APP84VN Analysis

IOB - Indicator of Behavior (73)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en40
zh34

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn64
us10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
ZCMS4
Hashicorp Consul2
PHP2
Sophos Firewall2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Tildeslash Monit HTTP Basic Authentication cervlet.c _viewlog Persistent cross site scripting5.75.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01408CVE-2019-11454
2Swagger UI URL information disclosure4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.040.04134CVE-2018-25031
3Google gson writeReplace deserialization6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01183CVE-2022-25647
4Microsoft Windows Print Spooler Service spoolsv.exe RpcAddPrinterDriverEx PrintNightmare access control8.87.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.050.25101CVE-2021-34527
5Vobot Clock SSH Server hard-coded credentials9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2018-6825
6SalesForce Tableau Server SAML Remote Code Execution6.36.3$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00885CVE-2020-6939
7graphql-java GraphQL Query denial of service4.34.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01018CVE-2022-37734
8Apache Tomcat information disclosure5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.050.07344CVE-2007-3385
9Apple Safari WebKit out-of-bounds write7.57.4$25k-$100k$5k-$25kHighOfficial Fix0.000.02806CVE-2022-32893
10Kubernetes kubelet pprof information disclosure7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.62923CVE-2019-11248
11Camunda Modeler IPC Message writeFile state issue7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.010.01055CVE-2021-28154
12Cisco IOS XE Lua Interpreter memory corruption6.56.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.010.01036CVE-2020-3423
13beego Route Lookup access control5.55.1$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2021-30080
14Cisco IOS XE SD-WAN vDaemon buffer overflow9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.010.01055CVE-2021-34727
15Cisco IOS XE NAT/MPLS input validation5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.030.01055CVE-2015-6282
16phpMyAdmin Designer sql injection8.07.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.01108CVE-2019-11768
17Apache Shiro Spring Boot improper authentication5.65.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01246CVE-2021-41303
18Sophos Firewall Webadmin information disclosure5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.01055CVE-2022-0331
19RStudio Shiny Server pathname traversal4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.040.08592CVE-2021-3374
20PbootCMS cross-site request forgery4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2020-20971

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
127.102.66.105APP84VNverifiedHigh
2XX.XXX.XXX.XXXXxxxxxxverifiedHigh
3XXX.XXX.XX.XXXXxxxxxxverifiedHigh
4XXX.XXX.XXX.XXXxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-88, CWE-94Cross Site ScriptingpredictiveHigh
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (23)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin.php?p=/User/indexpredictiveHigh
2File/anony/mjpg.cgipredictiveHigh
3File/debug/pprofpredictiveMedium
4File/xxxx/xx/xxxx/xxxxpredictiveHigh
5File/xxxxxxx_xxxx.xxxpredictiveHigh
6Filexxxxx/?x=xxxx&x=xxxxx&x=xxxxxxxxxxpredictiveHigh
7Filexxxxx/predictiveLow
8Filexxxx/xxxxxxx.xpredictiveHigh
9Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
10Filexxx/xxx_xxxxx/xx_xxxxx.xpredictiveHigh
11Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHigh
12Filexxxxx_xxxxx.xxxpredictiveHigh
13Filexxxxx.xpredictiveLow
14Filexxxxxxx.xxxpredictiveMedium
15Filexxxx/xxx.xxx?xx=xxxxxxpredictiveHigh
16Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
17Argument-xpredictiveLow
18ArgumentxxxpredictiveLow
19ArgumentxxxxxxxxxxxxxxxpredictiveHigh
20ArgumentxxxpredictiveLow
21ArgumentxxxxpredictiveLow
22Input ValuexxxxxxpredictiveLow
23Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!