PittyTiger Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en13
zh3

Country

cn8
us8

Actors

PittyTiger16

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1social-warfare Plugin Stored cross site scripting5.24.8$0-$5k$0-$5kFunctionalOfficial Fix0.00CVE-2019-9978
2Insyde InsydeH2O Kernel buffer overflow8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2021-33626
3Apache Tomcat TLS Packet infinite loop5.35.3$5k-$25k$0-$5kNot DefinedNot Defined0.04CVE-2021-41079
4e2guardian SSL MITM Engine certificate validation5.04.8$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-44273
5ABB RobotWare for OmniCore Robot Controller Connected Services Gateway Ethernet Port missing authentication9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-22279
6Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.30CVE-2011-0643
7Pulse Secure Pulse Connect Secure Meeting Room buffer overflow8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-22894
8Apache Shiro Spring Boot improper authentication5.65.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-41303
9Microsoft Windows Active Directory Privilege Escalation4.84.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.08CVE-2021-41337
10Sun SunOS Portmapper privileges management7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-1999-0168
11Mail2000 go cross site scripting5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2019-15071
12ProFTPD mod_sftp/mod_sftp_pam kbdint.c resp_count numeric error7.57.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.04CVE-2013-4359
13Mail2000 Login portal cross site scripting5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2019-15072
14FreeType gray_render_span numeric error7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2010-2500
15HPE System Management Homepage config5.85.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2017-12550

IOC - Indicator of Compromise (60)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameCampaignsConfidence
13.7.4.1ec2-3-7-4-1.ap-south-1.compute.amazonaws.comMedium
212.0.9.149High
323.226.178.162High
427.16.139.143High
527.151.0.224High
627.155.90.80High
727.155.109.89High
827.155.110.81High
927.156.49.223223.49.156.27.broad.fz.fj.dynamic.163data.com.cnHigh
1058.61.40.55.40.61.58.broad.sz.gd.dynamic.163data.com.cnHigh
1158.64.175.191High
1258.64.175.255High
13XX.XX.XXX.XXHigh
14XX.XX.XXX.XXXHigh
15XX.XX.XXX.XXXHigh
16XX.XX.XX.XXHigh
17XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxx-xx.xxxxx.xxxHigh
18XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxx-xx.xxxxx.xxxHigh
19XX.XXX.XXX.XXHigh
20XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxx-xx.xxxxx.xxxHigh
21XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxx-xx.xxxxx.xxxHigh
22XX.XXX.XX.XXHigh
23XX.XX.XX.XXXHigh
24XX.XXX.X.XXXHigh
25XX.XXX.XX.XXXHigh
26XX.XXX.XXX.Xx-xx-xxx-xxx-x.xxxx.xx.xxxxxxx.xxxHigh
27XXX.XX.XXX.XXHigh
28XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxHigh
29XXX.XX.XX.XXxx.xx.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxHigh
30XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxHigh
31XXX.XX.XXX.XXXHigh
32XXX.XX.XXX.XXXHigh
33XXX.XX.XXX.XXXHigh
34XXX.XX.XXX.XXXHigh
35XXX.XX.XXX.XXHigh
36XXX.XX.XXX.XXHigh
37XXX.XX.XXX.XXXHigh
38XXX.XX.XXX.XXxx.xxx.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxHigh
39XXX.XX.XXX.XXXxxx.xxx.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxHigh
40XXX.XX.XXX.XXXxxx.xxx.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxHigh
41XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxHigh
42XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxHigh
43XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxHigh
44XXX.XX.XX.XXXHigh
45XXX.XX.XX.XXXHigh
46XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxxxxxxx.xxxHigh
47XXX.XX.XX.XXXHigh
48XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxxxxxxxxxxxx.xxxHigh
49XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxxxxxxxxxxxx.xxxHigh
50XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxxHigh
51XXX.XX.XXX.XXHigh
52XXX.XX.XXX.XXXHigh
53XXX.XX.XXX.Xxxx-xx-xxx-x.xxxxx-xx.xxxxx.xxxHigh
54XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxx-xx.xxxxx.xxxHigh
55XXX.XXX.XXX.XXXHigh
56XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxx.xxxxxx.xxxxx.xxxHigh
57XXX.XX.XXX.XXXHigh
58XXX.XX.XXX.XXHigh
59XXX.XXX.XXX.XXXHigh
60XXX.XXX.XXX.XXXHigh

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79Cross Site ScriptingHigh
2T1499CWE-835Resource ConsumptionHigh
3T1587.003CWE-297Improper Certificate ValidationHigh

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/cgi-bin/goMedium
2File/cgi-bin/portalHigh
3Fileadmin/conf_users_edit.phpHigh
4Filexxxxxx.xMedium
5Filexx-xxxxx/xxxxx-xxxx.xxx?xxx_xxxxx=xxxx_xxxxxxxHigh
6ArgumentxxxxxxLow
7Argumentxxxxxxxxxx/xxxxxxxxxxxxxxHigh
8Argumentxxx_xxxLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!