APP84VN Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (81)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en50
zh30
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China72
US: USA10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

APP84VN2
APT101
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined36
Application Server Software8
Content Management System6
Groupware Software4
Programming Language Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined28
Apache12
Microsoft4
Oracle2
Tildeslash2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache Tomcat6
Microsoft Exchange Server4
Redis2
Oracle HRMS (France)2
PbootCMS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Netgate pfSense XML File config.xml restore_rrddata command injection5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.481340.00CVE-2023-27253
2Tildeslash Monit HTTP Basic Authentication cervlet.c _viewlog Persistent cross site scripting5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001790.00CVE-2019-11454
3Swagger UI URL information disclosure4.34.2$0-$5k$0-$5kNot DefinedOfficial Fix0.003770.03CVE-2018-25031
4Google gson writeReplace deserialization6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.003510.00CVE-2022-25647
5Microsoft Windows Print Spooler Service spoolsv.exe RpcAddPrinterDriverEx PrintNightmare access control8.88.7$25k-$100k$0-$5kHighOfficial Fix0.967900.04CVE-2021-34527
6Vobot Clock SSH Server hard-coded credentials9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.006590.00CVE-2018-6825
7Metinfo language_general.class.php sql injection5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.001720.04CVE-2022-23335
8Hgiga MailSherlock cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001170.00CVE-2023-24839
9GNUBOARD5 install_db.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.001520.03CVE-2020-18662
10Gin-Vue-Admin File Upload path traversal7.57.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001210.00CVE-2022-39345
11pfSense File Name browser.php cross site scripting4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.02CVE-2022-42247
12Microsoft Exchange Server unknown vulnerability5.44.9$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.001310.03CVE-2021-1730
13SalesForce Tableau Server SAML Remote Code Execution6.36.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002220.00CVE-2020-6939
14graphql-java GraphQL Query denial of service4.34.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002070.00CVE-2022-37734
15Apache Tomcat information disclosure5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.006240.04CVE-2007-3385
16Apple Safari WebKit out-of-bounds write7.57.4$5k-$25k$0-$5kHighOfficial Fix0.005930.05CVE-2022-32893
17Kubernetes kubelet pprof information disclosure7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.601310.03CVE-2019-11248
18Camunda Modeler IPC Message writeFile state issue7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.009280.00CVE-2021-28154
19Cisco IOS XE Lua Interpreter memory corruption6.56.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.000420.06CVE-2020-3423
20beego Route Lookup access control5.55.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002620.04CVE-2021-30080

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
127.102.66.105APP84VN04/20/2022verifiedMedium
2XX.XXX.XXX.XXXXxxxxxx04/20/2022verifiedMedium
3XXX.XXX.XX.XXXXxxxxxx04/20/2022verifiedMedium
4XXX.XXX.XXX.XXXxxxxxx04/20/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin.php?p=/User/indexpredictiveHigh
2File/anony/mjpg.cgipredictiveHigh
3File/debug/pprofpredictiveMedium
4File/mgmt/tm/util/bashpredictiveHigh
5File/xxxxxxx_xxxx.xxxpredictiveHigh
6Filexxxxx/?x=xxxx&x=xxxxx&x=xxxxxxxxxxpredictiveHigh
7Filexxxxxxx.xxxpredictiveMedium
8Filexxxxxx.xxxpredictiveMedium
9Filexxxxx/predictiveLow
10Filexxxx/xxxxxxx.xpredictiveHigh
11Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxx_xx.xxxpredictiveHigh
13Filexxxxxxxx_xxxxxxx.xxxxx.xxxpredictiveHigh
14Filexxx/xxx_xxxxx/xx_xxxxx.xpredictiveHigh
15Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHigh
16Filexxxxx_xxxxx.xxxpredictiveHigh
17Filexxxxx.xpredictiveLow
18Filexxxxxxx.xxxpredictiveMedium
19Filexxxx/xxx.xxx?xx=xxxxxxpredictiveHigh
20Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
21Argument-xpredictiveLow
22ArgumentxxxpredictiveLow
23ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
24ArgumentxxxxxxxxxxxxxxxpredictiveHigh
25ArgumentxxxpredictiveLow
26Argumentxxxxx_xxxxxxpredictiveMedium
27ArgumentxxxxpredictiveLow
28Input ValuexxxxxxpredictiveLow
29Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!