Tranchulas Analysis

IOB - Indicator of Behavior (225)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en206
es16
it2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us42
es14
ru8
gb8
mm4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache HTTP Server10
Microsoft Windows10
Linux Kernel8
Juniper Junos8
Google Android8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Magento PageBuilder Template input validation8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01156CVE-2019-8144
2Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.140.25090CVE-2017-0055
3Apache HTTP Server HTTP Digest Authentication Challenge improper authentication8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.07767CVE-2018-1312
4WordPress Metadata deserialization8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.17166CVE-2018-20148
5Juniper Junos jdhcpd data processing6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.00954CVE-2017-2301
6Subrion CMS cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2019-11406
7Apache HTTP Server mod_proxy_fcgi.c handle_headers memory corruption5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.05242CVE-2014-3583
8Apple iOS WebKit type confusion7.57.2$100k and more$5k-$25kNot DefinedOfficial Fix0.010.10984CVE-2019-8506
9Microsoft IIS File Name Tilde privileges management6.55.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.58548CVE-2005-4360
10Cisco Firepower Threat Defense Data Acquisition protection mechanism7.97.9$5k-$25k$5k-$25kNot DefinedNot Defined0.020.01055CVE-2019-1669
11janobe Online Ordering System sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-31356
12Adobe InDesign buffer overflow7.06.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01046CVE-2021-40727
13Ubiquiti EdgeMAX EdgeRouter Firmware Update channel accessible8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2021-22909
14Verbatim Keypad Secure USB Lockout excessive authentication5.04.8$0-$5k$0-$5kNot DefinedNot Defined0.070.01183CVE-2022-28386
15Micro CMS Comments cross site scripting3.53.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00000
16OpenResty ngx.req.get_post_args sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01055CVE-2018-9230
17Adobe Acrobat Reader PDF File integrity check6.36.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.01046CVE-2021-28546
18Fortinet FortiOS Two Factor Authentication improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2020-12812
19Apache HTTP Server mod_cluster input validation7.16.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01742CVE-2016-8612
20Apache HTTP Server mod_proxy input validation7.36.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.050.07344CVE-2014-0117

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Bitterbug

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
146.4.139.224static.224.139.4.46.clients.your-server.deTranchulasBitterbugverifiedHigh
246.4.139.225static.225.139.4.46.clients.your-server.deTranchulasBitterbugverifiedHigh
3XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxxverifiedHigh
4XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxxverifiedHigh
5XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxxverifiedHigh
6XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxxverifiedHigh
7XXX.XX.XXX.XXXXxxxxxxxxxXxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (68)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi/loginDefaultUserpredictiveHigh
2File/contentshare/image/data/user/0/com.sony.dtv.photosharingplus/files/_BRAVPSS.TMP/LJYT0010.JPGpredictiveHigh
3File/etc/shadowpredictiveMedium
4File/ordering/admin/store/index.php?view=editpredictiveHigh
5File/proc/ioportspredictiveHigh
6File/uncpath/predictiveMedium
7File/webconsole/APIControllerpredictiveHigh
8File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveHigh
9Filexxxxxxxxxxxxx.xxxpredictiveHigh
10Filexxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxpredictiveHigh
11Filexxxxxxxxx/xxxxxxxxxxxxxpredictiveHigh
12Filexxx/xxxxx/xxxxxx.xxxpredictiveHigh
13Filexxxxxx_xxxxx.xpredictiveHigh
14Filexxxxxx/xxx-xxxxx.xpredictiveHigh
15Filexxxx/xx-xxxx-xx/xx-xxxx-xx.xpredictiveHigh
16Filexxxxxx_xxxx.xpredictiveHigh
17Filexxxxxxx/xxx/xxxxx/xxx-xxxxx.xpredictiveHigh
18Filexxxxxxx/xxx/xxxxxxxx/xxx/xxx_xxx_xxx.xpredictiveHigh
19Filexxxxxxx/xxxxx/xxxxx/xxxxxxx.xpredictiveHigh
20Filexxxxxxxx.xxxpredictiveMedium
21Filexxxx/xxxx/xxxx/xxxx.xxxpredictiveHigh
22Filexxxxx/xxxx/xxxx.xxxpredictiveHigh
23Filexxxxxxx/xxxxx/xxx_xxxx.xpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxxx.xxxpredictiveMedium
26Filexxxxxx.xpredictiveMedium
27Filexxxxxxxxxxxxx.xxxpredictiveHigh
28Filexxx_xxxxx_xxxx.xpredictiveHigh
29Filexxxxxxxx.xpredictiveMedium
30Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
31Filexxx/xxxx/xx_xxxxxxxx.xpredictiveHigh
32Filexxx/xxxxxx/xxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
33Filexxxxxxxxx.xxxxx.xxxpredictiveHigh
34Filexxxxxxx.xxxpredictiveMedium
35Filexxxxx.xxxpredictiveMedium
36FilexxxxxpredictiveLow
37Filexxxxxxxx.xxxpredictiveMedium
38Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
39Filexx/x.x.xx.xxxxxx/xxxxxxx/xx/xxxxx.xx.xxxxxxxxxpredictiveHigh
40Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
41Filexx-xxxxx/xxxxxxxx/xxxxx-xxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
42File_xxxx/xx/xxxxxxxx/predictiveHigh
43File_xx_xxxxxpredictiveMedium
44Libraryxxxxxxxxxxxxxxxx.xxxpredictiveHigh
45Libraryxxxxxxxx.xxxpredictiveMedium
46Libraryxxx/xxx/xxxx/predictiveHigh
47ArgumentxxxpredictiveLow
48ArgumentxxxxxpredictiveLow
49ArgumentxxxxpredictiveLow
50Argumentxxxx_xxxxxxxpredictiveMedium
51ArgumentxxpredictiveLow
52Argumentxxxx/xxxxx/xxxxxpredictiveHigh
53Argumentxxxxxxx=xxxxxxxxxxxxxxpredictiveHigh
54ArgumentxxxxxxxxpredictiveMedium
55ArgumentxxxxxxxxpredictiveMedium
56ArgumentxxpredictiveLow
57ArgumentxxxxpredictiveLow
58Argumentxxxxxx[xxx][xxxx]predictiveHigh
59ArgumentxxxxxxxxxpredictiveMedium
60ArgumentxxxxxxxxpredictiveMedium
61Argumentxxxx->xxxxxxxpredictiveHigh
62Argumentx-xxxxxxxxx-xxxpredictiveHigh
63Input Value-x/xxxxxxxxxxpredictiveHigh
64Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
65Input ValuexxpredictiveLow
66Network Portxxx/xx (xxx)predictiveMedium
67Network Portxxx/xxxxxpredictiveMedium
68Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!