Tranchulas Analysis

IOB - Indicator of Behavior (230)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en208
es22

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us38
es22
gb16
ru14
mm6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows12
Cisco NX-OS10
Juniper Junos8
Microsoft Internet Explorer6
WordPress6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Magento PageBuilder Template input validation8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.006690.02CVE-2019-8144
2Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.08CVE-2017-0055
3Apache HTTP Server HTTP Digest Authentication Challenge improper authentication8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.018150.03CVE-2018-1312
4WordPress Metadata deserialization8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.018290.00CVE-2018-20148
5Juniper Junos jdhcpd data processing6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.002680.00CVE-2017-2301
6Subrion CMS cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000760.00CVE-2019-11406
7Apache HTTP Server mod_proxy_fcgi.c handle_headers memory corruption5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.009530.00CVE-2014-3583
8Apple iOS WebKit type confusion7.57.4$25k-$100k$5k-$25kHighOfficial Fix0.067770.00CVE-2019-8506
9Microsoft IIS File Name Tilde privileges management6.55.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.968170.04CVE-2005-4360
10Cisco Firepower Threat Defense Data Acquisition protection mechanism7.97.9$5k-$25k$5k-$25kNot DefinedNot Defined0.001490.00CVE-2019-1669
11Zeescripts ZeeBuddy bannerclick.php sql injection8.58.3$0-$5k$0-$5kHighUnavailable0.001670.00CVE-2008-3604
12PHP Scripts Mall PHP Multivendor Ecommerce my_wishlist.php cross site scripting5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.000780.00CVE-2017-17958
13Aj Square Ajauction subcat.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.008210.03CVE-2007-1298
14WordPress User Search REST Endpoint information disclosure4.44.3$5k-$25k$0-$5kNot DefinedNot Defined0.000630.07CVE-2023-5561
15Void Contact Form 7 Widget for Elementor Page Builder Plugin void_cf7_opt_in_user_data_track cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000630.00CVE-2022-47166
16janobe Online Ordering System sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.001720.00CVE-2022-31356
17Adobe InDesign buffer overflow7.06.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000850.00CVE-2021-40727
18Ubiquiti EdgeMAX EdgeRouter Firmware Update channel accessible8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003150.05CVE-2021-22909
19Verbatim Keypad Secure USB Lockout excessive authentication5.04.8$0-$5k$0-$5kNot DefinedNot Defined0.001000.00CVE-2022-28386
20Micro CMS Comments cross site scripting3.53.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.00

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Bitterbug

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
146.4.139.224static.224.139.4.46.clients.your-server.deTranchulasBitterbug01/01/2021verifiedHigh
246.4.139.225static.225.139.4.46.clients.your-server.deTranchulasBitterbug01/01/2021verifiedHigh
3XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxx01/01/2021verifiedHigh
4XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxx01/01/2021verifiedHigh
5XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxx01/01/2021verifiedHigh
6XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxx01/01/2021verifiedHigh
7XXX.XX.XXX.XXXXxxxxxxxxxXxxxxxxxx01/01/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (74)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi/loginDefaultUserpredictiveHigh
2File/contentshare/image/data/user/0/com.sony.dtv.photosharingplus/files/_BRAVPSS.TMP/LJYT0010.JPGpredictiveHigh
3File/etc/shadowpredictiveMedium
4File/ordering/admin/store/index.php?view=editpredictiveHigh
5File/proc/ioportspredictiveHigh
6File/uncpath/predictiveMedium
7File/webconsole/APIControllerpredictiveHigh
8File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveHigh
9FileAccountStatus.jsppredictiveHigh
10Filexxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxpredictiveHigh
11Filexxxxxxxxx/xxxxxxxxxxxxxpredictiveHigh
12Filexxx/xxxxx/xxxxxx.xxxpredictiveHigh
13Filexxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxxx_xxxxx.xpredictiveHigh
15Filexxxxxx/xxx-xxxxx.xpredictiveHigh
16Filexxxx/xx-xxxx-xx/xx-xxxx-xx.xpredictiveHigh
17Filexxxxxx_xxxx.xpredictiveHigh
18Filexxxxxxx/xxx/xxxxx/xxx-xxxxx.xpredictiveHigh
19Filexxxxxxx/xxx/xxxxxxxx/xxx/xxx_xxx_xxx.xpredictiveHigh
20Filexxxxxxx/xxxxx/xxxxx/xxxxxxx.xpredictiveHigh
21Filexxxxxxxx.xxxpredictiveMedium
22Filexxxx/xxxx/xxxx/xxxx.xxxpredictiveHigh
23Filexxxxx/xxxx/xxxx.xxxpredictiveHigh
24Filexxxxxxx/xxxxx/xxx_xxxx.xpredictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexxxx.xxxpredictiveMedium
27Filexxxxxx.xpredictiveMedium
28Filexxxxxxxxxxxxx.xxxpredictiveHigh
29Filexxx_xxxxx_xxxx.xpredictiveHigh
30Filexxxxxxxx.xpredictiveMedium
31Filexx_xxxxxxxx.xxxpredictiveHigh
32Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
33Filexxx/xxxx/xx_xxxxxxxx.xpredictiveHigh
34Filexxx/xxxxxx/xxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
35Filexxxxxxxxx.xxxxx.xxxpredictiveHigh
36Filexxxxxxx.xxxpredictiveMedium
37Filexxxxx.xxxpredictiveMedium
38FilexxxxxpredictiveLow
39Filexxxxxxxx.xxxpredictiveMedium
40Filexxxxxx.xxxpredictiveMedium
41Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
42Filexx/x.x.xx.xxxxxx/xxxxxxx/xx/xxxxx.xx.xxxxxxxxxpredictiveHigh
43Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
44Filexx-xxxxx/xxxxxxxx/xxxxx-xxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
45File_xxxx/xx/xxxxxxxx/predictiveHigh
46File_xx_xxxxxpredictiveMedium
47Libraryxxxxxxxxxxxxxxxx.xxxpredictiveHigh
48Libraryxxxxxxxx.xxxpredictiveMedium
49Libraryxxx/xxx/xxxx/predictiveHigh
50ArgumentxxxxpredictiveLow
51Argumentxxxx_xxpredictiveLow
52ArgumentxxxpredictiveLow
53ArgumentxxxxxpredictiveLow
54ArgumentxxxpredictiveLow
55ArgumentxxxxpredictiveLow
56Argumentxxxx_xxxxxxxpredictiveMedium
57ArgumentxxpredictiveLow
58Argumentxxxx/xxxxx/xxxxxpredictiveHigh
59Argumentxxxxxxx=xxxxxxxxxxxxxxpredictiveHigh
60ArgumentxxxxxxxxpredictiveMedium
61ArgumentxxxxxxxxpredictiveMedium
62ArgumentxxpredictiveLow
63ArgumentxxxxpredictiveLow
64Argumentxxxxxx[xxx][xxxx]predictiveHigh
65ArgumentxxxxxxxxxpredictiveMedium
66ArgumentxxxxxxxxpredictiveMedium
67Argumentxxxx->xxxxxxxpredictiveHigh
68Argumentx-xxxxxxxxx-xxxpredictiveHigh
69Input Value-x/xxxxxxxxxxpredictiveHigh
70Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
71Input ValuexxpredictiveLow
72Network Portxxx/xx (xxx)predictiveMedium
73Network Portxxx/xxxxxpredictiveMedium
74Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!