Tortoiseshell Analysis

IOB - Indicator of Behavior (18)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en16
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Coppermine Photo Gallery2
Media Library Assistant Plugin2
Thomas R. Pasawicz HyperBook Guestbook2
media-library-assistant Plugin2
Ecommerce Online Store Kit2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
2Google Chrome Flash Player memory corruption9.99.5$100k and more$5k-$25kNot DefinedOfficial Fix0.030.01202CVE-2012-0724
3ADTRAN Netvanta 7060/Netvanta 7100 DNS Privilege Escalation6.56.3$0-$5k$0-$5kNot DefinedWorkaround0.020.29468CVE-2021-25681
4Apache HTTP Server HTTP2 Request request smuggling6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.060.05242CVE-2020-9490
5Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.230.25090CVE-2017-0055
6ImageMagick heic.c ReadHEICImageByID out-of-bounds5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2020-10251
7SAP NetWeaver AS JAVA LM Configuration Wizard RECON improper authentication10.09.5$100k and more$0-$5kHighOfficial Fix0.040.95175CVE-2020-6287
8Media Library Assistant Plugin cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01055CVE-2020-11731
9media-library-assistant Plugin mla_gallery injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01156CVE-2020-11928
10Wechat Broadcast Plugin Image.php path traversal6.56.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.08382CVE-2018-16283
11Ecommerce Online Store Kit shop.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.060.04386CVE-2004-0300
12Microsoft Windows Remote Desktop/Terminal Services Web Connection improper authentication6.36.2$25k-$100k$0-$5kNot DefinedWorkaround0.040.00000
13F5 BIG-IP ASM pl_tree.php cross site scripting4.34.2$5k-$25k$0-$5kHighUnavailable0.030.01213CVE-2014-9342
14Sitecore IDE.aspx path traversal4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2017-11440
15Coppermine Photo Gallery path traversal4.23.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.09659CVE-2007-4976

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
164.235.39.45lasvegas-nv-datacenter.serverpoint.comTortoiseshellverifiedHigh
2XX.XXX.XX.XXXxxxxxxxx-xx-xxxxxxxxxx.xxxxxxxxxxx.xxxXxxxxxxxxxxxxverifiedHigh
3XXX.XXX.XX.XXXXxxxxxxxxxxxxverifiedHigh
4XXX.XX.XXX.XXXXxxxxxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2TXXXXCWE-XXXxxxxxxxxpredictiveHigh
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/uncpath/predictiveMedium
2Filecoders\heic.cpredictiveHigh
3Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
4Filexxxxx.xxxpredictiveMedium
5Filexx_xxxx.xxxpredictiveMedium
6Filexxxxx/xxxxxxxxxxxx/xxxxxxx/xxx.xxxxpredictiveHigh
7Filexxxx.xxxpredictiveMedium
8ArgumentxxpredictiveLow
9ArgumentxxxxxxxxxpredictiveMedium
10Argumentxxx_xxxxx/xxxx_xxxxx/xxxx_xxxxxpredictiveHigh
11ArgumentxxxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!