ToddyCat Analysis

IOB - Indicator of Behavior (15)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en14
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn12
us4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

VMware Workstation2
VMware Fusion2
VMware ESX2
VMware View2
SAP Knowledge Management2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Kingsoft WPS Office Registry wpsupdater.exe access control5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00630CVE-2022-24934
2ZyXEL P660HN-T v1 ViewLog.asp command injection7.36.4$5k-$25k$0-$5kProof-of-ConceptWorkaround0.100.00000
3ARM Cortex-M33/Cortex-M35P/Cortex-M55/China STAR-MC VLLDM Instruction access control5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00053CVE-2021-35465
4VMware Workstation/Fusion/ESX/View VMCI.SYS input validation8.47.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.00062CVE-2013-1406
5Oracle MySQL Server LDAP Auth Privilege Escalation8.07.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00066CVE-2020-14878
6Oracle WebLogic Server Core Components unusual condition9.89.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00581CVE-2019-17195
7SAP Knowledge Management File API path traversal8.28.2$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00182CVE-2020-6225
8Microsoft Windows Bluetooth Driver Object BlueBorne access control7.77.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.030.00117CVE-2017-8628
9Nostromo nhttpd http_verify path traversal8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.97418CVE-2019-16278
10Django sql injection8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00415CVE-2020-7471
11Spring Data Commons XMLBeam xml external entity reference7.47.2$0-$5k$0-$5kHighOfficial Fix0.030.00563CVE-2018-1259
12PHP Server Monitor cross-site request forgery5.44.7$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00071CVE-2018-18921
13DeDeCMS recommend.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.11468CVE-2017-17731
14DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.000.01086CVE-2010-0966
15DeDeCMS list.php sql injection7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.00237CVE-2011-5200

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Ninja

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.76.78.23745.76.78.237.vultrusercontent.comToddyCat07/31/2022verifiedHigh
2XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxx07/31/2022verifiedHigh
3XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxXxxxx06/28/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2TXXXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
3TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx XxxxxxxpredictiveHigh
4TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileinc/config.phppredictiveHigh
2Filelist.phppredictiveMedium
3Filexxxx/xxxxxxxxx.xxxpredictiveHigh
4Filexxxxxxx.xxxpredictiveMedium
5Filexxxx.xxxpredictiveMedium
6Filexxxxxxxxxx.xxxpredictiveHigh
7Argument$_xxxxxpredictiveLow
8ArgumentxxxxxxxxpredictiveMedium
9ArgumentxxpredictiveLow
10Argumentxxxxxx_xxxxpredictiveMedium
11Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!