KHRAT Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en81
zh6
es2
sv1
it1

Country

us52
ru22
cn16
es1
gb1

Actors

TrickBot19
FIN71

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.36CVE-2010-0966
3phpPgAds adclick.php unknown vulnerability5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2005-3791
4PHP denial of service3.73.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.05
5phpMyAdmin common.inc.php substr credentials management8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2017-18264
6LightCMS External Image NEditorController.php Privilege Escalation8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-27112
7Ember.js Handlebars Variable cross site scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2014-0013
8Apache Groovy MethodClosure.java MethodClosure injection7.37.3$25k-$100k$5k-$25kNot DefinedNot Defined0.05CVE-2015-3253
9Huawei Toronto-TL10 information disclosure4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2018-7907
10E-topbiz Viral DX 1 adclick.php sql injection7.37.3$0-$5k$0-$5kHighNot Defined0.05CVE-2008-2867
11Bitrix Site Manager dbquery_error.php Path information disclosure3.33.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.06
12Bitrix Bitrix Site Manager start.php code injection5.34.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.05CVE-2005-1996
13AbleDating search_results.php sql injection7.37.1$0-$5k$0-$5kHighNot Defined0.03CVE-2008-6572
14Citrix XenMobile Server XML Data xml external entity reference6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2017-9231
15VMware Horizon Client/Horizon Message Framework Library out-of-bounds read6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2018-6970
16VMware Workspace ONE SDK certificate validation4.84.8$5k-$25k$5k-$25kNot DefinedNot Defined0.08CVE-2020-3940
17MobileIron Device Registration reg.html cross site scriting6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.07
18Ariba Ariba Spend Management Solutions Management System cleartext storage5.34.9$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2005-2845
19jQuery dataType script.js Cross-Domain cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.26CVE-2015-9251
20Apache HTTP Server mod_proxy_fcgi.c handle_headers memory corruption5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2014-3583

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Cambodia Attacks

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameCampaignsConfidence
1194.87.94.61ptr.ruvds.comCambodia AttacksHigh

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegesHigh
3T1499CWE-404Resource ConsumptionHigh
4TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxHigh
5TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxHigh

IOA - Indicator of Attack (67)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/app/Http/Controllers/Admin/NEditorController.phpHigh
2File/mifs/c/i/reg/reg.htmlHigh
3File/xAdmin/html/cm_doclist_view_uc.jspHigh
4Fileadclick.phpMedium
5Fileadd_comment.phpHigh
6Filecheckout.cfmMedium
7FileConfig/SaveUploadedHotspotLogoFileHigh
8Filexxxx/xxxxxxxxxxxxxxx.xxxHigh
9Filexxxxxxx_xxxxx.xxxHigh
10Filexxxxx.xxxMedium
11Filexxxxxxxxxxx.xHigh
12Filexxxxxxxxx.xxxHigh
13Filexxx/xxxxxx.xxxHigh
14Filexxxxx.xxxMedium
15Filexxxxx.xxx/xxxxxxx/xxxxxHigh
16Filexxxxx.xxMedium
17Filexxxxxxx.xxxMedium
18Filexxxx.xxxMedium
19Filexxxxxxxxx/xxxxxx.xxx.xxxHigh
20Filexxx_xxxxx_xxxx.xHigh
21Filexxxxxxx_xxxxxxx_xxxx.xxxHigh
22Filexxx_xxxxxx.xxxxHigh
23Filexxxxxxxx.xxxMedium
24Filexxxxxxxx.xxxMedium
25Filexxxxxxx.xxxMedium
26Filexxxxxxx/xxxxxxxxxxxxx.xxxxHigh
27Filexxxxxx.xxMedium
28Filexxxxxx_xxxxxxx.xxxHigh
29Filexxxx.xxxMedium
30Filexxxx.xxLow
31Filexxxxxxxx_xxxx.xxxHigh
32Filexxxx_xxxxxxx_xxxxxxxx.xxxHigh
33Filexxxxx.xxxMedium
34Filexxxxxxxx.xxxxx.xxxHigh
35Filexxxxx.xLow
36Filexx-xxxxxxxxx.xxxHigh
37ArgumentxxxxxxLow
38ArgumentxxxxxxxxMedium
39ArgumentxxxxxxxxMedium
40Argumentxxx_xxLow
41Argumentxxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxxHigh
42ArgumentxxxxLow
43ArgumentxxxxxxxxxxMedium
44ArgumentxxxxxxxLow
45ArgumentxxxxLow
46ArgumentxxxxxxxxMedium
47Argumentxxxxxx_xxxxx_xxxHigh
48ArgumentxxxxLow
49Argumentxxxx_xxxxxMedium
50ArgumentxxLow
51ArgumentxxxxxxLow
52ArgumentxxxxxxxLow
53Argumentxxxxxxx/xxxxxxxxxHigh
54ArgumentxxxxLow
55Argumentxxxxxxxx_xxMedium
56ArgumentxxxxxxxxxxxxxxxxHigh
57ArgumentxxxxxxLow
58ArgumentxxxxxxLow
59Argumentxx_xxLow
60ArgumentxxxxxLow
61ArgumentxxLow
62ArgumentxxxxxxLow
63Argument_xxxxxx[xxxxxxxx_xxxx]High
64Input Value/xxxxxx/..%xxHigh
65Input Valuexxxxx"][xxxxxx]xxxxx('xxx')[/xxxxxx]High
66Network PortxxxxLow
67Network Portxxx xxxxxx xxxxHigh

References (1)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!