RTM Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en848
zh52
ru36
de16
ar14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

nl822
us64
ch34
ru28
ir24

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

RTM15
RedLine Stealer6
Dorkbot6
Cobalt Strike5
Domestic Kitten3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined252
Operating System142
Content Management System44
WordPress Plugin28
Programming Language Software26

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined230
Microsoft152
Cisco34
Linux28
Apache28

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows108
Linux Kernel28
Google Android12
Apache HTTP Server12
WordPress10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.91CVE-2020-12440
2Exim SMTP Challenge stack-based overflow8.17.8$0-$5k$0-$5kNot DefinedNot Defined0.000000.08CVE-2023-42116
3Huawei ACXXXX/SXXXX SSH Packet input validation7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002460.07CVE-2014-8572
4Microsoft Windows WPAD access control8.07.9$25k-$100k$0-$5kHighOfficial Fix0.909620.03CVE-2016-3213
5Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.25CVE-2014-4078
6Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.067840.00CVE-2021-34530
7Microsoft Windows Event Tracing Privilege Escalation7.36.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.05CVE-2021-34487
8Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.11CVE-2017-0055
9Bitrix24 user_options.php deserialization7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000880.03CVE-2023-1714
10Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.006680.04CVE-2022-27228
11Backdoor.Win32.Tiny.c Service Port 7778 backdoor7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.04
12Cisco Secure Email and Web Manager Web-based Management Interface improper authentication9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.003370.02CVE-2022-20798
13nginx Log File link following7.87.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000920.05CVE-2016-1247
14Apache HTTP Server mod_rewrite redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.002580.05CVE-2020-1927
15Microsoft .NET Core/Visual Studio denial of service6.45.5$5k-$25k$0-$5kUnprovenOfficial Fix0.001920.09CVE-2021-26423
16Microsoft Windows TCP/IP Stack Privilege Escalation9.98.6$100k and more$5k-$25kUnprovenOfficial Fix0.021830.04CVE-2021-26424
17Microsoft Windows Event Tracing Privilege Escalation8.37.3$100k and more$5k-$25kUnprovenOfficial Fix0.004880.00CVE-2021-26425
18Microsoft Windows Bluetooth Driver Privilege Escalation8.37.3$100k and more$5k-$25kUnprovenOfficial Fix0.000430.00CVE-2021-34537
19Microsoft Dynamics 365 Privilege Escalation8.57.4$25k-$100k$0-$5kUnprovenOfficial Fix0.007360.00CVE-2021-34524
20Microsoft Windows Storage Spaces Controller Local Privilege Escalation7.86.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.04CVE-2021-34536

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Buhtrap/Buran

IOC - Indicator of Compromise (45)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.45.71.239parkino.netRTMBuhtrap/Buran12/20/2020verifiedHigh
25.154.190.167RTM12/20/2020verifiedHigh
35.154.190.168RTM12/20/2020verifiedHigh
45.154.190.189RTM12/20/2020verifiedHigh
55.154.191.57RTM12/20/2020verifiedHigh
65.154.191.154RTM12/20/2020verifiedHigh
75.154.191.174RTM12/20/2020verifiedHigh
85.154.191.225RTM12/20/2020verifiedHigh
937.1.206.78RTM12/20/2020verifiedHigh
10XX.X.XXX.XXXXxxXxxxxxx/xxxxx12/20/2020verifiedHigh
11XX.XXX.XX.XXXXxxXxxxxxx/xxxxx12/20/2020verifiedHigh
12XX.XXX.XX.XXXxxxxxxxxx.xxxxxxxx-xxxx.xxxXxx12/20/2020verifiedHigh
13XX.XXX.X.XXXxx12/20/2020verifiedHigh
14XX.XXX.XXX.XXxxxxxxxxxx.xxxXxx12/20/2020verifiedHigh
15XX.XXX.XXX.XXXXxx12/20/2020verifiedHigh
16XX.XXX.XXX.XXxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxx12/20/2020verifiedHigh
17XX.XXX.XX.XXxx-xxx-xx-xx.xxxxxx.xxxx.xxXxxXxxxxxx/xxxxx12/20/2020verifiedHigh
18XX.XXX.XX.XXXxxxxxx-xx.xxxxxxxx.xxXxx12/20/2020verifiedHigh
19XX.XXX.XXX.XXXxxXxxxxxx/xxxxx12/20/2020verifiedHigh
20XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxx12/20/2020verifiedHigh
21XXX.XXX.XX.XXXXxx12/20/2020verifiedHigh
22XXX.XX.XXX.XXXXxx12/20/2020verifiedHigh
23XXX.XXX.XXX.XXXxxxxxx.xxx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxx12/20/2020verifiedHigh
24XXX.XX.XXX.XXXXxx12/20/2020verifiedHigh
25XXX.XXX.X.XXXXxx12/20/2020verifiedHigh
26XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xx-xxxx.xxxxXxx12/20/2020verifiedHigh
27XXX.XXX.XXX.XXXxxxxx.xxxxxxx.xxxXxxXxxxxxx/xxxxx12/20/2020verifiedHigh
28XXX.XX.XXX.XXXxx12/20/2020verifiedHigh
29XXX.XX.XXX.XXXxx12/20/2020verifiedHigh
30XXX.XX.XXX.XXxxxxxxxxx.xxxxxxxxxx.xxxXxx12/20/2020verifiedHigh
31XXX.XX.XXX.XXxxxxxxxxxx.x.xxxxx-xxxxxxxx.xxxXxx12/20/2020verifiedHigh
32XXX.XXX.XX.XXXXxx12/20/2020verifiedHigh
33XXX.XXX.XX.XXXXxx12/20/2020verifiedHigh
34XXX.XXX.XX.XXXXxx12/20/2020verifiedHigh
35XXX.XXX.XXX.XXXXxxXxxxxxx/xxxxx12/20/2020verifiedHigh
36XXX.XXX.XXX.XXXXxxXxxxxxx/xxxxx12/20/2020verifiedHigh
37XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxx.xxxXxx12/20/2020verifiedHigh
38XXX.XXX.XXX.XXxxx-xx.xxxxxx.xxxxxxx.xxXxxXxxxxxx/xxxxx12/20/2020verifiedHigh
39XXX.XXX.XX.XXXxxxxxx-xx-xxx-xxx-xx-xxx.xxxxxx.xx-xxxx.xxxXxx12/20/2020verifiedHigh
40XXX.XX.XXX.XXxxxx.xxxxxxx.xxx.xxXxx12/20/2020verifiedHigh
41XXX.XX.XXX.XXXxxxxxx.xxxxxx-xx.xxxXxx12/20/2020verifiedHigh
42XXX.XX.XX.XXXxxxxxx-xx-xxx-xx-xx-xxx.xxxxxx.xx-xxxx.xxxXxx12/20/2020verifiedHigh
43XXX.XXX.XX.XXXxxXxxxxxx/xxxxx12/20/2020verifiedHigh
44XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxx.xxxxxx.xxXxx12/20/2020verifiedHigh
45XXX.XX.X.XXxxxxxxxx.xxxxxxxxxxx.xxXxx12/20/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23, CWE-24Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
12TXXXXCAPEC-1CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
13TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
18TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
20TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
21TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
22TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (283)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.travis.ymlpredictiveMedium
2File/.envpredictiveLow
3File/admin/app/product.phppredictiveHigh
4File/admin/subnets/ripe-query.phppredictiveHigh
5File/apply.cgipredictiveMedium
6File/classes/Users.phppredictiveHigh
7File/core/conditions/AbstractWrapper.javapredictiveHigh
8File/customer_support/index.phppredictiveHigh
9File/dashboard/updatelogo.phppredictiveHigh
10File/debug/pprofpredictiveMedium
11File/etc/openshift/server_priv.pempredictiveHigh
12File/exportpredictiveLow
13File/file?action=download&filepredictiveHigh
14File/goform/openSchedWifipredictiveHigh
15File/hardwarepredictiveMedium
16File/importexport.phppredictiveHigh
17File/index.phppredictiveMedium
18File/librarian/bookdetails.phppredictiveHigh
19File/medical/inventories.phppredictiveHigh
20File/mfsNotice/pagepredictiveHigh
21File/mkshop/Men/profile.phppredictiveHigh
22File/monitoringpredictiveMedium
23File/Noxen-master/users.phppredictiveHigh
24File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
25File/php/busyscreenshotpush.phppredictiveHigh
26File/plugin/LiveChat/getChat.json.phppredictiveHigh
27File/plugins/servlet/audit/resourcepredictiveHigh
28File/plugins/servlet/project-config/PROJECT/rolespredictiveHigh
29File/preview.phppredictiveMedium
30File/PreviewHandler.ashxpredictiveHigh
31File/protocol/index.phppredictiveHigh
32File/recordings/index.phppredictiveHigh
33File/xxxxxxxxxxxpredictiveMedium
34File/xxxxxxxpredictiveMedium
35File/xxxxxxx/xxxpredictiveMedium
36File/xxxxxx-xxxxxx.xxxpredictiveHigh
37File/xxxxxx_xxxxx.xxxpredictiveHigh
38File/xxxxxx-xxxxxxpredictiveHigh
39File/xxxx.xxxpredictiveMedium
40File/xxx/xxxxxx-xxxxxxxx-*predictiveHigh
41File/xxxxxxx/predictiveMedium
42File/xxxxxxpredictiveLow
43File/xxxx/xxxxxx.xxx?xxx=xpredictiveHigh
44File/xxx/xxx/xxxxxpredictiveHigh
45File/xxx/xxx/xxxxxxxx.xxxpredictiveHigh
46File/xxxxxx/xxxxxxxx/xxxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
47File/xxxxxx/xxxxxx.xxxxpredictiveHigh
48File/xxxx_xxxxx.xxxpredictiveHigh
49File/xx-xxxx/xxxxxx/x.x/xxxxx?xxxpredictiveHigh
50Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
51Filexxxxxxx.xxxpredictiveMedium
52Filexxxxxxx.xxxpredictiveMedium
53Filexxx/xxx/xxxx-xxxpredictiveHigh
54Filexxxxx.xxxpredictiveMedium
55Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
56Filexxxx/xxxxxxx/xxx/xxxxxx_xxxx.xpredictiveHigh
57Filexxxx/xxxxxxx.xxxpredictiveHigh
58Filexxxxxx/xxxxxxx/xxxx/xxxxxxx/xxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
59Filexxxxxx/xxxxxxxxxxpredictiveHigh
60Filex:\xxxxxxx xxxxx\xxxxxx xxxxx\xxx\xxxxxxx.xxxpredictiveHigh
61Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxpredictiveHigh
62Filexxx/xxxxxxx.xxpredictiveHigh
63Filexxxxx.xxxpredictiveMedium
64Filexxxxxxx/xxxx.xxxpredictiveHigh
65Filexxxxxx.xxxpredictiveMedium
66Filexxx_xxxxxx.xxxpredictiveHigh
67Filexxx.xxxpredictiveLow
68Filexxxxxx.xxxpredictiveMedium
69Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictiveHigh
70Filexxxxxx.xpredictiveMedium
71Filexxxxxx/xxxxxx.xxxpredictiveHigh
72Filexxxxxx/xxxxxxx/xxx_xxx.xpredictiveHigh
73Filex_xxxxxxpredictiveMedium
74Filexxxxxxx.xxxpredictiveMedium
75Filexx.xpredictiveLow
76Filexxxxxxx/xxxxx/xxxxxx.xpredictiveHigh
77Filexxxxxxx/xxx/xxxxxxx/xxxx.xpredictiveHigh
78Filexxxx_xxxxx.xxxpredictiveHigh
79Filexxxxxxx.xpredictiveMedium
80Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xpredictiveHigh
81Filexxxxxxxx.xpredictiveMedium
82Filexx/xxxxxxxxx.xpredictiveHigh
83Filexx/xxxxx/xxxxxxx.xpredictiveHigh
84Filexxxxx.xxxpredictiveMedium
85Filexxxxxxxxxx.xxpredictiveHigh
86Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
87Filexxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
88Filexxxxx-xxxxx.xpredictiveHigh
89Filexxxxx-xxxxxxxxxx.xpredictiveHigh
90Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
91Filexxxxx.xxxpredictiveMedium
92Filexxxxx.xpredictiveLow
93Filexxxxx:/xxxxxxxx/xxxxxxxxxxxx.xxxxpredictiveHigh
94Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
95Filexxxx_xxxxxx.xxpredictiveHigh
96Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
97Filexxxxxxxxxx/xxxx.xpredictiveHigh
98Filexxxxxxx/xx_xxx.xpredictiveHigh
99Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
100Filexxxxx.xxxpredictiveMedium
101Filexxxxx.xxxpredictiveMedium
102Filexxxxxxxxxx/xxx.xpredictiveHigh
103Filexxxx.xxxpredictiveMedium
104Filexxxxxx_xxxxx_xxxxxxx.xpredictiveHigh
105Filexxxxxxxxxxxxxxxx.xpredictiveHigh
106Filexxxxxxx/xxx/xxx_xxxxxxx.xpredictiveHigh
107Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveHigh
108Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveHigh
109Filexxxx.xxxpredictiveMedium
110Filexxx_xxxxxxx.xpredictiveHigh
111Filexxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
112Filexxxxx.xxxpredictiveMedium
113Filexxxxxxx.xxxpredictiveMedium
114Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
115Filexxx_xx.xpredictiveMedium
116Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
117Filexxxxxxxxx.xxx.xxxpredictiveHigh
118Filexxxxxxx.xxxpredictiveMedium
119Filexxxxxxxx.xxxxpredictiveHigh
120Filexxxxxxxxxxxxx.xxxxpredictiveHigh
121Filexxxxxx.xpredictiveMedium
122Filexxxxxxxx.xxxpredictiveMedium
123Filexxxxxxx_xxxx.xxxpredictiveHigh
124Filexxxxxxx.xxxpredictiveMedium
125Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
126Filexxxxxxxx.xxxpredictiveMedium
127Filexxxxx_xxxxxxx.xxxpredictiveHigh
128Filexxxxxxx.xxxpredictiveMedium
129Filexxxxxxx.xpredictiveMedium
130Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
131Filexxxx_xxx_xx.xpredictiveHigh
132Filexx_xxx.xpredictiveMedium
133Filexxxxxx.xpredictiveMedium
134Filexxxxx.xxxpredictiveMedium
135Filexxxx-xxxxxx.xpredictiveHigh
136Filexxxxxx/xxxxxxxxx/xxxx/xxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
137Filexxxxxxx.xpredictiveMedium
138Filexxx/xxx_xxxxx.xpredictiveHigh
139Filexxx/xxxx.xpredictiveMedium
140Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
141Filexxxxxxxxxxx.xxxpredictiveHigh
142Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictiveHigh
143Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxx.xxxpredictiveHigh
144Filexxx/xxx-xxxxxxxx.xxxpredictiveHigh
145Filexxxxxxxxx.xpredictiveMedium
146Filexxxx.xxxxxxxxx.xxxpredictiveHigh
147Filexxxxxxxxxx.xxxpredictiveHigh
148Filexxxx_xxxx.xxxpredictiveHigh
149Filexxx.xxxpredictiveLow
150Filexxxxx.xxxpredictiveMedium
151Filexxxxxx/xx/xxxx.xxxpredictiveHigh
152Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
153Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictiveHigh
154Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
155Filexx/xx/xxxxxpredictiveMedium
156Filexx_xxxxxxx.xpredictiveMedium
157File_xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
158File~/xxxx/xxx/xxxxxxx/xxxxxxxxxx/xxxxxx.xxxpredictiveHigh
159File~/xxxxxxxx/xxxxxxx/xxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
160Libraryxxxxx/xxxxxxxxx/xxxx.xxxxxxxxx.xxxpredictiveHigh
161Libraryxxxxx.xxxpredictiveMedium
162Libraryxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
163Libraryxxxxxxxxxx/xxxxxxxx.xpredictiveHigh
164Libraryxxxxxxxx.xxxpredictiveMedium
165Libraryxxxxxxxxx.xxxpredictiveHigh
166Libraryxxxxxxxx.xxxpredictiveMedium
167Libraryxxxxxx.xxx.xxx.xxxpredictiveHigh
168Libraryxxxxxxxx.xxxpredictiveMedium
169Libraryxxxxxxxx.xxxpredictiveMedium
170Argument-xpredictiveLow
171Argumentxx_xxxxx_xxx_xxxxpredictiveHigh
172ArgumentxxxxpredictiveLow
173Argumentxxxxxx_xxxxpredictiveMedium
174ArgumentxxxpredictiveLow
175Argumentxxxxxxxx xxxx/xxxxxxxx xxxxxxxxxxxpredictiveHigh
176ArgumentxxxxxpredictiveLow
177Argumentxxx_xxpredictiveLow
178ArgumentxxxxxxpredictiveLow
179Argumentxxxxxx[xxxx]predictiveMedium
180Argumentxxxxxxx xxxxpredictiveMedium
181ArgumentxxxxxxxxxxpredictiveMedium
182ArgumentxxxxxxxpredictiveLow
183Argumentxxxxxx_xxxx_xxxxxxxxpredictiveHigh
184Argumentxxxx_xxxxxpredictiveMedium
185Argumentxxxxxxx_xxxx->xxx($xxxxxxxx)predictiveHigh
186Argumentxxx_xxxxxpredictiveMedium
187Argumentxxxxx/xxxxx/xxxxx/xxxxxxxxpredictiveHigh
188Argumentxxxxx xxxxxpredictiveMedium
189ArgumentxxxxxxxxxxxpredictiveMedium
190Argumentxxxxxx_xxxxpredictiveMedium
191Argumentxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxx/xxxxxxxpredictiveHigh
192Argumentxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxxxpredictiveHigh
193Argumentxxxx_xxxx/xxxx_xxxx/xxxxxxxpredictiveHigh
194ArgumentxxxxxxpredictiveLow
195ArgumentxxpredictiveLow
196ArgumentxxpredictiveLow
197ArgumentxxxxxpredictiveLow
198ArgumentxxxxxxxxxxxxxxpredictiveHigh
199ArgumentxxxxxpredictiveLow
200ArgumentxxxxxxpredictiveLow
201ArgumentxxxxxxxpredictiveLow
202Argumentxxxxx[xxxxx][xx]predictiveHigh
203Argumentxxxxxxxx[xxxxxx]/xxxxxxxx[xxxxxxxxx]predictiveHigh
204Argumentxx/xx/xx/xx/xpredictiveHigh
205Argumentxxxx_xxxxxx_xxxxpredictiveHigh
206ArgumentxxxxxpredictiveLow
207Argumentxxxx x xxxxpredictiveMedium
208Argumentxxxxxxxxx/xxxxxxxxxpredictiveHigh
209ArgumentxxxxxxpredictiveLow
210Argumentxxx_xxpredictiveLow
211ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveHigh
212ArgumentxxpredictiveLow
213Argumentxxxxx/xxxxxxpredictiveMedium
214ArgumentxxxxpredictiveLow
215ArgumentxxxxxxxxpredictiveMedium
216ArgumentxxxxxxxxpredictiveMedium
217ArgumentxxxxpredictiveLow
218ArgumentxxxxxxxxpredictiveMedium
219ArgumentxxxxxpredictiveLow
220ArgumentxxxxxxxxxpredictiveMedium
221Argumentxxx_xxxpredictiveLow
222ArgumentxxxxxxpredictiveLow
223Argumentxxxxxxx_xxxxxpredictiveHigh
224Argumentxx_xxxxxxx_xxxxxxxpredictiveHigh
225ArgumentxxxxxxxxxxxxxpredictiveHigh
226ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
227ArgumentxxxxxpredictiveLow
228Argumentxxxxxx_xxxxpredictiveMedium
229ArgumentxxxxxpredictiveLow
230Argumentxxxxxxx_xxxpredictiveMedium
231ArgumentxxxxxxpredictiveLow
232Argumentxxxx_xxxxpredictiveMedium
233ArgumentxxxxpredictiveLow
234Argumentxxxxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
235ArgumentxxxxxxxpredictiveLow
236ArgumentxxxxxxpredictiveLow
237ArgumentxxxxxxxxpredictiveMedium
238Argumentxxxxxxxx_xxxxxpredictiveHigh
239Argumentxxxxxxxx/xxxxxxxxxpredictiveHigh
240ArgumentxxxxxxxxxxxxpredictiveMedium
241ArgumentxxxxxxpredictiveLow
242ArgumentxxxxxxxxxpredictiveMedium
243ArgumentxxxxxxpredictiveLow
244ArgumentxxxpredictiveLow
245ArgumentxxxxxxpredictiveLow
246ArgumentxxxpredictiveLow
247Argumentxxxxxxxx-xxxxxxxxpredictiveHigh
248ArgumentxxxxpredictiveLow
249ArgumentxxxpredictiveLow
250ArgumentxxxxpredictiveLow
251ArgumentxxxxxxxxxpredictiveMedium
252ArgumentxxxxxxxxpredictiveMedium
253ArgumentxxxxxxxxpredictiveMedium
254Argumentxxx_xxxxxx_xxpredictiveHigh
255ArgumentxxxxxxxpredictiveLow
256Argumentxxxxxx_xxxxxxxxpredictiveHigh
257Argumentx-xxxxxxxxx-xxxpredictiveHigh
258Argumentxxxxx/xxxxxpredictiveMedium
259ArgumentxxxpredictiveLow
260Argument_xxx_xxxxxxx_xxxxxxx_xxxxxxxxxxxxx_xxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxpredictiveHigh
261Argument_xxx_xxxxxxxxxxx_predictiveHigh
262Input Value"><xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveHigh
263Input Value%xpredictiveLow
264Input Value'>[xxx]predictiveLow
265Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh
266Input Value.%xx.../.%xx.../predictiveHigh
267Input Valuexxx xxxxxxxxpredictiveMedium
268Input ValuexxxxxxxxpredictiveMedium
269Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveHigh
270Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
271Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
272Input ValuexxxxxpredictiveLow
273Input Valuexxxxxxx_xxxxx.xxxxxxx_xxxxxxxpredictiveHigh
274Input Value\..\..\..\..\xxxxxxxx\xxxxxx.xxxpredictiveHigh
275Input Value\xpredictiveLow
276Input Value….//predictiveLow
277Pattern() {predictiveLow
278Pattern|xx|predictiveLow
279Network PortxxxxxpredictiveLow
280Network Portxx xxxxxxx xxx.xx.xx.xxpredictiveHigh
281Network Portxxx/xx (xxxxxx)predictiveHigh
282Network Portxxx/xxxxpredictiveMedium
283Network Portxxx xxxxxx xxxxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!