Arid Viper Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (400)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en362
ru16
de12
pl4
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us338
ru24
de18
pl4
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Arid Viper9
Desert Falcons2
RecordBreaker2
Vidar2
Socks5 Systemz1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined24
Web Browser8
Web Server6
Operating System4
Content Management System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined34
Apple4
Microsoft4
Oracle4
TP-LINK2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

nginx4
Microsoft Internet Explorer4
TP-LINK TD-8840t2
ProFTPD2
jforum2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
3DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.77CVE-2010-0966
4Dreaxteam Xt-News add_comment.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.005990.07CVE-2006-6746
5Enigma2 Coppermine Bridge e2_header.inc.php file inclusion9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.100260.00CVE-2006-6864
6IBM WebSphere Service Registry/Repository Access Restriction access control4.34.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.001620.05CVE-2014-6160
7Big Webmaster Big Webmaster Guestbook Script addguest.cgi cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.006150.04CVE-2006-2231
8LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.99
9Joomla CMS remember.php input validation5.44.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030440.00CVE-2013-3242
10Joomla CMS Media Manager path traversal8.58.2$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.749220.04CVE-2019-10945
11Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.57
12Apple macOS certificate validation5.65.4$5k-$25k$0-$5kHighOfficial Fix0.021810.00CVE-2023-41991
13Oracle Java SE JSSE unknown vulnerability7.47.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001060.08CVE-2023-21930
14ICQ fetch code injection10.09.5$0-$5k$0-$5kNot DefinedOfficial Fix0.003460.00CVE-2011-0487
15WebP Converter for Media Plugin passthru.php redirect4.94.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001060.04CVE-2021-25074
16CasaOS API command injection5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.011870.04CVE-2022-24193
17jQuery cross site scripting4.33.8$0-$5k$0-$5kNot DefinedOfficial Fix0.003060.11CVE-2011-4969
18Oracle Retail Central Office Security cross site scripting6.26.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.004390.02CVE-2021-41184
19InsydeH2O SMM HandleProtocol allocation of resources5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2021-41839
20PHP zip Extension php_zip.c use after free9.89.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.063260.03CVE-2016-5773

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Hamas

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
154.255.143.112ec2-54-255-143-112.ap-southeast-1.compute.amazonaws.comArid Viper12/24/2020verifiedMedium
291.199.147.84s726618.srvape.comArid ViperHamas10/30/2023verifiedHigh
394.131.98.3stockdc1.comArid ViperHamas10/30/2023verifiedHigh
495.164.18.204vm1554543.stark-industries.solutionsArid ViperHamas10/30/2023verifiedHigh
5XX.XXX.XX.XXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxx XxxxxXxxxx10/30/2023verifiedHigh
6XXX.XX.XXX.XXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxx XxxxxXxxxx10/30/2023verifiedHigh
7XXX.XX.XXX.XXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxx XxxxxXxxxx10/30/2023verifiedHigh
8XXX.XXX.XX.XXxx.xx.xxx.xxx.xxxxxxxxxx.xxx.xxxxxxxxx.xxxXxxx Xxxxx12/24/2020verifiedHigh
9XXX.XX.XX.XXXXxxx XxxxxXxxxx10/30/2023verifiedHigh
10XXX.XX.XXX.XXXxxx.xxxxxxxx.xxxXxxx XxxxxXxxxx10/30/2023verifiedHigh
11XXX.XXX.XXX.XXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxx XxxxxXxxxx10/30/2023verifiedHigh
12XXX.XXX.XXX.XXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxx XxxxxXxxxx10/30/2023verifiedHigh
13XXX.XX.XX.XXXxxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx Xxxxx12/24/2020verifiedHigh
14XXX.XX.XX.XXXxxxxxxxxx.xxx.xxXxxx Xxxxx12/24/2020verifiedHigh
15XXX.XXX.XXX.XXxxx.xxxxxxxxx.xxxXxxx Xxxxx12/24/2020verifiedHigh
16XXX.X.XX.XXXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxx XxxxxXxxxx10/30/2023verifiedHigh
17XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxx.xxxxxxxxxxxx.xxXxxx Xxxxx12/24/2020verifiedHigh
18XXX.XXX.XXX.Xxxxxxx.xxxxxxxxxxxxx.xxxXxxx Xxxxx12/24/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (50)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2Fileaddguest.cgipredictiveMedium
3Fileadd_comment.phppredictiveHigh
4Fileadmin/index.phppredictiveHigh
5Fileapi_jsonrpc.phppredictiveHigh
6Filecloud.phppredictiveMedium
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
8Filexx_xxxxxx.xxx.xxxpredictiveHigh
9Filexxxxxx/xxx/xxxxxxx.xxxpredictiveHigh
10Filexxxxx.xxxpredictiveMedium
11Filexxxxx/xxxxx_xxxxx_xpredictiveHigh
12Filexxxxxx.xpredictiveMedium
13Filexx.xxxpredictiveLow
14Filexxxx/xxx_xxxx_xxxxx.xpredictiveHigh
15Filexxx/xxxxxx.xxxpredictiveHigh
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxxx/xxxxxx/xxxx.xpredictiveHigh
19Filexxxxxxxx.xxxpredictiveMedium
20Filexxxxxxx_xxx.xxxpredictiveHigh
21Filexxxxx/xxxxx.xxx.xxxpredictiveHigh
22Filexxxxxxxx.xxxpredictiveMedium
23Filexxx_xxx.xpredictiveMedium
24Filexxxxxxx/xxxxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
25Filexxxxxxxxxxxx.xxxpredictiveHigh
26Filexxxxx/xxxxxxxxxxx/xxxxx.xxxpredictiveHigh
27Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
28Filexxx.xpredictiveLow
29Filexxxx-xxxx.xpredictiveMedium
30Filexxxxx/xxxxxxxx.xxxpredictiveHigh
31Filexx/xx/xxxxxpredictiveMedium
32ArgumentxxxxxxxxpredictiveMedium
33ArgumentxxxxxxxxpredictiveMedium
34ArgumentxxxxxxxxxxpredictiveMedium
35Argumentxxxxxxxxxxxx/xxxxxxxpredictiveHigh
36Argumentxxxx/xxxxpredictiveMedium
37ArgumentxxxxxxxxxpredictiveMedium
38Argumentxxxx_xxxpredictiveMedium
39ArgumentxxxxxxpredictiveLow
40ArgumentxxxxxxxxxxxpredictiveMedium
41Argumentxxx_xxxx_xxxxxxxxpredictiveHigh
42Argumentxxxxx xxxx/xxxx xxxxpredictiveHigh
43ArgumentxxxxxxpredictiveLow
44ArgumentxxpredictiveLow
45Argumentxx_xxxxpredictiveLow
46Argumentxxxx_xxxpredictiveMedium
47ArgumentxxxxxxxxpredictiveMedium
48Argumentxxxxxxx_xxxxx_xxxxx_xxxxxxx=xxxxxpredictiveHigh
49Argumentxxxxxxxx_xxxpredictiveMedium
50ArgumentxxxpredictiveLow

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!