TA544 Analysis

IOB - Indicator of Behavior (254)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en250
pl2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

co238
us8
ua2
de2
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Mozilla Firefox18
FFmpeg16
Google Chrome16
Microsoft Windows12
Linux Kernel8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$2k-$5k$0-$1kProof-of-ConceptOfficial Fix0.650.04187CVE-2010-0966
2pdfkit URL command injection8.18.1$2k-$5k$1k-$2kNot DefinedNot Defined1.240.12300CVE-2022-25765
3Nginx Open Source/Plus/Ingress Controller Resolver off-by-one5.55.5$2k-$5k$0-$1kNot DefinedNot Defined0.060.48051CVE-2021-23017
4OAID Tengine Serializer Module buffer overflow5.55.1$1k-$2k$0-$1kUnprovenNot Defined0.050.00885CVE-2020-28759
5MGB OpenSource Guestbook email.php sql injection7.37.3$2k-$5k$0-$1kHighUnavailable1.320.02800CVE-2007-0354
6Microsoft Edge/ChakraCore Scripting Engine memory corruption6.05.7$50k-$100k$5k-$10kNot DefinedOfficial Fix0.040.03160CVE-2019-0771
7Gempar Script Toko Online shop_display_products.php sql injection7.36.9$2k-$5k$0-$1kProof-of-ConceptNot Defined0.080.00986CVE-2009-0296
8Opt-X header.php file inclusion7.37.3$2k-$5k$0-$1kNot DefinedNot Defined0.010.04187CVE-2004-2368
9BlueCMS sql injection8.58.5$2k-$5k$0-$1kNot DefinedNot Defined0.000.00885CVE-2019-9594
10Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$10k-$25k$0-$1kHighWorkaround0.040.04187CVE-2007-1192
11TYPO3 spell-check-logic.php unknown vulnerability4.84.3$25k-$50k$0-$1kProof-of-ConceptOfficial Fix0.070.12567CVE-2006-6690
12Microsoft Office memory corruption7.87.6$10k-$25k$0-$1kNot DefinedOfficial Fix0.000.39320CVE-2016-7228
13TIBCO Enterprise Messaging Service emsca cross-site request forgery6.56.5$0-$1k$0-$1kNot DefinedNot Defined0.000.00954CVE-2018-12415
14Apache Tomcat WebSocket Client certificate validation7.57.2$10k-$25k$0-$1kNot DefinedOfficial Fix0.020.05242CVE-2018-8034
15phpMyAdmin phpinfo.php information disclosure5.35.1$5k-$10k$0-$1kNot DefinedOfficial Fix0.010.00954CVE-2016-9848
16Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$50k$0-$1kUnprovenOfficial Fix0.530.29797CVE-2014-4078
17Hashtopus admin.php sql injection7.57.5$1k-$2k$0-$1kNot DefinedNot Defined0.010.01055CVE-2017-11678
18Goahead Web Server HTTP GET Request system.ini information disclosure7.57.4$5k-$10k$0-$1kNot DefinedWorkaround0.030.10855CVE-2017-5674
19Adobe Acrobat Reader memory corruption7.57.4$25k-$50k$0-$1kNot DefinedOfficial Fix0.060.03043CVE-2016-0938
20Adobe Acrobat Reader memory corruption7.57.4$25k-$50k$0-$1kNot DefinedOfficial Fix0.070.03043CVE-2016-0939

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Zeus

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (92)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/Tools/tools_admin.htmpredictiveHigh
2Fileadm/krgourl.phppredictiveHigh
3Fileadmin.phppredictiveMedium
4FileadministerspredictiveMedium
5FilecatchsegvpredictiveMedium
6Fileclassified.phppredictiveHigh
7Filecoders/mat.cpredictiveMedium
8Filedata/gbconfiguration.datpredictiveHigh
9Filedefault.asppredictiveMedium
10Filedrivers/char/lp.cpredictiveHigh
11Filedrivers/net/macsec.cpredictiveHigh
12Filexxxxx.xxxpredictiveMedium
13Filexxxxxxxx.xpredictiveMedium
14Filex_xxxxxxx.xpredictiveMedium
15Filexxx/xx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxx.xxxpredictiveMedium
17Filexxxxxx.xxxpredictiveMedium
18Filexxx/xxxxxx.xxxpredictiveHigh
19Filexxxxx.xxxpredictiveMedium
20Filexxxxxxxx/xxxx/xxxx.xxxpredictiveHigh
21Filexx_xxxx_xxxxx_xxxxxxxx_xxxxxxxxxxxxxx.xxxpredictiveHigh
22Filexxxxxxxxxx/xxxxxx.xpredictiveHigh
23Filexxxxxxxxxx/xxx.xpredictiveHigh
24Filexxxxxxxxxx/xxxx.xpredictiveHigh
25Filexxxxxxxxxx/xxxxxxxx.xpredictiveHigh
26Filexxxxxxxxxx/xxxxxxxxxx.xpredictiveHigh
27Filexxxxxxxxxxx/xxx.xpredictiveHigh
28Filexxxxxxxxxxx/xxx.xpredictiveHigh
29Filexxxxxxxxxxx/xxx.xpredictiveHigh
30Filexxxxxxxxxxx/xxxx.xpredictiveHigh
31Filexxxxxxxxxxx/xxxxx.xpredictiveHigh
32Filexxxxxxxxxxx/xxxxxxxx.xpredictiveHigh
33Filexxxxxxx/xxxxxxx.xpredictiveHigh
34Filexxxxx.xxxpredictiveMedium
35Filexxxx/xxx.xpredictiveMedium
36Filexxx/xxx/xx_xxx.xpredictiveHigh
37Filexxxxxxxxxxxx.xxxpredictiveHigh
38Filexxx_xxxxxxx.xpredictiveHigh
39Filexxxxxx.xxx.xxxpredictiveHigh
40Filexxxxxxx.xxxpredictiveMedium
41Filexxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
42Filexxxxxx/xxxxxxxxxx/xxx/xxxx.xxxpredictiveHigh
43Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
44Filexxxxx-xxxxx-xxxxx.xxxpredictiveHigh
45Filexxx/xx_xxxx.xpredictiveHigh
46Filexxxxxx.xxxpredictiveMedium
47Filexxxxxxx/xxxxx/xxxx.xxx?xxx=xxxxpredictiveHigh
48Filex_xxxxx.xpredictiveMedium
49Filexxxxxxx_xxxxxxx.xxxxxxxx.xxxx_xxxxxxxxpredictiveHigh
50Filexxxxxxx/xxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
51Filexxxxxxx/xxxx/xxxxx.xxxpredictiveHigh
52Filexxxxxxxxx_xx.xpredictiveHigh
53Libraryxx/xxx/xxxx_xxxxxx.xxxpredictiveHigh
54Libraryxx/xxx/xxxxxxx.xxxpredictiveHigh
55Libraryxxxxxx_xxxpredictiveMedium
56LibraryxxxxxxxpredictiveLow
57Libraryxxx/xxxxxx/xxxxx.xxpredictiveHigh
58Libraryxxxxxxxxxx/xxx_xxxxx.xpredictiveHigh
59Libraryxxxxx.xxxpredictiveMedium
60Libraryxxxxxxx.xxxpredictiveMedium
61Libraryxxxxxx.xxxpredictiveMedium
62ArgumentxxxxxxxxpredictiveMedium
63ArgumentxxxxxpredictiveLow
64Argumentxxx_xxpredictiveLow
65Argumentxxxxxx_xxxpredictiveMedium
66Argumentxxxxxxxx_xxxxpredictiveHigh
67ArgumentxxxxxxpredictiveLow
68ArgumentxxxxxxpredictiveLow
69ArgumentxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
70ArgumentxxpredictiveLow
71ArgumentxxxpredictiveLow
72Argumentx_xxxxxxxxxxxxxxxxpredictiveHigh
73ArgumentxxxxxxxxpredictiveMedium
74ArgumentxxxxxxpredictiveLow
75ArgumentxxxxxxpredictiveLow
76Argumentxxxxx_xxxxxxx_xxxxx/xxxxx_xxxxxxx_xxxxx_xxx/xxxxx_xxxxxxx_xxxxxxxpredictiveHigh
77Argumentxxxxxx_xxpredictiveMedium
78Argumentxxxx_xxxpredictiveMedium
79ArgumentxxxxxxxxxxpredictiveMedium
80Argumentxxxxxx-xxxxxpredictiveMedium
81Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
82ArgumentxxxxxxxpredictiveLow
83Argumentxxxx_xxpredictiveLow
84Input ValuexxxxpredictiveLow
85Input ValuexxxxxpredictiveLow
86Input Valuexxxxx/xxxxxxxxpredictiveHigh
87Input ValuexxxxxpredictiveLow
88Input Valuexxxxx xxxxxxx xxxxxxpredictiveHigh
89Pattern|xx|/[predictiveLow
90Network Portxxxxxxxxxxxxxx xxxxxxpredictiveHigh
91Network Portxxx/xx (xxx)predictiveMedium
92Network Portxxx/xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!