TA413 Analysis

IOB - Indicator of Behavior (59)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en46
zh14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn38
us20
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apple iOS4
Apple iPadOS4
PRTG Network Monitor4
Fortinet FortiOS4
WordPress2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Fortinet FortiOS SSL VPN integer overflow8.78.5$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01086CVE-2021-26109
2Cisco Wireless LAN Controller CAPWAP information disclosure6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.01136CVE-2018-0442
3PRTG Network Monitor Screenshot information disclosure3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2021-27220
4PRTG Network Monitor Web Console os command injection6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.69279CVE-2018-9276
5Oracle Database Java VM access control5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00950CVE-2018-3004
6Sierra Wireless AirLink LS300 access control9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01156CVE-2018-10251
7Apple iOS/iPadOS WebKit use after free6.36.0$100k and more$5k-$25kHighOfficial Fix0.020.18168CVE-2022-22620
8Apache APR-util apr-util apr_rmm.c apr_rmm_realloc numeric error10.09.4$25k-$100k$0-$5kProof-of-ConceptNot Defined0.020.08969CVE-2009-2412
9rails_multisite cookie validation7.47.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2021-41263
10RDoc Filename Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01365CVE-2021-31799
11Fortinet FortiOS/FortiProxy autod Daemon access control8.38.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2021-26110
12Citrix ADC/Gateway/SD-WAN WANOP SAML Authentication access control5.55.5$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00885CVE-2021-22920
13ManageEngine Desktop Central Notification Server command injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.02055CVE-2021-28960
14Palo Alto PAN-OS GlobalProtect Portal stack-based overflow9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01086CVE-2021-3064
15Cisco IOS XE CAPWAP Packet double free8.07.9$25k-$100k$5k-$25kNot DefinedOfficial Fix0.040.01055CVE-2021-34769
16Fortinet FortiOS Two Factor Authentication improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2020-12812
17Bomgar Remote Support Portal JavaStart.jar Applet path traversal9.19.1$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2017-12815
18Boa Boa Webserver Stored input validation9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.78036CVE-2007-4915
19Apple iOS/iPadOS CoreGraphics FORCEDENTRY integer overflow7.06.9$100k and more$25k-$100kHighOfficial Fix0.010.04955CVE-2021-30860
20Microsoft Azure Open Management Infrastructure Remote Code Execution9.88.5$25k-$100k$0-$5kUnprovenOfficial Fix0.030.95952CVE-2021-38647

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • FriarFox Browser Extension

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
1115.126.6.47TA413FriarFox Browser ExtensionverifiedHigh
2XXX.XX.X.XXXxxxxXxxxxxxx Xxxxxxx XxxxxxxxxverifiedHigh
3XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxx.xxxXxxxxXxxxxxxx Xxxxxxx XxxxxxxxxverifiedMedium

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3TXXXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/public/login.htmpredictiveHigh
2File/usr/bin/soniapredictiveHigh
3Filexxxxx.xxxpredictiveMedium
4Filexxxxxxxxxx.xxxpredictiveHigh
5Filexxxx/xxx_xxx.xpredictiveHigh
6Filexxxxx.xxxpredictiveMedium
7Filexxxxx.xpredictiveLow
8Filexxxxxxxxxxxxx.xxxpredictiveHigh
9Filexxx xxxxxxxpredictiveMedium
10Libraryxxxxxxxxxxx.xxxpredictiveHigh
11ArgumentxxxxxxxpredictiveLow
12Argumentxxxx->xxxxxxxpredictiveHigh
13Input ValuexxxxxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!