Kinsing Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (651)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	472
ru	94
zh	64
es	6
fr	6

Country

la	228
us	196
ru	134
cn	38
gb	22

Actors

Cobalt Strike	19
RedLine Stealer	15
TrickBot	13
Ave Maria	9
Conti	7

Activities

Interest

Timeline

Type

Not Defined	212
Content Management System	30
Operating System	20
Programming Language Software	20
WordPress Plugin	18

Vendor

Not Defined	226
Microsoft	20
Google	18
Apache	14
Oracle	12

Product

Google Chrome	12
Revive Adserver	10
Microsoft Windows	8
Fortinet FortiOS	8
WordPress	8

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	Calculating	High	Workaround	0.02016	0.00	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.99	CVE-2010-0966
3	nginx request smuggling	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	2.23	CVE-2020-12440
4	Bitrix Site Manager Vote Module Remote Code Execution	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00668	0.04	CVE-2022-27228
5	jQuery html cross site scripting	5.8	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01900	0.00	CVE-2020-11023
6	LogicBoard CMS away.php redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	2.49
7	TikiWiki tiki-register.php input validation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01075	10.00	CVE-2006-6168
8	Zyxel NAS326/NAS542 Web Server os command injection	9.8	9.8	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00068	0.04	CVE-2023-4473
9	Tiki Admin Password tiki-login.php improper authentication	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00936	10.00	CVE-2020-15906
10	Cacti XML Template File templates_import.php cross site scripting	4.8	4.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00069	0.04	CVE-2023-50569
11	Microsoft IIS IP/Domain Restriction access control	6.5	5.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00817	0.15	CVE-2014-4078
12	request-baskets API Request {name} server-side request forgery	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.08109	0.08	CVE-2023-27163
13	Moment.js path traversal	6.9	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00330	0.00	CVE-2022-24785
14	Esri ArcGIS Server sql injection	8.1	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00123	0.04	CVE-2021-29114
15	Linux Kernel fbcon vt.c KD_FONT_OP_COPY out-of-bounds	5.0	4.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2020-28974
16	Joomla CMS LDAP Authentication Password ldap injection	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01039	0.04	CVE-2017-14596
17	SPIP spip.php cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00132	0.33	CVE-2022-28959
18	AWStats awstats.pl pathname traversal	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00499	0.15	CVE-2020-35176
19	JetBrains IntelliJ IDEA License Server authentication spoofing	7.7	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00222	0.00	CVE-2020-11690
20	ILIAS Cloze Test Text gap Persistent cross site scripting	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00193	0.06	CVE-2019-1010237

Campaigns (4)

These are the campaigns that can be associated with the actor:

CVE-2022-36804
CVE-2023-32315
Xxx-xxxx-xxxxx
Xxxxxxxxx

IOC - Indicator of Compromise (125)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	3.22.186.242	ec2-3-22-186-242.us-east-2.compute.amazonaws.com	Kinsing		07/29/2022	verified	Medium
2	3.215.110.66	ec2-3-215-110-66.compute-1.amazonaws.com	Kinsing	Log4Shell	01/24/2022	verified	Medium
3	5.34.183.14	vds-904894.hosted-by-itldc.com	Kinsing		02/09/2022	verified	High
4	5.34.183.145	a.sadeghi	Kinsing		02/09/2022	verified	High
5	5.35.101.62	hosted-by.ruweb.net	Kinsing	CVE-2023-32315	09/01/2023	verified	High
6	31.184.240.34	106863.web.hosting-russia.ru	Kinsing	CVE-2023-32315	09/01/2023	verified	High
7	31.210.20.181		Kinsing	Log4Shell	01/24/2022	verified	High
8	34.81.218.76	76.218.81.34.bc.googleusercontent.com	Kinsing	Log4Shell	01/24/2022	verified	Medium
9	42.112.28.216	midp.highlatrol.com	Kinsing	Log4Shell	01/24/2022	verified	High
10	45.10.88.102	45.10.88.102.cl.darnytsia.net	Kinsing		04/04/2020	verified	High
11	45.10.88.124		Kinsing		02/09/2022	verified	High
12	45.15.158.124		Kinsing		08/18/2023	verified	High
13	45.67.230.68	vm330138.pq.hosting	Kinsing		02/09/2022	verified	High
14	45.95.169.118	zb64.antoniagavve.live	Kinsing		07/29/2022	verified	High
15	45.129.2.107		Kinsing	Log4Shell	01/24/2022	verified	High
16	45.137.151.106		Kinsing	Log4Shell	01/24/2022	verified	High
17	45.137.155.55	vm360194.pq.hosting	Kinsing	Log4Shell	02/22/2022	verified	High
18	45.142.214.48	server.com	Kinsing	Log4Shell	01/24/2022	verified	High
19	45.147.201.186		Kinsing		02/09/2022	verified	High
20	45.153.231.22	electacasper.example.com	Kinsing		02/09/2022	verified	High
21	45.156.23.210		Kinsing	Log4Shell	01/24/2022	verified	High
22	46.17.43.156		Kinsing	CVE-2023-46604	12/14/2023	verified	High
23	51.222.154.100	ns577710.ip-51-222-154.net	Kinsing	CVE-2023-32315	09/01/2023	verified	High
24	62.76.41.46	392.mighost.ru	Kinsing	Log4Shell	01/24/2022	verified	High
25	62.113.113.60	v2065801.hosted-by-vdsina.ru	Kinsing	CVE-2022-36804	02/27/2024	verified	High
26	XX.XXX.XXX.XXX	xxxxxxxx.xxxxxx-xx-xxxxxx.xx	Xxxxxxx	Xxx-xxxx-xxxxx	02/27/2024	verified	High
27	XX.XX.XXX.X	xxxxxx.x.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxx	Xxx-xxxx-xxxxx	09/01/2023	verified	High
28	XX.XXX.XXX.XX	xxxxxxxxxx.xxxx	Xxxxxxx	Xxx-xxxx-xxxxx	12/14/2023	verified	High
29	XX.XX.XXX.XX	xxxx.xxxx.xxx	Xxxxxxx		02/09/2022	verified	High
30	XX.XX.XXX.XX	xxxx.xxxx.xxx	Xxxxxxx		02/09/2022	verified	High
31	XX.XXX.XXX.XXX	xxx.xxx.xxxxxx.xxx	Xxxxxxx	Xxxxxxxxx	01/24/2022	verified	High
32	XX.XXX.XX.XXX		Xxxxxxx	Xxxxxxxxx	01/24/2022	verified	High
33	XX.XX.XX.XX		Xxxxxxx		08/18/2023	verified	High
34	XX.XXX.XXX.XXX	xxxx-xxx.xxxxxx.xx	Xxxxxxx	Xxx-xxxx-xxxxx	12/14/2023	verified	High
35	XX.XXX.XXX.XXX	xxxxxxx.xxxxxx.xxx	Xxxxxxx		04/04/2020	verified	High
36	XX.XXX.XX.XXX	xxxxxx.xxxxxx.xxxx.xxxxxxx.xxx	Xxxxxxx		07/29/2022	verified	High
37	XX.XXX.XX.XX	xxxxx.xxxxxx.xx.xxx	Xxxxxxx	Xxx-xxxx-xxxxx	12/14/2023	verified	High
38	XX.XXX.XX.XXX		Xxxxxxx		07/29/2022	verified	High
39	XX.XXX.XX.XX		Xxxxxxx		02/09/2022	verified	High
40	XX.XXX.XX.XXX	xxxx.xx	Xxxxxxx		02/09/2022	verified	High
41	XX.XXX.XXX.X	xxxxxxx-xxxxxxx.xxx.xx	Xxxxxxx	Xxx-xxxx-xxxxx	12/14/2023	verified	High
42	XX.XXX.XXX.XX	xxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxx	Xxxxxxx	Xxx-xxxx-xxxxx	02/27/2024	verified	High
43	XX.XXX.XX.X	xxxxxxxxxxxxxxxxxxxxxxx.xx	Xxxxxxx		02/09/2022	verified	High
44	XX.XXX.XX.XXX	xxxxxxxxxxxxx.xxx	Xxxxxxx	Xxx-xxxx-xxxxx	12/14/2023	verified	High
45	XX.XXX.XX.XXX	xxxxxxxx.xxxxxxx.xx	Xxxxxxx		02/09/2022	verified	High
46	XX.XXX.XX.XX		Xxxxxxx	Xxxxxxxxx	01/24/2022	verified	High
47	XX.XX.XXX.XXX	xxxx.xxxxxx-xxxxxxx.xx	Xxxxxxx		07/29/2022	verified	High
48	XX.XXX.XX.XXX	xxxxxxxx.xxx-xxxxxxxx.xx	Xxxxxxx		07/29/2022	verified	High
49	XX.XXX.XXX.XX		Xxxxxxx	Xxxxxxxxx	01/24/2022	verified	High
50	XX.XXX.XXX.XX	xxxx-xxxxx.xxxxxxxx.xxx	Xxxxxxx	Xxxxxxxxx	01/24/2022	verified	High
51	XX.XXX.XXX.XXX	xxxxxx.xxx.xxx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxx		07/29/2022	verified	High
52	XXX.XXX.XXX.XXX		Xxxxxxx	Xxx-xxxx-xxxxx	09/01/2023	verified	High
53	XXX.XXX.XX.XXX	xxxxxx.xxx	Xxxxxxx	Xxxxxxxxx	01/24/2022	verified	High
54	XXX.XXX.XX.XXX		Xxxxxxx	Xxx-xxxx-xxxxx	09/01/2023	verified	High
55	XXX.XXX.XX.XXX	xxxxx.xxx.xxxxxxx-xxxxxx.xx	Xxxxxxx	Xxx-xxxx-xxxxx	12/14/2023	verified	High
56	XXX.XX.XXX.XXX	xxxxxxx.xxxxx.xx	Xxxxxxx	Xxxxxxxxx	01/24/2022	verified	High
57	XXX.XX.XXX.XX		Xxxxxxx	Xxxxxxxxx	01/24/2022	verified	High
58	XXX.XXX.XX.XX		Xxxxxxx		07/29/2022	verified	High
59	XXX.XXX.XX.XXX		Xxxxxxx		07/29/2022	verified	High
60	XXX.XXX.XX.XXX		Xxxxxxx		07/29/2022	verified	High
61	XXX.XX.XX.XX	xxxxxxxxx.xxxxxxx.xxx	Xxxxxxx		07/29/2022	verified	High
62	XXX.XX.XXX.XXX	xxxxx.xx-xxx-xx-xxx.xxx	Xxxxxxx		04/04/2020	verified	High
63	XXX.XX.XXX.XXX	xxxx.xxxxxxxx.xx	Xxxxxxx		07/29/2022	verified	High
64	XXX.XX.XX.XXX		Xxxxxxx	Xxxxxxxxx	01/24/2022	verified	High
65	XXX.XX.XXX.XXX		Xxxxxxx		07/29/2022	verified	High
66	XXX.XX.XXX.XXX		Xxxxxxx	Xxx-xxxx-xxxxx	09/01/2023	verified	High
67	XXX.XXX.XXX.XXX	xxxxxxx-xx.xxx.xxxxxx-xxxxxxx.xxx	Xxxxxxx	Xxx-xxxx-xxxxx	09/01/2023	verified	High
68	XXX.XXX.XX.XX		Xxxxxxx		07/29/2022	verified	High
69	XXX.XXX.XXX.XX	xxxxxxx-xx.xxx.xxxxxx-xxxxxxx.xxx	Xxxxxxx	Xxx-xxxx-xxxxx	09/01/2023	verified	High
70	XXX.XX.XXX.XXX		Xxxxxxx	Xxxxxxxxx	01/24/2022	verified	High
71	XXX.XXX.XX.XXX		Xxxxxxx	Xxx-xxxx-xxxxx	12/14/2023	verified	High
72	XXX.XX.XX.XXX	xx-xxx.xxxxx.xx	Xxxxxxx		03/26/2022	verified	High
73	XXX.XXX.XX.XXX		Xxxxxxx	Xxx-xxxx-xxxxx	12/14/2023	verified	High
74	XXX.XX.X.XXX		Xxxxxxx	Xxx-xxxx-xxxxx	02/27/2024	verified	High
75	XXX.XX.XX.XXX	xxxxxx.xxx	Xxxxxxx	Xxxxxxxxx	01/24/2022	verified	High
76	XXX.XX.XX.XX	xxx-xx.xxxxx.xxx	Xxxxxxx		04/04/2020	verified	High
77	XXX.XXX.XXX.XXX		Xxxxxxx	Xxx-xxxx-xxxxx	02/27/2024	verified	High
78	XXX.XXX.XXX.XXX		Xxxxxxx	Xxx-xxxx-xxxxx	12/14/2023	verified	High
79	XXX.XXX.XX.XXX	xxxxxxxx.xxxxxxx.xx	Xxxxxxx	Xxxxxxxxx	01/24/2022	verified	High
80	XXX.XXX.XXX.XXX	xxxxxxxx.xxxxxxxx.xx	Xxxxxxx	Xxxxxxxxx	01/24/2022	verified	High
81	XXX.XXX.XXX.XX		Xxxxxxx	Xxx-xxxx-xxxxx	12/14/2023	verified	High
82	XXX.XXX.XX.XXX		Xxxxxxx	Xxxxxxxxx	01/24/2022	verified	High
83	XXX.XXX.XX.XXX		Xxxxxxx	Xxxxxxxxx	01/24/2022	verified	High
84	XXX.XXX.XX.XX	xxxxxxxx.xxxxxx-xx-xxxxxx.xx	Xxxxxxx	Xxx-xxxx-xxxxx	02/27/2024	verified	High
85	XXX.XXX.XXX.XXX	xxxxxx.xx	Xxxxxxx	Xxx-xxxx-xxxxx	12/14/2023	verified	High
86	XXX.XXX.XXX.XXX	xxxxxxxxx.xxx	Xxxxxxx	Xxxxxxxxx	01/24/2022	verified	High
87	XXX.XXX.XXX.XXX	xxxxx.xxxxxx.xxxxx.xx	Xxxxxxx	Xxx-xxxx-xxxxx	12/14/2023	verified	High
88	XXX.XXX.XXX.X	xxxxxxxx.xx.xxxxxxx	Xxxxxxx		07/29/2022	verified	High
89	XXX.XXX.XXX.XXX	xxxxxxxxxx.xxx	Xxxxxxx	Xxxxxxxxx	01/24/2022	verified	High
90	XXX.XXX.XX.XXX		Xxxxxxx	Xxx-xxxx-xxxxx	02/27/2024	verified	High
91	XXX.XXX.XX.XXX		Xxxxxxx		01/11/2023	verified	High
92	XXX.XXX.XX.XXX		Xxxxxxx	Xxx-xxxx-xxxxx	02/27/2024	verified	High
93	XXX.XXX.XXX.XXX	xxxx.xx.xxxxxxx	Xxxxxxx		02/09/2022	verified	High
94	XXX.XXX.XXX.XXX	xxxxxx.xxxxxxxxxxxxxx.xxx	Xxxxxxx		02/09/2022	verified	High
95	XXX.XX.XX.XXX	xxxxxx.xxxxxxxxxx.xxx	Xxxxxxx		04/04/2020	verified	High
96	XXX.XXX.XX.XX	xx.xxxxxxx	Xxxxxxx	Xxx-xxxx-xxxxx	12/14/2023	verified	High
97	XXX.XXX.XXX.XX	xxxxxx-xxxxxxx.xxxxx.xx	Xxxxxxx	Xxxxxxxxx	01/24/2022	verified	High
98	XXX.XXX.XXX.XX		Xxxxxxx	Xxx-xxxx-xxxxx	02/27/2024	verified	High
99	XXX.XX.XX.XX	xxxxxxxxxxxx.xxxx.xxxxxxx	Xxxxxxx	Xxx-xxxx-xxxxx	02/27/2024	verified	High
100	XXX.XX.XX.XXX		Xxxxxxx		07/29/2022	verified	High
101	XXX.XX.XX.XXX	xxxxx.xxxxxxxxxxxx.xxxx	Xxxxxxx	Xxx-xxxx-xxxxx	02/27/2024	verified	High
102	XXX.XX.XX.XXX	xxxxxxx.xxx	Xxxxxxx		02/09/2022	verified	High
103	XXX.XX.XX.XXX	xxxxxxxxx.xxxx.xxxxxxx	Xxxxxxx	Xxx-xxxx-xxxxx	02/27/2024	verified	High
104	XXX.XX.XX.XX	xxxxxxxxx.xxxx.xxxxxxx	Xxxxxxx	Xxx-xxxx-xxxxx	12/14/2023	verified	High
105	XXX.XX.XX.X	xxxxx.xxxx.xxx	Xxxxxxx	Xxx-xxxx-xxxxx	02/27/2024	verified	High
106	XXX.XX.XXX.XX	xxxx.xxxx.xxx	Xxxxxxx		02/09/2022	verified	High
107	XXX.XX.XXX.XXX	xxxxxxx.xxx	Xxxxxxx	Xxxxxxxxx	01/24/2022	verified	High
108	XXX.XX.XXX.XXX	xxxxxxxxxx.xxxx.xxxxxxx	Xxxxxxx		02/09/2022	verified	High
109	XXX.XX.XXX.XXX	xxxx.xxxx.xxx	Xxxxxxx	Xxx-xxxx-xxxxx	02/27/2024	verified	High
110	XXX.XX.XXX.XXX	xxxxx.xxxx.xxxxxxx	Xxxxxxx		02/07/2023	verified	High
111	XXX.XX.XXX.XX	xxx.xxxxx.xxx	Xxxxxxx	Xxxxxxxxx	01/24/2022	verified	High
112	XXX.XX.XXX.XXX		Xxxxxxx	Xxx-xxxx-xxxxx	09/01/2023	verified	High
113	XXX.XX.XXX.XXX		Xxxxxxx	Xxx-xxxx-xxxxx	12/14/2023	verified	High
114	XXX.XXX.XXX.XXX	xxxxxxxx.xxx.xx	Xxxxxxx	Xxx-xxxx-xxxxx	12/14/2023	verified	High
115	XXX.X.XX.XXX	xxxxxxxx.xxxxxx-xx-xxxxxx.xx	Xxxxxxx		02/07/2023	verified	High
116	XXX.X.XX.XX	xxxxxxxx.xxxxxx-xx-xxxxxx.xx	Xxxxxxx		07/29/2022	verified	High
117	XXX.XX.XXX.XX	xxxx.xxxxxx.xx	Xxxxxxx		02/09/2022	verified	High
118	XXX.XXX.XXX.XX	xxx-xxxxxx.xxxxxx-xx-xxxxx.xxx	Xxxxxxx		02/09/2022	verified	High
119	XXX.XXX.X.XXX	xxx.xxx.x.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxx		07/29/2022	verified	High
120	XXX.XX.XXX.XXX		Xxxxxxx		07/29/2022	verified	High
121	XXX.XX.XX.X	xxxxxxxxxx.xxxxxxxxxxxxxx.xxx	Xxxxxxx	Xxxxxxxxx	01/24/2022	verified	High
122	XXX.XX.XX.XX	xxxxxx.xxx	Xxxxxxx	Xxxxxxxxx	01/24/2022	verified	High
123	XXX.XXX.XX.XXX	xxxxxx.xxxxxxxxxxx.xx	Xxxxxxx	Xxxxxxxxx	01/24/2022	verified	High
124	XXX.XX.XXX.XX		Xxxxxxx		04/04/2020	verified	High
125	XXX.XX.XXX.XXX	xxxxxxxxxxx.xxxxxx.xxx	Xxxxxxx		04/04/2020	verified	High

TTP - Tactics, Techniques, Procedures (23)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-21, CWE-22, CWE-23, CWE-24	Path Traversal	predictive	High
2	T1040	CAPEC-102	CWE-319	Authentication Bypass by Capture-replay	predictive	High
3	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	High
4	T1059	CAPEC-137	CWE-88, CWE-94, CWE-1321	Argument Injection	predictive	High
5	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	High
6	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
7	TXXXX	CAPEC-150	CWE-XXX	Xxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxx	predictive	High
8	TXXXX.XXX	CAPEC-16	CWE-XXX, CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	High
9	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
10	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
11	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
12	TXXXX	CAPEC-1	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
13	TXXXX	CAPEC-108	CWE-XX, CWE-XX	Xxx Xxxxxxxxx	predictive	High
14	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	High
15	TXXXX	CAPEC-112	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
16	TXXXX	CAPEC-37	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
17	TXXXX.XXX	CAPEC-	CWE-XXX	Xxxxxxxx Xxxxxx Xxxx	predictive	High
18	TXXXX.XXX	CAPEC-459	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
19	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
20	TXXXX.XXX	CAPEC-	CWE-XX	Xxxxxxxxxxxxx	predictive	High
21	TXXXX	CAPEC-112	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High
22	TXXXX.XXX	CAPEC-	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	High
23	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (297)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	//proc/kcore	predictive	Medium
2	File	/admin/dl_sendmail.php	predictive	High
3	File	/admin/index2.html	predictive	High
4	File	/admin/login.php	predictive	High
5	File	/adminPage/conf/reload	predictive	High
6	File	/api/baskets/{name}	predictive	High
7	File	/api/v2/cli/commands	predictive	High
8	File	/app/Http/Controllers/Admin/NEditorController.php	predictive	High
9	File	/application/index/controller/Databasesource.php	predictive	High
10	File	/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=	predictive	High
11	File	/DXR.axd	predictive	Medium
12	File	/forum/away.php	predictive	High
13	File	/inc/parser/xhtml.php	predictive	High
14	File	/include/makecvs.php	predictive	High
15	File	/livesite/edit_designer_region.php	predictive	High
16	File	/mfsNotice/page	predictive	High
17	File	/mgmt/tm/util/bash	predictive	High
18	File	/mifs/c/i/reg/reg.html	predictive	High
19	File	/novel/bookSetting/list	predictive	High
20	File	/novel/userFeedback/list	predictive	High
21	File	/owa/auth/logon.aspx	predictive	High
22	File	/requests.php	predictive	High
23	File	/secure/ViewCollectors	predictive	High
24	File	/Session	predictive	Medium
25	File	/spip.php	predictive	Medium
26	File	/usr/bin/pkexec	predictive	High
27	File	/wp-admin/admin.php?page=wp_file_manager_properties	predictive	High
28	File	/xAdmin/html/cm_doclist_view_uc.jsp	predictive	High
29	File	/x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3	predictive	High
30	File	/zm/index.php	predictive	High
31	File	adclick.php	predictive	Medium
32	File	add.php	predictive	Low
33	File	add_comment.php	predictive	High
34	File	xxxxx.xxxxxxxxx.xxx	predictive	High
35	File	xxxxx/xxxxxxx.xxx	predictive	High
36	File	xxxxx\xxxxx\xxxxxxx\xxxxxxxx.xxx	predictive	High
37	File	xxxxxxxxxxx/xxxxxxx/xxxxx/xxxxx/xxxxxxxxx/xxxxxxxx.xxx	predictive	High
38	File	xxxxxxx.xx	predictive	Medium
39	File	xxxx/xxxxxxxxxxxx.xxx	predictive	High
40	File	xxxxxx/xxxxxxx/xxxx/xxxxx.xxx	predictive	High
41	File	xxxx.xxx	predictive	Medium
42	File	xx_xxxx_xx_xxxx_xxxx.xxx	predictive	High
43	File	xxxx_xxxxxxx.xxx	predictive	High
44	File	xxx.xxx	predictive	Low
45	File	xxx-xxx/xxxxxxx.xx	predictive	High
46	File	xxxxxxxx.xxx	predictive	Medium
47	File	xxxxx.xxxxxxxxx.xxx	predictive	High
48	File	xxxxxxxxxx.xxx	predictive	High
49	File	xxxxx.xxx	predictive	Medium
50	File	xxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxx	predictive	High
51	File	xxxxx-xxxxxxx.xxx	predictive	High
52	File	xxxxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	High
53	File	xxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/	predictive	High
54	File	xxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxx	predictive	High
55	File	xxxxxx.xxx	predictive	Medium
56	File	xxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxx	predictive	High
57	File	xxxxxxxxxx\xxxx.xxx	predictive	High
58	File	xxxxxxxxxxx.xxx	predictive	High
59	File	xxxxxx/xx/xx_xxxxx.x	predictive	High
60	File	xxxx:x.x/xx:x/xx:x/xx:x/xx:x/x:x/x:x/x:x/x:x	predictive	High
61	File	x_xxxxxx	predictive	Medium
62	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
63	File	xxxxxxx_xxxxx.xxx	predictive	High
64	File	xxxxxxx.xxx	predictive	Medium
65	File	xxxxxx.xxx	predictive	Medium
66	File	xxxxxxx/xxx/xx/xx.x	predictive	High
67	File	xxxx-xxxxxx.xxx	predictive	High
68	File	xxxx.xxx	predictive	Medium
69	File	xxxxx.xxx	predictive	Medium
70	File	xxxxxx.xxx	predictive	Medium
71	File	xxxxxxxxxxx.xxxxx.xxx	predictive	High
72	File	xxxxxxxxxxxxxxxxxxxx.xxx	predictive	High
73	File	xxxxxxxxxxxx.xxx	predictive	High
74	File	xxxx_xxxxxxxx.xxx	predictive	High
75	File	xxxxxxxxxxxxxxxxx.xxx	predictive	High
76	File	xxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxx	predictive	High
77	File	xxxxxxxxxxx.x	predictive	High
78	File	xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	High
79	File	xxxx.xxx	predictive	Medium
80	File	xxxxx_xxxx.xxx	predictive	High
81	File	xxxxxxxxx.xxx	predictive	High
82	File	xxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxx	predictive	High
83	File	xxx/xxxxxx.xxx	predictive	High
84	File	xxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxx	predictive	High
85	File	xxxxx.xxxx	predictive	Medium
86	File	xxxxx.xxx	predictive	Medium
87	File	xxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxx	predictive	High
88	File	xxxxx.xxx/xxxxxxx/xxxxx	predictive	High
89	File	xxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxx	predictive	High
90	File	xxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxx	predictive	High
91	File	xxxxx.xx	predictive	Medium
92	File	xxxxxxx.xxx	predictive	Medium
93	File	xxxx.xxx	predictive	Medium
94	File	xxxxxxxx.xxx	predictive	Medium
95	File	xxxx_xxxxxxx.xxx	predictive	High
96	File	xxxx.xxx	predictive	Medium
97	File	xx.xxx	predictive	Low
98	File	xxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxx	predictive	High
99	File	xxxxxxxxx/xxxxxx.xxx.xxx	predictive	High
100	File	xxx.xxx	predictive	Low
101	File	xxxxx-xxxx-xxxx.xxx	predictive	High
102	File	xxxxx.xxxx	predictive	Medium
103	File	xxxxx.xxx	predictive	Medium
104	File	xxxxx/	predictive	Low
105	File	xxxxx_xx.xxxx	predictive	High
106	File	xxxx.xxxx	predictive	Medium
107	File	xxxxxxxx_xxxxxxx.xxx	predictive	High
108	File	xx_xxxx.x	predictive	Medium
109	File	xxxx.xxx	predictive	Medium
110	File	xxx_xxxxx_xxxx.x	predictive	High
111	File	xxx/xxxx/xxxx_xxxxxxxxx.x	predictive	High
112	File	xxxxxxx_xxxx.xxx	predictive	High
113	File	xxxxxx.xxx	predictive	Medium
114	File	xxxxxxx.xxx	predictive	Medium
115	File	xxxxxx.xxx/xxxx_xxxx_xxxx.xxx	predictive	High
116	File	xxxxxxxx/xxxxxx-xxxxx/xxxxxxxxxxx/xxxx.xx	predictive	High
117	File	xxxxxxxxxxxxxxxxx.xxx	predictive	High
118	File	xxxxxxx.xxx	predictive	Medium
119	File	xxxxxxx.xxx	predictive	Medium
120	File	xxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxx	predictive	High
121	File	xxxxxxx.xxx	predictive	Medium
122	File	xxxxxxx_xxxxxxx_xxxx.xxx	predictive	High
123	File	xxx_xxxxxx.xxxx	predictive	High
124	File	xxxxx.xxx	predictive	Medium
125	File	xxxxxxxx.xxx	predictive	Medium
126	File	xxxxxxxx.xxx	predictive	Medium
127	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	High
128	File	xxxxxxx.xxx	predictive	Medium
129	File	xxxxxxx/xxxxxxxxxxxxx.xxxx	predictive	High
130	File	xxxxxxxxxxxxxxx.xxx	predictive	High
131	File	xxxx_xxxx_xxxxxx.xxx	predictive	High
132	File	xxx.x	predictive	Low
133	File	xxxxxx.xx	predictive	Medium
134	File	xxxxxxxx.xx?xxxxxxxxxxxx=xxxxxxxx&xxxx=x-xxxx&xxxxxxxx=xxxxxxxxxx&xx	predictive	High
135	File	xxxxxx_xxxxxxx.xxx	predictive	High
136	File	xxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxx	predictive	High
137	File	xxxx.xxx	predictive	Medium
138	File	xxxx.xx	predictive	Low
139	File	xxxxxxxx_xxxx.xxx	predictive	High
140	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	High
141	File	xxxx_xxxxx.xxxx	predictive	High
142	File	xxxxx.xxx	predictive	Medium
143	File	xxxxxxxxxx_xxxx.xxx	predictive	High
144	File	xxxxxxxxx/xxxxxxxxxx	predictive	High
145	File	xxx/xxxx/xxxx	predictive	High
146	File	xxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxx	predictive	High
147	File	xxxxxxx.xxx.xx.xxxxxxxxxxx.xxx	predictive	High
148	File	xxxxxxxx.xxxxx.xxx	predictive	High
149	File	xxxxxxxxx/xxxxxxxx.xxx	predictive	High
150	File	xxxxxxxxx_xxxxxx.xxx	predictive	High
151	File	xxxx_xxxxxx.xx	predictive	High
152	File	xxxx-xxxxx.xxx	predictive	High
153	File	xxxx-xxxxxxxx.xxx	predictive	High
154	File	xxxxxx_xxxxx.xxx	predictive	High
155	File	xxxxxx.xxx	predictive	Medium
156	File	xxxxxxx-xxxxx.xxx	predictive	High
157	File	xxxx_xxxxx.xxx	predictive	High
158	File	xxxx/xxx/xxxx-xxxxx.xxx	predictive	High
159	File	xxxxx.x	predictive	Low
160	File	xxxx.xxx	predictive	Medium
161	File	xxxxxxxx.xxx	predictive	Medium
162	File	xxx-xxx/	predictive	Medium
163	File	xxxxxxx/xxx/xxxxxxx	predictive	High
164	File	xx-xxxxx/xxxxxxx.xxx	predictive	High
165	File	xx-xxxxx-xxxxxx.xxx	predictive	High
166	File	xx-xxxxxx.xxx	predictive	High
167	File	xx-xxxx.xxx	predictive	Medium
168	File	xx-xxxxxxxx.xxx	predictive	High
169	File	xx-xxxxxxxxx.xxx	predictive	High
170	File	xxx/xxxxxxxx/xxxxxxxx.xxx	predictive	High
171	File	xxxx.xxx	predictive	Medium
172	File	~/xxxxxxxxx/	predictive	Medium
173	File	~/xxx/xxxx-xxxxxxxxx.xxx	predictive	High
174	File	~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxx	predictive	High
175	Library	xxxxxxx/xxx.xxx.xxx.xxx	predictive	High
176	Argument	*xxxx	predictive	Low
177	Argument	xxxxxx	predictive	Low
178	Argument	xx	predictive	Low
179	Argument	xxx_xxx	predictive	Low
180	Argument	xxxx	predictive	Low
181	Argument	xxxxxxxxx	predictive	Medium
182	Argument	xxxxxxxxxxxx	predictive	Medium
183	Argument	xxxxxx	predictive	Low
184	Argument	xxxxxxxx	predictive	Medium
185	Argument	xxxxxxxx	predictive	Medium
186	Argument	xxx_xxx_xx_xxx_xxxxxxxxxx_x	predictive	High
187	Argument	xxxxx_xxxx	predictive	Medium
188	Argument	xxxxxxxx	predictive	Medium
189	Argument	xxxx_xxx_xxxx	predictive	High
190	Argument	xxx	predictive	Low
191	Argument	xxxxxxxxxx	predictive	Medium
192	Argument	xxx_xx	predictive	Low
193	Argument	xxx	predictive	Low
194	Argument	xxxxxxxxxxxxxxx	predictive	High
195	Argument	xxxxxx_xx	predictive	Medium
196	Argument	xxxxxx	predictive	Low
197	Argument	xxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxx	predictive	High
198	Argument	xxxxxxxxxxx(xxxxxx)	predictive	High
199	Argument	xxxx	predictive	Low
200	Argument	xxxx/xxxxxx/xxx	predictive	High
201	Argument	xxxxxxxxxxx	predictive	Medium
202	Argument	xxx	predictive	Low
203	Argument	xxxxxxxxxx	predictive	Medium
204	Argument	xxxxxxx	predictive	Low
205	Argument	xx_xxxx/xxxxx/xxx	predictive	High
206	Argument	xxxxx	predictive	Low
207	Argument	xxxxxxxxx->xxxxxxxxx	predictive	High
208	Argument	xxxxxxxxx_xxxxxx	predictive	High
209	Argument	xxxxxxxxx	predictive	Medium
210	Argument	xx_xxxxxxx	predictive	Medium
211	Argument	xxxx	predictive	Low
212	Argument	xxxxxxxx	predictive	Medium
213	Argument	xxxxxxxx	predictive	Medium
214	Argument	xxxxx	predictive	Low
215	Argument	xxxxxx_xxxxx	predictive	Medium
216	Argument	xxxxxx_xxxxx_xxx	predictive	High
217	Argument	xxxxxxxxx/xxxxxx	predictive	High
218	Argument	xxxxxxxxxxxx	predictive	Medium
219	Argument	xx_xx	predictive	Low
220	Argument	xxxxxxx[xxxxxxx]	predictive	High
221	Argument	xxxx	predictive	Low
222	Argument	xxxxxxx	predictive	Low
223	Argument	xxxxx_xx	predictive	Medium
224	Argument	xxxxxx	predictive	Low
225	Argument	xxxxx	predictive	Low
226	Argument	xxxx_xxxxx	predictive	Medium
227	Argument	xxxx	predictive	Low
228	Argument	xx	predictive	Low
229	Argument	xxx	predictive	Low
230	Argument	xxxx	predictive	Low
231	Argument	xxxxxx	predictive	Low
232	Argument	xxxxxx	predictive	Low
233	Argument	xxxxxx	predictive	Low
234	Argument	xxxxxx	predictive	Low
235	Argument	xxxxx[xxxxx][xx]	predictive	High
236	Argument	xxxxx	predictive	Low
237	Argument	xxxxxxx	predictive	Low
238	Argument	xxxx	predictive	Low
239	Argument	xxxx_xxxx	predictive	Medium
240	Argument	xxxx	predictive	Low
241	Argument	xxxxxxxx	predictive	Medium
242	Argument	xxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxx	predictive	High
243	Argument	xxxx	predictive	Low
244	Argument	xxx xxxxxxxx/xxxxxxx xxxxxxxx	predictive	High
245	Argument	xxxxxxxx	predictive	Medium
246	Argument	xxxxxx/xxxxx/xxxx	predictive	High
247	Argument	xxxxxxx	predictive	Low
248	Argument	xxxxxxx/xxxxxxxxx	predictive	High
249	Argument	xxxx	predictive	Low
250	Argument	xxxxxx_xxxxxx	predictive	High
251	Argument	xxxxxxxxxxxxxxxxxxx	predictive	High
252	Argument	xxxxxxxxx	predictive	Medium
253	Argument	xxxxxxxx_xx	predictive	Medium
254	Argument	xxxxxxx xxxxx	predictive	High
255	Argument	xxxxxxxx_xx	predictive	Medium
256	Argument	xxxxxxxxxxxxxxxx	predictive	High
257	Argument	xxxxxxxx	predictive	Medium
258	Argument	xxxxxx	predictive	Low
259	Argument	xxxxxx	predictive	Low
260	Argument	xxxxxxxxxx	predictive	Medium
261	Argument	xxxxxx_xxxxx	predictive	Medium
262	Argument	xxxxxx_xxx	predictive	Medium
263	Argument	xxxxxx	predictive	Low
264	Argument	xxxx_xxxx	predictive	Medium
265	Argument	xxxx	predictive	Low
266	Argument	xxxxxx	predictive	Low
267	Argument	xxxxxxxxxx_xxxx	predictive	High
268	Argument	xxxxxxx	predictive	Low
269	Argument	xxx	predictive	Low
270	Argument	xx_xx	predictive	Low
271	Argument	xxxxx	predictive	Low
272	Argument	xxxxxxxxxxx/xxxxxxxxxxx	predictive	High
273	Argument	xxx	predictive	Low
274	Argument	xxxxx	predictive	Low
275	Argument	xxx	predictive	Low
276	Argument	xxxx-xxxxx	predictive	Medium
277	Argument	xxxxxxxx	predictive	Medium
278	Argument	xxxx_xxxxx	predictive	Medium
279	Argument	xxxxxxx	predictive	Low
280	Argument	xxxx	predictive	Low
281	Argument	xx	predictive	Low
282	Argument	xxxxxx	predictive	Low
283	Argument	\xxxx\xxxx	predictive	Medium
284	Argument	_xxxxxx[xxxxxxxx_xxxx]	predictive	High
285	Argument	_xxx_xxxxxxxxxxx_	predictive	High
286	Input Value	../	predictive	Low
287	Input Value	/xxxxxx/..%xx	predictive	High
288	Input Value	xxxxx"][xxxxxx]xxxxx('xxx')[/xxxxxx]	predictive	High
289	Input Value	</xxxxxx >	predictive	Medium
290	Input Value	xxxxxxxxx' xxx 'x'='x	predictive	High
291	Input Value	xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx	predictive	High
292	Pattern	__xxxxxxxxx=	predictive	Medium
293	Pattern	\|xx xx xx xx\|	predictive	High
294	Network Port	xxxxx	predictive	Low
295	Network Port	xxxx	predictive	Low
296	Network Port	xxx/xxxx	predictive	Medium
297	Network Port	xxx xxxxxx xxxx	predictive	High

References (14)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!