TA410 Analysis

IOB - Indicator of Behavior (270)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en238
zh14
fr6
es4
de4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us112
cn72
ce8
ru6
gb4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Exchange Server10
QNAP QTS6
F5 BIG-IP4
cPanel4
Sophos Firewall4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.43CVE-2010-0966
2Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.06CVE-2013-5033
3WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.00CVE-2022-21664
4Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001120.04CVE-2021-3056
5VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.05CVE-2019-13275
6Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
7Linksys WRT54GL Web Management Interface SysInfo1.htm information disclosure4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.16CVE-2024-1406
8MW WP Form Plugin unrestricted upload7.37.1$0-$5k$0-$5kNot DefinedNot Defined0.002480.09CVE-2023-6316
9request-baskets API Request {name} server-side request forgery6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.081090.05CVE-2023-27163
10Teclib GLPI unlock_tasks.php sql injection8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.121490.03CVE-2019-10232
11Sophos Firewall User Portal/Webadmin improper authentication8.58.5$0-$5k$0-$5kHighNot Defined0.974100.05CVE-2022-1040
12CutePHP CuteNews unrestricted upload7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.021430.04CVE-2019-11447
13WordPress Object injection5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.004320.00CVE-2022-21663
14Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.3$25k-$100k$0-$5kHighOfficial Fix0.064500.05CVE-2022-26923
15QNAP QTS Media Library access control8.58.2$0-$5k$0-$5kHighOfficial Fix0.015750.07CVE-2017-13067
16Microsoft Exchange Server ProxyShell Remote Code Execution9.58.7$25k-$100k$5k-$25kHighOfficial Fix0.973190.04CVE-2021-34473
17Microsoft Exchange Server Privilege Escalation8.88.3$25k-$100k$0-$5kHighOfficial Fix0.965400.00CVE-2021-42321
18Bitcoin Core bitcoin-qt wallet.dat Memory inadequate encryption5.05.0$0-$5k$0-$5kNot DefinedNot Defined0.002360.06CVE-2019-15947
19OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.27CVE-2016-6210
20Samurai Build File util.c canonpath out-of-bounds write6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000850.00CVE-2019-19795

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (124)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/baskets/{name}predictiveHigh
2File/api/RecordingList/DownloadRecord?file=predictiveHigh
3File/api /v3/authpredictiveHigh
4File/apply.cgipredictiveMedium
5File/cgi-bin/wlogin.cgipredictiveHigh
6File/gena.cgipredictiveMedium
7File/MIME/INBOX-MM-1/predictiveHigh
8File/netflow/jspui/editProfile.jsppredictiveHigh
9File/php/ping.phppredictiveHigh
10File/rapi/read_urlpredictiveHigh
11File/scripts/unlock_tasks.phppredictiveHigh
12File/sec/content/sec_asa_users_local_db_add.htmlpredictiveHigh
13File/see_more_details.phppredictiveHigh
14File/SysInfo1.htmpredictiveHigh
15File/xxxxxxx_xxxx.xxxpredictiveHigh
16File/xxxxxx/xxxx/xxxxxxx/xxx_xxxxx/xxxxxxxxxx.xxxpredictiveHigh
17File/xxxx/xxx/xxxxxxx/xxx_xxxxxx.xxxpredictiveHigh
18File/xx-xxxxx/xxxxx-xxxx.xxx?xx_xxxx=x&xxxxxx_xxxxpredictiveHigh
19Filexxxxxxxxxxx/xxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
20Filexxxxxxx/xxxx.xxxpredictiveHigh
21Filexxxx-xxxx.xpredictiveMedium
22Filexxxxxx.xxxpredictiveMedium
23Filexxx-xxx/xxxxx_xxx_xxxpredictiveHigh
24Filexxxxxx/xxx.xpredictiveMedium
25Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
26Filexxxxxxxxx.xxx.xxxpredictiveHigh
27Filexxxxx/xxxxx.xxxpredictiveHigh
28Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexxxx_xxxxx.xxxpredictiveHigh
30Filexxxxx.xxxpredictiveMedium
31Filexxxxxx.xxxpredictiveMedium
32Filexx/xx-xx.xpredictiveMedium
33Filexxx/xxxx_xxxx.xpredictiveHigh
34Filexxxxxx/xxxxxxxxxxxpredictiveHigh
35Filexxxx_xxxxxx.xpredictiveHigh
36Filexxxx/xxxxxxx.xpredictiveHigh
37Filexxx/xxxxxx.xxxpredictiveHigh
38Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
39Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
40Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveHigh
41Filexxxxx.xxxpredictiveMedium
42Filexxxxx.xxx?x=xxxxx&x=xxxxx&x=xxxxxpredictiveHigh
43Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
44Filexxxxxxxxxx.xxxpredictiveHigh
45Filexxxxxx_xxxx_xxxxxxx.xxxpredictiveHigh
46Filexxxxx.xxxpredictiveMedium
47Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
48Filexxxx.xpredictiveLow
49Filexxx/xxx.xxxpredictiveMedium
50Filexxx/xxxxx.xxxxpredictiveHigh
51Filexxxx_xxxxxxx.xxxpredictiveHigh
52Filexxx%xx.xxxpredictiveMedium
53Filexxxxxx.xpredictiveMedium
54Filexxxx.xxxpredictiveMedium
55Filexxxxx.xxxpredictiveMedium
56Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
57Filexxxxxxxx.xxxpredictiveMedium
58Filexxxxxxxx.xxxpredictiveMedium
59Filexxxx.xxxpredictiveMedium
60Filexxxxx/xxxxx.xxxpredictiveHigh
61Filexxxxxxxx.xxxpredictiveMedium
62Filexxxx-xxxxxxxx.xxxpredictiveHigh
63Filexxxxxxxxx.xxxpredictiveHigh
64Filexxxxxxxxx.xxxpredictiveHigh
65Filexxxx.xpredictiveLow
66Filexxxxxx/xxxxxxx/xxxxxxxx/xxxx/xxxxxxx.xxxpredictiveHigh
67FilexxxxxxxxxxpredictiveMedium
68Filexxxxxxx/xxxxx.xxxpredictiveHigh
69Filexxxxxx.xxxpredictiveMedium
70Filexxx/xxxxxx/xxx/xxxxxxxxx.xxxpredictiveHigh
71Libraryxxxxx.xxxpredictiveMedium
72Argumentxx/xxpredictiveLow
73ArgumentxxxxxxpredictiveLow
74Argumentxxxxxxx_xxxxpredictiveMedium
75ArgumentxxxxxxxxxxpredictiveMedium
76Argumentxxxxxx_xxxxpredictiveMedium
77ArgumentxxxxxxxxpredictiveMedium
78Argumentxxxxxxxx_xxxxxxx_xxxxxx[xxxxx_xxxxxx_xxx]'predictiveHigh
79ArgumentxxxpredictiveLow
80ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
81ArgumentxxxxxpredictiveLow
82Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
83Argumentxxxxxx_xxpredictiveMedium
84ArgumentxxxxpredictiveLow
85ArgumentxxxxxxpredictiveLow
86ArgumentxxxxpredictiveLow
87ArgumentxxxxpredictiveLow
88ArgumentxxpredictiveLow
89Argumentxxxxx_xxxxpredictiveMedium
90Argumentxxxxxxxx[xx]predictiveMedium
91ArgumentxxxpredictiveLow
92ArgumentxxxpredictiveLow
93ArgumentxxxxxxxpredictiveLow
94Argumentxxxx/xxx_xxxxxxxxxpredictiveHigh
95Argumentxxx_xxxxpredictiveMedium
96Argumentxxxx_xxxxxpredictiveMedium
97ArgumentxxxxxxxxpredictiveMedium
98Argumentxxxx_xxxxpredictiveMedium
99ArgumentxxpredictiveLow
100Argumentxxxxxxx/xxxxxpredictiveHigh
101ArgumentxxxxxxxxxxpredictiveMedium
102Argumentxxxxxx_xxxpredictiveMedium
103Argumentxxxx_xxxxxxpredictiveMedium
104Argumentxxxx_xxpredictiveLow
105Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
106Argumentxxx_xxxx[x][]predictiveHigh
107ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
108Argumentxxxx_xxpredictiveLow
109ArgumentxxxpredictiveLow
110ArgumentxxxpredictiveLow
111ArgumentxxxxpredictiveLow
112ArgumentxxxxxxxxpredictiveMedium
113ArgumentxxxxxxxxpredictiveMedium
114Argumentxxxx/xx/xxxx/xxxpredictiveHigh
115Input Value.%xx.../.%xx.../predictiveHigh
116Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
117Input Valuexxxxxxx -xxxpredictiveMedium
118Input ValuexxxxxxxxxxpredictiveMedium
119Network PortxxxxpredictiveLow
120Network PortxxxxpredictiveLow
121Network Portxxxx xxxxpredictiveMedium
122Network Portxxx/xxxpredictiveLow
123Network Portxxx/xxxpredictiveLow
124Network Portxxx/xxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!