Vicious Panda Analysis

IOB - Indicator of Behavior (94)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en70
zh12
de4
fr4
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us34
cn28
vn18
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows4
phpMyAdmin4
PHP4
IBM WebSphere Application Server2
DZCP deV!L`z Clanportal2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
2Tiki Wiki CMS Groupware tiki-jsplugin.php input validation8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.01018CVE-2010-4239
3Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.04187CVE-2011-0643
4PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.020.01213CVE-2015-4134
5FasterXML jackson-databind Default Typing information disclosure7.46.5$0-$5k$0-$5kNot DefinedOfficial Fix0.020.24563CVE-2019-12086
6DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.410.04187CVE-2010-0966
7UliCMS index.php cross site scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.010.02173CVE-2019-11398
8D-Link DIR-865L register_send.php improper authentication7.57.1$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.020.00954CVE-2013-3096
9WebCalendar settings.php file inclusion7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010.01408CVE-2005-2717
10Cisco ASR901 IPv4 Packet resource management5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.010.01319CVE-2014-3293
11Earl Miles Views Filters sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.060.01974CVE-2011-4113
12Grafana Request redirect5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00950CVE-2022-29170
13ManageEngine ADSelfService Plus privileges management9.08.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.10212CVE-2020-11552
14Apache HTTP Server HTTP2 Request request smuggling6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.030.05242CVE-2020-9490
15Microsoft Windows RPCSS memory corruption5.65.1$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.030.46718CVE-2003-0715
16PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.050.03129CVE-2007-1287
17Ruijie-NBR RG-NBR-E Enterprise Gateway upLoadCfg.php Privilege Escalation6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.01156CVE-2022-27982
18Ruijie RG-EW diagnose switchFastDhcp Privilege Escalation6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.010.01978CVE-2021-43160
19Ruijie RG-EW setSessionTime Privilege Escalation6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.010.01978CVE-2021-43159
20Apple Log4j Configuration Parameter sql injection6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01742CVE-2022-23305

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (57)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/luci/api/diagnosepredictiveHigh
2File/guest_auth/cfg/upLoadCfg.phppredictiveHigh
3File/phppath/phppredictiveMedium
4File/uncpath/predictiveMedium
5File/WEB-INF/web.xmlpredictiveHigh
6Fileabook_database.phppredictiveHigh
7Fileadclick.phppredictiveMedium
8Filexxxxx.xxxpredictiveMedium
9Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
10Filexxxxx/xxxxx.xxxpredictiveHigh
11Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
12Filexxxx.xxxpredictiveMedium
13Filexxxxxxxx.xxxpredictiveMedium
14Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
15Filexx_xxxxxx.xxxpredictiveHigh
16Filexxxx_xxxx.xxxxpredictiveHigh
17Filexxxxxxxxxx.xxxpredictiveHigh
18Filexxxxx.xxxpredictiveMedium
19Filexxx_xxxxxxx.xxxpredictiveHigh
20Filexxxx.xxxpredictiveMedium
21Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
22Filexxxx/xxx-xxxxxxxx.xxxpredictiveHigh
23Filexxx/xxxxxx.xxxpredictiveHigh
24Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictiveHigh
27Filexxxxx.xxx?xxx=xxxx&xxx=xxxx_xxxxxxxpredictiveHigh
28Filexxxxxxxx/xxxx?xxxxxx=xxpredictiveHigh
29Filexxxxxxx.xxxpredictiveMedium
30Filexxxxxx.xpredictiveMedium
31Filexxxxxxxx_xxxx.xxxpredictiveHigh
32Filexxxx/xxx/xxx_xxxx.xpredictiveHigh
33Filexxxxxxxx.xxxpredictiveMedium
34Filexxxxx.xxxpredictiveMedium
35Filexxxx-xxxxxxxx.xxxpredictiveHigh
36Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
37Argument$_xxxxxx['xxxxx_xxxxxx']predictiveHigh
38Argumentxxxxxxx_xxpredictiveMedium
39Argumentxxxxxxxxxxxxxx[xxx][x][xxxxxxxx]predictiveHigh
40ArgumentxxxxxxxxpredictiveMedium
41ArgumentxxxpredictiveLow
42Argumentxxx_xxxxxxx_xxxpredictiveHigh
43ArgumentxxxxpredictiveLow
44ArgumentxxxxxxxxpredictiveMedium
45ArgumentxxxxxpredictiveLow
46ArgumentxxpredictiveLow
47ArgumentxxpredictiveLow
48ArgumentxxpredictiveLow
49ArgumentxxxxxxxxpredictiveMedium
50ArgumentxxpredictiveLow
51ArgumentxxxxxxxxpredictiveMedium
52ArgumentxxxxxxxxpredictiveMedium
53ArgumentxxxpredictiveLow
54Input Value-xpredictiveLow
55Pattern|xx xx xx xx xx xx xx xx|predictiveHigh
56Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh
57Network Portxxx/xxxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!