TeamTNT Analysis

IOB - Indicator of Behavior (169)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en162
de4
zh2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

mo26
us14
cn6
de4
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Cisco AnyConnect Secure Mobility Client4
Linux Kernel4
Netgear D78004
Netgear R7500v24
Netgear R78004

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1HPE Onboard Administrator Reflected cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2020-7132
2youngerheart nodeserver nodeserver.js path traversal5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.180.00950CVE-2020-36651
3MediaTek MT6789 disp use after free4.24.0$0-$5k$0-$5kNot DefinedOfficial Fix0.050.01036CVE-2022-32648
4Juan Cespedes ltrace search_for_command memory corruption9.39.0$0-$5k$0-$5kNot DefinedUnavailable0.020.01592CVE-2004-0172
5Jochen Rieger Car sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.01136CVE-2009-4967
6Telegram Web K Alpha Document Extension Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2021-40532
7pgjdbc injection6.76.6$0-$5k$0-$5kNot DefinedOfficial Fix0.020.21296CVE-2022-21724
8Qualcomm Snapdragon Connectivity/Snapdragon Mobile AP-S Lock Bit permission6.86.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2021-35108
9Dell EMC CloudLink Active Directory improper authentication8.88.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.09029CVE-2022-34379
10Linux Kernel ebpf Verifier verifier.c adjust_scalar_min_max_vals unknown vulnerability4.34.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00950CVE-2021-4159
11Web2py Password 7pk security7.77.3$0-$5k$0-$5kNot DefinedOfficial Fix0.080.01136CVE-2016-10321
12MantisBT API SOAP mc_project_get_users sql injection5.04.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.05473CVE-2020-28413
13MantisBT access control7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01319CVE-2014-9572
14October CMS ViewMaker.php#244 makeFileContents information disclosure5.95.6$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01156CVE-2018-1999009
15XStream denial of service5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.010.53308CVE-2021-21341
16Eclipse Jetty Content-Length Header data processing8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.080.02686CVE-2017-7658
17Atlassian JIRA Server/Data Center Seraph improper authentication7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.22170CVE-2022-0540
18HP Network Switch access control6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2015-6859
19polkit pkexec access control8.88.1$0-$5k$0-$5kProof-of-ConceptWorkaround0.040.04106CVE-2021-4034
20Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k and more$5k-$25kUnprovenOfficial Fix0.020.01150CVE-2022-21857

Campaigns (3)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (55)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/goform/SetNetControlListpredictiveHigh
2File/Search-ResultspredictiveHigh
3File/usr/bin/pkexecpredictiveHigh
4Fileadmin/categories_industry.phppredictiveHigh
5Fileadmin/content/postcategorypredictiveHigh
6FileAdminstrator/Users/Edit/predictiveHigh
7Fileagent.cfgpredictiveMedium
8Filexxx_xx_xxx_xxx.xxxpredictiveHigh
9Filexxx.xpredictiveLow
10FilexxxpredictiveLow
11Filexxx/xxxxxxxx/xxxx/xxxxxxxx.xxpredictiveHigh
12Filexxxxxxx/xxx/xxx-xx.xpredictiveHigh
13Filexxx_xxxx.xpredictiveMedium
14Filexxx/xxxxx.xxxxxpredictiveHigh
15Filexxxxxxx/xxxxx.xxx.xxxpredictiveHigh
16Filexx_xxxxx.xpredictiveMedium
17Filexxxxx_xxxxx.xpredictiveHigh
18Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
19Filexxxx.xxxpredictiveMedium
20Filexxxxx.xxxpredictiveMedium
21Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictiveHigh
22Filexxxxxxxxxx.xxpredictiveHigh
23Filexxxxxxxxx/xxxxx.xxxxxpredictiveHigh
24Filexxxxx/xxxxx.xxxxxpredictiveHigh
25Filexxxxxxx.xpredictiveMedium
26Filexxx.xpredictiveLow
27FilexxxxxxxxxxxxxxxxpredictiveHigh
28Filexxx-xxxxxxx-xxx.xxpredictiveHigh
29Libraryxx.xxxxxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveHigh
30Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxxx.xxxpredictiveHigh
31Libraryxxxxxxx.xxxpredictiveMedium
32Libraryxxxxx.xxxpredictiveMedium
33Libraryxxxxxxxxxxxxx.xxx)predictiveHigh
34ArgumentxxxxxxpredictiveLow
35ArgumentxxxpredictiveLow
36Argumentxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
37ArgumentxxxxxxpredictiveLow
38Argumentx:\xxxxxxx\xpredictiveMedium
39Argumentxxxxxxxxxx_xxxxpredictiveHigh
40ArgumentxxxxxxxpredictiveLow
41Argumentxxx_xxxpredictiveLow
42ArgumentxxxxpredictiveLow
43ArgumentxxpredictiveLow
44ArgumentxxxxxxxpredictiveLow
45ArgumentxxxxpredictiveLow
46ArgumentxxxxpredictiveLow
47Argumentx_xxxxpredictiveLow
48ArgumentxxxxxxpredictiveLow
49ArgumentxxxxxxxxxpredictiveMedium
50ArgumentxxxxxpredictiveLow
51ArgumentxxpredictiveLow
52ArgumentxxxxxpredictiveLow
53ArgumentxxxxxxpredictiveLow
54Argumentxxxx_xxpredictiveLow
55Input Value//xxx//xxxxxxx.xxxpredictiveHigh

References (6)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!