxxxxx_xxxpredictiveMedium
104Input Value'||x=x#predictiveLow
105Patternxxxxxxx-xxxx|xx| xxxx/xxxxpredictiveHigh
106Patternx|xx|x|xx|_|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!