Lumma Stealer Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (617)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en502
ru30
es28
zh12
pl10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us244
ru74
cn50
gb48
de46

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike21
Lumma Stealer14
RedLine Stealer12
Raccoon12
RecordBreaker12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined220
Content Management System52
Operating System32
WordPress Plugin20
Forum Software20

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined194
Microsoft50
SourceCodester8
IBM6
Linux6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows24
WordPress12
Microsoft Excel6
Linux Kernel6
Esoftpro Online Guestbook Pro6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Yclas form.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000780.00CVE-2021-38710
2Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.04CVE-2013-5033
3eSyndicat eSyndicat Directory magic_quotes_gpc cron.php memory corruption7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.006960.00CVE-2006-2578
4eSyndiCat Esyndicat Directory news.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.006030.00CVE-2007-3811
5eSyndicat Directory Software suggest-listing.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000001.52
6Moxa MGate MB3270 improper authentication9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.00CVE-2016-5804
7OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.23CVE-2016-6210
8Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.64
9Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.05CVE-2011-0643
10Microsoft Windows IIS Server Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.001620.06CVE-2023-36434
11Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001120.03CVE-2021-3056
12WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.06CVE-2022-21664
13Storytlr cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001930.03CVE-2014-100038
14RealNetworks RealServer Port 7070 Service denial of service7.57.3$0-$5k$0-$5kNot DefinedWorkaround0.021160.23CVE-2000-0272
15Papoo kontakt.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.05
16Joomla sql injection6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001420.23CVE-2022-23797
17Storytlr cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001340.09CVE-2014-100037
18Logs Plugin Controller.php actionStream information disclosure4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.004110.00CVE-2022-23409
19VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.00CVE-2019-13275
20jQuery Property extend Pollution cross site scripting6.66.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.035350.12CVE-2019-11358

IOC - Indicator of Compromise (41)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.42.92.179hosted-by.yeezyhost.netLumma Stealer12/10/2023verifiedHigh
25.161.155.121static.121.155.161.5.clients.your-server.deLumma Stealer09/22/2022verifiedHigh
323.254.225.133hwsrv-1067631.hostwindsdns.comLumma Stealer04/09/2023verifiedHigh
445.8.146.130vm1266137.stark-industries.solutionsLumma Stealer05/07/2023verifiedHigh
545.8.146.213vm1266137.stark-industries.solutionsLumma Stealer05/07/2023verifiedHigh
645.8.146.227vm1266137.stark-industries.solutionsLumma Stealer05/07/2023verifiedHigh
745.15.25.190Lumma Stealer05/25/2023verifiedHigh
877.73.134.68Lumma Stealer01/13/2023verifiedHigh
978.46.190.160static.160.190.46.78.clients.your-server.deLumma Stealer05/25/2023verifiedHigh
10XX.XXX.XXX.XXXxxxxxxxxxxx-xxxx.xxxx.xxxxxxxXxxxx Xxxxxxx04/22/2023verifiedHigh
11XX.XX.XX.XXXxxxxxxx.xxxxx.xxxx.xxxxxxxXxxxx Xxxxxxx10/12/2023verifiedHigh
12XX.XXX.XXX.XXxxxxxxxx.xxxXxxxx Xxxxxxx04/10/2023verifiedHigh
13XX.XXX.XXX.XXXxxxxx-xxx.xxxXxxxx Xxxxxxx04/07/2023verifiedHigh
14XX.XXX.XXX.XXXxxxxxxxxxx.xxxxxx-xx-xxxxx.xxxXxxxx Xxxxxxx04/09/2023verifiedHigh
15XX.XXX.XX.XXXxxxx Xxxxxxx03/04/2023verifiedHigh
16XX.XXX.XX.XXXxxx.xxxxxxx.xxXxxxx Xxxxxxx04/30/2023verifiedHigh
17XX.XXX.XXX.XXXXxxxx Xxxxxxx05/30/2023verifiedHigh
18XX.XX.XXX.XXXXxxxx Xxxxxxx01/09/2024verifiedHigh
19XX.XXX.XX.XXXXxxxx Xxxxxxx06/22/2023verifiedHigh
20XX.XXX.XXX.XXXxxxx Xxxxxxx04/30/2023verifiedHigh
21XX.XXX.XXX.XXXxxxx Xxxxxxx06/04/2023verifiedHigh
22XX.XXX.XXX.XXxx-xxxx.xxxxxxxxx.xxxXxxxx Xxxxxxx06/03/2023verifiedHigh
23XX.XXX.XX.XXXxxxxxx.xxx.xx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxx Xxxxxxx12/11/2023verifiedHigh
24XXX.XX.XX.XXXxxxx Xxxxxxx02/27/2024verifiedHigh
25XXX.XX.XX.XXXXxxxx Xxxxxxx11/27/2023verifiedHigh
26XXX.XX.XX.XXXXxxxx Xxxxxxx11/22/2023verifiedHigh
27XXX.XXX.XXX.XXXXxxxx Xxxxxxx04/22/2023verifiedHigh
28XXX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxx Xxxxxxx01/13/2023verifiedHigh
29XXX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxx Xxxxxxx01/13/2023verifiedHigh
30XXX.XXX.X.XXxxxxxx.xx.x.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxx Xxxxxxx05/25/2023verifiedHigh
31XXX.XX.XXX.XXXxxxx Xxxxxxx11/09/2023verifiedHigh
32XXX.XX.XXX.XXxxxx Xxxxxxx11/22/2023verifiedHigh
33XXX.XX.XXX.XXXXxxxx Xxxxxxx05/07/2023verifiedHigh
34XXX.XXX.XXX.XXXXxxxx Xxxxxxx01/29/2024verifiedHigh
35XXX.XXX.XXX.XXXxxxxx-xxxxxxx.xxxxxxxxxxxx.xxxXxxxx Xxxxxxx04/22/2023verifiedHigh
36XXX.XXX.XXX.XXXxxxxx.xxxxxxxXxxxx Xxxxxxx05/25/2023verifiedHigh
37XXX.XXX.XX.Xxxxxxxxxxx.xxxxxx-xx-xxxxx.xxxXxxxx Xxxxxxx03/04/2024verifiedHigh
38XXX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxx Xxxxxxx09/22/2022verifiedHigh
39XXX.XX.XXX.XXXxxxxx.xxxxxXxxxx Xxxxxxx06/17/2023verifiedHigh
40XXX.XX.XX.XXxxxxxxx-xxxxxxx.xxx.xxXxxxx Xxxxxxx09/22/2022verifiedHigh
41XXX.XXX.XX.XXXXxxxx Xxxxxxx11/12/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (24)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
13TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXXCAPEC-102CWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
19TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
20TXXXXCAPEC-464CWE-XXXXxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxxxxxxxxx Xx Xx Xxxxxxxxxxxx XxxxxpredictiveHigh
21TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
22TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
23TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh
24TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (286)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/advanced-tools/nova/bin/netwatchpredictiveHigh
2File/api/baskets/{name}predictiveHigh
3File/api/profilepredictiveMedium
4File/api/RecordingList/DownloadRecord?file=predictiveHigh
5File/apply.cgipredictiveMedium
6File/cgi-bin-sdb/predictiveHigh
7File/dataset/data/{id}predictiveHigh
8File/debug/pprofpredictiveMedium
9File/etc/grafana/grafana.inipredictiveHigh
10File/film-rating.phppredictiveHigh
11File/forum/away.phppredictiveHigh
12File/forum/PostPrivateMessagepredictiveHigh
13File/index.phppredictiveMedium
14File/librarian/bookdetails.phppredictiveHigh
15File/nova/bin/igmp-proxypredictiveHigh
16File/orrs/admin/?page=user/manage_userpredictiveHigh
17File/pages/processlogin.phppredictiveHigh
18File/php/ping.phppredictiveHigh
19File/rapi/read_urlpredictiveHigh
20File/scripts/unlock_tasks.phppredictiveHigh
21File/student/bookdetails.phppredictiveHigh
22File/SysInfo1.htmpredictiveHigh
23File/sysinfo_json.cgipredictiveHigh
24File/system/user/modules/mod_users/controller.phppredictiveHigh
25File/uncpath/predictiveMedium
26File/usr/local/psa/admin/sbin/wrapperpredictiveHigh
27File/version.jspredictiveMedium
28File/wp-admin/admin-post.php?es_skip=1&option_namepredictiveHigh
29File123flashchat.phppredictiveHigh
30Fileaccount.asppredictiveMedium
31Fileaddguest.cgipredictiveMedium
32Fileadmin.jcomments.phppredictiveHigh
33Fileadmin.phppredictiveMedium
34Fileadmin/?page=system_infopredictiveHigh
35Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
36Filexxxxx/xxxxxxxxxxxxx/xxxxxx.xxxpredictiveHigh
37Filexxxxx/xxxxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
38Filexxxxx/xxxxxxx/xxxxx/xx_xxxxxxx_xxxx.xxxpredictiveHigh
39Filexxxxxxxxx-xxxxxxx.xxxpredictiveHigh
40Filexxxx.xxxpredictiveMedium
41Filexxxxx_xxxxxx.xxxpredictiveHigh
42Filexxxxxxxx.xxxpredictiveMedium
43Filexxxxxxx/xxxx.xxxpredictiveHigh
44Filexxxxxx.xxxpredictiveMedium
45Filexx_xxxxx_xxxxx.xxxpredictiveHigh
46Filexxxxxxx-xxxxxx-xxxxxx.xxxpredictiveHigh
47FilexxxxpredictiveLow
48Filexxxxxxxx.xxxpredictiveMedium
49Filexxxxxxxx_xxxx.xxxpredictiveHigh
50Filexxx-xxx/xxxxxxx.xxpredictiveHigh
51Filexxx-xxx/xx_xxxxxx_xxxxxx.xxxpredictiveHigh
52Filexxxxx.xxxxx.xxxpredictiveHigh
53Filexxxxxx/xxx.xpredictiveMedium
54Filexxxxxx.xxx.xxxpredictiveHigh
55Filexxxxxxx.xxxpredictiveMedium
56Filexxxxxxx/xxxxxx/xxxxxx.xxxpredictiveHigh
57Filexxxxxxxxxx.xxxpredictiveHigh
58Filexxxxx\xxxxx\xxxxx.xxxx.xxxpredictiveHigh
59Filexxxx.xxxpredictiveMedium
60Filexxxxxxxxx.xxx.xxxpredictiveHigh
61Filexxxxx/xxxxx.xxxpredictiveHigh
62Filexxxx_xxxxx.xxxpredictiveHigh
63Filexxxxx.xxxpredictiveMedium
64Filexxxxx/xxxxxxx.xxpredictiveHigh
65Filexxxxxxx.xxxpredictiveMedium
66Filexxxxxx.xxxpredictiveMedium
67Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
68Filexxxxxxxx.xxxpredictiveMedium
69Filexxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
70Filexxxxxxx/xxxxx/xxxxx/xxxxxx-xxx.xpredictiveHigh
71Filexxxxx.xxxpredictiveMedium
72Filexxxxx/xxxxxxxx.xxxpredictiveHigh
73Filexxxxxx_xxxx.xxxpredictiveHigh
74Filexxxxxxxxxxxx.xxxpredictiveHigh
75Filexx/xx-xx.xpredictiveMedium
76Filexx/xxxxx/xxxxxxx.xpredictiveHigh
77Filexxxxxxx.xxxpredictiveMedium
78Filexxx/xxxx_xxxx.xpredictiveHigh
79Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
80Filexxxxxx/xxxxxpredictiveMedium
81Filexxxxxx/xxxxxxxxxxxpredictiveHigh
82Filexxxx_xxxxxx.xpredictiveHigh
83Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
84Filexxxxxx.xxxpredictiveMedium
85Filexxxx.xxxpredictiveMedium
86Filexxxx/xxxxxxx.xpredictiveHigh
87Filexxxxxxxx_xxxx.xxxpredictiveHigh
88Filexxxxx.xxxpredictiveMedium
89Filexxxxx_xxxxxx.xxxpredictiveHigh
90Filexxx/xxxxxxxxx.xxx.xxxpredictiveHigh
91Filexxxxxxx.xxxpredictiveMedium
92Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
93Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveHigh
94Filexxxxxxxx/xxxxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxxx.xxxpredictiveHigh
95Filexxxxx.xxxxpredictiveMedium
96Filexxxxx.xxxpredictiveMedium
97Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
98Filexxxxxxx/xxxxxx.xxxpredictiveHigh
99Filexxxxxxx/xxxx/xxxx.xxxpredictiveHigh
100Filexxxxxxxxx.xxxpredictiveHigh
101Filexxxxxxxxxx.xxxpredictiveHigh
102Filexxxx_xxxx.xxxpredictiveHigh
103Filexxxxxxx.xxxpredictiveMedium
104Filexxxx.xxxpredictiveMedium
105Filexxxxx.xxxpredictiveMedium
106Filexxxxx.xxxpredictiveMedium
107Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
108Filexxxx/xxxxx.xxxpredictiveHigh
109Filexxxx/xxxxxxx_xxxx.xpredictiveHigh
110Filexxx/xxx.xxxpredictiveMedium
111Filexxxxxxx/xxxx/xxxx.xxxxx.xxxxxxxxxx.xxxpredictiveHigh
112Filexxxxxxx/xxx_xxxxxxxx.xxxpredictiveHigh
113Filexxx_xxxxxxxx.xxxpredictiveHigh
114Filexxxx-xxxxxx.xxxpredictiveHigh
115Filexxxx.xxxpredictiveMedium
116Filexxxxxxxx.xxxpredictiveMedium
117Filexxx_xxxx.xxxpredictiveMedium
118Filexxxxx.xxxpredictiveMedium
119Filexxxxxxx-xxxx.xxxpredictiveHigh
120Filexxx-xxx/?x=xxxxxxx_xxxxxpredictiveHigh
121Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxx=xxxxxxxxxxpredictiveHigh
122Filexxxxxxxx.xxxpredictiveMedium
123Filexxxxx/xxxxxxx.xxxpredictiveHigh
124Filexxxxx.xxxpredictiveMedium
125Filexxxxxx.xpredictiveMedium
126Filexxxx.xxxpredictiveMedium
127Filexxxxx.xxxpredictiveMedium
128Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
129Filexxxxxx-xxxxxxx-xxxxx.xxxpredictiveHigh
130Filexxxxxxxx.xxxpredictiveMedium
131Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
132Filexxxxxx.xxpredictiveMedium
133Filexxxxxx.xxxpredictiveMedium
134Filexxxxxx_xxx_xxxxxx.xxxpredictiveHigh
135Filexxxx.xxxpredictiveMedium
136Filexxxxx/xxxxx.xxxpredictiveHigh
137Filexxxxx.xxxpredictiveMedium
138Filexxxxx_xxxxx.xxxpredictiveHigh
139Filexxxxxxxx.xxxpredictiveMedium
140Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
141Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxpredictiveHigh
142Filexxxxx-xxxx.xxxpredictiveHigh
143Filexxxx-xxxxxxxx.xxxpredictiveHigh
144Filexxxxxxxxx.xxxpredictiveHigh
145Filexxx.xxxpredictiveLow
146Filexxxxxxxxxxx_xxxxx.xxxpredictiveHigh
147Filexxxxxx.xxxpredictiveMedium
148Filexxxxxxxxx.xxxpredictiveHigh
149Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
150Filexxxx-xxxxxxx-xxxxxx.xxxpredictiveHigh
151Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
152FilexxxxxxxxxxpredictiveMedium
153Filexxxx_xxxx.xxxpredictiveHigh
154Filexxxx_xxxxxxx.xxxpredictiveHigh
155Filexxxxxxx/xxxxx.xxxpredictiveHigh
156Filexxx/xxxxxxx.xxxpredictiveHigh
157Filexxxxxxxx.xxxpredictiveMedium
158Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
159Filexx-xxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
160Filexxxxxx.xxxpredictiveMedium
161File\xxxxxxxxx\x\xxx_xxxx.xxxpredictiveHigh
162File~/.xxxxxxxpredictiveMedium
163Libraryxxxxxx[xxxxxx_xxxxpredictiveHigh
164Libraryxxx/xxxxxxxxx.xxxpredictiveHigh
165Libraryxxx/xx/xxxxx/xxxxxxxxxx/xxxx.xxpredictiveHigh
166Libraryxxx/xxxxxxxx.xxpredictiveHigh
167Libraryxxx/xxxxxxxx/xxxx.xxxpredictiveHigh
168Libraryxxxxxxx_xxxxxx_xxxxxxxpredictiveHigh
169ArgumentxxxpredictiveLow
170ArgumentxxxxxxpredictiveLow
171ArgumentxxpredictiveLow
172Argumentxxxxxxx_xxxxpredictiveMedium
173Argumentxxxxxx_xxxxpredictiveMedium
174ArgumentxxxxxxxxpredictiveMedium
175Argumentxxxx_xxxpredictiveMedium
176Argumentxxx_xxxpredictiveLow
177ArgumentxxxpredictiveLow
178ArgumentxxxxxxxxpredictiveMedium
179ArgumentxxxxxpredictiveLow
180Argumentxxx_xxpredictiveLow
181ArgumentxxxpredictiveLow
182Argumentxxxx_xxpredictiveLow
183ArgumentxxxxxxxpredictiveLow
184ArgumentxxxxxxpredictiveLow
185ArgumentxxxxxxxxxxpredictiveMedium
186Argumentxxxxxx[xxxxxx_xxxx]predictiveHigh
187Argumentxxxxxx[xxx_xxxx_xxxx]predictiveHigh
188ArgumentxxxxxxxpredictiveLow
189ArgumentxxxxxpredictiveLow
190ArgumentxxxxxxxxxxpredictiveMedium
191ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
192ArgumentxxxxxpredictiveLow
193Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
194Argumentxxxxxx_xxpredictiveMedium
195ArgumentxxxxxxxxxxxxpredictiveMedium
196ArgumentxxxxxxxpredictiveLow
197ArgumentxxxxxxxxxpredictiveMedium
198Argumentxxxx_xxxxxxxxpredictiveHigh
199ArgumentxxxxxpredictiveLow
200ArgumentxxxxxpredictiveLow
201ArgumentxxxxxpredictiveLow
202ArgumentxxxxxxxxpredictiveMedium
203ArgumentxxxxxxpredictiveLow
204Argumentxx_xxxxpredictiveLow
205ArgumentxxxxxxxpredictiveLow
206ArgumentxxpredictiveLow
207ArgumentxxxxxxxxpredictiveMedium
208ArgumentxxxxpredictiveLow
209ArgumentxxxpredictiveLow
210ArgumentxxxxpredictiveLow
211ArgumentxxpredictiveLow
212ArgumentxxpredictiveLow
213Argumentxxxxx/xxxxpredictiveMedium
214Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxpredictiveHigh
215ArgumentxxxxpredictiveLow
216ArgumentxxxxpredictiveLow
217Argumentxxxxxxxx[xx]predictiveMedium
218ArgumentxxxxxxxpredictiveLow
219ArgumentxxxxpredictiveLow
220Argumentxxxx_xxxxpredictiveMedium
221Argumentxxxxx_xxxxpredictiveMedium
222Argumentxxx_xxxxxxx_xxxpredictiveHigh
223Argumentxxx_xxxxpredictiveMedium
224ArgumentxxxpredictiveLow
225Argumentxx_xxxxxxxxpredictiveMedium
226Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
227ArgumentxxxxpredictiveLow
228ArgumentxxxxxpredictiveLow
229ArgumentxxxxpredictiveLow
230ArgumentxxxxxxxxpredictiveMedium
231Argumentxxxx_xx_xx_xxxpredictiveHigh
232Argumentxxxx_xx_xxxxxxpredictiveHigh
233Argumentxxxxx_xxxx_xxxxpredictiveHigh
234ArgumentxxxxxpredictiveLow
235ArgumentxxxxxxxxpredictiveMedium
236Argumentxxxxxxx_xxpredictiveMedium
237Argumentxx_xxpredictiveLow
238Argumentxxxxxxx/xxxxxpredictiveHigh
239Argumentxxxxxxxx_xx_xxpredictiveHigh
240ArgumentxxxxxxxxpredictiveMedium
241ArgumentxxxxxxxxxpredictiveMedium
242ArgumentxxxxxxxpredictiveLow
243ArgumentxxxpredictiveLow
244ArgumentxxxxxxpredictiveLow
245Argumentxxxxxx_xxxxxxpredictiveHigh
246Argumentxxxxxx_xxxpredictiveMedium
247ArgumentxxxpredictiveLow
248Argumentxxxx_xxpredictiveLow
249Argumentxxxx_xxxxpredictiveMedium
250Argumentxxxxxx[]predictiveMedium
251ArgumentxxpredictiveLow
252Argumentxxxxxxx/xxxxxxxpredictiveHigh
253Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
254Argumentxxxx_xxxxxx_xxxxpredictiveHigh
255ArgumentxxxxxxxxxxpredictiveMedium
256ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
257ArgumentxxxxxpredictiveLow
258Argumentxxxx_xxpredictiveLow
259ArgumentxxxpredictiveLow
260ArgumentxxxpredictiveLow
261ArgumentxxxxpredictiveLow
262ArgumentxxxxxxxxxpredictiveMedium
263ArgumentxxxxxxxxpredictiveMedium
264Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
265Argumentxxxx_xxxxpredictiveMedium
266Argumentxxxx/xx/xxxx/xxxpredictiveHigh
267ArgumentxxpredictiveLow
268ArgumentxxxxpredictiveLow
269ArgumentxxxxpredictiveLow
270Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh
271Input Value'xx''='predictiveLow
272Input Value.%xx.../.%xx.../predictiveHigh
273Input Value..predictiveLow
274Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
275Input Value//////////...predictiveHigh
276Input Valuex" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="predictiveHigh
277Input Value::$xxxxpredictiveLow
278Input Valuexxxxxxx -xxxpredictiveMedium
279Input ValuexxxxxxxxxxpredictiveMedium
280Input Value\xxx../../../../xxx/xxxxxxpredictiveHigh
281Network PortxxxxpredictiveLow
282Network PortxxxxpredictiveLow
283Network Portxxxx xxxxpredictiveMedium
284Network Portxxx/xxxpredictiveLow
285Network Portxxx/xxxpredictiveLow
286Network Portxxx/xxxxpredictiveMedium

References (21)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!