APP84VN Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (84)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

zh46
en38

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China72
US: USA12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

APP84VN3
APT101
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined28
Firewall Software10
Router Operating System8
Application Server Software6
Content Management System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined30
Apache8
Microsoft6
Juniper4
TP-LINK2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache Tomcat4
TP-LINK TL-WA855RE V52
IPython Notebook2
Jupyter Notebook2
Microsoft Exchange Server2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked:

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Netgate pfSense XML File config.xml restore_rrddata command injection5.55.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.479560.03CVE-2023-27253
2Tildeslash Monit HTTP Basic Authentication cervlet.c _viewlog Persistent cross site scripting5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.002470.00CVE-2019-11454
3Swagger UI URL information disclosure4.34.2$0-$5k$0-$5kNot DefinedOfficial Fix0.007600.00CVE-2018-25031
4Google gson writeReplace deserialization6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.007300.04CVE-2022-25647
5Microsoft Windows Print Spooler Service spoolsv.exe RpcAddPrinterDriverEx PrintNightmare access control8.88.7$25k-$100k$0-$5kHighOfficial Fix0.958380.08CVE-2021-34527
6Vobot Clock SSH Server hard-coded credentials9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.009420.00CVE-2018-6825
7Codezips Online Shopping Portal update-image1.php unrestricted upload7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.003130.03CVE-2024-9794
8EnTech Monitor Asset Manager IoControlCode 0x80002014 denial of service4.03.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000720.05CVE-2023-2870
9SourceCodester Free Hospital Management System for Small Practices edit-doc.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.005020.03CVE-2023-4443
10Metinfo language_general.class.php sql injection5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.002670.00CVE-2022-23335
11Hgiga MailSherlock cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000510.00CVE-2023-24839
12GNUBOARD5 install_db.php sql injection8.07.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.004120.02CVE-2020-18662
13Gin-Vue-Admin File Upload path traversal7.57.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001590.02CVE-2022-39345
14pfSense File Name browser.php cross site scripting4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001020.03CVE-2022-42247
15Microsoft Exchange Server5.44.9$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.001580.01CVE-2021-1730
16SalesForce Tableau Server SAML Remote Code Execution6.36.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002530.00CVE-2020-6939
17graphql-java GraphQL Query denial of service4.34.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002250.00CVE-2022-37734
18Apache Tomcat information disclosure5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.112150.00CVE-2007-3385
19Apple Safari WebKit out-of-bounds write7.57.4$5k-$25k$5k-$25kHighOfficial Fix0.025370.04CVE-2022-32893
20Kubernetes kubelet pprof information disclosure7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.850710.19CVE-2019-11248

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
127.102.66.105APP84VN04/20/2022verifiedMedium
2XX.XXX.XXX.XXXXxxxxxx04/20/2022verifiedMedium
3XXX.XXX.XX.XXXXxxxxxx04/20/2022verifiedMedium
4XXX.XXX.XXX.XXXxxxxxx04/20/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-XXXCWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (33)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin.php?p=/User/indexpredictiveHigh
2File/anony/mjpg.cgipredictiveHigh
3File/debug/pprofpredictiveMedium
4File/mgmt/tm/util/bashpredictiveHigh
5File/xxxxxxx_xxxx.xxxpredictiveHigh
6File/xxxxxx-xxxxxx.xxxpredictiveHigh
7Filexxxxx/?x=xxxx&x=xxxxx&x=xxxxxxxxxxpredictiveHigh
8Filexxxxxxx.xxxpredictiveMedium
9Filexxxxxx.xxxpredictiveMedium
10Filexxxxx/predictiveLow
11Filexxxx/xxxxxxx.xpredictiveHigh
12Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxx_xx.xxxpredictiveHigh
14Filexxxxxxxx_xxxxxxx.xxxxx.xxxpredictiveHigh
15Filexxx/xxx_xxxxx/xx_xxxxx.xpredictiveHigh
16Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHigh
17Filexxxxx_xxxxx.xxxpredictiveHigh
18Filexxxxx.xpredictiveLow
19Filexxxxxxx.xxxpredictiveMedium
20Filexxxx/xxx.xxx?xx=xxxxxxpredictiveHigh
21Filexx\xxxxxx\xxxx-xxx.xxxpredictiveHigh
22Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
23Argument-xpredictiveLow
24ArgumentxxxpredictiveLow
25ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
26ArgumentxxxxxxxxxxxxxxxpredictiveHigh
27Argumentxxxx/xxx/xxxxxxxx/xxxxx/xxxx/xxxxpredictiveHigh
28ArgumentxxxpredictiveLow
29ArgumentxxxxxxxxxxxxxpredictiveHigh
30Argumentxxxxx_xxxxxxpredictiveMedium
31ArgumentxxxxpredictiveLow
32Input ValuexxxxxxpredictiveLow
33Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!