Plurox Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (23)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	22
ru	2

Country

ru	22
us	2

Actors

Plurox	2
Gamaredon	1
SocGholish	1
DCRat	1
Hook	1

Activities

Interest

Timeline

Type

Not Defined	10
Database Administration Software	2
Content Management System	2
Log Management Software	2
Programming Tool Software	2

Vendor

Not Defined	8
INplc	2
Apache	2
Rockwell	2
ABB	2

Product

INplc SD Card Manager	2
phpMyAdmin	2
GeniXCMS	2
AWStats	2
Apache Struts	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	Calculating	High	Workaround	0.02016	0.00	CVE-2007-1192
2	BigBlueButton cross site scripting	6.2	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00068	0.00	CVE-2021-4143
3	Grafana Proxy authentication spoofing	5.8	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00331	0.00	CVE-2022-35957
4	phpMyAdmin SearchController sql injection	8.0	7.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00745	0.00	CVE-2020-26935
5	AWStats awstats.pl pathname traversal	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00499	0.15	CVE-2020-35176
6	OpenEMR Create New User cross site scripting	3.6	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02086	0.00	CVE-2021-25919
7	Mozilla Firefox/Firefox ESR/Thunderbird Content Security Policy cross-domain policy	5.3	5.1	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.01080	0.00	CVE-2021-23968
8	Cisco Unified Communications Manager Web-based Management Interface cross-site request forgery	5.9	5.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00113	0.00	CVE-2020-3135
9	INplc SD Card Manager untrusted search path	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00070	0.00	CVE-2018-0667
10	Affiliate Tracking Script adminlogin.asp sql injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
11	Apple tvOS FontParser Memory memory corruption	6.5	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00712	0.00	CVE-2016-4718
12	Google Android libziparchive access control	6.3	6.3	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.00071	0.00	CVE-2016-6762
13	IBM AIX FTP Server access control	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00156	0.00	CVE-2012-4845
14	GeniXCMS Media Rename data processing	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00135	0.00	CVE-2017-5520
15	Rockwell FactoryTalk EnergyMetrix Logout improper authorization	6.8	6.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00181	0.00	CVE-2016-4531
16	Apache Struts Restriction input validation	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00914	0.00	CVE-2016-4431
17	Adobe Flash Player TCP Connection 7pk security	6.8	6.6	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00261	0.02	CVE-2017-2938
18	Dell Alienware Digital Delivery Universal Windows Platform access control	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2019-3744
19	Dell Alienware Digital Delivery Named Pipe access control	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00046	0.06	CVE-2019-3742
20	Oracle Agile Engineering Data Management Install (Apache Tomcat) access control	6.5	6.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00110	0.02	CVE-2018-1305

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	37.140.199.65	37-140-199-65.xen.vps.regruhosting.ru	Plurox	12/30/2022	verified	High
2	XXX.XX.XX.XX	xxx-xx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xx	Xxxxxx	12/30/2022	verified	High
3	XXX.XXX.XXX.XXX	xxxx.xxxxxx.xxx	Xxxxxx	12/30/2022	verified	High

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006		CWE-21	Path Traversal	predictive	High
2	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	High
3	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
4	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
6	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	High
7	TXXXX	CAPEC-38	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	High
8	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (6)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/adminlogin.asp	predictive	High
2	File	cgi-bin/awstats.pl	predictive	High
3	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
4	Argument	xxxxxx	predictive	Low
5	Argument	xxxxxxxx/xxxxxxxx	predictive	High
6	Input Value	'xx''='	predictive	Low

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!