TEMP.Heretic Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (43)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en34
ru6
ar2
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us24
ru12
cn4
gb2
ir2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

TEMP.Heretic3
RecordBreaker2
FIN72
IcedID2
Cobalt Strike2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined14
Programming Language Software6
Operating System4
Content Management System4
Application Server Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined12
Apache6
Zoho ManageEngine2
Adobe2
Huawei2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

PHP4
Apache Tomcat2
Apache log4j2
Zoho ManageEngine Remote Access Plus2
Apache Druid2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
2TuziCMS BannerController.class.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001720.00CVE-2022-23882
3FusionPBX fax_send.php command injection7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001210.02CVE-2022-35153
4WordPress WP_Query sql injection6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.935360.05CVE-2022-21661
5Apple macOS Shortcuts temp file4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.00CVE-2023-23522
6Adobe ColdFusion access control8.68.5$0-$5k$0-$5kHighOfficial Fix0.964040.05CVE-2023-26360
7CloudPanel 2 File Manager improper authentication8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.505340.02CVE-2023-35885
8Chamilo LMS wsConvertPpt command injection7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.938540.03CVE-2023-34960
9PHP File Upload form-data Remote Code Execution8.87.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.937530.02CVE-2005-3390
10VMware vCenter Server/Cloud Foundation DCERPC Protocol uninitialized pointer8.78.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.001100.06CVE-2023-20892
11Huawei E5186 4G LTE Router DNS Query Packet input validation7.06.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.003250.04CVE-2015-8265
12PaperCut MF/NG libsmb2 access control9.89.7$0-$5k$0-$5kHighOfficial Fix0.970720.05CVE-2023-27350
13PHP mysqli_real_escape_string integer overflow8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.009320.04CVE-2017-9120
14Juniper Web Device Manager Authentication hard-coded credentials9.89.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.06
15WordPress Pingback server-side request forgery5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.001200.05CVE-2022-3590
16FusionPBX login.php cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001470.00CVE-2021-37524
17Object First Management Protocol input validation8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001740.00CVE-2022-44794
18MODX Revolution unrestricted upload4.74.6$0-$5k$0-$5kNot DefinedNot Defined0.013460.05CVE-2022-26149
19Apache Flume JMS Source injection8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.002640.04CVE-2022-34916
20Apache log4j JNDI LDAP Server Lookup Log4Shell/LogJam deserialization8.68.5$25k-$100k$0-$5kHighOfficial Fix0.975600.09CVE-2021-44228

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • EmailThief

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1108.160.133.32108.160.133.32.vultr.comTEMP.HereticEmailThief02/05/2022verifiedMedium
2XXX.XX.XX.XXXXxxx.xxxxxxxXxxxxxxxxx02/05/2022verifiedHigh
3XXX.XXX.XXX.XXXXxxx.xxxxxxxXxxxxxxxxx02/05/2022verifiedHigh
4XXX.XXX.XXX.XXXXxxx.xxxxxxxXxxxxxxxxx02/05/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-19CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (18)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/fax/fax_send.phppredictiveHigh
2File/tmp/csman/0predictiveMedium
3File/WebMstr7/servlet/mstrWebpredictiveHigh
4Filexxx/xxxxxx.xxxpredictiveHigh
5Filex_xxxxxxxx_xxxxxpredictiveHigh
6Filexxxxxxxxxxxx.xxxpredictiveHigh
7Filexxxxxxxxx/xxxx-xxxxpredictiveHigh
8Filexxxxxxxxxx.xxxpredictiveHigh
9Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
10Filexxxxxxxxx/xxxxx.xxxpredictiveHigh
11File\xxx\xxxxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
12ArgumentxxxxxxxxpredictiveMedium
13Argumentx_xxxxxxxxpredictiveMedium
14ArgumentxxxxpredictiveLow
15ArgumentxxxxxxxpredictiveLow
16ArgumentxxxxxxxxxxxxxxpredictiveHigh
17ArgumentxxxpredictiveLow
18Input Value../..predictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!