Letscall Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (18)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en	14
zh	4

Country

CN: China	12
US: USA	6

Actors

Letscall	2

Activities

Interest

Timeline

Type

Not Defined	6
Content Management System	4
Router Operating System	2
Chip Software	2
Cloud Software	2

Vendor

Not Defined	4
ZkTeco	2
Kentico	2
Cisco	2
Qualcomm	2

Product

ZkTeco ZAM170-NF	2
Kentico CMS	2
Cisco IOS XE	2
Qualcomm Snapdragon Auto	2
Tiki	2

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#	Vulnerability	Base	Temp	0day	Today	Exp	Cou	KEV	EPSS	CTI	CVE
1	ZkTeco ZAM170-NF os command injection	9.9	9.7	$0-$5k	$0-$5k	Not defined	Not defined		0.01134	0.00	CVE-2023-3939
2	Qualcomm Snapdragon Auto HAB Message resource consumption	6.1	6.0	$5k-$25k	$0-$5k	Not defined	Official fix		0.00056	0.08	CVE-2022-22101
3	Google Chrome Javascript use after free	6.4	6.3	$25k-$100k	$0-$5k	Attacked	Official fix	verified	0.79104	0.00	CVE-2019-5825
4	Tenda AC8/AC10/AC18 HTTP Request telnet command injection	7.2	6.5	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00788	0.05	CVE-2025-0528
5	Cisco IOS XE Express Forwarding mismatched memory management routines	6.9	6.8	$5k-$25k	$0-$5k	Not defined	Official fix		0.00019	0.00	CVE-2025-20189
6	Cisco IOS XE Access Point Image Download Feature hard-coded credentials	9.9	9.7	$25k-$100k	$5k-$25k	Not defined	Official fix		0.04133	0.08	CVE-2025-20188
7	ZkTeco ZAM170-NF path traversal	9.9	9.7	$0-$5k	$0-$5k	Not defined	Not defined		0.00347	0.00	CVE-2023-3941
8	Tiki Admin Password tiki-login.php improper authentication	8.0	7.7	$0-$5k	$0-$5k	Not defined	Official fix	expected	0.91138	0.86	CVE-2020-15906
9	Pligg cloud.php sql injection	6.3	6.3	$0-$5k	$0-$5k	Not defined	Not defined		0.00000	0.64
10	Citrix NetScaler ADC/NetScaler Gateway OpenID openid-configuration ns_aaa_oauthrp_send_openid_config CitrixBleed memory corruption	8.3	8.2	$100k and more	$0-$5k	Attacked	Official fix	verified	0.94378	0.06	CVE-2023-4966
11	LogicBoard CMS away.php redirect	6.3	6.1	$0-$5k	$0-$5k	Not defined	Unavailable		0.00000	0.41
12	Shenzhen Youkate Industrial Facial Love Cloud Payment System Account SystemMng.ashx privileges management	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00066	0.00	CVE-2023-6099
13	Kubelet seccomp Profile improper validation of specified type of input	4.4	4.3	$0-$5k	$0-$5k	Not defined	Not defined		0.00007	0.02	CVE-2023-2431
14	Telerik Progress UI for ASP.NET AJAX Telerik.Web.UI inadequate encryption	8.5	8.4	$0-$5k	$0-$5k	Attacked	Official fix	verified	0.92279	0.00	CVE-2017-11317
15	Kentico CMS CMS Administration Dashboard install.aspx access control	8.5	8.2	$0-$5k	$0-$5k	Not defined	Official fix	expected	0.89514	0.04	CVE-2017-17736

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	35.243.122.211	211.122.243.35.bc.googleusercontent.com	Letscall	07/11/2023	verified	High
2	45.43.215.98		Letscall	07/11/2023	verified	High
3	XX.XX.XXX.XXX		Xxxxxxxx	07/11/2023	verified	High
4	XXX.XXX.XXX.XXX		Xxxxxxxx	07/11/2023	verified	High
5	XXX.XXX.XXX.XXX		Xxxxxxxx	07/11/2023	verified	High
6	XXX.XXX.XXX.XXX		Xxxxxxxx	07/11/2023	verified	High
7	XXX.XX.XX.X		Xxxxxxxx	07/11/2023	verified	High
8	XXX.XX.XX.XX		Xxxxxxxx	07/11/2023	verified	High
9	XXX.XX.XX.XX		Xxxxxxxx	07/11/2023	verified	High
10	XXX.XXX.XXX.XXX		Xxxxxxxx	07/11/2023	verified	High

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-139	CWE-23	Path Traversal	predictive	High
2	T1068	CAPEC-122	CWE-264, CWE-269	Execution with Unnecessary Privileges	predictive	High
3	TXXXX.XXX	CAPEC-XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	High
4	TXXXX	CAPEC-XXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
5	TXXXX.XXX	CAPEC-XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
6	TXXXX	CAPEC-XXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
7	TXXXX	CAPEC-XXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (10)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/forum/away.php	predictive	High
2	File	/goform/telnet	predictive	High
3	File	/xxxxx/xxx/.xxxx-xxxxx/xxxxxx-xxxxxxxxxxxxx	predictive	High
4	File	/xxxxxxxxx.xxxx	predictive	High
5	File	xxxxx.xxx	predictive	Medium
6	File	xxxxxxxxxx/xxxxxxx.xxxx	predictive	High
7	File	xxxx-xxxxx.xxx	predictive	High
8	Argument	xxxxxxxxxx	predictive	Medium
9	Argument	xxxxxxxxxxxx	predictive	Medium
10	Input Value	xx	predictive	Low

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

This view requires CTI permissions

Just purchase a CTI license today!