Shlayer Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (19)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	18
fr	2

Country

us	10
gb	4
nl	2
fr	2
ma	2

Actors

Shlayer	1
Remcos	1

Activities

Interest

Timeline

Type

Not Defined	10
Chip Software	2
Web Server	2
Hardware Driver Software	2
Unified Communication Software	2

Vendor

Not Defined	4
Qualcomm	2
Acunetix	2
Forescout	2
Neato	2

Product

Qualcomm Snapdragon Wired Infrastructure and Netwo ...	2
Acunetix Web Vulnerability Scanner	2
Forescout CounterACT	2
Neato Botvac Connected	2
lighttpd	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	LogicBoard CMS away.php redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	3.38
2	lighttpd mod_evhost/mod_simple_vhost path traversal	5.3	4.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.15181	0.00	CVE-2013-2324
3	Samsung DSP Driver ELF Library backdoor	6.4	6.2	$0-$5k	$0-$5k	High	Official Fix	0.00078	0.07	CVE-2021-25371
4	Seowon Intech SLC-130/SLR-120S system_log.cgi code injection	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.96263	0.00	CVE-2020-17456
5	Cisco Unified Communications Manager Database User Privilege absolute path traversal	5.8	5.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00093	0.00	CVE-2022-20791
6	Neato Botvac Connected USB Serial Port access control	4.9	4.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00109	0.02	CVE-2018-20785
7	Neato Botvac Connected/Botvac 85 Black Box Log rc4_crypt RC4 inadequate encryption	3.4	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00059	0.00	CVE-2018-17177
8	Facebook WhatsApp/WhatsApp Business/WhatsApp Desktop RTCP Flag Parser out-of-bounds	6.3	6.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00138	0.02	CVE-2021-24043
9	Qualcomm Snapdragon Wired Infrastructure and Networking TrustZone BSP memory corruption	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2020-11259
10	Qualcomm Snapdragon Wired Infrastructure and Networking TrustZone BSP memory corruption	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2020-11258
11	Python Software Foundation BaseHTTPServer HTTP Request denial of service	7.5	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00000	0.02
12	Dell SupportAssist Client input validation	7.1	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00248	0.00	CVE-2019-3719
13	Acunetix Web Vulnerability Scanner denial of service	3.7	3.5	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.00000	0.00
14	Plohni Advanced Comment System Installation index.php code injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00997	0.03	CVE-2009-4623
15	OpenSSH Authentication Username information disclosure	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.10737	0.29	CVE-2016-6210
16	Forescout CounterACT access control	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00452	0.05	CVE-2012-4985
17	ForeScout CounterACT cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00211	0.00	CVE-2012-1825
18	Apache HTTP Server Limit Directive ap_limit_section use after free	6.4	6.3	$5k-$25k	$0-$5k	High	Official Fix	0.97240	0.04	CVE-2017-9798
19	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	Calculating	High	Workaround	0.02016	0.00	CVE-2007-1192

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	34.225.46.51	ec2-34-225-46-51.compute-1.amazonaws.com	Shlayer		08/28/2022	verified	Medium
2	XX.XX.XX.XX		Xxxxxxx		08/28/2022	verified	High

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22, CWE-36	Path Traversal	predictive	High
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
4	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
6	TXXXX.XXX	CAPEC-133	CWE-XXX	Xxxxxxxx	predictive	High
7	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
8	TXXXX	CAPEC-112	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/bin/rc4_crypt	predictive	High
2	File	/forum/away.php	predictive	High
3	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
4	File	xxxxx.xxx	predictive	Medium
5	File	xxxxxx_xxx.xxx	predictive	High
6	Argument	xxx_xxxx	predictive	Medium
7	Argument	xxxxxxxx	predictive	Medium
8	Argument	xxxxxx	predictive	Low
9	Argument	xxxxxxxx	predictive	Medium
10	Argument	xxxxxxx	predictive	Low
11	Argument	xxxxxxxx	predictive	Medium
12	Input Value	*^xxxxx!x	predictive	Medium
13	Input Value	../	predictive	Low
14	Network Port	xxx xxxxxx xxxx	predictive	High

References (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!