Sauron Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	106
zh	104
fr	94
ar	90
ru	88

Country

fr	94
ar	90
ru	88
sv	80
es	80

Actors

Unknown	1

Activities

Interest

Timeline

Type

Not Defined	64
WordPress Plugin	38
Operating System	8
Content Management System	4
Web Server	4

Vendor

Not Defined	34
Tenda	16
Apache	6
Microsoft	4
GOG	4

Product

Tenda i21	6
GOG Galaxy	4
Apache HTTP Server	4
MailCleaner	4
Dell Repository Manager	4

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Apryse WebViewer PDF Document cross site scripting	3.5	3.2	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00045	0.07	CVE-2024-4327
2	MailCleaner Email os command injection	9.8	9.5	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00046	0.00	CVE-2024-3191
3	osCommerce all-products cross site scripting	4.3	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00065	0.07	CVE-2024-4348
4	MailCleaner Admin Interface cross site scripting	5.8	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00045	0.07	CVE-2024-3192
5	SourceCodester Pisay Online E-Learning System controller.php unrestricted upload	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00045	0.15	CVE-2024-4349
6	MailCleaner Admin Endpoints os command injection	8.8	8.5	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00046	0.00	CVE-2024-3193
7	BloomPixel Max Addons Pro for Bricks Plugin authorization	6.5	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00043	0.08	CVE-2024-32951
8	Extend Themes Teluro Plugin cross-site request forgery	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00043	0.00	CVE-2024-33688
9	Apache HTTP Server mod_lua Multipart Parser r:parsebody out-of-bounds write	8.5	8.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.08808	0.03	CVE-2021-44790
10	Elementor ImageBox Plugin cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00045	0.08	CVE-2024-3074
11	Dell Wyse Proprietary OS Telemetry Dashboard information disclosure	4.7	4.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00043	0.04	CVE-2024-28963
12	Apache Parquet Parquet-MR denial of service	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00086	0.00	CVE-2021-41561
13	Foliovision FV Flowplayer Video Player Plugin server-side request forgery	5.6	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00043	0.04	CVE-2024-32955
14	Dell Repository Manager API Module improper authorization	8.3	8.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00043	0.04	CVE-2024-28976
15	Jegstudio Financio Plugin cross-site request forgery	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00043	0.03	CVE-2024-33690
16	Pavex Embed Google Photos Album Plugin server-side request forgery	5.6	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00043	0.07	CVE-2024-32775
17	ThemeNcode Fan Page Widget by Plugin cross site scripting	4.1	4.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00043	0.00	CVE-2024-33695
18	AnnounceKit Plugin cross site scripting	2.4	2.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00045	0.04	CVE-2024-3023
19	Repute Infosystems ARMember Plugin authorization	7.8	7.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00043	0.07	CVE-2024-32948
20	Dell Repository Manager Logger Module improper authorization	3.3	3.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00043	0.00	CVE-2024-28977

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	37.252.125.88		Sauron	12/23/2020	verified	High
2	66.228.52.133	li294-133.members.linode.com	Sauron	12/23/2020	verified	High
3	XX.XXX.XXX.XX	xxxx-xxxxxxx-xxxxx-xx-xxx-xxx-xx.xxxxxx.xxx	Xxxxxx	12/23/2020	verified	High
4	XX.XXX.XX.XXX		Xxxxxx	12/23/2020	verified	High
5	XXX.X.XXX.XXX	xxxxxx.xxx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxx	12/23/2020	verified	High
6	XXX.XXX.XX.XXX	.	Xxxxxx	12/23/2020	verified	High
7	XXX.XX.XX.XXX	xxxxxxx-xx-xx-xxx.xxxxxx.xxxxxxx.xx	Xxxxxx	12/23/2020	verified	High
8	XXX.XXX.XX.XX	xxxxxxx.xxx	Xxxxxx	12/23/2020	verified	High
9	XXX.XXX.XXX.XXX		Xxxxxx	12/23/2020	verified	High
10	XXX.XXX.XXX.XXX	xxxxxxxxxxxxx.xxxxxxxxxx.xxxx	Xxxxxx	12/23/2020	verified	High

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	High
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
4	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	High
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
6	TXXXX.XXX	CAPEC-16	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	High
7	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
8	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
9	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
10	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
11	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	High
12	TXXXX	CAPEC-102	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
13	TXXXX	CAPEC-37	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
14	TXXXX.XXX	CAPEC-459	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
15	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
16	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (74)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/catalog/all-products	predictive	High
2	File	/changePassword	predictive	High
3	File	/forum/away.php	predictive	High
4	File	/goform/addIpMacBind	predictive	High
5	File	/goform/DelDhcpRule	predictive	High
6	File	/goform/delIpMacBind	predictive	High
7	File	/goform/DelPortMapping	predictive	High
8	File	/goform/modifyDhcpRule	predictive	High
9	File	/goform/modifyIpMacBind	predictive	High
10	File	/xxxxxx/xxxxxxxxxxxx	predictive	High
11	File	/xxxxxx/xxxxxxxxxx	predictive	High
12	File	/xxxxxx/xxxxxxxxx	predictive	High
13	File	/xxxxxx/xxxxxxxxxxxxxxxx	predictive	High
14	File	/xxxxxx/xxxxxxxxxxxxxx	predictive	High
15	File	/xxxxxx/xxxxxxxxxxxxxx	predictive	High
16	File	/xxxxxx/xxxxxxxxxxxxx	predictive	High
17	File	/xxxxxx/xxxxxxxxxxxxxxxxxxx	predictive	High
18	File	/xxxxxx/xxxxxxxxxxx	predictive	High
19	File	/xxxxxx/xxxxxxxxxx.xxx	predictive	High
20	File	/xxxxxxxxxxx.xxx/xxxxxxxx	predictive	High
21	File	/xxxxxx_xx.xxx	predictive	High
22	File	/xxxxxxxx.xxx	predictive	High
23	File	/xxx/xxxxxxx/xxx	predictive	High
24	File	/xxxxxxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
25	File	/xxxx/xxxxxxx xxxxxx/xxx/xxx_xxxx_xxxxxx.xxx	predictive	High
26	File	/xxxx/xxxxxx_xxx.xxx	predictive	High
27	File	xxxxx/xxxxxxx/xxxxxxxxxxxxx.xx	predictive	High
28	File	xxxxxxxxxxxx.xxx	predictive	High
29	File	xxxxxxxxxxxxxxxxxxx.xxx	predictive	High
30	File	xxxxxxx/xxxxxxxx.xxx	predictive	High
31	File	xx/xxxxxx/xxxxxxxxxx	predictive	High
32	File	xxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx	predictive	High
33	File	xxxxx.xxx	predictive	Medium
34	File	xxxxxxxx.xxx	predictive	Medium
35	File	xxx.xx	predictive	Low
36	File	xxxxxxxx.xxx	predictive	Medium
37	File	xxxxxxxx.xxx	predictive	Medium
38	File	xxxxxxxxxxxxxxx.xxx	predictive	High
39	Argument	xxxxx_xxxxx	predictive	Medium
40	Argument	xxxxxxxxxxxxx	predictive	High
41	Argument	xxx	predictive	Low
42	Argument	xxxxxxxxx	predictive	Medium
43	Argument	xxxxxxxxxxxx	predictive	Medium
44	Argument	xxxxxxxxxx	predictive	Medium
45	Argument	xxxxxxx	predictive	Low
46	Argument	xxxx	predictive	Low
47	Argument	xxxxxxxxxxxxxxxxxxxxxx	predictive	High
48	Argument	xx/xxxx	predictive	Low
49	Argument	xxxxxxx	predictive	Low
50	Argument	xx	predictive	Low
51	Argument	xx	predictive	Low
52	Argument	xxxxxxxxxxxxxx	predictive	High
53	Argument	xxxxxxxxxxxxx	predictive	High
54	Argument	xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx	predictive	High
55	Argument	xxxx	predictive	Low
56	Argument	xxxxxxxxxx	predictive	Medium
57	Argument	xxxxxxxxxxxx	predictive	Medium
58	Argument	xx_xxxxxx_xxxxxxxxxxxx	predictive	High
59	Argument	xx_xxxxx	predictive	Medium
60	Argument	xxxx	predictive	Low
61	Argument	xxxx/xxxxxx/xxxxxxx	predictive	High
62	Argument	xxxxxxxxxxxxxxxx	predictive	High
63	Argument	xxxxxxx_xxxxxxx_xxxxx_xxxxx_xxxxx	predictive	High
64	Argument	xxxxxx	predictive	Low
65	Argument	xxxxxxxx	predictive	Medium
66	Argument	xxxxxxxxxxxxxxxxxx	predictive	High
67	Argument	xxxxxxxxxx	predictive	Medium
68	Argument	xxxxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxx	predictive	High
69	Argument	xxxxxxxxx	predictive	Medium
70	Argument	xxxxxxxxxxxxxxxx	predictive	High
71	Argument	xxxx	predictive	Low
72	Argument	xxxxxxxxxx	predictive	Medium
73	Argument	xxx_xxx	predictive	Low
74	Argument	xxxx/xxxxx/xxx/xxxx/xxxxxx/xxxxxx	predictive	High

References (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!