Tortoiseshell Analysis

IOB - Indicator of Behavior (19)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en16
pl2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows2
Sitecore2
media-library-assistant Plugin2
F5 BIG-IP ASM2
Microsoft IIS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2Google Chrome Flash Player memory corruption9.99.5$100k and more$0-$5kNot DefinedOfficial Fix0.000.00645CVE-2012-0724
3AWStats awstats.pl Path information disclosure5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.080.00176CVE-2018-10245
4ADTRAN Netvanta 7060/Netvanta 7100 DNS Privilege Escalation6.56.3$0-$5k$0-$5kNot DefinedWorkaround0.000.02808CVE-2021-25681
5Apache HTTP Server HTTP/2 Request request smuggling6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00606CVE-2020-9490
6Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
7ImageMagick heic.c ReadHEICImageByID out-of-bounds5.45.4$0-$5kCalculatingNot DefinedNot Defined0.000.00056CVE-2020-10251
8SAP NetWeaver AS JAVA LM Configuration Wizard RECON improper authentication10.09.5$100k and more$0-$5kHighOfficial Fix0.040.97502CVE-2020-6287
9Media Library Assistant Plugin cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00115CVE-2020-11731
10media-library-assistant Plugin mla_gallery injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01003CVE-2020-11928
11Wechat Broadcast Plugin Image.php path traversal8.18.0$0-$5kCalculatingProof-of-ConceptNot Defined0.020.29241CVE-2018-16283
12Ecommerce Online Store Kit shop.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.03763CVE-2004-0300
13Microsoft Windows Remote Desktop/Terminal Services Web Connection improper authentication6.36.2$25k-$100k$0-$5kNot DefinedWorkaround0.020.00000
14F5 BIG-IP ASM pl_tree.php cross site scripting4.34.2$5k-$25k$0-$5kHighUnavailable0.000.00220CVE-2014-9342
15Sitecore IDE.aspx path traversal4.34.3$0-$5kCalculatingNot DefinedNot Defined0.040.00130CVE-2017-11440
16Coppermine Photo Gallery path traversal4.23.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.01312CVE-2007-4976

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
164.235.39.45lasvegas-nv-datacenter.serverpoint.comTortoiseshell06/01/2021verifiedHigh
2XX.XXX.XX.XXXxxxxxxxx-xx-xxxxxxxxxx.xxxxxxxxxxx.xxxXxxxxxxxxxxxx06/01/2021verifiedHigh
3XXX.XXX.XX.XXXXxxxxxxxxxxxx04/28/2022verifiedHigh
4XXX.XX.XXX.XXXXxxxxxxxxxxxx04/28/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Path TraversalpredictiveHigh
2TXXXXCWE-XXXxxxxxxx Xxxxxxxxxxxxxx Xx Xxxx Xxxxxx Xxxxx XxxxxxxxxxxpredictiveHigh
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/uncpath/predictiveMedium
2Fileawstats.plpredictiveMedium
3Filexxxxxx\xxxx.xpredictiveHigh
4Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
5Filexxxxx.xxxpredictiveMedium
6Filexx_xxxx.xxxpredictiveMedium
7Filexxxxx/xxxxxxxxxxxx/xxxxxxx/xxx.xxxxpredictiveHigh
8Filexxxx.xxxpredictiveMedium
9Argumentxxxxxxxxx/xxxxxxpredictiveHigh
10ArgumentxxpredictiveLow
11ArgumentxxxxxxxxxpredictiveMedium
12Argumentxxx_xxxxx/xxxx_xxxxx/xxxx_xxxxxpredictiveHigh
13ArgumentxxxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!