Taidoor Analysis

IOB - Indicator of Behavior (115)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en80
zh32
ko2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn82
us22
kr8
se2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress6
Linux Kernel4
e-Quick Cart4
Sendmail2
Apache Chainsaw2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Python mailcap Module os command injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.080.18256CVE-2015-20107
2Dell EMC Unity/UnityVSA/Unity XT Upgrade Readiness Utility cleartext storage1.91.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2021-21547
3Simple Machines Forum LogInOut.php code injection8.08.0$0-$5k$0-$5kNot DefinedOfficial Fix0.230.01213CVE-2016-5727
4Linux Kernel do_open_permission access control5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.02172CVE-2009-3286
5H2 Database Engine CLI information disclosure6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2022-45868
6nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined1.360.00000CVE-2020-12440
7Google Chrome Media Subsample Calculation/Conversion integer coercion10.09.5$100k and more$5k-$25kNot DefinedOfficial Fix0.010.02686CVE-2013-6637
8OAuth2 Proxy Domain Whitelist access control5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01018CVE-2021-21291
9PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.050.03129CVE-2007-1287
10Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
11DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.410.04187CVE-2010-0966
12Razer Synapse RazerConfigNative.dll permission6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2017-11653
13Apache Tomcat HTTP/2 GOAWAY Frame resource management6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.05242CVE-2017-5650
14LibTIFF TIFFYCbCrtoRGB input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.010.01955CVE-2010-2595
15VMware vRealize Network Insight vRNI REST API command injection8.58.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.02055CVE-2022-31702
16Apache Chainsaw deserialization5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.090.03938CVE-2020-9493
17vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.090.00885CVE-2018-6200
18Fortinet FortiOS/FortiProxy Administrative Interface authentication bypass9.89.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.89292CVE-2022-40684
19Intel Quartus Prime Pro/Quartus Prime Standard Edition permission6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.010.00885CVE-2020-24481
20BookWyrm nginx.conf excessive authentication6.36.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00954CVE-2022-35925

IOC - Indicator of Compromise (44)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
158.40.20.165TaidoorverifiedHigh
259.120.127.259-120-127-2.hinet-ip.hinet.netTaidoorverifiedHigh
360.248.56.18560-248-56-185.hinet-ip.hinet.netTaidoorverifiedHigh
460.248.216.19460-248-216-194.hinet-ip.hinet.netTaidoorverifiedHigh
560.249.219.8260-249-219-82.hinet-ip.hinet.netTaidoorverifiedHigh
660.250.39.7360-250-39-73.hinet-ip.hinet.netTaidoorverifiedHigh
761.218.233.5161-218-233-51.hinet-ip.hinet.netTaidoorverifiedHigh
861.222.190.10061-222-190-100.hinet-ip.hinet.netTaidoorverifiedHigh
961.222.205.180mail.tami.org.twTaidoorverifiedHigh
10XX.XX.XX.XXXxxxx.xx.xx.xx.xxx.xxxxxx.xxXxxxxxxverifiedHigh
11XX.XXX.XX.XXxx.xxx.xx.xx.xxxxxxxxxx.xxxXxxxxxxverifiedHigh
12XX.XX.XX.XXXXxxxxxxverifiedHigh
13XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxx-xx.xxxxxxxxxxx.xxxXxxxxxxverifiedHigh
14XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxxx.xxxx.xxxxxxx.xxxXxxxxxxverifiedHigh
15XX.XX.XXX.XXxxxx-xx-xx-xxx-xx.xxxx.xxx.xx.xxxXxxxxxxverifiedHigh
16XX.XX.XXX.XXXxxxx-xx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxxx.xxXxxxxxxverifiedHigh
17XXX.XXX.XX.XXXxxxxxxverifiedHigh
18XXX.XXX.XX.XXXXxxxxxxverifiedHigh
19XXX.XX.XXX.XXXXxxxxxxverifiedHigh
20XXX.XX.XX.XXXXxxxxxxverifiedHigh
21XXX.XX.XXX.XXXXxxxxxxverifiedHigh
22XXX.XXX.XXX.XXXXxxxxxxverifiedHigh
23XXX.XX.XXX.XXxxxx-xxx-xx.xxxxxxxx.xxxXxxxxxxverifiedHigh
24XXX.XXX.XXX.XXXXxxxxxxverifiedHigh
25XXX.XX.XXX.XXXxxxxxxverifiedHigh
26XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxXxxxxxxverifiedHigh
27XXX.XXX.XXX.XXXxxxxxxverifiedHigh
28XXX.XXX.XXX.XXXxxx-xxxxxx.xx.xxxxxxx.xxx.xxXxxxxxxverifiedHigh
29XXX.XXX.XXX.XXXXxxxxxxverifiedHigh
30XXX.XXX.XXX.XXXxxxxxxx.xxxxxxx.xx.xxXxxxxxxverifiedHigh
31XXX.XXX.XX.XXXXxxxxxxverifiedHigh
32XXX.XX.XXX.XXXXxxxxxxverifiedHigh
33XXX.XX.XX.XXxxxxxx.xxx.xxXxxxxxxverifiedHigh
34XXX.XX.XX.XXxxx-xxx-xx-xx.xxxxxxxxxxx.xxxXxxxxxxverifiedHigh
35XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxx-xx.xxxxx.xxxXxxxxxxverifiedHigh
36XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxx-xx.xxxxx.xxxXxxxxxxverifiedHigh
37XXX.XX.XXX.XXxxxxxxverifiedHigh
38XXX.XX.XX.XXXXxxxxxxverifiedHigh
39XXX.XX.XXX.XXXXxxxxxxverifiedHigh
40XXX.XX.XXX.XXXXxxxxxxverifiedHigh
41XXX.XXX.XXX.XXXxxxxxxxxxxx-xxx.xxx.xxxXxxxxxxverifiedHigh
42XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxx.xxxxxx.xxXxxxxxxverifiedHigh
43XXX.XXX.XXX.XXXxxxxxxverifiedHigh
44XXX.XX.XXX.XXxx-xxx-xx-xxx-xx-xxxx.xxxXxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
5TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
16TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (54)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/adduserspredictiveHigh
2FileAuth/Manager.phppredictiveHigh
3Fileawstats.plpredictiveMedium
4Fileboard.phppredictiveMedium
5Fileconf.cpredictiveLow
6Filecrc32.cpredictiveLow
7Filedata/gbconfiguration.datpredictiveHigh
8FilexxxxxxxxpredictiveMedium
9Filexxxxx_xxxxxxx_xxxx.xxxxx.xxxpredictiveHigh
10Filexxxxxxxx.xxxpredictiveMedium
11Filexxx-xxxxpredictiveMedium
12Filexxx/xxxxxx.xxxpredictiveHigh
13Filexxxxx.xxxpredictiveMedium
14Filexxxxxxxxxxxxx-xxxx.xx.xpredictiveHigh
15Filexxxxx.xxxpredictiveMedium
16Filexxxxxxxx.xxxpredictiveMedium
17Filexxx_xxxxx.xxxpredictiveHigh
18Filexxxxx.xpredictiveLow
19Filexxxxx.xxxxpredictiveMedium
20Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
21Filexxxxxxxxxx.xxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
22Filexxxxxxxxxx.xxxpredictiveHigh
23Filexxxxxx/xxxxx/xxx.xpredictiveHigh
24Filexxxx/xxxxxxxpredictiveMedium
25Filexxxxxx.xxxpredictiveMedium
26Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
27Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
28Filexxxxxxx/xxxxxxxx.xpredictiveHigh
29Filexxxxx/xxxxxxxx.xpredictiveHigh
30Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
31Filexx-xxxxx/xxxx.xxxpredictiveHigh
32Filexxxxxx.xxxpredictiveMedium
33Libraryxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
34Libraryxxx/xx_xxx.xpredictiveMedium
35Libraryxxxxx.xxxpredictiveMedium
36LibraryxxxxpredictiveLow
37ArgumentxxxpredictiveLow
38Argumentxxxxxx_xxxxxxpredictiveHigh
39ArgumentxxxxxxxxpredictiveMedium
40Argumentxxxxxxxxxx_xxxxpredictiveHigh
41ArgumentxxxpredictiveLow
42ArgumentxxxxxxpredictiveLow
43Argumentxxxx_xxxxxxpredictiveMedium
44ArgumentxxpredictiveLow
45ArgumentxxxxpredictiveLow
46Argumentxxxx_xxpredictiveLow
47ArgumentxxxxxxpredictiveLow
48ArgumentxxxpredictiveLow
49ArgumentxxxxxpredictiveLow
50ArgumentxxxpredictiveLow
51Argumentxx_xxxxxxxpredictiveMedium
52ArgumentxxxpredictiveLow
53Argumentxxxxxx-xxx[x][xxxx_xxxx]predictiveHigh
54Pattern|xx xx xx|predictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!