Taidoor Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (151)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en100
zh48
de2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China112
US: USA26
KR: South Korea6
TH: Thailand2
SE: Sweden2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Taidoor14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined58
Web Server8
Content Management System6
WordPress Plugin6
Programming Language Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined56
Microsoft8
IBM4
Apache4
ISC4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

ProFTPD4
systemd4
Todd Miller sudo2
Squirrelly2
Microsoft Windows2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Linksys WRT54G Web Server denial of service5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.03
2Python mailcap Module os command injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001830.04CVE-2015-20107
3Dell EMC Unity/UnityVSA/Unity XT Upgrade Readiness Utility cleartext storage1.91.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2021-21547
4Simple Machines Forum LogInOut.php code injection8.08.0$0-$5k$0-$5kNot DefinedOfficial Fix0.004890.00CVE-2016-5727
5Linux Kernel do_open_permission access control5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2009-3286
6Dell PowerProtect DD cross site scripting6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000630.00CVE-2023-44286
7Cisco Firepower Threat Defense Security Intelligence Feed access control4.84.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.001230.00CVE-2022-20730
8H2 Database Engine CLI information disclosure6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000420.03CVE-2022-45868
9nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.94CVE-2020-12440
10Google Chrome Media Subsample Calculation/Conversion integer coercion10.09.5$100k and more$0-$5kNot DefinedOfficial Fix0.008340.05CVE-2013-6637
11OAuth2 Proxy Domain Whitelist access control5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001290.00CVE-2021-21291
12PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.017440.03CVE-2007-1287
13Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
14DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.57CVE-2010-0966
15Razer Synapse RazerConfigNative.dll permission6.56.5$0-$5kCalculatingNot DefinedNot Defined0.000420.00CVE-2017-11653
16Apache Tomcat HTTP/2 GOAWAY Frame resource management6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.863290.05CVE-2017-5650
17LibTIFF TIFFYCbCrtoRGB input validation5.35.3$0-$5kCalculatingNot DefinedNot Defined0.033610.00CVE-2010-2595
18SolarWinds Serv-U FTP Server missing encryption5.85.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000930.05CVE-2021-35252
19Memcached Proxy Mode buffer overflow6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.05CVE-2023-46852
20Poppler Splash.cc blitTransparent out-of-bounds7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.018450.00CVE-2019-10872

IOC - Indicator of Compromise (44)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
158.40.20.165Taidoor12/20/2020verifiedLow
259.120.127.259-120-127-2.hinet-ip.hinet.netTaidoor04/06/2022verifiedMedium
360.248.56.18560-248-56-185.hinet-ip.hinet.netTaidoor04/06/2022verifiedMedium
460.248.216.19460-248-216-194.hinet-ip.hinet.netTaidoor12/20/2020verifiedLow
560.249.219.8260-249-219-82.hinet-ip.hinet.netTaidoor12/20/2020verifiedLow
660.250.39.7360-250-39-73.hinet-ip.hinet.netTaidoor12/20/2020verifiedLow
761.218.233.5161-218-233-51.hinet-ip.hinet.netTaidoor12/20/2020verifiedLow
861.222.190.10061-222-190-100.hinet-ip.hinet.netTaidoor12/20/2020verifiedLow
961.222.205.180mail.tami.org.twTaidoor12/20/2020verifiedLow
10XX.XX.XX.XXXxxxx.xx.xx.xx.xxx.xxxxxx.xxXxxxxxx12/20/2020verifiedLow
11XX.XXX.XX.XXxx.xxx.xx.xx.xxxxxxxxxx.xxxXxxxxxx12/20/2020verifiedLow
12XX.XX.XX.XXXXxxxxxx12/20/2020verifiedLow
13XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxx-xx.xxxxxxxxxxx.xxxXxxxxxx12/20/2020verifiedLow
14XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxxx.xxxx.xxxxxxx.xxxXxxxxxx04/06/2022verifiedMedium
15XX.XX.XXX.XXxxxx-xx-xx-xxx-xx.xxxx.xxx.xx.xxxXxxxxxx04/06/2022verifiedMedium
16XX.XX.XXX.XXXxxxx-xx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxxx.xxXxxxxxx12/20/2020verifiedLow
17XXX.XXX.XX.XXXxxxxxx04/06/2022verifiedMedium
18XXX.XXX.XX.XXXXxxxxxx12/20/2020verifiedLow
19XXX.XX.XXX.XXXXxxxxxx04/06/2022verifiedMedium
20XXX.XX.XX.XXXXxxxxxx04/06/2022verifiedMedium
21XXX.XX.XXX.XXXXxxxxxx04/06/2022verifiedMedium
22XXX.XXX.XXX.XXXXxxxxxx12/20/2020verifiedLow
23XXX.XX.XXX.XXxxxx-xxx-xx.xxxxxxxx.xxxXxxxxxx12/20/2020verifiedLow
24XXX.XXX.XXX.XXXXxxxxxx12/20/2020verifiedLow
25XXX.XX.XXX.XXXxxxxxx12/20/2020verifiedLow
26XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxXxxxxxx12/20/2020verifiedLow
27XXX.XXX.XXX.XXXxxxxxx12/20/2020verifiedLow
28XXX.XXX.XXX.XXXxxx-xxxxxx.xx.xxxxxxx.xxx.xxXxxxxxx12/20/2020verifiedLow
29XXX.XXX.XXX.XXXXxxxxxx12/20/2020verifiedLow
30XXX.XXX.XXX.XXXxxxxxxx.xxxxxxx.xx.xxXxxxxxx12/20/2020verifiedLow
31XXX.XXX.XX.XXXXxxxxxx04/06/2022verifiedMedium
32XXX.XX.XXX.XXXXxxxxxx04/06/2022verifiedMedium
33XXX.XX.XX.XXxxxxxx.xxx.xxXxxxxxx12/20/2020verifiedLow
34XXX.XX.XX.XXxxx-xxx-xx-xx.xxxxxxxxxxx.xxxXxxxxxx04/06/2022verifiedMedium
35XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxx-xx.xxxxx.xxxXxxxxxx04/06/2022verifiedMedium
36XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxx-xx.xxxxx.xxxXxxxxxx12/20/2020verifiedLow
37XXX.XX.XXX.XXxxxxxx12/20/2020verifiedLow
38XXX.XX.XX.XXXXxxxxxx12/20/2020verifiedLow
39XXX.XX.XXX.XXXXxxxxxx04/06/2022verifiedMedium
40XXX.XX.XXX.XXXXxxxxxx04/06/2022verifiedMedium
41XXX.XXX.XXX.XXXxxxxxxxxxxx-xxx.xxx.xxxXxxxxxx12/20/2020verifiedLow
42XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxx.xxxxxx.xxXxxxxxx04/06/2022verifiedMedium
43XXX.XXX.XXX.XXXxxxxxx12/20/2020verifiedLow
44XXX.XX.XXX.XXxx-xxx-xx-xxx-xx-xxxx.xxxXxxxxxx04/06/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
5TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-466CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
15TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (60)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/adduserspredictiveHigh
2File/api/baskets/{name}predictiveHigh
3FileAuth/Manager.phppredictiveHigh
4Fileawstats.plpredictiveMedium
5Fileboard.phppredictiveMedium
6Fileconf.cpredictiveLow
7Filecrc32.cpredictiveLow
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
9FilexxxxxxxxpredictiveMedium
10Filexxxxx_xxxxxxx_xxxx.xxxxx.xxxpredictiveHigh
11Filexxxxxxxx.xxxpredictiveMedium
12Filexxxxx.xxxpredictiveMedium
13Filexxx-xxxxpredictiveMedium
14Filexxx/xxxxxx.xxxpredictiveHigh
15Filexxxxx.xxxpredictiveMedium
16Filexxxxxxxxxxxxx-xxxx.xx.xpredictiveHigh
17Filexxxxx.xxxpredictiveMedium
18Filexxxxxxxx.xxxpredictiveMedium
19Filexx/xxxxxx.xpredictiveMedium
20Filexxx_xxxxx.xxxpredictiveHigh
21Filexxx/xxx/xxx_xxxxxx.xpredictiveHigh
22Filexxxxx.xpredictiveLow
23Filexxxxx.xxxxpredictiveMedium
24Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
25Filexxxxxxxxxx.xxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
26Filexxxxxxxxxx.xxxpredictiveHigh
27Filexxxxxx/xxxxx/xxx.xpredictiveHigh
28Filexxxx/xxxxxxxpredictiveMedium
29Filexxxxxx.xxxpredictiveMedium
30Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
31Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxx/xxxxxx.xxpredictiveHigh
33Filexxxxxxx/xxxxxxxx.xpredictiveHigh
34Filexxxxx/xxxxxxxx.xpredictiveHigh
35Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
36Filexx-xxxxx/xxxx.xxxpredictiveHigh
37Filexxxxxx.xxxpredictiveMedium
38Libraryxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
39Libraryxxx/xx_xxx.xpredictiveMedium
40Libraryxxxxx.xxxpredictiveMedium
41LibraryxxxxpredictiveLow
42ArgumentxxxpredictiveLow
43Argumentxxxxxx_xxxxxxpredictiveHigh
44ArgumentxxxxxxxxpredictiveMedium
45Argumentxxxxxxxxxx_xxxxpredictiveHigh
46ArgumentxxxpredictiveLow
47ArgumentxxxxxxpredictiveLow
48Argumentxxxx_xxxxxxpredictiveMedium
49ArgumentxxpredictiveLow
50ArgumentxxxxpredictiveLow
51Argumentxxxx_xxpredictiveLow
52ArgumentxxxxxxpredictiveLow
53ArgumentxxxpredictiveLow
54ArgumentxxxxxpredictiveLow
55ArgumentxxxpredictiveLow
56Argumentxx_xxxxxxxpredictiveMedium
57ArgumentxxxpredictiveLow
58Argumentxxxxxx-xxx[x][xxxx_xxxx]predictiveHigh
59Input Value<xxx>%xxpredictiveMedium
60Pattern|xx xx xx|predictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!