Kaiten Analysisinfo

IOB - Indicator of Behavior (29)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en20
de4
sv2
zh2
ja2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Access Demo Importer Plugin2
Tiki2
WordPress2
Xoops2
SitePanel22

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.002330.00CVE-2018-6200
2Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.02
3FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.002910.04CVE-2008-5928
4Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001370.06CVE-2008-2052
5Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.919800.59CVE-2020-15906
6LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000000.18
7JD-WordPress wp-comments-post.php file inclusion7.36.9$5k-$25k$0-$5kProof-of-ConceptNot Defined0.091910.00CVE-2006-4992
8phpPgAds adclick.php5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002440.04CVE-2005-3791
9WordPress wp-trackback.php mb_convert_encoding cryptographic issues5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.047550.05CVE-2009-3622
10Exquisite Ultimate Newspaper Theme jquery.foundation.plugins.js cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.004640.00CVE-2015-9500
11Access Demo Importer Plugin AJAX Action demo-functions.php plugin_offline_installer improper authorization8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003710.00CVE-2021-39317
12Xoops URL Filter index.php redirect6.66.4$0-$5k$0-$5kNot DefinedNot Defined0.000630.04CVE-2017-12138
13OpenX adclick.php redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.005840.08CVE-2014-2230
14Google Android Performance Driver out-of-bounds write7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000420.00CVE-2021-0405
15Dataiku DSS Project access control6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.00CVE-2021-27225
16SitePanel2 0.php cross site scripting3.53.3$0-$5kCalculatingProof-of-ConceptNot Defined0.000000.00
17Squid Proxy NTLM Authentication denial of service5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.725410.00CVE-2004-0832
18Cisco ASA WebVPN Login Page logon.html cross site scripting5.35.2$5k-$25k$0-$5kHighOfficial Fix0.008710.02CVE-2014-2120
19Check Point VPN-1 information disclosure5.34.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.012320.00CVE-2008-5849
20tcpdf File Upload access control7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001540.00CVE-2017-6100

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
164.131.73.13village.xppgy.comKaiten10/05/2024verifiedVery High
264.131.81.98village.xppgy.comKaiten10/05/2024verifiedVery High
394.156.8.116Kaiten04/01/2024verifiedVery High
4XXX.XXX.XXX.XXxxxxxxx.xxxxxxxxxxx.xxxXxxxxx10/05/2024verifiedVery High
5XXX.XXX.XXX.XXxxxxxxx.xxxxxxxx.xxx.xxXxxxxx10/05/2024verifiedVery High
6XXX.XXX.XXX.XXXXxxxxx10/05/2024verifiedVery High
7XXX.XX.XXX.XXxxxxxxx.xxxxx.xxxXxxxxx10/05/2024verifiedVery High
8XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxxXxxxxx10/05/2024verifiedVery High
9XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxxXxxxxx10/05/2024verifiedVery High
10XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxxXxxxxx10/05/2024verifiedVery High
11XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxxXxxxxx10/05/2024verifiedVery High
12XXX.XXX.XX.XXXxxxxxx.xxxxxxxxxxx.xxXxxxxx10/05/2024verifiedHigh
13XXX.XXX.XXX.XXXXxxxxx03/08/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
2T1068CAPEC-122CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
3TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/forum/away.phppredictiveHigh
3File/modules/profile/index.phppredictiveHigh
4Filex.xxxpredictiveLow
5Filexxxxxxx.xxxpredictiveMedium
6Filexxxxxx/xx/xxxxxx.xxxxxxxxxx.xxxxxxx.xxpredictiveHigh
7Filexxxx.xxxpredictiveMedium
8Filexxxxx.xxxpredictiveMedium
9Filexxxxxxxx.xxxpredictiveMedium
10Filexxxxxxxxxx.xxxpredictiveHigh
11Filexxxx-xxxxx.xxxpredictiveHigh
12Filexx-xxxxxxxx-xxxx.xxxpredictiveHigh
13Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
14Filexx-xxxxxxxxx.xxxpredictiveHigh
15File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveHigh
16ArgumentxxxxxxxpredictiveLow
17ArgumentxxxxpredictiveLow
18ArgumentxxxxpredictiveLow
19ArgumentxxpredictiveLow
20Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
21ArgumentxxxpredictiveLow

References (4)

The following list contains external sources which discuss the actor and the associated activities:

Samples (4)

The following list contains associated samples:

This view requires CTI permissions

Just purchase a CTI license today!