Tranchulas Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (235)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en218
es14
de2
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA46
GB: Great Britain16
ES: Spain12
RU: Russia12
MM: Myanmar4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Tranchulas1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined48
Router Operating System22
Firewall Software22
Operating System16
Web Server16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Cisco38
Not Defined38
Microsoft14
Apache14
Juniper12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Juniper Junos12
Cisco Firepower Threat Defense10
NVIDIA Windows GPU Display Driver10
Apache HTTP Server10
Microsoft Windows8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Magento PageBuilder Template input validation8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.006690.00CVE-2019-8144
2Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.05CVE-2017-0055
3Apache HTTP Server HTTP Digest Authentication Challenge improper authentication8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.014020.05CVE-2018-1312
4WordPress Metadata deserialization8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.017660.06CVE-2018-20148
5Juniper Junos jdhcpd data processing6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.002680.00CVE-2017-2301
6Subrion CMS cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000760.00CVE-2019-11406
7Apache HTTP Server mod_proxy_fcgi.c handle_headers memory corruption5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.008760.00CVE-2014-3583
8Apple iOS WebKit type confusion7.57.4$25k-$100k$5k-$25kHighOfficial Fix0.062670.04CVE-2019-8506
9Microsoft IIS File Name Tilde privileges management6.55.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.968170.00CVE-2005-4360
10Cisco Firepower Threat Defense Data Acquisition protection mechanism7.97.9$5k-$25k$5k-$25kNot DefinedNot Defined0.001490.00CVE-2019-1669
11HP Integrated Lights-out Bmc improper authentication9.88.6$5k-$25k$5k-$25kUnprovenUnavailable0.022030.05CVE-2013-4784
12HP Integrated Lights-Out privileges management8.17.1$5k-$25k$0-$5kUnprovenOfficial Fix0.050390.00CVE-2014-7876
13DUware DUpaypal detail.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.004210.08CVE-2006-6365
14DUware DUdownload detail.asp sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.002540.04CVE-2006-6367
15DuWare DuClassmate default.asp sql injection9.89.5$0-$5k$0-$5kHighUnavailable0.003480.00CVE-2006-6355
16Zeescripts ZeeBuddy bannerclick.php sql injection8.58.3$0-$5k$0-$5kHighUnavailable0.001670.00CVE-2008-3604
17PHP Scripts Mall PHP Multivendor Ecommerce my_wishlist.php cross site scripting5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.000780.00CVE-2017-17958
18Aj Square Ajauction subcat.php sql injection7.37.3$0-$5kCalculatingHighUnavailable0.007840.00CVE-2007-1298
19WordPress User Search REST Endpoint information disclosure4.44.3$5k-$25k$0-$5kNot DefinedNot Defined0.000620.05CVE-2023-5561
20Void Contact Form 7 Widget for Elementor Page Builder Plugin void_cf7_opt_in_user_data_track cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000630.05CVE-2022-47166

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Bitterbug

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
146.4.139.224static.224.139.4.46.clients.your-server.deTranchulasBitterbug01/01/2021verifiedLow
246.4.139.225static.225.139.4.46.clients.your-server.deTranchulasBitterbug01/01/2021verifiedLow
3XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxx01/01/2021verifiedLow
4XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxx01/01/2021verifiedLow
5XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxx01/01/2021verifiedLow
6XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxx01/01/2021verifiedLow
7XXX.XX.XXX.XXXXxxxxxxxxxXxxxxxxxx01/01/2021verifiedLow

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
5TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-466CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
12TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
13TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh
19TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (79)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi/loginDefaultUserpredictiveHigh
2File/contentshare/image/data/user/0/com.sony.dtv.photosharingplus/files/_BRAVPSS.TMP/LJYT0010.JPGpredictiveHigh
3File/etc/shadowpredictiveMedium
4File/ordering/admin/store/index.php?view=editpredictiveHigh
5File/proc/ioportspredictiveHigh
6File/uncpath/predictiveMedium
7File/webconsole/APIControllerpredictiveHigh
8File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveHigh
9FileAccountStatus.jsppredictiveHigh
10Filexxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxpredictiveHigh
11Filexxxxxxxxx/xxxxxxxxxxxxxpredictiveHigh
12Filexxx/xxxxx/xxxxxx.xxxpredictiveHigh
13Filexxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxxx_xxxxx.xpredictiveHigh
15Filexxxxxx/xxx-xxxxx.xpredictiveHigh
16Filexxxx/xx-xxxx-xx/xx-xxxx-xx.xpredictiveHigh
17Filexxxxxxx.xxxpredictiveMedium
18Filexxxxxx.xxxpredictiveMedium
19Filexxxxxx_xxxx.xpredictiveHigh
20Filexxxxxxx/xxx/xxxxx/xxx-xxxxx.xpredictiveHigh
21Filexxxxxxx/xxx/xxxxxxxx/xxx/xxx_xxx_xxx.xpredictiveHigh
22Filexxxxxxx/xxxxx/xxxxx/xxxxxxx.xpredictiveHigh
23Filexxxxxxxx.xxxpredictiveMedium
24Filexxxx/xxxx/xxxx/xxxx.xxxpredictiveHigh
25Filexxxxx/xxxx/xxxx.xxxpredictiveHigh
26Filexxxxxxx/xxxxx/xxx_xxxx.xpredictiveHigh
27Filexxxxx.xxxpredictiveMedium
28Filexxxx.xxxpredictiveMedium
29Filexxxxxx.xpredictiveMedium
30Filexxxxxxxxxxxxx.xxxpredictiveHigh
31Filexxx_xxxxx_xxxx.xpredictiveHigh
32Filexxxxxxxx.xpredictiveMedium
33Filexx_xxxxxxxx.xxxpredictiveHigh
34Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
35Filexxx/xxxx/xx_xxxxxxxx.xpredictiveHigh
36Filexxx/xxxxxx/xxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
37Filexxxxxxxxx.xxxxx.xxxpredictiveHigh
38Filexxxxxxx.xxxpredictiveMedium
39Filexxxxx.xxxpredictiveMedium
40FilexxxxxpredictiveLow
41Filexxxxxxxx.xxxpredictiveMedium
42Filexxxxxx.xxxpredictiveMedium
43Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
44Filexx/x.x.xx.xxxxxx/xxxxxxx/xx/xxxxx.xx.xxxxxxxxxpredictiveHigh
45Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
46Filexx-xxxxx/xxxxxxxx/xxxxx-xxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
47File_xxxx/xx/xxxxxxxx/predictiveHigh
48File_xx_xxxxxpredictiveMedium
49Libraryxxxxxxxxxxxxxxxx.xxxpredictiveHigh
50Libraryxxxxxxxx.xxxpredictiveMedium
51Libraryxxx/xxx/xxxx/predictiveHigh
52ArgumentxxxxpredictiveLow
53Argumentxxxx_xxpredictiveLow
54ArgumentxxxpredictiveLow
55ArgumentxxxxxpredictiveLow
56ArgumentxxxpredictiveLow
57ArgumentxxxxpredictiveLow
58Argumentxxxx_xxxxxxxpredictiveMedium
59ArgumentxxpredictiveLow
60ArgumentxxxxpredictiveLow
61ArgumentxxxxxxpredictiveLow
62ArgumentxxxxxpredictiveLow
63Argumentxxxx/xxxxx/xxxxxpredictiveHigh
64Argumentxxxxxxx=xxxxxxxxxxxxxxpredictiveHigh
65ArgumentxxxxxxxxpredictiveMedium
66ArgumentxxxxxxxxpredictiveMedium
67ArgumentxxpredictiveLow
68ArgumentxxxxpredictiveLow
69Argumentxxxxxx[xxx][xxxx]predictiveHigh
70ArgumentxxxxxxxxxpredictiveMedium
71ArgumentxxxxxxxxpredictiveMedium
72Argumentxxxx->xxxxxxxpredictiveHigh
73Argumentx-xxxxxxxxx-xxxpredictiveHigh
74Input Value-x/xxxxxxxxxxpredictiveHigh
75Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
76Input ValuexxpredictiveLow
77Network Portxxx/xx (xxx)predictiveMedium
78Network Portxxx/xxxxxpredictiveMedium
79Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!