Spora Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (50)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en46
ru4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ru44
us2
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Spora2
Banjori1
Ursnif1
SmokeLoader1
GandCrab1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined12
Programming Language Software8
Content Management System4
Web Browser4
Operating System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined10
Oracle6
Microsoft6
Joomla2
Ashley Brown2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Oracle Java SE6
Microsoft Internet Explorer4
e-moBLOG2
Oracle Java SE Embedded2
Basic B2B Script2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1HP 3PAR Service Processor SP information disclosure4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.001100.00CVE-2015-5443
2Microsoft Internet Explorer MHT File xml external entity reference4.34.1$25k-$100k$0-$5kProof-of-ConceptUnavailable0.000000.00
3IBM HTTP Server memory corruption6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.003590.03CVE-2015-4947
4Hunspell suggestmgr.cxx leftcommonsubstring memory corruption6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.003460.00CVE-2019-16707
5Facebook WhatsApp Messenger VoIP Stack memory corruption8.58.4$25k-$100k$5k-$25kHighOfficial Fix0.025720.04CVE-2019-3568
6Samsung Smartphone Telecom insufficient permissions or privileges7.57.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2022-22292
7TYPO3 spell-check-logic.php unknown vulnerability4.84.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.050560.02CVE-2006-6690
8PHP Scripts Mall Muslim Matrimonial Script view-profile.php sql injection7.56.9$0-$5k$0-$5kNot DefinedNot Defined0.000910.00CVE-2017-17983
9PHP Scripts Mall PHP Multivendor Ecommerce my_wishlist.php sql injection8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.001720.04CVE-2017-17957
10Mitel ShoreTel MiVoice Connect Web Application home.php Reflected cross site scripting5.75.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001150.00CVE-2020-12679
11OpenEMR Access Restriction fax_dispatch.php access control7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.007580.04CVE-2018-10573
12Basic B2B Script product_details.php sql injection8.58.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002420.03CVE-2017-17600
13Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.03CVE-2017-0055
14Linux Kernel Multithreading af_packet.c use after free5.14.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.04CVE-2017-6346
15Microsoft Internet Explorer memory corruption6.35.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.488510.00CVE-2014-4099
16OpenSSH scp input validation5.35.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.002010.04CVE-2019-6111
17Oracle Java SE/Java SE Embedded Deployment memory corruption10.09.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.014720.03CVE-2013-5788
18vmware Remote Console vmware-vmrc.exe format string10.09.4$25k-$100k$0-$5kProof-of-ConceptNot Defined0.911510.00CVE-2009-3732
19Microsoft Windows rpc access control6.66.5$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.327620.05CVE-2017-8461

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
131.192.105.180Spora04/08/2024verifiedHigh
2XX.XX.XX.XXxxxx.xxxxxxx.xxXxxxx04/08/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/uncpath/predictiveMedium
2Fileadmin/index.phppredictiveHigh
3Fileafd.syspredictiveLow
4FileCrystalReports12.CrystalPrintControl.1predictiveHigh
5Filexxxx.xxxpredictiveMedium
6Filexxxxx.xxxpredictiveMedium
7Filexxxxxxxxx/xxx/xxx_xxxxxxxx.xxxpredictiveHigh
8Filexx_xxxxxxxx.xxxpredictiveHigh
9Filexxx/xxxxxx/xx_xxxxxx.xpredictiveHigh
10Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
11Filexxxxx.xxxpredictiveMedium
12Filexx.xxxpredictiveLow
13Filexxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxx-xxxxx-xxxxx.xxxpredictiveHigh
15Filexxxxxxxxxx.xxxpredictiveHigh
16Filexxxx-xxxxxxx.xxxpredictiveHigh
17Filexxxxxx-xxxx.xxxpredictiveHigh
18Libraryxxxxxxxxxxxx.xxxpredictiveHigh
19Argumentxxx_xxpredictiveLow
20ArgumentxxxpredictiveLow
21ArgumentxxxpredictiveLow
22ArgumentxxxxxxxxxpredictiveMedium
23ArgumentxxpredictiveLow
24ArgumentxxxxxpredictiveLow
25Argumentxxx_xxpredictiveLow
26Argumentxxxx_xxxxpredictiveMedium
27ArgumentxxxxxxxxxxxpredictiveMedium
28ArgumentxxxxpredictiveLow
29Argumentxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxpredictiveHigh
30ArgumentxxxxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!