TA544 Analysis

IOB - Indicator of Behavior (258)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en256
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

co240
us10
de2
ua2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Adobe Acrobat Reader16
Mozilla Firefox14
Google Chrome12
Microsoft Windows10
Adobe Flash Player8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.720.00943CVE-2010-0966
2LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable5.260.00000
3TRENDnet TEW-652BRP Web Management Interface get_set.ccp cross site scripting3.63.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00054CVE-2023-0639
4TRENDnet TEW-652BRP Web Management Interface get_set.ccp command injection8.88.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00076CVE-2023-0611
5vim heap-based overflow8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00134CVE-2022-3520
6pdfkit URL command injection8.18.1$0-$5k$0-$5kNot DefinedNot Defined0.020.31357CVE-2022-25765
7Nginx Open Source/Plus/Ingress Controller Resolver off-by-one5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.030.58180CVE-2021-23017
8OAID Tengine Serializer Module buffer overflow5.55.1$0-$5k$0-$5kUnprovenNot Defined0.000.00051CVE-2020-28759
9MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.530.01302CVE-2007-0354
10Microsoft Edge/ChakraCore Scripting Engine memory corruption6.05.9$25k-$100k$5k-$25kNot DefinedOfficial Fix0.030.02130CVE-2019-0771
11Gempar Script Toko Online shop_display_products.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00100CVE-2009-0296
12Opt-X header.php file inclusion7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.030.06075CVE-2004-2368
13BlueCMS sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00212CVE-2019-9594
14Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
15TYPO3 spell-check-logic.php unknown vulnerability4.84.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.05056CVE-2006-6690
16Microsoft Office memory corruption7.87.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.70046CVE-2016-7228
17TIBCO Enterprise Messaging Service emsca cross-site request forgery6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00365CVE-2018-12415
18Apache Tomcat WebSocket Client certificate validation7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01697CVE-2018-8034
19phpMyAdmin phpinfo.php information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00142CVE-2016-9848
20Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.030.00817CVE-2014-4078

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Zeus

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (95)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2File/Tools/tools_admin.htmpredictiveHigh
3Fileadm/krgourl.phppredictiveHigh
4Fileadmin.phppredictiveMedium
5FileadministerspredictiveMedium
6FilecatchsegvpredictiveMedium
7Fileclassified.phppredictiveHigh
8Filecoders/mat.cpredictiveMedium
9Filedata/gbconfiguration.datpredictiveHigh
10Filedefault.asppredictiveMedium
11Filedrivers/char/lp.cpredictiveHigh
12Filexxxxxxx/xxx/xxxxxx.xpredictiveHigh
13Filexxxxx.xxxpredictiveMedium
14Filexxxxxxxx.xpredictiveMedium
15Filex_xxxxxxx.xpredictiveMedium
16Filexxx_xxx.xxxpredictiveMedium
17Filexxx/xx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxxx.xxxpredictiveMedium
19Filexxxxxx.xxxpredictiveMedium
20Filexxx/xxxxxx.xxxpredictiveHigh
21Filexxxxx.xxxpredictiveMedium
22Filexxxxxxxx/xxxx/xxxx.xxxpredictiveHigh
23Filexx_xxxx_xxxxx_xxxxxxxx_xxxxxxxxxxxxxx.xxxpredictiveHigh
24Filexxxxxxxxxx/xxxxxx.xpredictiveHigh
25Filexxxxxxxxxx/xxx.xpredictiveHigh
26Filexxxxxxxxxx/xxxx.xpredictiveHigh
27Filexxxxxxxxxx/xxxxxxxx.xpredictiveHigh
28Filexxxxxxxxxx/xxxxxxxxxx.xpredictiveHigh
29Filexxxxxxxxxxx/xxx.xpredictiveHigh
30Filexxxxxxxxxxx/xxx.xpredictiveHigh
31Filexxxxxxxxxxx/xxx.xpredictiveHigh
32Filexxxxxxxxxxx/xxxx.xpredictiveHigh
33Filexxxxxxxxxxx/xxxxx.xpredictiveHigh
34Filexxxxxxxxxxx/xxxxxxxx.xpredictiveHigh
35Filexxxxxxx/xxxxxxx.xpredictiveHigh
36Filexxxxx.xxxpredictiveMedium
37Filexxxx/xxx.xpredictiveMedium
38Filexxx/xxx/xx_xxx.xpredictiveHigh
39Filexxxxxxxxxxxx.xxxpredictiveHigh
40Filexxx_xxxxxxx.xpredictiveHigh
41Filexxxxxx.xxx.xxxpredictiveHigh
42Filexxxxxxx.xxxpredictiveMedium
43Filexxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
44Filexxxxxx/xxxxxxxxxx/xxx/xxxx.xxxpredictiveHigh
45Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
46Filexxxxx-xxxxx-xxxxx.xxxpredictiveHigh
47Filexxx/xx_xxxx.xpredictiveHigh
48Filexxxxxx.xxxpredictiveMedium
49Filexxxxxxx/xxxxx/xxxx.xxx?xxx=xxxxpredictiveHigh
50Filex_xxxxx.xpredictiveMedium
51Filexxxxxxx_xxxxxxx.xxxxxxxx.xxxx_xxxxxxxxpredictiveHigh
52Filexxxxxxx/xxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
53Filexxxxxxx/xxxx/xxxxx.xxxpredictiveHigh
54Filexxxxxxxxx_xx.xpredictiveHigh
55Libraryxx/xxx/xxxx_xxxxxx.xxxpredictiveHigh
56Libraryxx/xxx/xxxxxxx.xxxpredictiveHigh
57Libraryxxxxxx_xxxpredictiveMedium
58LibraryxxxxxxxpredictiveLow
59Libraryxxx/xxxxxx/xxxxx.xxpredictiveHigh
60Libraryxxxxxxxxxx/xxx_xxxxx.xpredictiveHigh
61Libraryxxxxx.xxxpredictiveMedium
62Libraryxxxxxxx.xxxpredictiveMedium
63Libraryxxxxxx.xxxpredictiveMedium
64ArgumentxxxxxxxxpredictiveMedium
65ArgumentxxxxxpredictiveLow
66Argumentxxx_xxpredictiveLow
67Argumentxxxxxx_xxxpredictiveMedium
68Argumentxxxxxxxx_xxxxpredictiveHigh
69ArgumentxxxxxxpredictiveLow
70ArgumentxxxxxxpredictiveLow
71ArgumentxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
72ArgumentxxpredictiveLow
73ArgumentxxxpredictiveLow
74Argumentx_xxxxxxxxxxxxxxxxpredictiveHigh
75ArgumentxxxxxxxxpredictiveMedium
76ArgumentxxxxxxxxpredictiveMedium
77ArgumentxxxxxxpredictiveLow
78ArgumentxxxxxxpredictiveLow
79Argumentxxxxx_xxxxxxx_xxxxx/xxxxx_xxxxxxx_xxxxx_xxx/xxxxx_xxxxxxx_xxxxxxxpredictiveHigh
80Argumentxxxxxx_xxpredictiveMedium
81Argumentxxxx_xxxpredictiveMedium
82ArgumentxxxxxxxxxxpredictiveMedium
83Argumentxxxxxx-xxxxxpredictiveMedium
84Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
85ArgumentxxxxxxxpredictiveLow
86Argumentxxxx_xxpredictiveLow
87Input ValuexxxxpredictiveLow
88Input ValuexxxxxpredictiveLow
89Input Valuexxxxx/xxxxxxxxpredictiveHigh
90Input ValuexxxxxpredictiveLow
91Input Valuexxxxx xxxxxxx xxxxxxpredictiveHigh
92Pattern|xx|/[predictiveLow
93Network Portxxxxxxxxxxxxxx xxxxxxpredictiveHigh
94Network Portxxx/xx (xxx)predictiveMedium
95Network Portxxx/xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!