Deep Panda Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (101)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en	90
pl	6
zh	4
fr	2

Country

US: USA	62
CN: China	32
CA: Canada	6
DZ: Algeria	2

Actors

Deep Panda	4
Lotus Blossom	1
Shell Crew	1

Activities

Interest

Timeline

Type

Not Defined	36
Operating System	6
Content Management System	4
Web Server	4
File Transfer Software	4

Vendor

Not Defined	42
Cisco	2
JFrog	2
Apache	2
Linux	2

Product

JeecgBoot	6
Gogs	4
ThinkAdmin	4
PbootCMS	2
CMS Made Simple	2

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#	Vulnerability	Base	Temp	0day	Today	Exp	Cou	KEV	EPSS	CTI	CVE
1	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official fix		0.00970	0.00	CVE-2010-0966
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	Calculating	High	Workaround	possible	0.02956	0.00	CVE-2007-1192
3	vsftpd deny_file	3.7	3.6	$0-$5k	$0-$5k	Not defined	Official fix		0.35290	0.31	CVE-2015-1419
4	FastAdmin lang path traversal	5.3	5.2	$0-$5k	$0-$5k	Proof-of-Concept	Official fix	expected	0.91008	0.00	CVE-2024-7928
5	jeecg-boot loadTableData injection	7.0	7.0	$0-$5k	$0-$5k	Not defined	Not defined		0.17615	0.00	CVE-2023-41544
6	HAProxy Header Field request smuggling	8.2	8.0	$0-$5k	$0-$5k	Not defined	Official fix		0.17220	0.00	CVE-2023-25725
7	nginx request smuggling	6.9	6.9	$0-$5k	$0-$5k	Not defined	Not defined		0.00000	0.07	CVE-2020-12440
8	Exacq exacqVision Enterprise System Manager improper authorization	6.3	6.3	$0-$5k	$0-$5k	Not defined	Not defined		0.00278	0.00	CVE-2019-7588
9	Smartstore WebApi Authentication improper authentication	8.5	8.5	$0-$5k	$0-$5k	Not defined	Not defined		0.00277	0.00	CVE-2020-15243
10	Backdrop CMS unrestricted upload	6.7	6.7	$0-$5k	$0-$5k	Not defined	Not defined		0.00596	0.02	CVE-2022-42092
11	Git Plugin Build authorization	6.5	6.5	$0-$5k	$0-$5k	Not defined	Not defined	possible	0.77600	0.03	CVE-2022-36883
12	y_project RuoYi Whitelist getBeanName deserialization	5.5	5.4	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00062	0.14	CVE-2025-0734
13	eladmin ServerDeployController.java server-side request forgery	5.5	5.3	$0-$5k	$0-$5k	Not defined	Not defined		0.00081	0.05	CVE-2024-51242
14	fastadmin unrestricted upload	5.5	5.3	$0-$5k	$0-$5k	Not defined	Not defined		0.00686	0.06	CVE-2021-43117
15	FastAdmin Attachment Management Section 4?dialog cross site scripting	3.2	3.2	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00127	0.14	CVE-2024-7453
16	FastAdmin Template injection	5.5	5.5	$0-$5k	$0-$5k	Not defined	Not defined		0.00500	0.08	CVE-2020-25967
17	JeecgBoot queryTableDictItemsByCode sql injection	6.8	6.8	$0-$5k	$0-$5k	Not defined	Not defined		0.00353	0.02	CVE-2023-34602
18	JeecgBoot getTotalData sql injection	7.6	7.5	$0-$5k	$0-$5k	Not defined	Not defined	expected	0.88835	0.05	CVE-2024-48307
19	JeecgBoot sql injection	8.8	8.8	$0-$5k	$0-$5k	Not defined	Not defined		0.00774	0.02	CVE-2021-46089
20	JeecgBoot queryFilterTableDictInfo sql injection	6.8	6.8	$0-$5k	$0-$5k	Not defined	Not defined		0.00254	0.02	CVE-2023-34603

Campaigns (1)

These are the campaigns that can be associated with the actor:

Log4Shell

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	1.9.5.38		Deep Panda		01/01/2021	verified	Low
2	103.224.80.76		Deep Panda		08/04/2022	verified	Medium
3	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxx.xxxxxxxxx.xxx	Xxxx Xxxxx	Xxxxxxxxx	04/01/2022	verified	Low
4	XXX.XX.XX.XXX	xxx.xxx.xxxx	Xxxx Xxxxx		12/16/2020	verified	Low
5	XXX.XX.XXX.X		Xxxx Xxxxx		12/16/2020	verified	Low
6	XXX.XX.XX.XX	xxxx.xx-xxx-xx-xx.xxx	Xxxx Xxxxx	Xxxxxxxxx	04/01/2022	verified	Low
7	XXX.XXX.XXX.XXX		Xxxx Xxxxx		12/16/2020	verified	Low
8	XXX.XXX.XX.XXX		Xxxx Xxxxx		01/01/2021	verified	Low
9	XXX.XX.XXX.X	xxxxxxxxxxxx.xxxxxx.xxxxx.xxx	Xxxx Xxxxx		01/01/2021	verified	Low

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	High
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
4	TXXXX.XXX	CAPEC-XXX	CWE-XX, CWE-XX	Xxxxx Xxxxx Xxxx Xxxxxxxxx	predictive	High
5	TXXXX	CAPEC-XXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
6	TXXXX	CAPEC-XXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
7	TXXXX		CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
8	TXXXX	CAPEC-XXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
9	TXXXX.XXX	CAPEC-X	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	High
10	TXXXX	CAPEC-XXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
11	TXXXX.XXX	CAPEC-X	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (33)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/act/ActDao.xml	predictive	High
2	File	/app/admin/controller/api/Plugs.php	predictive	High
3	File	/etc/sudoers	predictive	Medium
4	File	/index/ajax/lang	predictive	High
5	File	/jmreport/loadTableData	predictive	High
6	File	/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxx	predictive	High
7	File	/xxxxxxxx	predictive	Medium
8	File	/xxxxxxxxxx.xxx/xxxxxxx/xxxxxxxxxx/xxxx/xxx/x?xxxxxx=x	predictive	High
9	File	/[xxxxxx_xxx].xxx/xxxxxxx/xxxxxxxxxx/xxxx/xxx/x?xxxxxx=x	predictive	High
10	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
11	File	xx/xxx.x	predictive	Medium
12	File	xxx/xxxxxx.xxx	predictive	High
13	File	xxxxx.xxx	predictive	Medium
14	File	xxxxx.xxx?xxx=xxxx&xxx=xxxxxxxx	predictive	High
15	File	xxxxx_xx.xxxx	predictive	High
16	File	xxx/xxxx/xxxx.xx	predictive	High
17	File	xxxxxxxx.x	predictive	Medium
18	File	xxxxxxxx.xxx	predictive	Medium
19	File	xxxxxx/xxx/xx/xxx.xx	predictive	High
20	File	xxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	High
21	File	xxxxxx\xxxxxx\xxxxxxxxx-xxxxxx-xxxxxxx\xxx\xxxxxxx\xxxxxxxxxxxxx.xxx	predictive	High
22	Argument	xxxxxx_xxxx	predictive	Medium
23	Argument	xxxxxxxx	predictive	Medium
24	Argument	xxxxxxx	predictive	Low
25	Argument	xx	predictive	Low
26	Argument	xxxxxxxx	predictive	Medium
27	Argument	xxxx	predictive	Low
28	Argument	xxxxxx_xx	predictive	Medium
29	Argument	xx_xxxxxx	predictive	Medium
30	Argument	xxx[xxx]/xxx[xxxxxxxxxx]/xxx[xxxxxxxxxxx]	predictive	High
31	Argument	xxxxxxx	predictive	Low
32	Argument	xxx	predictive	Low
33	Pattern	\|xx xx\|	predictive	Low

References (7)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

This view requires CTI permissions

Just purchase a CTI license today!