Orangeworm Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (993)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en940
de24
fr12
it4
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

vn994

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Indexsinas4
Qakbot2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined272
Content Management System68
Operating System48
Web Server36
Router Operating System26

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined274
Microsoft82
Apache32
Oracle20
D-Link14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows42
WordPress36
PHP14
Apache HTTP Server10
Google Chrome10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.96CVE-2010-0966
3nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.29CVE-2020-12440
4LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.62
5Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.15CVE-2014-4078
6Invision Power Services IP.Board URL resource management5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001780.00CVE-2015-6812
7Samsung Members samsungrewards Scheme for Deeplink improper authorization5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002290.00CVE-2021-25374
8Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.07CVE-2017-0055
9webui-aria2 path traversal6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005000.03CVE-2023-39141
10PHP extractTo path traversal5.04.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000910.00CVE-2021-21706
11Invision Power Services IP.Board cross site scripting7.36.4$0-$5k$0-$5kUnprovenOfficial Fix0.002540.00CVE-2014-3149
12Synacor Zimbra Collaboration xml external entity reference8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004410.00CVE-2016-9924
13MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.96CVE-2007-0354
14Laravel Image Upload ValidatesAttributes.php unrestricted upload5.55.1$0-$5k$0-$5kNot DefinedOfficial Fix0.012310.03CVE-2021-43617
15OpenX adclick.php redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.004400.22CVE-2014-2230
16WSO2 API Manager Publisher Node server-side request forgery8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.006530.00CVE-2020-13226
17Smarty code injection7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002990.00CVE-2022-29221
18Apache Traffic Server request smuggling7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.001570.00CVE-2021-37147
19WSO2 API Manager File Upload unrestricted upload9.89.8$0-$5k$0-$5kHighNot Defined0.973110.04CVE-2022-29464
20Microsoft Exchange Server ProxyShell Remote Code Execution9.58.7$25k-$100k$5k-$25kHighOfficial Fix0.973190.08CVE-2021-34473

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
113.44.61.126Orangeworm12/19/2020verifiedHigh
216.48.37.37Orangeworm12/19/2020verifiedHigh
3XX.XX.XX.XXXxxxxxxxxx12/19/2020verifiedHigh
4XX.XX.XX.XXXxxxxxxxxx12/19/2020verifiedHigh
5XX.XX.XXX.XXXxxxxxxxxx12/19/2020verifiedHigh
6XX.XXX.XXX.XXxx-xxx-xxx-xx.xxx.xxxxxx.xxxxx.xxxXxxxxxxxxx12/19/2020verifiedHigh
7XX.XX.XX.XXXxxxxxxxxx12/19/2020verifiedHigh
8XX.XXX.XX.XXxxxx-xxx-x-xxx-xx.xxx-xxx.xxx.xxxxxxx.xxXxxxxxxxxx12/19/2020verifiedHigh
9XXX.XX.XX.XXXXxxxxxxxxx12/19/2020verifiedHigh
10XXX.XX.XXX.XXxx-xxxxxxx-xxxx-xxx.xxx.xxXxxxxxxxxx12/19/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (23)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23, CWE-425Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94, CWE-1321Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
12TXXXXCAPEC-1CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
13TXXXXCAPEC-108CWE-XX, CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
18TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
19TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
20TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
21TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
22TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh
23TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (320)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/.htpasswdpredictiveMedium
3File//etc/RT2870STA.datpredictiveHigh
4File/admin_ping.htmpredictiveHigh
5File/api/sys/loginpredictiveHigh
6File/api/user/{ID}predictiveHigh
7File/bin/proc.cgipredictiveHigh
8File/CFIDE/probe.cfmpredictiveHigh
9File/cgi-bin/login_action.cgipredictiveHigh
10File/data/vendor/tclpredictiveHigh
11File/downloadpredictiveMedium
12File/etc/tomcat8/Catalina/attackpredictiveHigh
13File/files.md5predictiveMedium
14File/forum/away.phppredictiveHigh
15File/getcfg.phppredictiveMedium
16File/index.php?controller=GzUser&action=edit&id=1predictiveHigh
17File/modules/profile/index.phppredictiveHigh
18File/modules/registration_admission/patient_register.phppredictiveHigh
19File/news.dtl.phppredictiveHigh
20File/public/plugins/predictiveHigh
21File/rapi/read_urlpredictiveHigh
22File/rest/api/2/user/pickerpredictiveHigh
23File/sbin/acos_servicepredictiveHigh
24File/scripts/iisadmin/bdir.htrpredictiveHigh
25File/secure/admin/InsightDefaultCustomFieldConfig.jspapredictiveHigh
26File/squashfs-root/www/HNAP1/control/SetWizardConfig.phppredictiveHigh
27File/SSOPOST/metaAlias/%realm%/idpv2predictiveHigh
28File/uncpath/predictiveMedium
29File/usr/bin/pkexecpredictiveHigh
30File/ViewUserHover.jspapredictiveHigh
31File/WEB-INF/web.xmlpredictiveHigh
32File/wp-admin/admin-ajax.phppredictiveHigh
33File/wp-json/oembed/1.0/embed?urlpredictiveHigh
34File/www/cgi-bin/popen.cgipredictiveHigh
35File5.2.9\syscrb.exepredictiveHigh
36Fileaccountrecoveryendpoint/recoverpassword.dopredictiveHigh
37Filexx.xxxpredictiveLow
38Filexxxxxxx.xxxpredictiveMedium
39Filexxx-xxxxxxxx.xxxpredictiveHigh
40Filexxxxx.xxxpredictiveMedium
41Filexxxxx/xxxxxx/xxxxxxx.xxxpredictiveHigh
42Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
43Filexxxxx/xxxxx.xxx?xx=xxxxxxxxxxxxpredictiveHigh
44Filexxxxx/xxxxx.xxx?xx=xxxxxx&xxxxxx=xxxx_xxxxxpredictiveHigh
45Filexxxxxxxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
46Filexxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.xpredictiveHigh
47Filexxxx.xxxpredictiveMedium
48Filexxxxxxxxxxx.xxxpredictiveHigh
49Filexxxx-xxxx.xpredictiveMedium
50Filexxxxxx.xxx.xxxpredictiveHigh
51Filexxxxxxx.xxpredictiveMedium
52Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
53Filexx-xxxxxx/xxxx/xxxxxx-xxxxxx.xxxpredictiveHigh
54Filexxxxxxx/xxxxxxx/xxxxxxx.xxxx?xxxxpredictiveHigh
55Filexxxx.xpredictiveLow
56Filexxxxxx/xxxxx/xxxxx.xxxpredictiveHigh
57Filexxxx.xxxpredictiveMedium
58Filexxx-xxx/xxxx/xxxxxxxpredictiveHigh
59Filexxx-xxx/xxxxxxxxxxxx.xxxpredictiveHigh
60Filexxx.xpredictiveLow
61Filexxxx_xxxxx.xxxpredictiveHigh
62Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
63Filexxxxxxxxxx/xxxxxxx.xxxxpredictiveHigh
64Filexxxxxxxx/xxxxxxxxxx.xxxxpredictiveHigh
65Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictiveHigh
66Filexxxxxxxxxx/xxxx.xxxpredictiveHigh
67Filexxxxxxx.xxxpredictiveMedium
68Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
69Filexxxx_xxxxx.xxxpredictiveHigh
70Filexxx_xxxxx.xxxpredictiveHigh
71Filexxxxxxx/xxx/xxxxxx.xpredictiveHigh
72Filexxxxx.xxxpredictiveMedium
73Filexxxx.xxxpredictiveMedium
74Filexxxxxxxxxxxx.xxxpredictiveHigh
75Filexxxxxxxx.xxxpredictiveMedium
76Filexx/xxxxxxx.xpredictiveMedium
77Filexxxxxxxxx.xxxpredictiveHigh
78Filexxx_xxx.xxxpredictiveMedium
79Filexxx_xxxxxx.xxxpredictiveHigh
80Filexxxxxxxx/xxxx_xxxxpredictiveHigh
81Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
82Filexxxxxxxx/xxxx/xxxx.xxpredictiveHigh
83Filexxxxxx/xxxxxx/xx/xxx_xxx_xxxxx.xxxpredictiveHigh
84Filexxxx/predictiveLow
85Filexxxxxxxx.xxxpredictiveMedium
86Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
87Filexxx/xxxxxx.xxxpredictiveHigh
88Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
89Filexxxxxxx/xxxxx/xxxxx.xpredictiveHigh
90Filexxxxxxxx/xxxxxxx.xxxpredictiveHigh
91Filexxxxx.xxxxpredictiveMedium
92Filexxxxx.xxxpredictiveMedium
93Filexxxxxxxx.xxxxpredictiveHigh
94Filexxxxxxxxx/xxxxx/xxx/xxx.xxxpredictiveHigh
95Filexxx?xxxx.xxxpredictiveMedium
96Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
97Filexxxx_xxxxxx.xxxpredictiveHigh
98Filexxxxxxxxxx/xxxxxxxx.xpredictiveHigh
99Filexxxxx/xxxxx/xxxxxxxx.xxxpredictiveHigh
100Filexxxxx.xxxpredictiveMedium
101Filexxxxx.xxxpredictiveMedium
102Filexxxxx/predictiveLow
103Filexxxxxxxx.xpredictiveMedium
104Filexxxxxxxxxxx_xxxxx_xxxxxxxx.xxxpredictiveHigh
105Filexxxxxxxxxxxxxx.xxxpredictiveHigh
106Filexxx_xxxxxxx.xpredictiveHigh
107Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
108Filexxxxxx_xxxxxx/xxxxxxx/xxx.xxx.xxxx.xxxxxx.xxxxxxx.xxxxxxxxxxx.xxxpredictiveHigh
109Filexx/xxxxpredictiveLow
110Filexxxxxxxx.xxxpredictiveMedium
111Filexxxxx_xxxxx.xxxpredictiveHigh
112Filexxxxxxx.xxxpredictiveMedium
113Filexxx-xxxxxxxx/xxx-xxxxxxxx.xxxpredictiveHigh
114Filexxxx.xxxpredictiveMedium
115Filexxx/xxxx/xxxx.xxpredictiveHigh
116Filexxxxxxx/xxxxxxx/xxxx/xxxxxx.xpredictiveHigh
117Filexxxxx_xxxxx.xxxpredictiveHigh
118Filexxxxx_xxx.xxxpredictiveHigh
119Filexxxx.xxxpredictiveMedium
120Filexxxxxxxx.xxxpredictiveMedium
121Filexxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
122Filexxx/xxx.xxxpredictiveMedium
123Filexxxxxxx.xpredictiveMedium
124Filexxxxx.xxxpredictiveMedium
125Filexxxxx.xxxpredictiveMedium
126Filexxxxxxxx.xxpredictiveMedium
127Filexxxxxxxxxx.xxxpredictiveHigh
128Filexxxxxxxx.xxxpredictiveMedium
129Filexxxxxxxx.xxxpredictiveMedium
130Filexxxxxxxxxxxx.xxxxpredictiveHigh
131Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
132Filexxxxxxxxxx/xxxxxxxxxx_xxxxxxxxxx.xxxpredictiveHigh
133Filexxxxx/xxxxxxx.xxxxxxxpredictiveHigh
134Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
135Filexxx.xxxpredictiveLow
136Filexxxx.xxxpredictiveMedium
137Filexxxxxx.xpredictiveMedium
138Filexxxxxx.xxpredictiveMedium
139Filexxxxxxx_xxxxxxxxxxxxx.xxxpredictiveHigh
140Filexxxxxxxx/xxxx/xxxxxxx/xxxxx.xxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
141Filexxxx-xxxxxx.xpredictiveHigh
142Filexxxx.xxxpredictiveMedium
143Filexxxxxxxxxxxx.xxxpredictiveHigh
144Filexxxxxxxxxxxxxx.xxxpredictiveHigh
145Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
146Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
147Filexxxxxx.xxxpredictiveMedium
148Filexxxxx.xxxpredictiveMedium
149Filexxxxx\xxxxxxxxxxx\xxxxxxxxxxx.xxxpredictiveHigh
150Filexxxx.xxxpredictiveMedium
151Filexxxxxxxx-xxxxxxxxxxx.xxxpredictiveHigh
152Filexxx/xxxxxxxx.xpredictiveHigh
153Filexxxxxx.xxxpredictiveMedium
154Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
155Filexxxxx.xpredictiveLow
156Filexxxxxxxxxxxxxx.xxxxpredictiveHigh
157Filexxxxxxxx.xpredictiveMedium
158Filexxxxx-xxxx.xxxpredictiveHigh
159Filexxx.xxxpredictiveLow
160Filexxxxxxxx/xxxxxxxxpredictiveHigh
161Filexxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
162Filexxxx_xxxxx.xxxpredictiveHigh
163Filexxxxx.xpredictiveLow
164Filexxx/xxx/xxx-xxx/xxxx.xxxpredictiveHigh
165Filexxxxxxxx.xxxpredictiveMedium
166Filexxxxxx/xxxxxx.xxxxpredictiveHigh
167Filexxxxxxxxx.xxxpredictiveHigh
168Filexxxxxxxxxxxx.xxxpredictiveHigh
169Filexxxxxxxxxxx.xxxpredictiveHigh
170Filexxx.xxxpredictiveLow
171Filexxxxxxxxx/xxxxxxxxpredictiveHigh
172Filexx-xxxxx/xxxxx-xxxx.xxx?xxx_xxxxx=xxxx_xxxxxxxpredictiveHigh
173Filexx-xxxxx/xxxxx-xxx.xxx?xxxxxxx-xxxxxxxxpredictiveHigh
174Filexx-xxxxx/xxxxxx-xxxx.xxxpredictiveHigh
175Filexx-xxxxxxx/xxxxxxxpredictiveHigh
176Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
177Filexx-xxxxxxxx/xxxxx-xx-xxxxxx-xxxxxx.xxxpredictiveHigh
178Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
179Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
180Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
181Filexx-xxxxx.xxxpredictiveMedium
182Filexx-xxxxxxxx.xxxpredictiveHigh
183Filexxx/xxxx/xxxxx/xxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxx.xxxpredictiveHigh
184FilexxxxxxxpredictiveLow
185Filexxxx.xxxpredictiveMedium
186File\xxx\xxxxxxxx\xxxxxxxx\xxxxxxxx.xxxpredictiveHigh
187Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
188Libraryxxx.xxxpredictiveLow
189Libraryxxxxxxxxxxx.xxxpredictiveHigh
190Libraryxxxxxxx/xxx/xxxxxx.xxx.xxxpredictiveHigh
191Libraryxxx/xxxx/xxxxx.xxxpredictiveHigh
192Libraryxxxxxx.xxxpredictiveMedium
193Libraryxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
194Libraryxxx/xxxxxxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
195Libraryxxx/xx/xxxxx/xxxxxxxxxx/xxxx.xxpredictiveHigh
196Libraryxx/xxx.xxx.xxxpredictiveHigh
197Libraryxxxxxxx.xxx.xx.xxxpredictiveHigh
198Libraryxxxxxxxxxx.xxxpredictiveHigh
199Argument--xxxx=xxxpredictiveMedium
200ArgumentxxxxxpredictiveLow
201ArgumentxxpredictiveLow
202Argumentxxxxxx_xxxxpredictiveMedium
203ArgumentxxxxxxxxpredictiveMedium
204Argumentxxxx_xxpredictiveLow
205ArgumentxxxxxxxxpredictiveMedium
206ArgumentxxxxxxxpredictiveLow
207Argumentxxx_xxxpredictiveLow
208ArgumentxxxpredictiveLow
209ArgumentxxxxxxxxxpredictiveMedium
210Argumentxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
211ArgumentxxxxxxxxxxpredictiveMedium
212ArgumentxxxxxpredictiveLow
213Argumentxxx_xxpredictiveLow
214ArgumentxxxpredictiveLow
215ArgumentxxxpredictiveLow
216ArgumentxxxxxxxpredictiveLow
217ArgumentxxxxxxpredictiveLow
218Argumentxxxx[xxx_xxxx]predictiveHigh
219ArgumentxxxxxxxxxxpredictiveMedium
220ArgumentxxxxpredictiveLow
221Argumentxxxx_xxxxxx_xxxxpredictiveHigh
222Argumentxxx_xxxx/xxx_xxxxxxxpredictiveHigh
223Argumentxxxx_xxxxxx=xxxxpredictiveHigh
224Argumentxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
225ArgumentxxxpredictiveLow
226ArgumentxxxxpredictiveLow
227ArgumentxxxxxxxxpredictiveMedium
228ArgumentxxxxxxxxpredictiveMedium
229Argumentxxxxxx_xxxx/xxxx_xxxxpredictiveHigh
230ArgumentxxxxpredictiveLow
231ArgumentxxxxxxxxpredictiveMedium
232ArgumentxxxxxxxpredictiveLow
233ArgumentxxpredictiveLow
234Argumentxxxx/xxxxpredictiveMedium
235ArgumentxxxxpredictiveLow
236ArgumentxxxxpredictiveLow
237ArgumentxxxxxxxxpredictiveMedium
238ArgumentxxxxpredictiveLow
239ArgumentxxpredictiveLow
240Argumentxx_xxxxxxxxpredictiveMedium
241Argumentxxxxx xxxxxpredictiveMedium
242ArgumentxxxpredictiveLow
243Argumentxxxxxxxxx_xxxxpredictiveHigh
244Argumentxxxx_xxxx/xxxx_xxxxpredictiveHigh
245Argumentxxxx xxxxxxxpredictiveMedium
246Argumentxxxxx[xxxxx][xx]predictiveHigh
247ArgumentxxxxxxxxpredictiveMedium
248Argumentxxxx_xxxxpredictiveMedium
249ArgumentxxxxpredictiveLow
250ArgumentxxxxxxxxxpredictiveMedium
251ArgumentxxxxxxxpredictiveLow
252ArgumentxxxpredictiveLow
253ArgumentxxxpredictiveLow
254Argumentxxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxxpredictiveHigh
255ArgumentxxxpredictiveLow
256ArgumentxxxpredictiveLow
257ArgumentxxxxxpredictiveLow
258ArgumentxxxxpredictiveLow
259Argumentxxxx/xxxxxxxpredictiveMedium
260Argumentxxxx[]predictiveLow
261Argumentxxxx_xxxxxx/xxxx_xxx/xxxxxxx/xxxx_xxxxxx/xxxx_x/xxxx_xpredictiveHigh
262Argumentxxxx-xxx-xxxxxxxxxpredictiveHigh
263Argumentxxxxxx xxxxxxpredictiveHigh
264ArgumentxxxxxxxxpredictiveMedium
265ArgumentxxxxxxxxpredictiveMedium
266Argumentxxxx_xxxxpredictiveMedium
267ArgumentxxxxxxxxpredictiveMedium
268Argumentxxxxxx[xxxx].xxxpredictiveHigh
269Argumentxx_xxxxpredictiveLow
270Argumentxxx_xxxx_xxxxxx_xxxx_xxxxxxx_xxxxx_xxxxxxx_xxxxxx_xxxx_xx_xxxxxx_xxxxpredictiveHigh
271ArgumentxxxxxxxxxxxpredictiveMedium
272ArgumentxxxxxxxxpredictiveMedium
273ArgumentxxxxxxxxxxxpredictiveMedium
274ArgumentxxxxxxpredictiveLow
275Argumentxxxxxxxxxx/xxxxxpredictiveHigh
276Argumentxxxxxx_xxxpredictiveMedium
277ArgumentxxxxxxxxxxpredictiveMedium
278ArgumentxxxxxxxpredictiveLow
279ArgumentxxxxxxxxpredictiveMedium
280ArgumentxxxpredictiveLow
281Argumentxxxxxxxx[xxxx]predictiveHigh
282Argumentxxxx xxxxpredictiveMedium
283Argumentxxxxx_xxpredictiveMedium
284ArgumentxxxxxxxxxxxxpredictiveMedium
285Argumentxxx_xxxpredictiveLow
286Argumentxxxxxxxxxx[xxxx]predictiveHigh
287ArgumentxxxxxpredictiveLow
288ArgumentxxxxxxxpredictiveLow
289ArgumentxxxpredictiveLow
290ArgumentxxxxxxxpredictiveLow
291Argumentxxxx-xxxxxpredictiveMedium
292ArgumentxxxxxxpredictiveLow
293ArgumentxxxxxxxxpredictiveMedium
294Argumentxxxxxxxx/xxxxpredictiveHigh
295Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
296Argumentxxxx->xxxxxxxpredictiveHigh
297Argumentx-xxxxxxxxx-xxxpredictiveHigh
298Argument_xx_xxxxpredictiveMedium
299Argument_xxx_xxxxxxx_xxxx_xxxxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxx_xxxxpredictiveHigh
300Argument_xxxxxxxpredictiveMedium
301Argument_xxxxxpredictiveLow
302Input Value%xx%xx%xxpredictiveMedium
303Input Value..predictiveLow
304Input Value../predictiveLow
305Input Value.xxx?/../../xxxx.xxxpredictiveHigh
306Input Value/%xxpredictiveLow
307Input Value/..predictiveLow
308Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
309Input Value??x:\predictiveLow
310Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
311Input Valuexxx?xxxx.xxxpredictiveMedium
312Input Valuexxxxxxxxxx:xxxxxxxxxpredictiveHigh
313Pattern|xx|predictiveLow
314Network PortxxxxxpredictiveLow
315Network Portxxx/xxxx (xxxxx)predictiveHigh
316Network Portxxx/xxxxpredictiveMedium
317Network Portxxx/xxxxpredictiveMedium
318Network Portxxx/xxxxxpredictiveMedium
319Network Portxxx/xxx (xxxx)predictiveHigh
320Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!