Poison Ivy Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en33
de6
es1
it1

Country

us20
cn6
ru4
de3
kr1

Actors

APT-C-0141

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Product

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.21CVE-2016-6210
2NoneCms App.php input validation8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2018-20062
3Google Android Libraries access control7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2017-0671
4Pixelpost cross-site request forgery7.06.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.05CVE-2010-3305
5OpenSSH Post Authentication sshd process initialize mm_newkeys_from_blob access control5.45.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.03CVE-2013-4548
6PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2015-4134
7Cisco Enterprise NFV Infrastructure Software NFVIS Filesystem Command input validation6.76.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-1894
8SmartDraw 2020 Installer SDNotify.exe privileges management6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-13386
9Tenda AC6/AC9/AC15/AC118 httpd saveParentControlInfo buffer overflow7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-13393
10Ovidentia sql injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2019-13978
11MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.42CVE-2007-0354
12Dell SupportAssist Client input validation7.16.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2019-3719
13Hikvision IP Camera Web Server memory corruption8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2018-6414
14Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.96CVE-2017-0055
15PHP php URL error_log access control6.55.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2006-3011
16Minishowcase Minishowcase Image Gallery Libraries path traversal7.37.3$0-$5k$0-$5kHighUnavailable0.00CVE-2008-3390
17Jenkins Stapler Web Framework Stapler.java input validation6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-1999002
18Apache HTTP Server memory corruption5.65.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.03CVE-2018-1301
19Apache HTTP Server mod_session input validation5.85.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.05CVE-2018-1283
20Apache HTTP Server HTTP Digest Authentication Challenge improper authentication8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.12CVE-2018-1312

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsConfidence
145.32.8.13745.32.8.137.vultr.comPoison IvyMedium
245.76.125.17645.76.125.176.vultr.comPoison IvyMedium
3XX.XX.XXX.XXxx.xx.xxx.xx.xxxxx.xxxXxxxxx XxxMedium
4XXX.XXX.XX.XXxxxxxxxxx.xxxxxxxx.xx.xx-xxx.xx.xxXxxxxx XxxHigh
5XXX.X.XX.XXXxxxxx.xxxxx.xxxx.xxxxxx-xxxxxxx.xxxxxxXxxxxx XxxHigh
6XXX.XXX.XXX.XXXxxxxxx.xxxxxxx.xxxxxxxxxxxxx.xxXxxxxx XxxHigh
7XXX.XXX.XX.XXXxxxxx XxxHigh

TTP - Tactics, Techniques, Procedures (2)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingHigh
2TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxHigh

IOA - Indicator of Attack (35)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/forum/away.phpHigh
2File/goform/saveParentControlInfoHigh
3File/uncpath/Medium
4File2020\Messages\SDNotify.exeHigh
5Fileadmin/admin_disallow.phpHigh
6Filexxxxx.xxxMedium
7Filexxxxx.xxxMedium
8Filexxx/xxxx/xxx/xxxxx_xxxx.xHigh
9Filexxxx.xxxMedium
10Filexxxxx.xxx?xx=xxxxxxx&xxx=xxxHigh
11FilexxxxxxxxxxMedium
12Filexxx/xxxxxxx/xxxxxxx/xxxxxxx.xxxxHigh
13Filexxxxxx.xxxMedium
14Filexx-xxxxxxxx/xxxxx-xxxxxx.xxxHigh
15Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxHigh
16Filexx-xxxxxxxx/xxxxxxxxx.xxxHigh
17Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxHigh
18Filexx-xxxxxxxx/xx/xxxxxxxxxxxxHigh
19Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxHigh
20Libraryxxxxxxxx/xxxxxxx/xxxxx/xxx.xxxHigh
21ArgumentxxxxxxxxMedium
22Argumentxxxxxxxx/xxxxHigh
23Argumentxxxxx->xxxxMedium
24ArgumentxxxxxxLow
25Argumentxxxx_xxxxxxxMedium
26ArgumentxxLow
27ArgumentxxxxxxxxMedium
28ArgumentxxxxLow
29ArgumentxxxxxxxxMedium
30ArgumentxxxLow
31ArgumentxxxxxxxxxxMedium
32ArgumentxxxLow
33Argumentxxxx->xxxxxxxHigh
34Input Valuexxxx://xxxxx@xxxxxx:xxx/xxxx_xx.xxxHigh
35Network Portxxx/xxxxMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!