Tovkater Analysis

IOB - Indicator of Behavior (347)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en198
es74
fr18
pl16
it16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us298
ru28
gb10
ir6
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

IBM WebSphere Application Server22
Google Android8
Cisco ONS 154548
Google Chrome8
Microsoft Windows6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Cisco ONS 15454 TCP Port Management input validation7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.080.01136CVE-2016-9211
2phpRank Return Code improper authentication7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.020.01136CVE-2002-1952
3nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined2.920.00000CVE-2020-12440
4Zoho ManageEngine ManageEngine OpManager Group Chat unrestricted upload6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00890CVE-2017-11561
5Zoho ManageEngine ManageEngine OpManager getmailserversettings sql injection6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.010.01760CVE-2017-11559
6Cisco ONS 15454 Optical Transport Platform denial of service5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.01319CVE-2004-1433
7Cisco ONS 15454 Optical Transport Platform denial of service5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.01213CVE-2004-1434
8Cisco ONS 15454 Optical Transport Platform denial of service5.35.1$5k-$25kCalculatingNot DefinedOfficial Fix0.010.01213CVE-2004-1435
9Cisco ONS 15454 Optical Transport Platform User Account denial of service7.37.0$5k-$25kCalculatingNot DefinedOfficial Fix0.010.01213CVE-2004-1436
10Cisco ONS input validation7.56.7$5k-$25kCalculatingProof-of-ConceptOfficial Fix0.000.01213CVE-2008-3818
11Cisco ONS 15454 Controller Card input validation7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.010.01055CVE-2013-6703
12Google Android System permission7.06.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.040.02515CVE-2017-13209
13SalesAgility SuiteCRM sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01018CVE-2019-6506
14Sendmail Local Privilege Escalation5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00000
15Microsoft IIS GET Request access.cnf Path information disclosure5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.000.13525CVE-2002-1717
16Alcatel Speed Touch Home Port denial of service5.35.2$0-$5kCalculatingNot DefinedWorkaround0.010.01136CVE-2002-0119
17Hosting Controller browse.asp path traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.04187CVE-2002-0775
18Microsoft Site Server hard-coded credentials7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.13105CVE-2002-1769
19Pinboard Tasklist cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.010.01055CVE-2002-1900
20Google Android NVIDIA Video Driver information disclosure4.44.4$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00954CVE-2016-8397

IOC - Indicator of Compromise (26)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.149.255.178TovkaterverifiedHigh
213.107.21.200TovkaterverifiedHigh
334.107.221.8282.221.107.34.bc.googleusercontent.comTovkaterverifiedMedium
434.213.158.239ec2-34-213-158-239.us-west-2.compute.amazonaws.comTovkaterverifiedMedium
534.214.44.170ec2-34-214-44-170.us-west-2.compute.amazonaws.comTovkaterverifiedMedium
634.216.80.151ec2-34-216-80-151.us-west-2.compute.amazonaws.comTovkaterverifiedMedium
7XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxverifiedMedium
8XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxverifiedMedium
9XX.XXX.XX.XXxx.xx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxverifiedMedium
10XX.XXX.XXX.XXXxxx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxverifiedMedium
11XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxverifiedMedium
12XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxverifiedMedium
13XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxverifiedMedium
14XX.XX.XXX.XXXxxx-xx-xx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxverifiedMedium
15XX.XX.XXX.XXxxx-xx-xx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxverifiedMedium
16XX.XX.XX.XXXxxx-xx-xx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxverifiedMedium
17XX.XX.XXX.Xxxxxxx-xx-xx-xxx-x.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxxverifiedHigh
18XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxxverifiedHigh
19XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxxverifiedHigh
20XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxxverifiedHigh
21XX.XX.XXX.XXXxxxxxx-xx-xx-xxx-xxx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxxverifiedHigh
22XX.XX.XXX.XXXxxxxxx-xx-xx-xxx-xxx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxxverifiedHigh
23XXX.XX.XXX.XXxxxxxxxverifiedHigh
24XXX.XX.XX.XXxxxxxxxx.xxxxxxxxx.xxxXxxxxxxxverifiedHigh
25XXX.XXX.XX.XXxxxxxxxverifiedHigh
26XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (132)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/predictiveLow
2File/admin/account/changepasswordpredictiveHigh
3File/admin/users.phppredictiveHigh
4File/api/json/admin/getmailserversettingspredictiveHigh
5File/artist.phppredictiveMedium
6File/bin/supredictiveLow
7File/data/system/users/0/settings_secure.xmlpredictiveHigh
8File/dev/mempredictiveMedium
9File/dev/urandompredictiveMedium
10File/etc/dtpredictiveLow
11File/etc/passwordpredictiveHigh
12File/show_group_members.phppredictiveHigh
13File/usr/etc/rpc.passwdpredictiveHigh
14File/WEB-INF/web.xmlpredictiveHigh
15File/_vti_pvt/access.cnfpredictiveHigh
16Filexxxxxxxx.xxxpredictiveMedium
17FilexxxxxxxxxxxxxxpredictiveHigh
18Filexxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxxxxxxx.xxxpredictiveHigh
20Filexxxxxxx.xxxpredictiveMedium
21Filexxxxxxx.xxxpredictiveMedium
22Filexxxxxx.xxxxxxx.xxxpredictiveHigh
23Filexxxxxxx_xxx/xxxxxx_xxxxxx.xxxpredictiveHigh
24Filexxxxxx.xxxpredictiveMedium
25Filexxxxxxxxx.xxxxpredictiveHigh
26Filexxxxxxxxx.xxxxpredictiveHigh
27Filexxxxxx.xxxpredictiveMedium
28Filexxxxxx/x.xpredictiveMedium
29Filexxxxxxxxxx.xxxpredictiveHigh
30Filexxxxxx.xxxpredictiveMedium
31Filexxxxxx.xxxpredictiveMedium
32Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
33Filexxxxx.xxxpredictiveMedium
34Filexxxxx.xxxxxxx/xxxxx.xxxxxxxxpredictiveHigh
35Filexxxxxx.xxxpredictiveMedium
36Filexxxxxxxx.xxxpredictiveMedium
37Filexxxxx.xxxxpredictiveMedium
38Filexxx/xxxxx/xxxxx.xxxx.xxxpredictiveHigh
39Filexxxxx.xxxpredictiveMedium
40Filexxxxxxx/xxxxxxx.xpredictiveHigh
41Filexxx.xxxxxx.xxxpredictiveHigh
42Filexxxxxxx.xxx/xxxxx.xxxpredictiveHigh
43Filexxxxxxx/xxx_xxxxxxxx.xxxpredictiveHigh
44FilexxxxxxxxpredictiveMedium
45Filexxxxx.xxxpredictiveMedium
46Filexxxxx.xxxxx.xxxpredictiveHigh
47Filexxxxx-xxxx.xpredictiveMedium
48Filexxxxxxx_xxx.xxxpredictiveHigh
49Filexxxxxxx.xxxpredictiveMedium
50Filexxxxxxxxxx.xxxpredictiveHigh
51Filexxxxxx.xxxpredictiveMedium
52Filexx.xxxpredictiveLow
53Filexxxxxx.xxxpredictiveMedium
54Filexxxxxx.xxxpredictiveMedium
55Filexxxxxxx.xxxpredictiveMedium
56Filexxxxxxxx.xxxpredictiveMedium
57Filexxxxxxxxx.xxxpredictiveHigh
58Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
59Filexxxxxxx.xxxpredictiveMedium
60Filexxxxx.xxxpredictiveMedium
61Filexxxxxx.xxxpredictiveMedium
62Filexxxxxxxxxxx.xxxpredictiveHigh
63Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
64Filexx-xxxxxxxx/xx-xxxxxxxxx.xxxpredictiveHigh
65Libraryxxxxxx.xxxpredictiveMedium
66Libraryxxxxxx.xxxpredictiveMedium
67Argument$xxxxxxxxxx/$xxxpredictiveHigh
68Argument-xpredictiveLow
69Argument-xpredictiveLow
70Argumentxxxxxxxx_xxxxpredictiveHigh
71Argumentxxxxxxxxx/xxxxxxxxxxxxxpredictiveHigh
72ArgumentxxxxxxpredictiveLow
73ArgumentxxxxxxxxxxxpredictiveMedium
74ArgumentxxxxxxxxpredictiveMedium
75ArgumentxxxxxxpredictiveLow
76Argumentxxx_xxpredictiveLow
77ArgumentxxxpredictiveLow
78Argumentxxxxx/xxxxxxxpredictiveHigh
79ArgumentxxxxxxxxpredictiveMedium
80ArgumentxxxxxxxxxxxxxxxpredictiveHigh
81ArgumentxxxxxxxxxpredictiveMedium
82ArgumentxxxxxxxxpredictiveMedium
83ArgumentxxxxxxxxpredictiveMedium
84Argumentxx_xxxxxxxxpredictiveMedium
85ArgumentxxxpredictiveLow
86ArgumentxxxxxxpredictiveLow
87ArgumentxxxxpredictiveLow
88ArgumentxxpredictiveLow
89Argumentxx_xxxxxxxxxpredictiveMedium
90ArgumentxxxxxxxxxpredictiveMedium
91Argumentxxxxx/xxpredictiveMedium
92Argumentxxxx xxx_xxxxxxxxpredictiveHigh
93Argumentxxxx/x-xxxxpredictiveMedium
94Argumentxxxx/xxxxxpredictiveMedium
95ArgumentxxxxxxxxxxpredictiveMedium
96Argumentxx-xxxxx-xxxpredictiveMedium
97ArgumentxxxxpredictiveLow
98ArgumentxxxxxxxxpredictiveMedium
99ArgumentxxxxpredictiveLow
100ArgumentxxxxxpredictiveLow
101ArgumentxxxxxxxxpredictiveMedium
102ArgumentxxxxxxxpredictiveLow
103Argumentxxxxxxx_xxxxxxxpredictiveHigh
104ArgumentxxxxxpredictiveLow
105ArgumentxxxpredictiveLow
106ArgumentxxxxpredictiveLow
107ArgumentxxxxxxxxxxxpredictiveMedium
108Argumentxxx/xxxxxxxxpredictiveMedium
109ArgumentxxxxxxxxxpredictiveMedium
110ArgumentxxxxxxxxpredictiveMedium
111ArgumentxxxxpredictiveLow
112Argumentxxxx xxxx xx xxxxpredictiveHigh
113ArgumentxxxxpredictiveLow
114Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
115Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
116Argumentxxxxxxxx/xxxxxxxx/xxxxxxxxpredictiveHigh
117Input Value'xx''='predictiveLow
118Input Value' xx 'x'='xpredictiveMedium
119Input Value-x%xxxxxxx%xxxxx%xxxxxxxx%xxx,x,x,x,xxxxxxxx()predictiveHigh
120Input Value-xx/xxx/xxpredictiveMedium
121Input Value/../predictiveLow
122Input Value</xxxxxx><xx>xxx/* </xxxxxx><x xxxx=xxx.xxx>predictiveHigh
123Input Value<xxx>.predictiveLow
124Input Valuex:/predictiveLow
125Input Valuexxxxxxxxxxxx_xpredictiveHigh
126Input ValuexxxxxxxpredictiveLow
127Input Value^xpredictiveLow
128Network PortxxxxpredictiveLow
129Network PortxxxxpredictiveLow
130Network Portxxx/xxxx (xxxxxxxxxx)predictiveHigh
131Network Portxxx/xxx (xxxx)predictiveHigh
132Network Portxxx xxxxxx xxxxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!