ToddyCat تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (18)

التسلسل الزمني

اللغة

en16
zh2

البلد

cn14
us4

الفاعلين

ToddyCat3
Cobalt Strike1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Content Management System4
Knowledge Base Software2
Operating System2
Router Operating System2
Application Server Software2

المجهز

Not Defined6
Oracle4
SAP2
Microsoft2
ZyXEL2

منتج

SAP Knowledge Management2
Microsoft Windows2
ZyXEL P660HN-T v12
Oracle WebLogic Server2
DeDeCMS2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1request-baskets API Request {name} تجاوز الصلاحيات6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000.05974CVE-2023-27163
2bassmaster plugin batch.js internalsbatch تجاوز الصلاحيات9.89.4$0-$5k$0-$5kHighOfficial Fix0.050.87462CVE-2014-7205
3QNAP QTS/QuTS Hero/QVP/QVR تجاوز الصلاحيات6.76.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00067CVE-2023-23355
4Kingsoft WPS Office Registry wpsupdater.exe تجاوز الصلاحيات5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00924CVE-2022-24934
5ZyXEL P660HN-T v1 ViewLog.asp تجاوز الصلاحيات7.36.4$5k-$25k$0-$5kProof-of-ConceptWorkaround0.020.00000
6ARM Cortex-M33/Cortex-M35P/Cortex-M55/China STAR-MC VLLDM Instruction تجاوز الصلاحيات5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00053CVE-2021-35465
7VMware Workstation/Fusion/ESX/View VMCI.SYS تجاوز الصلاحيات8.47.6$5k-$25kجاري الحسابProof-of-ConceptOfficial Fix0.000.00062CVE-2013-1406
8Oracle MySQL Server LDAP Auth Privilege Escalation8.07.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00076CVE-2020-14878
9Oracle WebLogic Server Core Components تجاوز الصلاحيات9.89.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.01213CVE-2019-17195
10SAP Knowledge Management File API اجتياز الدليل8.28.2$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00182CVE-2020-6225
11Microsoft Windows Bluetooth Driver Object BlueBorne تجاوز الصلاحيات7.77.3$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00117CVE-2017-8628
12Nostromo nhttpd http_verify اجتياز الدليل8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.97418CVE-2019-16278
13Django حقن إس كيو إل8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00742CVE-2020-7471
14Spring Data Commons XMLBeam XML External Entity7.47.2$0-$5k$0-$5kHighOfficial Fix0.020.00366CVE-2018-1259
15PHP Server Monitor طلب تزوير مشترك5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00071CVE-2018-18921
16DeDeCMS recommend.php حقن إس كيو إل8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.070.02324CVE-2017-17731
17DZCP deV!L`z Clanportal config.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.610.00943CVE-2010-0966
18DeDeCMS list.php حقن إس كيو إل7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.00618CVE-2011-5200

حملات (1)

These are the campaigns that can be associated with the actor:

  • Ninja

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
145.76.78.23745.76.78.237.vultrusercontent.comToddyCat31/07/2022verifiedعالي
2XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxx31/07/2022verifiedعالي
3XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxXxxxx28/06/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2TXXXXCWE-XXXxxxxxxx Xxxxxxxxxpredictiveعالي
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
4TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
5TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/api/baskets/{name}predictiveعالي
2Fileinc/config.phppredictiveعالي
3Filexxxx.xxxpredictiveمتوسط
4Filexxxx/xxxxxxxxx.xxxpredictiveعالي
5Filexxxxxxx.xxxpredictiveمتوسط
6Filexxxx.xxxpredictiveمتوسط
7Filexxxxxxxxxx.xxxpredictiveعالي
8Libraryxxx/xxxxx.xxpredictiveمتوسط
9Argument$_xxxxxpredictiveواطئ
10Argumentxxxxxxxxpredictiveمتوسط
11Argumentxxpredictiveواطئ
12Argumentxxxxxx_xxxxpredictiveمتوسط
13Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveعالي

المصادر (3)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Do you want to use VulDB in your project?

Use the official API to access entries easily!