ToddyCat 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (43)

タイムライン

言語

en30
zh8
sv2
de2
ar2

国・地域

cn22
us18

アクター

ToddyCat5
Cobalt Strike3
DarkCrystalRAT1
TeslaCrypt1

アクティビティ

関心

タイムライン

タイプ

Not Defined12
Programming Language Software4
Operating System4
Content Management System4
Router Operating System4

ベンダー

Not Defined14
Oracle2
Progress2
Microsoft2
F52

製品

Oracle MySQL Server2
Progress MOVEit Transfer2
request-baskets2
PHP Server Monitor2
bassmaster plugin2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.54CVE-2010-0966
2Watchguard Firebox/XTM Remote Code Execution6.36.0$0-$5k$0-$5kHighOfficial Fix0.841700.03CVE-2022-26318
3WordPress Password Reset wp-login.php mail 特権昇格6.15.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.028270.07CVE-2017-8295
4request-baskets API Request {name} 特権昇格6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.081090.07CVE-2023-27163
5bassmaster plugin batch.js internalsbatch 特権昇格9.89.4$0-$5k$0-$5kHighOfficial Fix0.879940.04CVE-2014-7205
6QNAP QTS/QuTS Hero/QVP/QVR 特権昇格6.76.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001150.00CVE-2023-23355
7Google Android Settings.java getStringsForPrefix Local Privilege Escalation6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2023-20919
8Linux Kernel rcar_drif.c rcar_drif_g_fmt_sdr_cap Memory 情報の漏洩4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000470.00CVE-2019-18786
9Page Engine CMS login_include.php 特権昇格5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
10D-Link DIR-816L/DIR-803 URL Encoding info.php クロスサイトスクリプティング5.25.2$5k-$25k$0-$5kNot DefinedUnavailable0.001110.00CVE-2020-25786
11Discuz! DiscuzX Access Restriction index.php 特権昇格8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003230.08CVE-2018-5377
12Ratpack 特権昇格6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002340.00CVE-2021-29485
13Spring Framework Multipart Request 特権昇格5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.00CVE-2021-22118
14F5 BIG-IP Advanced WAF Appliance Mode Restrictions Privilege Escalation7.97.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000650.04CVE-2022-25946
15Progress MOVEit Transfer SQLインジェクション7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001310.00CVE-2021-38159
16PHP Link Directory Administration Page index.html クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.17CVE-2007-0529
17Kingsoft WPS Office Registry wpsupdater.exe 特権昇格5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.009240.00CVE-2022-24934
18Smartisoft phpBazar classified_right.php 特権昇格6.56.2$0-$5k$0-$5kProof-of-ConceptUnavailable0.009330.09CVE-2006-2528
19ZyXEL P660HN-T v1 ViewLog.asp 特権昇格7.36.4$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.00
20Cisco ASA/Firepower Threat Defense Web Services Interface メモリ破損6.96.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.001950.00CVE-2021-34704

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • Ninja

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
145.76.78.23745.76.78.237.vultrusercontent.comToddyCat2022年07月31日verified
2XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxx.xxxxxxx-xxx.xxxXxxxxxxx2024年04月29日verified
3XXX.XXX.XX.XXXxxxxxxx2024年04月29日verified
4XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxx2022年07月31日verified
5XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxXxxxx2022年06月28日verified

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
7TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
8TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/api/baskets/{name}predictive
2Filearchiver\index.phppredictive
3Fileawstats.plpredictive
4Fileclassified_right.phppredictive
5Filexxxxxxx/xxxxx/xxxxxxxx/xxxx_xxxx.xpredictive
6Filexxx/xxxx/xxxx.xpredictive
7Filexxx/xxxxxx.xxxpredictive
8Filexxxxxxxx/xxxxxxx/xxxxx_xxxxxxx.xxxpredictive
9Filexxxxx.xxxxpredictive
10Filexxxx.xxxpredictive
11Filexxxx/xxxxxxxxx.xxxpredictive
12Filexxxxxxxx.xpredictive
13Filexxxxxxxx.xxxxpredictive
14Filexxxx-xxxxxxx-xxxxxx.xxxpredictive
15Filexxxxxxx.xxxpredictive
16Filexxxx.xxxpredictive
17Filexxxxxx/xx/xxxx.xxxpredictive
18Filexx-xxxxx.xxxpredictive
19Filexxxxxxxxxx.xxxpredictive
20File~/xxx/xxxx-xxxxxxxxx.xxxpredictive
21Libraryxxx/xxxxxx/xxxxxxxxx/xxxxxx.xpredictive
22Libraryxxx/xxxxx.xxpredictive
23Argument$_xxxxxpredictive
24Argumentxxxxxxpredictive
25Argumentxxxxxxxxpredictive
26Argumentxxxxxxpredictive
27Argumentxxxxxxxpredictive
28Argumentxxxxpredictive
29Argumentxxpredictive
30Argumentxxxxxxxx_xxxpredictive
31Argumentxxxxxx_xxxxpredictive
32Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictive

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!