TA413 Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en40
zh16

Country

cn40
us14
gb2

Actors

Sunshop Digital Quartermaster37
TA41319

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Fortinet FortiOS SSL VPN integer overflow8.78.5$0-$5k$0-$5kNot DefinedOfficial Fix0.31CVE-2021-26109
2PRTG Network Monitor Web Console os command injection6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-9276
3PRTG Network Monitor Screenshot information disclosure3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-27220
4Cisco Wireless LAN Controller CAPWAP information disclosure6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2018-0442
5Apache APR-util apr-util apr_rmm.c apr_rmm_realloc numeric error10.09.4$25k-$100k$5k-$25kProof-of-ConceptNot Defined0.06CVE-2009-2412
6Vesta Control Panel UploadHandler.php command injection8.88.1$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-12792
7Citrix ADC/Gateway/NetScaler Gateway/SD-WAN WANOP Management Network resource consumption3.33.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-8246
8Adobe Acrobat URL Handler RTLHeapFree memory corruption7.36.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2004-0629
9Drupal Directory Remote Code Execution6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-13664
10Joomla session fixiation6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.05CVE-2010-1434
11ADTRAN NetVanta format string9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2005-4565
12SonicWALL SonicOS buffer overflow6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-5133
13Dahua IP Camera Web Interface sonia memory corruption8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.15CVE-2017-3223
14MinIO Admin API authentication bypass8.87.7$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-11012
15ArcGIS Server Manager server-side request forgery8.27.8$0-$5k$0-$5kNot DefinedOfficial Fix0.15CVE-2021-29102
16Telos Automated Message Handling System AMHS Session itemlookup.asp cross site scripting5.75.4$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-9542
17Telos Automated Message Handling System AMHS Session prefs.asp cross site scripting5.75.4$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2019-9540
18Joomla CMS Custom Field input validation7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.09CVE-2019-14654
19D-Link DI-624 stack-based overflow7.36.9$25k-$100k$0-$5kProof-of-ConceptNot Defined0.08CVE-2006-3687
20Dnsmasq DNSSEC access control7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.15CVE-2017-15107

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • FriarFox Browser Extension

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameCampaignsConfidence
1115.126.6.47FriarFox Browser ExtensionHigh
2118.99.9.47FriarFox Browser ExtensionHigh
3167.179.99.136167.179.99.136.vultr.comFriarFox Browser ExtensionMedium

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79Cross Site ScriptingHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegesHigh
3T1110.001CWE-798Improper Restriction of Excessive Authentication AttemptsHigh
4TXXXXCWE-XXXXxxxxxxx XxxxxxxxxxxHigh

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/public/login.htmHigh
2File/usr/bin/soniaHigh
3Fileindex.phpMedium
4Filexxxxxxxxxx.xxxHigh
5Filexxxx/xxx_xxx.xHigh
6Filexxxxx.xxxMedium
7Filexxxxx.xLow
8Filexxxxxxxxxxxxx.xxxHigh
9Filexxx xxxxxxxMedium
10Libraryxxxxxxxxxxx.xxxHigh
11ArgumentxxxxxxxLow
12Argumentxxxx->xxxxxxxHigh
13Input ValuexxxxxxxxMedium

References (1)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!