Play Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (13)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en8
zh4
jp2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA8
CN: China4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Play3
BianLian1
Grandoreiro1
FAKEUPDATES1
Latrodectus1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined8
Remote Access Software2
Database Administration Software2
Connectivity Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined12
Venture Nine2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Venture Nine Tagger LE2
OpenSSH2
phpMyAdmin2
Keycloak2
Jspxcms2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Microsoft Windows Remote Registry Service failing open8.88.1$50k-$100k$10k-$25kUnprovenOfficial fixpossible0.685140.00CVE-2024-43532
2OpenSSH Binary Packet Protocol Terrapin inadequate encryption5.75.6$10k-$25k$1k-$2kNot definedOfficial fixexpected0.852030.00CVE-2023-48795
3Keycloak cross site scripting3.53.5$0-$1k$0-$1kNot definedNot definedpossible0.731570.06CVE-2021-20323
4Jspxcms filter_text.do cross site scripting3.83.7$1k-$2k$0-$1kProof-of-ConceptNot defined 0.000750.07CVE-2024-1256
5Jspxcms find_text.do cross site scripting4.44.3$1k-$2k$0-$1kProof-of-ConceptNot defined 0.000750.06CVE-2024-1257
6phpMyAdmin server-side request forgery7.97.8$10k-$25k$0-$1kNot definedOfficial fix 0.004150.07CVE-2016-6621
7UltraVNC VNC Server access control8.58.4$2k-$5k$0-$1kNot definedOfficial fix 0.045750.08CVE-2019-8275
8HPE iLO 4 privileges management9.99.4$50k-$100k$0-$1kHighOfficial fixexpected0.940940.00CVE-2017-12542
9AMI Megarac API password recovery7.47.4$1k-$2k$1k-$2kNot definedNot defined 0.001170.09CVE-2022-26872
10Venture Nine Tagger LE tags.php eval Remote Code Execution7.36.7$2k-$5k$0-$1kProof-of-ConceptUnavailable 0.103380.00CVE-2006-4437
11Zammad Email Connection Configuration access control5.95.9$2k-$5k$0-$1kNot definedNot defined 0.003220.00CVE-2021-35299
12Apple iCloud WebKit type confusion7.57.2$10k-$25k$0-$1kNot definedOfficial fix 0.007650.00CVE-2020-9800
13Generalitat de Catalunya accesuniversitat.gencat.cat Java API information disclosure4.34.3$1k-$2k$0-$1kNot definedNot defined 0.002160.05CVE-2019-12837

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.76.165.12945.76.165.129.vultrusercontent.comPlay10/28/2024verifiedVery High
2XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxx10/28/2024verifiedVery High
3XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxx10/25/2024verifiedVery High
4XXX.XX.XXX.XXXXxxx10/31/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CAPEC-209CWE-79Basic Cross Site ScriptingpredictiveHigh
2TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
3TXXXXCAPEC-XXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (3)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/ext/collect/filter_text.dopredictiveHigh
2File/xxx/xxxxxxx/xxxx_xxxx.xxpredictiveHigh
3Filexxxx.xxxpredictiveMedium

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!