TA544 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (259)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en252
ru2
zh2
pl2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CO: Colombia228
US: USA16
RU: Russia6
DE: Germany4
UA: Ukraine2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

TA5449
SpyEye1
LokiBot1
LokiLocker1
Meterpreter1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined62
Web Browser42
Operating System30
Document Reader Software14
Groupware Software12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined40
Microsoft28
Google20
Mozilla18
Adobe18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome18
Mozilla Firefox16
Microsoft Windows12
Adobe Acrobat Reader12
Linux Kernel10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.62CVE-2010-0966
2AWStats awstats.pl pathname traversal5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.004990.18CVE-2020-35176
3LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.22
4TRENDnet TEW-652BRP Web Management Interface get_set.ccp cross site scripting3.63.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000540.05CVE-2023-0639
5TRENDnet TEW-652BRP Web Management Interface get_set.ccp command injection8.88.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000750.05CVE-2023-0611
6vim heap-based overflow8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.002000.00CVE-2022-3520
7pdfkit URL command injection8.18.1$0-$5k$0-$5kNot DefinedNot Defined0.212590.04CVE-2022-25765
8Nginx Open Source/Plus/Ingress Controller Resolver off-by-one5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.437330.04CVE-2021-23017
9OAID Tengine Serializer Module buffer overflow5.55.1$0-$5k$0-$5kUnprovenNot Defined0.000510.03CVE-2020-28759
10MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013023.54CVE-2007-0354
11Microsoft Edge/ChakraCore Scripting Engine memory corruption6.05.9$25k-$100k$5k-$25kNot DefinedOfficial Fix0.021300.00CVE-2019-0771
12Gempar Script Toko Online shop_display_products.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.07CVE-2009-0296
13Opt-X header.php file inclusion7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.060750.04CVE-2004-2368
14BlueCMS sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002120.00CVE-2019-9594
15Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
16TYPO3 spell-check-logic.php unknown vulnerability4.84.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.036910.02CVE-2006-6690
17Microsoft Office memory corruption7.87.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.700460.05CVE-2016-7228
18TIBCO Enterprise Messaging Service emsca cross-site request forgery6.96.9$0-$5kCalculatingNot DefinedNot Defined0.002870.00CVE-2018-12415
19Apache Tomcat WebSocket Client certificate validation7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.016970.03CVE-2018-8034
20phpMyAdmin phpinfo.php information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001420.04CVE-2016-9848

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Zeus

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
162.109.29.101imlejnnn.fvds.ruTA544Zeus06/07/2021verifiedLow
269.55.49.159TA544Zeus06/07/2021verifiedLow
3XX.XXX.XX.XXxx-xx-xxx-xx.xxxxxx.xxxxxxx.xxxx.xxxXxxxxXxxx06/07/2021verifiedLow
4XX.XXX.XXX.XXXXxxxxXxxx06/07/2021verifiedLow
5XX.XXX.XXX.XXXxxx.xxxxxxx.xxXxxxxXxxx06/07/2021verifiedLow
6XX.XX.XXX.XXxxxxxxxx.xxxxxxxxx.xxxXxxxxXxxx06/07/2021verifiedLow
7XX.XXX.XX.XXxxx.xxx.xxxXxxxxXxxx06/07/2021verifiedLow
8XX.XXX.XXX.XXXxxxxxx.xxxxxxxx.xxxXxxxxXxxx06/07/2021verifiedLow
9XXX.XXX.XX.XXxx.xx.xxx.xxx.xxx.xxx.xxXxxxxXxxx06/07/2021verifiedLow
10XXX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxXxxx06/07/2021verifiedLow

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
11TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (97)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2File/Tools/tools_admin.htmpredictiveHigh
3Fileadm/krgourl.phppredictiveHigh
4Fileadmin.phppredictiveMedium
5FileadministerspredictiveMedium
6FilecatchsegvpredictiveMedium
7Filecgi-bin/awstats.plpredictiveHigh
8Fileclassified.phppredictiveHigh
9Filecoders/mat.cpredictiveMedium
10Filedata/gbconfiguration.datpredictiveHigh
11Filedefault.asppredictiveMedium
12Filexxxxxxx/xxxx/xx.xpredictiveHigh
13Filexxxxxxx/xxx/xxxxxx.xpredictiveHigh
14Filexxxxx.xxxpredictiveMedium
15Filexxxxxxxx.xpredictiveMedium
16Filex_xxxxxxx.xpredictiveMedium
17Filexxx_xxx.xxxpredictiveMedium
18Filexxx/xx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxxx.xxxpredictiveMedium
20Filexxxxxx.xxxpredictiveMedium
21Filexxx/xxxxxx.xxxpredictiveHigh
22Filexxxxx.xxxpredictiveMedium
23Filexxxxxxxx/xxxx/xxxx.xxxpredictiveHigh
24Filexx_xxxx_xxxxx_xxxxxxxx_xxxxxxxxxxxxxx.xxxpredictiveHigh
25Filexxxxxxxxxx/xxxxxx.xpredictiveHigh
26Filexxxxxxxxxx/xxx.xpredictiveHigh
27Filexxxxxxxxxx/xxxx.xpredictiveHigh
28Filexxxxxxxxxx/xxxxxxxx.xpredictiveHigh
29Filexxxxxxxxxx/xxxxxxxxxx.xpredictiveHigh
30Filexxxxxxxxxxx/xxx.xpredictiveHigh
31Filexxxxxxxxxxx/xxx.xpredictiveHigh
32Filexxxxxxxxxxx/xxx.xpredictiveHigh
33Filexxxxxxxxxxx/xxxx.xpredictiveHigh
34Filexxxxxxxxxxx/xxxxx.xpredictiveHigh
35Filexxxxxxxxxxx/xxxxxxxx.xpredictiveHigh
36Filexxxxxxx/xxxxxxx.xpredictiveHigh
37Filexxxxx.xxxpredictiveMedium
38Filexxxx/xxx.xpredictiveMedium
39Filexxx/xxx/xx_xxx.xpredictiveHigh
40Filexxxxxxxxxxxx.xxxpredictiveHigh
41Filexxx_xxxxxxx.xpredictiveHigh
42Filexxxxxx.xxx.xxxpredictiveHigh
43Filexxxxxxx.xxxpredictiveMedium
44Filexxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
45Filexxxxxx/xxxxxxxxxx/xxx/xxxx.xxxpredictiveHigh
46Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
47Filexxxxx-xxxxx-xxxxx.xxxpredictiveHigh
48Filexxx/xx_xxxx.xpredictiveHigh
49Filexxxxxx.xxxpredictiveMedium
50Filexxxxxxx/xxxxx/xxxx.xxx?xxx=xxxxpredictiveHigh
51Filex_xxxxx.xpredictiveMedium
52Filexxxxxxx_xxxxxxx.xxxxxxxx.xxxx_xxxxxxxxpredictiveHigh
53Filexxxxxxx/xxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
54Filexxxxxxx/xxxx/xxxxx.xxxpredictiveHigh
55Filexxxxxxxxx_xx.xpredictiveHigh
56Libraryxx/xxx/xxxx_xxxxxx.xxxpredictiveHigh
57Libraryxx/xxx/xxxxxxx.xxxpredictiveHigh
58Libraryxxxxxx_xxxpredictiveMedium
59LibraryxxxxxxxpredictiveLow
60Libraryxxx/xxxxxx/xxxxx.xxpredictiveHigh
61Libraryxxxxxxxxxx/xxx_xxxxx.xpredictiveHigh
62Libraryxxxxx.xxxpredictiveMedium
63Libraryxxxxxxx.xxxpredictiveMedium
64Libraryxxxxxx.xxxpredictiveMedium
65ArgumentxxxxxxxxpredictiveMedium
66ArgumentxxxxxpredictiveLow
67Argumentxxx_xxpredictiveLow
68ArgumentxxxxxxpredictiveLow
69Argumentxxxxxx_xxxpredictiveMedium
70Argumentxxxxxxxx_xxxxpredictiveHigh
71ArgumentxxxxxxpredictiveLow
72ArgumentxxxxxxpredictiveLow
73ArgumentxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
74ArgumentxxpredictiveLow
75ArgumentxxxpredictiveLow
76Argumentx_xxxxxxxxxxxxxxxxpredictiveHigh
77ArgumentxxxxxxxxpredictiveMedium
78ArgumentxxxxxxxxpredictiveMedium
79ArgumentxxxxxxpredictiveLow
80ArgumentxxxxxxpredictiveLow
81Argumentxxxxx_xxxxxxx_xxxxx/xxxxx_xxxxxxx_xxxxx_xxx/xxxxx_xxxxxxx_xxxxxxxpredictiveHigh
82Argumentxxxxxx_xxpredictiveMedium
83Argumentxxxx_xxxpredictiveMedium
84ArgumentxxxxxxxxxxpredictiveMedium
85Argumentxxxxxx-xxxxxpredictiveMedium
86Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
87ArgumentxxxxxxxpredictiveLow
88Argumentxxxx_xxpredictiveLow
89Input ValuexxxxpredictiveLow
90Input ValuexxxxxpredictiveLow
91Input Valuexxxxx/xxxxxxxxpredictiveHigh
92Input ValuexxxxxpredictiveLow
93Input Valuexxxxx xxxxxxx xxxxxxpredictiveHigh
94Pattern|xx|/[predictiveLow
95Network Portxxxxxxxxxxxxxx xxxxxxpredictiveHigh
96Network Portxxx/xx (xxx)predictiveMedium
97Network Portxxx/xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!