CDRThief Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (10)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

zh	8
en	2

Country

cn	10

Actors

CDRThief	3

Activities

Interest

Timeline

Type

Not Defined	2
Wireless LAN Software	2
Connectivity Software	2
Printing Software	2
Cloud Software	2

Vendor

Not Defined	4
eEye	2
PrinterLogic	2
ownCloud	2

Product

Jitsi Meet	2
eEye Retina WiFi Scanner	2
OpenSSH	2
PrinterLogic Web Stack	2
ownCloud user_ldap	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	Hotline Connect Server information disclosure	3.3	3.3	$0-$5k	$0-$5k	Not Defined	Workaround	0.02	0.00000
2	ownCloud Server Password Protected Public Links session fixiation	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00073	CVE-2021-35948
3	ownCloud user_ldap server-side request forgery	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00054	CVE-2021-40537
4	Atlassian JIRA Server/Data Center Endpoint web.xml path traversal	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.91900	CVE-2021-26086
5	Job and Node Ownership Plugin authorization	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00055	CVE-2022-28151
6	PrinterLogic Web Stack hard-coded key	7.7	7.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.06463	CVE-2021-42635
7	eEye Retina WiFi Scanner memory corruption	10.0	10.0	$0-$5k	Calculating	Proof-of-Concept	Not Defined	0.00	0.12680	CVE-2009-3859
8	PHP SoapClient query null pointer dereference	6.4	6.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.01231	CVE-2021-21702
9	Jitsi Meet hard-coded credentials	8.5	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.08	0.00196	CVE-2020-11878
10	OpenSSH Key Exchange Initialization kex_input_kexinit resource management	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01	0.78351	CVE-2016-8858

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	34.94.199.142	142.199.94.34.bc.googleusercontent.com	CDRThief	05/31/2021	verified	Medium
2	35.236.173.187	187.173.236.35.bc.googleusercontent.com	CDRThief	05/31/2021	verified	Medium
3	XXX.XX.XXX.XX		Xxxxxxxx	05/31/2021	verified	High
4	XXX.XXX.XXX.XXX		Xxxxxxxx	05/31/2021	verified	High
5	XXX.XXX.XXX.XXX		Xxxxxxxx	05/31/2021	verified	High
6	XXX.XXX.XX.XXX		Xxxxxxxx	05/31/2021	verified	High

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CWE-22	Path Traversal	predictive	High
2	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	High
3	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
4	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	High

IOA - Indicator of Attack (3)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/WEB-INF/web.xml	predictive	High
2	File	xxxxxxxx/xxxx_xxxx	predictive	High
3	Argument	xxx_xxx	predictive	Low

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!