TA406 Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en14
es1
de1

Country

us10
gb2
ru1
kr1
de1

Actors

Wizard Spider7
Patchwork5
TA4064

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Genivia gSOAP WS-Addressing Plugin integer overflow8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-13576
2Apache Xerces Java XML Parser infinite loop4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.37CVE-2022-23437
3Atlassian Confluence Server information disclosure4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2021-26085
4Microsoft Windows MSHTML Remote Code Execution8.87.9$100k and more$25k-$100kProof-of-ConceptWorkaround0.06CVE-2021-40444
5Microsoft Windows Win32k privileges management7.36.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.06CVE-2021-1709
6Microsoft Windows TCP/IP Remote Code Execution9.88.5$100k and more$25k-$100kUnprovenOfficial Fix0.05CVE-2021-24074
7Microsoft Exchange Server ProxyLogon unknown vulnerability9.38.9$25k-$100k$0-$5kFunctionalOfficial Fix0.04CVE-2021-26855
8libssh SSH2_MSG_USERAUTH_SUCCESS Message improper authentication8.27.8$25k-$100k$0-$5kHighOfficial Fix0.04CVE-2018-10933
9OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.18CVE-2005-1612
10DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.37CVE-2010-0966
11Netgear Router Port tcp/32764 backdoor9.89.6$25k-$100k$0-$5kHighWorkaround0.05
12Google Android Widevine QSEE TrustZone Application access control7.87.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2015-6639
13Joomla CMS InputFilter Upload unrestricted upload8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2018-15882
14Huawei iBMC Intelligent Baseboard Management Controller improper authentication7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.05CVE-2018-7942
15Liferay Portal privileges management9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2011-1571

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameCampaignsConfidence
1108.62.12.11High
2108.177.235.226High
3192.109.119.6hosted-by.microglollc.netHigh
4XXX.XXX.XX.XXXHigh
5XXX.XXX.XXX.XXXHigh

TTP - Tactics, Techniques, Procedures (2)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1068CWE-264Execution with Unnecessary PrivilegesHigh
2T1499CWE-835Resource ConsumptionHigh

IOA - Indicator of Attack (6)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/s/Low
2Fileinc/config.phpHigh
3Fileread.phpMedium
4ArgumentxxxxxxxxMedium
5ArgumentxxxLow
6Network Portxxx/xxxxxMedium

References (1)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!