Earth Kitsune Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (19)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en	20

Country

US: USA	8
RU: Russia	4
CN: China	2
GB: Great Britain	2

Actors

Earth Kitsune	2
RedLine Stealer	1
United States of America	1
FAKEUPDATES	1
Dacls RAT	1

Activities

Interest

Timeline

Type

Not Defined	6
Network Camera Software	2
Forum Software	2
Operating System	2
Content Management System	2

Vendor

Not Defined	6
Microsoft	4
Pivotal	2
TRENDnet	2
Craft	2

Product

Pivotal Spring Framework	2
TRENDnet IP Camera	2
vBulletin	2
AjaxPro	2
Microsoft Windows	2

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#	Vulnerability	Base	Temp	0day	Today	Exp	Cou	KEV	EPSS	CTI	CVE
1	SourceCodester Canteen Management System POST Request ajax_invoice.php query sql injection	6.6	6.5	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00038	0.04	CVE-2022-4222
2	RARLabs WinRAR ZIP Archive data authenticity	7.3	7.2	$0-$5k	$0-$5k	High	Official fix	verified	0.93562	0.00	CVE-2023-38831
3	AjaxPro .NET Class deserialization	7.8	7.8	$0-$5k	Calculating	Not defined	Official fix	expected	0.87776	0.03	CVE-2021-23758
4	Microsoft SQL Server privilege escalation	7.5	6.8	$25k-$100k	$0-$5k	Unproven	Official fix		0.00483	0.08	CVE-2022-29143
5	Microsoft Windows ReFS Local Privilege Escalation	7.8	7.1	$25k-$100k	$5k-$25k	Unproven	Official fix		0.00183	0.08	CVE-2023-23418
6	Microsoft Windows Kernel Local Privilege Escalation	7.8	7.1	$25k-$100k	$5k-$25k	Unproven	Official fix		0.00300	0.02	CVE-2023-23423
7	Microsoft Windows Kernel privilege escalation	9.2	8.4	$25k-$100k	$5k-$25k	Unproven	Official fix		0.00100	0.00	CVE-2022-29133
8	Craft CMS Seomatic injection	6.4	6.3	$0-$5k	Calculating	Not defined	Official fix	expected	0.93805	0.03	CVE-2020-9757
9	Vignette Content Management HTML Source Code 00.html Password credentials management	7.5	7.5	$0-$5k	Calculating	Not defined	Unavailable		0.00927	0.00	CVE-2018-18941
10	Microsoft Windows Remote Desktop Client Remote Code Execution	8.0	7.3	$25k-$100k	$5k-$25k	Unproven	Official fix		0.12765	0.00	CVE-2022-23285
11	TRENDnet IP Camera Authentication mjpg.cgi improper authentication	7.3	6.7	$0-$5k	$0-$5k	Proof-of-Concept	Workaround		0.00000	0.05
12	vBulletin redirector.php	6.6	6.6	$0-$5k	Calculating	Not defined	Not defined		0.05560	0.02	CVE-2018-6200
13	MGB OpenSource Guestbook email.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	possible	0.01580	0.07	CVE-2007-0354
14	Openads adclick.php Remote Code Execution	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00675	0.07	CVE-2007-2046
15	Oracle Java SE JNDI access control	8.3	8.2	$25k-$100k	$0-$5k	Not defined	Official fix		0.00196	0.00	CVE-2018-3149
16	Pivotal Spring Framework ResourceServlet path traversal	7.0	6.8	$0-$5k	Calculating	Not defined	Official fix		0.05431	0.00	CVE-2016-9878

Campaigns (1)

These are the campaigns that can be associated with the actor:

WhiskerSpy

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	45.76.62.198	45.76.62.198.vultrusercontent.com	Earth Kitsune	WhiskerSpy	02/22/2023	verified	Low
2	XXX.XX.XXX.XXX	xxx-xxx-xx-xxx.xxxxxxx-xxx	Xxxxx Xxxxxxx	Xxxxxxxxxx	02/22/2023	verified	Medium

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	High
3	TXXXX	CAPEC-XX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
4	TXXXX.XXX	CAPEC-XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
5	TXXXX	CAPEC-XXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
6	TXXXX		CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/anony/mjpg.cgi	predictive	High
2	File	adclick.php	predictive	Medium
3	File	xxxx_xxxxxxx.xxx	predictive	High
4	File	xxxxx.xxx	predictive	Medium
5	File	xxxxxxxxxx.xxx	predictive	High
6	File	xxx/xxx/xxxx/xxxx/xxxx/xxxx/x/xxxx/x/xx.xxxx?xxx=xxxxx	predictive	High
7	Argument	xxxx	predictive	Low
8	Argument	xx	predictive	Low
9	Argument	xxxxxx	predictive	Low
10	Argument	xxx	predictive	Low
11	Network Port	xxx xxxxxx xxxx	predictive	High

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

This view requires CTI permissions

Just purchase a CTI license today!