Outlaw Cryptominer Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (260)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en238
ru20
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us28
cn14
ru8
es4
nl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Outlaw Cryptominer5
CredStealer1
TeamTNT1
BlackByte1
Tsunami1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined104
WordPress Plugin22
Operating System18
Artificial Intelligence Software16
Content Management System10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined82
Google26
Apache6
Apple6
Linux6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google TensorFlow16
Google Chrome6
Linux Kernel6
QEMU4
Hitachi Ucosminexus Application Server Standard4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1SolarWinds Network Configuration Manager path traversal8.38.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002230.04CVE-2023-40054
2Dahua DHI-HCVR7216A-S3 SmartPSS Auto Login Hash access control6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.003310.05CVE-2017-6342
3Cyr to Lat Plugin sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000500.00CVE-2022-4290
4HPE Onboard Administrator Reflected cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000500.04CVE-2020-7132
5vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001060.19CVE-2018-6200
6Linux Kernel dm_exception_table_exit infinite loop5.75.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2024-35805
7xwikisas macro-pdfviewer PDF Viewer Macro information disclosure6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-30263
8Moises Heberle WooCommerce Bookings Calendar Plugin cross site scripting5.04.9$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-31117
9Foxit PDF Reader AcroForm use after free7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.00CVE-2024-30354
10Tenda AC10 SetStaticRouteCfg fromSetRouteStatic stack-based overflow8.88.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.05CVE-2024-2581
11MediaTek MT8798 Lk memory corruption6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.02CVE-2024-20022
12Kofax Power PDF PNG File Parser out-of-bounds4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000650.03CVE-2024-27336
13Linux Kernel ASPM pci_set_power_state_locked deadlock4.84.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.04CVE-2024-26605
14RustDesk certificate validation6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000660.05CVE-2024-25140
15Elementor Plugin deserialization5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000440.08CVE-2024-24934
16IBM Security Access Manager Container DSC Server resource consumption6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.02CVE-2023-31006
17WP Recipe Maker Plugin cross site scripting5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000450.02CVE-2024-0382
18Dahua IPC/SD/NVR/XVR Packet unknown vulnerability4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000630.05CVE-2022-30564
19PrestaShop blockwishlist sql injection7.77.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.007410.00CVE-2022-31101
20ThemePunch OHG Slider Revolution Plugin unrestricted upload7.27.1$0-$5k$0-$5kNot DefinedNot Defined0.000500.06CVE-2023-47784

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.9.148.59Outlaw Cryptominer12/27/2023verifiedHigh
245.9.148.99Outlaw Cryptominer12/27/2023verifiedHigh
345.9.148.117Outlaw Cryptominer12/27/2023verifiedHigh
445.9.148.125Outlaw Cryptominer12/27/2023verifiedHigh
5XX.X.XXX.XXXXxxxxx Xxxxxxxxxxx12/27/2023verifiedHigh
6XX.X.XXX.XXXXxxxxx Xxxxxxxxxxx12/27/2023verifiedHigh
7XX.X.XXX.XXXXxxxxx Xxxxxxxxxxx12/27/2023verifiedHigh
8XX.XXX.XXX.XXXXxxxxx Xxxxxxxxxxx11/20/2018verifiedHigh
9XX.XXX.XXX.XXXXxxxxx Xxxxxxxxxxx12/27/2023verifiedHigh
10XXX.XX.XXX.XXXxxxxx Xxxxxxxxxxx12/27/2023verifiedHigh
11XXX.XXX.XXX.XXXXxxxxx Xxxxxxxxxxx12/27/2023verifiedHigh
12XXX.XXX.XX.XXXXxxxxx Xxxxxxxxxxx12/27/2023verifiedHigh
13XXX.XXX.XXX.XXXXxxxxx Xxxxxxxxxxx12/27/2023verifiedHigh
14XXX.XXX.XXX.XXXXxxxxx Xxxxxxxxxxx12/27/2023verifiedHigh
15XXX.XX.XXX.XXXxxxxx Xxxxxxxxxxx12/27/2023verifiedHigh
16XXX.XXX.XX.XXXxxxxx Xxxxxxxxxxx11/20/2018verifiedHigh

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-425Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
17TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-20CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
20TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
21TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (89)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/ajax.php?action=read_msgpredictiveHigh
2File/debug/pprofpredictiveMedium
3File/desktop_app/file.ajax.php?action=uploadfilepredictiveHigh
4File/envpredictiveLow
5File/goform/SetNetControlListpredictiveHigh
6File/goform/SetStaticRouteCfgpredictiveHigh
7File/sns/classes/Users.php?f=savepredictiveHigh
8File/src/chatbotapp/chatWindow.javapredictiveHigh
9File/uncpath/predictiveMedium
10Fileadmin/categories_industry.phppredictiveHigh
11Filexxxxx/xxxxx-xxx-xxxxx-xxxxx.xxxpredictiveHigh
12Filexxxxx/xxxxxxx/xxxxxxxxxxxxpredictiveHigh
13Filexxxxxxxxxxxx/xxxxx/xxxx/predictiveHigh
14Filexxxxx.xxxpredictiveMedium
15Filexxx_xx_xxx_xxx.xxxpredictiveHigh
16Filexxx.xpredictiveLow
17FilexxxpredictiveLow
18Filexxx/xxxxxxxx/xxxx/xxxxxxxx.xxpredictiveHigh
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxxxxx/xxx/xxx-xx.xpredictiveHigh
21Filexxx_xxxx.xpredictiveMedium
22Filexxx/xxxxx.xxxxxpredictiveHigh
23Filexxxx/xxxxxxxx/xxx&xx=xxxxxxxpredictiveHigh
24Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
25Filexxxxxx.xxxpredictiveMedium
26Filexxxxxxx/xxxxx.xxx.xxxpredictiveHigh
27Filexx_xxxxx.xpredictiveMedium
28Filexxxxx_xxxxx.xpredictiveHigh
29Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
30Filexxxx.xxxpredictiveMedium
31Filexxxxx.xxxpredictiveMedium
32Filexxxxxxxx.xxxpredictiveMedium
33Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictiveHigh
34Filexxxxxxx/xxxxx.xpredictiveHigh
35Filexxxxxxxxxxx-xxxx.xxpredictiveHigh
36Filexxxxxxxxx/xxxxx.xxxxxpredictiveHigh
37Filexxxxx/xxxxx.xxxxxpredictiveHigh
38Filexxxxxxxxxx.xxxpredictiveHigh
39Filexxxxxxx.xpredictiveMedium
40Filexxxxxxxxxxxxx.xxxpredictiveHigh
41Filexxxxxx-xxxxxx.xxxpredictiveHigh
42Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
43Filexxx.xpredictiveLow
44FilexxxxxxxxxxxxxxxxpredictiveHigh
45Filexxx-xxxxxxx-xxx.xxpredictiveHigh
46Filexxxxxxx.xpredictiveMedium
47Filexxx.xxxpredictiveLow
48Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
49File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictiveHigh
50Libraryxx.xxxxxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveHigh
51Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxxx.xxxpredictiveHigh
52Libraryxxxxxxxx.xxxpredictiveMedium
53Libraryxxxxxxx.xxxpredictiveMedium
54Libraryxxxxx.xxxpredictiveMedium
55Libraryxxxxxxxxxxxxx.xxx)predictiveHigh
56ArgumentxxxxxxpredictiveLow
57ArgumentxxxpredictiveLow
58Argumentxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
59ArgumentxxxxxxpredictiveLow
60Argumentx:\xxxxxxx\xpredictiveMedium
61Argumentxxxxx_xxxxpredictiveMedium
62Argumentxxxxx_xxpredictiveMedium
63ArgumentxxxxxxxxpredictiveMedium
64ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
65Argumentxxx_xxxpredictiveLow
66ArgumentxxxxpredictiveLow
67ArgumentxxxxpredictiveLow
68Argumentxxxx_xxxxxpredictiveMedium
69ArgumentxxxxxxxxxpredictiveMedium
70Argumentxxxxxx_xxxpredictiveMedium
71ArgumentxxxxpredictiveLow
72ArgumentxxxxpredictiveLow
73ArgumentxxpredictiveLow
74ArgumentxxxxxxxpredictiveLow
75ArgumentxxxxpredictiveLow
76ArgumentxxxxpredictiveLow
77Argumentxxxx xxxxpredictiveMedium
78ArgumentxxxxxxxpredictiveLow
79Argumentxx_xxxxxpredictiveMedium
80Argumentx_xxxxpredictiveLow
81Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
82ArgumentxxxpredictiveLow
83ArgumentxxxxxpredictiveLow
84ArgumentxxxxxxxxxxxpredictiveMedium
85ArgumentxxpredictiveLow
86ArgumentxxxpredictiveLow
87ArgumentxxxxxxpredictiveLow
88Argumentx-xxxxxxxxx-xxxxpredictiveHigh
89Input Value//xxx//xxxxxxx.xxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!