Bonanza Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (318)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en202
ru48
it18
es16
pl8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us280
ru6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

RedLine Stealer6
Stealc5
Cobalt Strike5
Bonanza4
RisePro3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined106
Content Management System16
Forum Software16
Programming Language Software16
Operating System8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined82
SourceCodester8
Joomla4
Oracle4
DUware4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

phpBB6
SPiD4
Joomla CMS4
Zentrack4
Linux Kernel4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.57CVE-2022-28959
2TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010758.65CVE-2006-6168
3Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.36
4SourceCodester Online Employee Leave Management System addemployee.php cross-site request forgery5.85.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000750.00CVE-2022-3121
5OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002480.04CVE-2005-1612
6Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.17CVE-2020-15906
7Apple Mac OS X Server Wiki Server cross site scripting4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.002630.05CVE-2009-2814
8eSyndicat Directory Software suggest-listing.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.28
9Vienuke Vieboard viewtopic.asp sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.002130.00CVE-2003-1196
10MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.74CVE-2007-0354
11Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.003391.53CVE-2015-5911
12Oracle Communications Cloud Native Core Security Edge Protection Proxy SEPP code injection10.09.7$25k-$100k$5k-$25kHighOfficial Fix0.975050.00CVE-2022-22947
13MacCMS index.php command injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.859250.02CVE-2017-17733
14Advisto Peel SHOPPING caddie_ajout.php cross-site request forgery6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001180.09CVE-2018-20848
15Promosi-web ardguest ardguest.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001340.00CVE-2009-3668
16Haas Controller Ethernet Q Commands Service insufficient granularity of access control9.89.6$0-$5k$0-$5kNot DefinedNot Defined0.000770.00CVE-2022-2475
17PHPizabi template.class.php assignuser information disclosure4.34.2$0-$5k$0-$5kHighUnavailable0.005070.18CVE-2008-2018
18DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.85CVE-2010-0966
19ESecurityServices GPS Userdata Form allows Persistent cross site scripting5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.02

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
185.217.144.143Bonanza11/09/2023verifiedHigh
2109.107.182.2hosted-by.yeezyhost.netBonanza11/09/2023verifiedHigh
3XXX.XX.XX.XXXXxxxxxx11/09/2023verifiedHigh
4XXX.XX.XX.XXXXxxxxxx11/09/2023verifiedHigh
5XXX.XX.XX.XXXXxxxxxx11/09/2023verifiedHigh
6XXX.XXX.XXX.XXXxxxxxx11/09/2023verifiedHigh
7XXX.XXX.XX.XXXxxxxxx11/09/2023verifiedHigh
8XXX.XXX.XXX.XXXXxxxxxx11/09/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-CWE-XXXXxxxxxx Xxxxx Xxx Xxxxxxxxxxx Xxxxxxxxxx Xxxxx Xxxxxxx XxxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (248)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/?r=email/api/mark&op=delFromSendpredictiveHigh
2File/admin/addemployee.phppredictiveHigh
3File/advanced-tools/nova/bin/netwatchpredictiveHigh
4File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
5File/film-rating.phppredictiveHigh
6File/forum/away.phppredictiveHigh
7File/index.phppredictiveMedium
8File/librarian/bookdetails.phppredictiveHigh
9File/pages/faculty_sched.phppredictiveHigh
10File/php_action/createUser.phppredictiveHigh
11File/spip.phppredictiveMedium
12File/student/bookdetails.phppredictiveHigh
13Fileaccount.asppredictiveMedium
14Fileaddguest.cgipredictiveMedium
15Fileadd_comment.phppredictiveHigh
16Fileadmin.phppredictiveMedium
17Fileadmin/admin_users.phppredictiveHigh
18Fileadmin/conf_users_edit.phppredictiveHigh
19FileAdmin/edit-admin.phppredictiveHigh
20Fileadmin/establishment/manage.phppredictiveHigh
21Fileadmin/inquiries/view_details.phppredictiveHigh
22Fileadmin/skins.phppredictiveHigh
23Fileadmin/versions.htmlpredictiveHigh
24Fileadmindocumentworker.jsppredictiveHigh
25Fileadmin_feature.phppredictiveHigh
26Filealbum_portal.phppredictiveHigh
27Fileannounce.phppredictiveMedium
28Fileapply.cgipredictiveMedium
29Fileardguest.phppredictiveMedium
30Filebb_usage_stats.phppredictiveHigh
31Filebwdates-report-result.phppredictiveHigh
32Filexxxxxxxx.xxxpredictiveMedium
33Filexxxxxxxx_xxxx.xxxpredictiveHigh
34Filexxx-xxx/xxxxx_xxx_xxxpredictiveHigh
35Filexxx-xxx/xxxxx_xxxx.xxx?xxxxxx=xxxxxxxpredictiveHigh
36Filexxxxx.xxxxx.xxxpredictiveHigh
37Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
38Filexxxxxx.xxxpredictiveMedium
39Filexxxxxx.xxx.xxxpredictiveHigh
40Filexxx.xxxpredictiveLow
41Filexxxxxxx.xxxpredictiveMedium
42Filexxxxxx.xxxpredictiveMedium
43Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
44Filexxxxxxxx.xxxpredictiveMedium
45Filexxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
46Filexxxxxxx/xxx/x_xxxxx.xpredictiveHigh
47Filexxxxxxx/xxxxx/xxxxx/xxxxxx-xxx.xpredictiveHigh
48Filexxxx-xxxxxxx.xxxpredictiveHigh
49Filexxxxx.xxxpredictiveMedium
50Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictiveHigh
51Filexx_xxx.xxxpredictiveMedium
52Filexxxxx.xxxpredictiveMedium
53Filexx/xxxx/xxxxxxx.xpredictiveHigh
54Filexxxxxxx.xxxpredictiveMedium
55Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
56Filexxxxx.xxxpredictiveMedium
57Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
58Filexxxxxx.xxxpredictiveMedium
59Filexxxx.xxxpredictiveMedium
60Filexx-xxx/xxxx.xxxpredictiveHigh
61Filexxxxx_xxxxxx.xxxpredictiveHigh
62Filexxx/xxxxxx.xxxpredictiveHigh
63Filexxx/xxxxxxxxx.xxx.xxxpredictiveHigh
64Filexxxxxxx.xxxpredictiveMedium
65Filexxxxx.xxxpredictiveMedium
66Filexxxxx.xxxxpredictiveMedium
67Filexxxxx.xxxpredictiveMedium
68Filexxxxxxx/xxxxxx.xxxpredictiveHigh
69Filexxxx_xxxx.xxxpredictiveHigh
70Filexxxx.xxxpredictiveMedium
71Filexxxxx.xxxpredictiveMedium
72Filexxxxx.xx/xxxxxxxxxxx.xxx/xxxxx.xxxpredictiveHigh
73Filexxxxxxxxx.xxxpredictiveHigh
74Filexxxxxxxxxxxx.xxxpredictiveHigh
75Filexxx/xxxx_xxx.xxxpredictiveHigh
76Filexxxx/xxxxxxx_xxxx.xpredictiveHigh
77Filexxx/xxx.xxxpredictiveMedium
78Filexxxxxxx/xxx_xxxxxxxx.xxxpredictiveHigh
79Filexxx_xxxxxxxx.xxxpredictiveHigh
80Filexxxxxxxx.xxxpredictiveMedium
81Filexxxx-xxxxxx.xxxpredictiveHigh
82Filexxxxxxxx.xxxpredictiveMedium
83Filexxx_xxxx.xxxpredictiveMedium
84Filexxxxxxx_xxxx.xxxpredictiveHigh
85Filexxxxx.xxxpredictiveMedium
86FilexxxxxpredictiveLow
87Filexxxxxxxx.xxxpredictiveMedium
88Filexxxxx/xxxxxxx.xxxpredictiveHigh
89Filexxxxx-xxx.xpredictiveMedium
90Filexxxxx.xxxpredictiveMedium
91Filexxxxx/xxxxxxxxxxx/xxxxx.xxxpredictiveHigh
92Filexxxx.xxxpredictiveMedium
93Filexxxxxxxxxxxxxx.xxxpredictiveHigh
94Filexxxx.xxxpredictiveMedium
95Filexxxxxxxx-x.xxpredictiveHigh
96Filexxxxxxxx.xxxpredictiveMedium
97Filexxxxxxxxxxx-xxxxxxx.xxxpredictiveHigh
98Filexxxx/xxx/xxx_xxxx.xpredictiveHigh
99Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
100Filexxxxxx.xxxpredictiveMedium
101Filexxxxxx.xxxpredictiveMedium
102Filexxxxxxxx.xxxpredictiveMedium
103Filexxxxxx_xxx_xxxxxx.xxxpredictiveHigh
104Filexxxxx.xxxpredictiveMedium
105Filexxxxxxx/xxxxxx.xxxpredictiveHigh
106Filexxxxxxx.xxxpredictiveMedium
107Filexxxx_xxxxx.xxxxpredictiveHigh
108Filexxxxx.xxxpredictiveMedium
109Filexxxxx_xxxxx.xxxpredictiveHigh
110Filexxxxx.xxxpredictiveMedium
111Filexxxxxxx-xxxxxxxx.xxxpredictiveHigh
112Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
113Filexxxxxxx_xxxxxxxx.xxxpredictiveHigh
114Filexxxxxxxx.xxxxx.xxxpredictiveHigh
115Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxpredictiveHigh
116Filexxxxxxxxxxxxxxxxxxx.xxx/xxxxxxxx_xxxxx_xxxx_xxxxxxxx_xxxxxxxxxx.xxxpredictiveHigh
117Filexxxxx-xxxx.xxxpredictiveHigh
118Filexxxx-xxxxx.xxxpredictiveHigh
119Filexxxx-xxxxxxxx.xxxpredictiveHigh
120Filexxxx.xxxpredictiveMedium
121Filexxx.xxxpredictiveLow
122Filexxxxxxx-x-x-x.xxxpredictiveHigh
123Filexxxxxx.xxxpredictiveMedium
124Filexxxxxx_xxxxxxxx.xxxpredictiveHigh
125Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
126Filexxxx.xxxpredictiveMedium
127Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
128Filexxxxxxxxx.xxxpredictiveHigh
129Filexxxx_xxxx.xxxpredictiveHigh
130Filexxxx_xxxxxxx.xxxpredictiveHigh
131Filexxxxxxxxxxxxx.xxxpredictiveHigh
132Filexxx/xxxxxxx.xxxpredictiveHigh
133Filexxxxxxx.xxxxpredictiveMedium
134Filexxxxxxxxxx.xxxxpredictiveHigh
135Filexxxxxx.xxxpredictiveMedium
136Library/xxxxxxxxx/xxxxxxxxxxxxxx.xxxpredictiveHigh
137Libraryxxxxxx[xxxxxx_xxxxpredictiveHigh
138Libraryxxxxxxxx.xxxpredictiveMedium
139Libraryxxxxxxxxxxx.xxxpredictiveHigh
140Libraryxxxxxxx_xxxxxx_xxxxxxxpredictiveHigh
141Argument$_xxxxxx['xxxxx_xxxxxx']predictiveHigh
142ArgumentxxxxxxpredictiveLow
143ArgumentxxxxxxxxxxxxpredictiveMedium
144ArgumentxxxxxxxxpredictiveMedium
145ArgumentxxxxxxxxpredictiveMedium
146Argumentxxxx_xxxpredictiveMedium
147Argumentxxx_xxxpredictiveLow
148ArgumentxxxpredictiveLow
149Argumentxxx_xxpredictiveLow
150ArgumentxxxpredictiveLow
151Argumentxxxx_xxpredictiveLow
152ArgumentxxxxxxxpredictiveLow
153ArgumentxxxxxxpredictiveLow
154ArgumentxxxxxxxxxxpredictiveMedium
155Argumentxxxxxx[xxxxxx_xxxx]predictiveHigh
156Argumentxxxxxx[xxxx]predictiveMedium
157Argumentxxxxxx[xxx_xxxx_xxxx]predictiveHigh
158Argumentxxxxxxxxx[x]predictiveMedium
159ArgumentxxxxxpredictiveLow
160Argumentxxxxxx_xx/xxxx/xxxxxxxpredictiveHigh
161ArgumentxxxxxxxxxxxpredictiveMedium
162ArgumentxxxxxxxpredictiveLow
163ArgumentxxxxxpredictiveLow
164ArgumentxxxxxxxxxxpredictiveMedium
165Argumentxxxx_xxxxxxxxpredictiveHigh
166ArgumentxxxxxpredictiveLow
167ArgumentxxxxxxxxpredictiveMedium
168Argumentxxxxx_xxxpredictiveMedium
169ArgumentxxxxxpredictiveLow
170ArgumentxxxxxxxpredictiveLow
171Argumentxxxx/xxxxpredictiveMedium
172Argumentxx_xxxxpredictiveLow
173Argumentxxxx_xxpredictiveLow
174ArgumentxxxxxxxpredictiveLow
175Argumentxxxxx_xxpredictiveMedium
176ArgumentxxxxxxxxxxpredictiveMedium
177ArgumentxxxxxxxpredictiveLow
178ArgumentxxxxxxxpredictiveLow
179ArgumentxxpredictiveLow
180ArgumentxxxxxxxxpredictiveMedium
181ArgumentxxpredictiveLow
182ArgumentxxpredictiveLow
183Argumentxx=predictiveLow
184Argumentxxxxx/xxxxpredictiveMedium
185Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxpredictiveHigh
186ArgumentxxxxpredictiveLow
187ArgumentxxxxpredictiveLow
188ArgumentxxxxxxpredictiveLow
189ArgumentxxxxxpredictiveLow
190ArgumentxxxxxxxxpredictiveMedium
191ArgumentxxxxpredictiveLow
192Argumentxxxx_xxxxpredictiveMedium
193Argumentxxxx_xxxpredictiveMedium
194Argumentxxxxx_xxxxpredictiveMedium
195Argumentxxx_xxxxxxx_xxxpredictiveHigh
196ArgumentxxxxpredictiveLow
197ArgumentxxxpredictiveLow
198Argumentxx_xxxxxxxxpredictiveMedium
199ArgumentxxxxxxxxpredictiveMedium
200Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
201ArgumentxxxxxpredictiveLow
202Argumentxxxx_xxxxpredictiveMedium
203ArgumentxxpredictiveLow
204Argumentxxxxxxx xxxxxxpredictiveHigh
205ArgumentxxxxpredictiveLow
206ArgumentxxxxxxpredictiveLow
207ArgumentxxxxxxxxpredictiveMedium
208ArgumentxxxxpredictiveLow
209Argumentxxxx_xx_xx_xxxpredictiveHigh
210Argumentxxxxx_xxxx_xxxxpredictiveHigh
211ArgumentxxxxxpredictiveLow
212ArgumentxxxxxxxxpredictiveMedium
213Argumentxxxxxxx_xxpredictiveMedium
214ArgumentxxxxxpredictiveLow
215ArgumentxxxxxxxxxpredictiveMedium
216ArgumentxxxxxxxpredictiveLow
217ArgumentxxxxxxpredictiveLow
218ArgumentxxxxxxxxpredictiveMedium
219ArgumentxxxxxxxxxpredictiveMedium
220ArgumentxxxpredictiveLow
221ArgumentxxxpredictiveLow
222ArgumentxxxxxxpredictiveLow
223ArgumentxxxxxxxxxxpredictiveMedium
224ArgumentxxxpredictiveLow
225ArgumentxxxpredictiveLow
226Argumentxxxxxxxxx_xxxxxx_xxxpredictiveHigh
227ArgumentxxxxpredictiveLow
228ArgumentxxxxpredictiveLow
229ArgumentxxxxpredictiveLow
230ArgumentxxxxxxxxxxpredictiveMedium
231ArgumentxxxxpredictiveLow
232ArgumentxxxpredictiveLow
233ArgumentxxxxxpredictiveLow
234ArgumentxxxxxxpredictiveLow
235ArgumentxxxpredictiveLow
236ArgumentxxxxpredictiveLow
237ArgumentxxxxxxxxpredictiveMedium
238ArgumentxxxxxxxxpredictiveMedium
239Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
240ArgumentxxpredictiveLow
241Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh
242Input Value'xx''='predictiveLow
243Input Value' xx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxx xxxxx xx x)x)-- xxxxpredictiveHigh
244Input Value-xpredictiveLow
245Input Value<xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveHigh
246Input Valuexxxx<xxx xxx="" xxxxxxx=xxxxx(x)>predictiveHigh
247Input Value\xxx../../../../xxx/xxxxxxpredictiveHigh
248Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!