Deep Panda Analysis

IOB - Indicator of Behavior (68)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	64
pl	4

Country

us	56
cn	6
ca	6

Actors

Deep Panda	3
Shell Crew	1

Activities

Interest

Timeline

Type

Not Defined	16
Operating System	6
Web Server	4
File Transfer Software	2
Mail Server Software	2

Vendor

Not Defined	12
Kailash Nadh	2
Exacq	2
Linux	2
Mirmay	2

Product

Kailash Nadh boastMachine	2
SmartStoreNET	2
rsync	2
nginx	2
Exacq exacqVision Enterprise System Manager	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.73	0.04187	CVE-2010-0966
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	Calculating	High	Workaround	0.04	0.04187	CVE-2007-1192
3	vsftpd deny_file unknown vulnerability	3.7	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.24	0.01136	CVE-2015-1419
4	nginx request smuggling	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	6.41	0.00000	CVE-2020-12440
5	Exacq exacqVision Enterprise System Manager improper authorization	6.1	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.01365	CVE-2019-7588
6	Smartstore WebApi Authentication improper authentication	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00885	CVE-2020-15243
7	Oracle Solaris Common Desktop Environment format string	8.3	7.9	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.00885	CVE-2022-43752
8	JunosOS J-Web input validation	7.8	7.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00885	CVE-2022-22241
9	Microsoft Windows Workstation Service stack-based overflow	7.3	6.8	$100k and more	$0-$5k	High	Official Fix	0.03	0.87309	CVE-2006-4691
10	Todd Miller sudo sudoedit sudoers access control	7.8	7.0	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.04	0.03821	CVE-2015-5602
11	WonderCMS Plugin Installer index.php addCustomThemePluginRepository server-side request forgery	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.12753	CVE-2020-35313
12	PostgreSQL os command injection	5.9	5.9	$0-$5k	$0-$5k	High	Not Defined	0.05	0.88202	CVE-2019-9193
13	Dovecot Indexer-Worker Process memory corruption	7.8	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01	0.01547	CVE-2019-7524
14	SmartStoreNET Privilege Escalation	7.6	7.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01	0.00890	CVE-2020-27996
15	CutePHP CuteNews unrestricted upload	7.5	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.35200	CVE-2019-11447
16	Cisco Firepower System Software Detection Engine input validation	7.4	7.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.01055	CVE-2019-12697
17	Plesk login_up.php3 path traversal	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.06790	CVE-2007-2268
18	supervisor supervisord missing authentication	7.7	7.7	$0-$5k	$0-$5k	Not Defined	Unavailable	0.01	0.00954	CVE-2019-12105
19	Unix chsh privileges management	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.06	0.00000
20	CMS Made Simple News Module Time-Based sql injection	7.7	7.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.23092	CVE-2019-9053

Campaigns (1)

These are the campaigns that can be associated with the actor:

Log4Shell

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Type	Confidence
1	1.9.5.38		Deep Panda		verified	High
2	103.224.80.76		Deep Panda		verified	High
3	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxx.xxxxxxxxx.xxx	Xxxx Xxxxx	Xxxxxxxxx	verified	High
4	XXX.XX.XX.XXX	xxx.xxx.xxxx	Xxxx Xxxxx		verified	High
5	XXX.XX.XXX.X		Xxxx Xxxxx		verified	High
6	XXX.XX.XX.XX	xxxx.xx-xxx-xx-xx.xxx	Xxxx Xxxxx	Xxxxxxxxx	verified	High
7	XXX.XXX.XXX.XXX		Xxxx Xxxxx		verified	High
8	XXX.XXX.XX.XXX		Xxxx Xxxxx		verified	High
9	XXX.XX.XXX.X	xxxxxxxxxxxx.xxxxxx.xxxxx.xxx	Xxxx Xxxxx		verified	High

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CWE-22	Pathname Traversal	predictive	High
2	T1059	CWE-94	Cross Site Scripting	predictive	High
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX	CWE-XX	Xxxxxxx Xxxxxxxxx	predictive	High
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
7	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
8	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	High
9	TXXXX	CWE-XXX	Xxxxxxxxxxxxx	predictive	High
10	TXXXX.XXX	CWE-XXX	Xxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/etc/sudoers	predictive	Medium
2	File	data/gbconfiguration.dat	predictive	High
3	File	fs/aio.c	predictive	Medium
4	File	xxx/xxxxxx.xxx	predictive	High
5	File	xxxxx.xxx	predictive	Medium
6	File	xxxxx.xxx?xxx=xxxx&xxx=xxxxxxxx	predictive	High
7	File	xxxxx_xx.xxxx	predictive	High
8	File	xxx/xxxx/xxxx.xx	predictive	High
9	File	xxxxxxxx.x	predictive	Medium
10	File	xxxxxxxx.xxx	predictive	Medium
11	File	xxxxxx/xxx/xx/xxx.xx	predictive	High
12	Argument	xxxxxx_xxxx	predictive	Medium
13	Argument	xxxxxxxx	predictive	Medium
14	Argument	xxxxxx_xx	predictive	Medium
15	Argument	xx_xxxxxx	predictive	Medium
16	Argument	xxx	predictive	Low
17	Pattern	\|xx xx\|	predictive	Low

References (7)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!