Butterfly Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (412)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en346
de24
es18
fr12
pl4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

nl238
us98
de20
es12
ru6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Butterfly4
Charming Kitten1
Mylobot1
Dorkbot1
APT281

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined122
Content Management System44
Web Server26
WordPress Plugin18
Operating System14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined146
Microsoft32
Apache18
Cisco12
Joomla10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress12
Apache HTTP Server12
Joomla CMS10
Microsoft Windows10
Mozilla Firefox8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.82CVE-2020-12440
2Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.18CVE-2017-0055
3MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.68CVE-2007-0354
4Vunet VU Web Visitor Analyst redir.asp sql injection7.37.1$0-$5k$0-$5kHighWorkaround0.001190.06CVE-2010-2338
5LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.67
6Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.15CVE-2014-4078
7Apache HTTP Server mod_rewrite redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.002580.05CVE-2020-1927
8MidiCart PHP Shopping Cart item_show.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.05
9ProFTPD mod_sftp/mod_sftp_pam kbdint.c resp_count numeric error7.57.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.019800.02CVE-2013-4359
10MikroTik RouterOS SMB memory corruption8.58.4$0-$5k$0-$5kHighOfficial Fix0.880650.03CVE-2018-7445
11DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.70CVE-2010-0966
12nginx HTTP/2 resource consumption6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.029740.09CVE-2018-16844
13Hospital Management System search.php sql injection7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.001400.00CVE-2022-48120
14CKFinder File Name unrestricted upload7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001550.05CVE-2019-15862
15sitepress-multilingual-cms Plugin class-wp-installer.php cross-site request forgery6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005790.04CVE-2020-10568
16WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.03CVE-2022-21664
17Apache Tomcat JSP File unrestricted upload7.77.5$5k-$25k$0-$5kHighOfficial Fix0.975330.05CVE-2017-12617
18Apache Tomcat CORS Filter Cache Poisoning data authenticity5.85.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.002760.06CVE-2017-7674
19Omron PLC CS/PLC CJ/PLC NJ Brute Force excessive authentication6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.002130.04CVE-2019-18261
20Pegasus Imaging ImagXpress ActiveX Control pegasusimaging.activex.thumnailxpress1.dll compactfile path traversal4.84.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.832600.00CVE-2007-5320

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
146.165.237.75Butterfly12/24/2020verifiedHigh
2XX.XXX.XXX.XXXxxxxxx.xxxxxxxxxx.xxxXxxxxxxxx12/24/2020verifiedHigh
3XXX.XXX.XXX.XXxxxxxxxx12/24/2020verifiedHigh
4XXX.XX.X.XXXxxx-xx-x-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxxxxxx12/24/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-120CWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx XxxxxxxxpredictiveHigh
15TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
18TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (183)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/broadcast.phppredictiveHigh
2File/admin/sysmon.phppredictiveHigh
3File/cgi-bin/webviewer_login_pagepredictiveHigh
4File/ecrirepredictiveLow
5File/forum/away.phppredictiveHigh
6File/getcfg.phppredictiveMedium
7File/MicroStrategyWS/happyaxis.jsppredictiveHigh
8File/owa/auth/logon.aspxpredictiveHigh
9File/proc/ioportspredictiveHigh
10File/search.phppredictiveMedium
11File/services/details.asppredictiveHigh
12File/tmppredictiveLow
13File/uncpath/predictiveMedium
14File/Upload.ashxpredictiveMedium
15File/usr/sbin/suexecpredictiveHigh
16File/var/tmp/sess_*predictiveHigh
17File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveHigh
18Fileactivateuser.aspxpredictiveHigh
19Fileadclick.phppredictiveMedium
20Fileadmin/killsourcepredictiveHigh
21Fileadmin/orion.extfeedbackform_efbf_forms.phppredictiveHigh
22Filexxxx-xxxx.xpredictiveMedium
23Filexxx/xxx/xxxxxxx.xpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxxx.xxxpredictiveMedium
26Filexxxxxxxxxx.xxxpredictiveHigh
27Filexxxxxx.xxxpredictiveMedium
28Filexxxxxx/xxxx/x_xxx.xpredictiveHigh
29Filexxxx/xxxxxxx/xxxxxxxxpredictiveHigh
30Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
31Filexxxxxxx.xxxpredictiveMedium
32Filexxxxxxxxx.xxxpredictiveHigh
33Filexxxxxxxx.xxxpredictiveMedium
34Filexxx/xxx/xxxxxpredictiveHigh
35Filexxxxx.xxxpredictiveMedium
36Filexxxx.xxxpredictiveMedium
37Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveHigh
38Filexxxxxxx.xxxpredictiveMedium
39Filexxx_xxxx.xpredictiveMedium
40Filexxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
41Filexx/xxxxx/xxxxxx.xpredictiveHigh
42Filexxx/xxxxxxxx.xxxpredictiveHigh
43Filexxx/xxxxxx.xxxpredictiveHigh
44Filexxxxxxx/xxxxx/xxx_xxxx.xpredictiveHigh
45Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictiveHigh
46Filexxxxx.xxxpredictiveMedium
47Filexxxxxxxxx/xxxxx/xxx_xxx/xxxx.xxxpredictiveHigh
48Filexxxxx.xxxxxxx.xxxpredictiveHigh
49Filexxxx_xxxx.xxxpredictiveHigh
50Filexxxxxxxx/xxxxxxxxxpredictiveHigh
51Filexxx?xxxx.xxxpredictiveMedium
52Filexxxxxx.xpredictiveMedium
53Filexxxxxx-xxx.xxpredictiveHigh
54Filexxxxx.xxxpredictiveMedium
55Filexxxxx.xxxpredictiveMedium
56Filexxxxxxxx.xxxpredictiveMedium
57Filexxx_xxx_xxxxxx.xpredictiveHigh
58Filexxx_xxxxx_xxxx.xpredictiveHigh
59FilexxxxxxpredictiveLow
60Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
61Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveHigh
62Filexxxxxxxx.xxxpredictiveMedium
63Filexxx.xxxpredictiveLow
64Filexxxxxxx.xxxpredictiveMedium
65Filexxxxx.xxxpredictiveMedium
66Filexxxxxxxxxx.xxxpredictiveHigh
67Filexxx_xxxxxx/xxxxxx/xxxxxxxxxxxxpredictiveHigh
68Filexxxxxxx.xxxpredictiveMedium
69Filexxxxx.xxxpredictiveMedium
70Filexxxxxxxxxx.xxxpredictiveHigh
71Filexxxx.xxxpredictiveMedium
72Filexxx.xpredictiveLow
73Filexxxxxxxx/xxxxxxxx/xxxxx.xxxpredictiveHigh
74Filexxxxxxxx.xxxpredictiveMedium
75Filexxxx-xxxxxx.xpredictiveHigh
76Filexxxx.xxxpredictiveMedium
77Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
78Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
79Filexxxxx-xxxx.xxxpredictiveHigh
80Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
81Filexxxxxxxxx.xxxpredictiveHigh
82Filexx.xxxpredictiveLow
83Filexxxxxx.xxxpredictiveMedium
84Filexxxxxxxx.xxxpredictiveMedium
85Filexxxx/xxxxxxxxx.xpredictiveHigh
86Filexxx/xxx/xxx-xxx/xxxx.xxxpredictiveHigh
87Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
88Filexxxx-xxx-xxxxx-xxxxx.xxxpredictiveHigh
89Filexxxx.xxxpredictiveMedium
90Filexxxxxxxxx-xxxpredictiveHigh
91Filexxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
92Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
93Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxxxxx-xpredictiveHigh
94Filexx-xxxxxxx/xxxxxxxpredictiveHigh
95Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
96Filexxxxxxxxx.xxxpredictiveHigh
97Filexxxxxx.xxxpredictiveMedium
98Filexxxx/xxxx_xxx_xxxxxx.xpredictiveHigh
99File_xxxxxx.xxxpredictiveMedium
100Libraryxxxxxxxx.xxxpredictiveMedium
101Libraryxxxxxxxxxxxx/xxxx/xxxxxxxxxx.xxxpredictiveHigh
102Libraryxxx/xxxxxxx-xxxxxxxxx-x.x.x.xxxpredictiveHigh
103Libraryxxxxxxx/xxx/xxxxxxxxxxxx.xxxpredictiveHigh
104Libraryxxxxxxxxxxxxxx.xxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveHigh
105Libraryxxxxxxx.xxxpredictiveMedium
106Argument-xpredictiveLow
107Argumentxxx_xxxxpredictiveMedium
108ArgumentxxxxxxxxxxxpredictiveMedium
109ArgumentxxxxxxxxxxxxxxpredictiveHigh
110ArgumentxxxxxxxxpredictiveMedium
111ArgumentxxxxxxpredictiveLow
112ArgumentxxxpredictiveLow
113Argumentxxx_xxpredictiveLow
114ArgumentxxxxxxxpredictiveLow
115ArgumentxxxpredictiveLow
116ArgumentxxxpredictiveLow
117Argumentxxxx_xxpredictiveLow
118Argumentxxxxxxx/xxxxxxpredictiveHigh
119Argumentxxxxxxx_xxxx->xxx($xxxxxxxx)predictiveHigh
120ArgumentxxxxxpredictiveLow
121ArgumentxxxxxxxxxxpredictiveMedium
122ArgumentxxxxxxpredictiveLow
123ArgumentxxxxpredictiveLow
124Argumentxxxxx_xxxpredictiveMedium
125ArgumentxxxxxxpredictiveLow
126Argumentxxxxxxxxx->xxxxxxxxxpredictiveHigh
127ArgumentxxxxpredictiveLow
128ArgumentxxxxxxxxxpredictiveMedium
129ArgumentxxxxpredictiveLow
130ArgumentxxpredictiveLow
131ArgumentxxxxxxxpredictiveLow
132ArgumentxxxxxxpredictiveLow
133Argumentxxxx_xxpredictiveLow
134Argumentxxxx_xxxxxx_xxxxx/xxxx_xxxxxx_xxxx_xxxxxxpredictiveHigh
135Argumentxxxx_xxxx/xxxxxpredictiveHigh
136ArgumentxxxxxpredictiveLow
137ArgumentxxxpredictiveLow
138Argumentxx[xxxx]predictiveMedium
139ArgumentxxxxpredictiveLow
140ArgumentxxpredictiveLow
141Argumentxxxxx/xxpredictiveMedium
142Argumentxxxxx/xxxxxxpredictiveMedium
143ArgumentxxxxxxxpredictiveLow
144ArgumentxxxxpredictiveLow
145ArgumentxxxxxxxxpredictiveMedium
146ArgumentxxxxxxxxpredictiveMedium
147ArgumentxxxxxxpredictiveLow
148ArgumentxxxxpredictiveLow
149ArgumentxxxxpredictiveLow
150ArgumentxxxxxxpredictiveLow
151ArgumentxxxxxxpredictiveLow
152ArgumentxxxxxxxxpredictiveMedium
153Argumentxxxxxxx_xxpredictiveMedium
154ArgumentxxxxxxpredictiveLow
155ArgumentxxxpredictiveLow
156ArgumentxxpredictiveLow
157ArgumentxxxxxxxxxpredictiveMedium
158ArgumentxxxxxxxxxpredictiveMedium
159ArgumentxxxxpredictiveLow
160Argumentxxxx_xxpredictiveLow
161ArgumentxxxpredictiveLow
162ArgumentxxxxxxxxpredictiveMedium
163Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
164Argumentx-xxxxxxxxx-xxxpredictiveHigh
165Argumentx-xxxxxxxxx-xxxxpredictiveHigh
166Input Value%xxx%xxxxxxxxx%xxxxxxx(x)>%xxpredictiveHigh
167Input Value.%xx.../.%xx.../predictiveHigh
168Input Value..\..\xxx.xxxxxxpredictiveHigh
169Input Value/xxxx.xxxpredictiveMedium
170Input ValuexxxxpredictiveLow
171Input Value</xxxxxx><xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
172Input ValuexxxxxpredictiveLow
173Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
174Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
175Input Valuexxx?xxxx.xxxpredictiveMedium
176Input Valuexxxx:xxxxxxpredictiveMedium
177Input Value\xpredictiveLow
178Patternxxxxxxx-xxxxxxxxxxx|xx| xxxx-xxxxpredictiveHigh
179Network Portxx xxxxxxx xxx.xx.xx.xxpredictiveHigh
180Network Portxxxx xxxxpredictiveMedium
181Network Portxxx/xx (xxx)predictiveMedium
182Network Portxxx/xxxxpredictiveMedium
183Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!