Vicious Panda تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (118)

التسلسل الزمني

اللغة

en84
de12
zh12
es6
jp2

البلد

us62
cn22
vn14
jp2
ir2

الفاعلين

Vicious Panda9
RedLine Stealer2
Purple Fox2
Farseer1
Ave Maria1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined40
Programming Language Software14
Content Management System10
Operating System4
Connectivity Software4

المجهز

Not Defined46
Microsoft6
Ruijie4
Citrix4
Apache4

منتج

PHP6
Ruijie RG-EW4
WordPress4
Dual DHCP DNS Server2
Sangfor Sundray WLAN Controller2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2Tiki Wiki CMS Groupware tiki-jsplugin.php تجاوز الصلاحيات8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.034540.04CVE-2010-4239
3Tabit API الكشف عن المعلومات4.54.5$0-$5k$0-$5kNot DefinedNot Defined0.001500.00CVE-2022-34776
4Phplinkdirectory PHP Link Directory conf_users_edit.php طلب تزوير مشترك6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.04CVE-2011-0643
5PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.05CVE-2015-4134
6FasterXML jackson-databind Default Typing الكشف عن المعلومات7.46.9$0-$5k$0-$5kNot DefinedOfficial Fix0.003250.03CVE-2019-12086
7DZCP deV!L`z Clanportal config.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.09CVE-2010-0966
8UliCMS index.php سكربتات مشتركة5.75.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.006300.04CVE-2019-11398
9D-Link DIR-865L register_send.php توثيق ضعيف7.57.1$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.001090.02CVE-2013-3096
10WebCalendar settings.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030930.00CVE-2005-2717
11Cisco ASR901 IPv4 Packet الحرمان من الخدمة5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.022640.02CVE-2014-3293
12Earl Miles Views Filters حقن إس كيو إل7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003610.00CVE-2011-4113
13Microsoft IIS Frontpage Server Extensions shtml.dll Username الكشف عن المعلومات5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.159580.24CVE-2000-0114
14MikroTik RouterOS تجاوز الصلاحيات7.47.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.059230.00CVE-2019-3924
15Google Chrome Downloads Remote Code Execution7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.004970.07CVE-2023-5857
16DHIS 2 API Endpoint trackedEntityInstances حقن إس كيو إل7.77.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2021-41187
17DHIS2 Core Web API توثيق ضعيف5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000600.00CVE-2023-31139
18ALPACA توثيق ضعيف5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001100.33CVE-2021-3618
19Bomgar Remote Support Portal JavaStart.jar Applet اجتياز الدليل9.19.1$0-$5k$0-$5kNot DefinedNot Defined0.001950.03CVE-2017-12815
20Drupal File Download تجاوز الصلاحيات5.05.0$0-$5k$0-$5kNot DefinedNot Defined0.000490.04CVE-2023-31250

حملات (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
145.76.34.14745.76.34.147.vultrusercontent.comVicious PandaRussian Research Institutes01/05/2022verifiedعالي
295.179.156.9795.179.156.97.vultr.comVicious PandaCOVID-1910/02/2022verifiedمتوسط
3XX.XXX.XXX.XXxx.xxx.xxx.xx.xxxxx.xxxXxxxxxx XxxxxXxxxx-xx10/02/2022verifiedمتوسط
4XX.XXX.XXX.Xxx.xxx.xxx.x.xxxxx.xxxXxxxxxx XxxxxXxxxx-xx10/02/2022verifiedمتوسط
5XX.XXX.XXX.XXxx.xxx.xxx.xx.xxxxx.xxxXxxxxxx XxxxxXxxxx-xx10/02/2022verifiedمتوسط
6XXX.XX.XX.XXXxxx-xxxxxxxxx.xxxxxxx.xxxXxxxxxx XxxxxXxxxxxx Xxxxxxxx Xxxxxxxxxx01/05/2022verifiedعالي
7XXX.XX.XXX.XXXxx-xxx.xxxxxxx.xxXxxxxxx XxxxxXxxxxxx Xxxxxxxx Xxxxxxxxxx01/05/2022verifiedعالي
8XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxx.xxxXxxxxxx XxxxxXxxxxxx Xxxxxxxx Xxxxxxxxxx01/05/2022verifiedعالي
9XXX.XX.XXX.XXXXxxxxxx XxxxxXxxxxxx Xxxxxxxx Xxxxxxxxxx01/05/2022verifiedعالي
10XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxx.xxxXxxxxxx XxxxxXxxxx-xx10/02/2022verifiedمتوسط

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالفئةالثغراتمتجه الوصولالنوعالثقة
1CAPEC-10CWE-20, CWE-59, CWE-73, CWE-119, CWE-121, CWE-266, CWE-275, CWE-287, CWE-305, CWE-352, CWE-399, CWE-404, CWE-441, CWE-444, CWE-502, CWE-610, CWE-613, CWE-732, CWE-862, CWE-863Unknown Vulnerabilitypredictiveعالي
2T1006CAPEC-126CWE-22Path Traversalpredictiveعالي
3T1059CAPEC-10CWE-74, CWE-94, CWE-707Argument Injectionpredictiveعالي
4TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
6TXXXX.XXXCAPEC-0CWE-XXX, CWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictiveعالي
7TXXXX.XXXCAPEC-191CWE-XXX, CWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
8TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
9TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictiveعالي
10TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx Xxxxxxxxxpredictiveعالي
11TXXXX.XXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxx Xxxxxx Xxxxpredictiveعالي
12TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
13TXXXXCAPEC-0CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxpredictiveعالي

IOA - Indicator of Attack (64)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/api/trackedEntityInstancespredictiveعالي
2File/cgi-bin/luci/api/diagnosepredictiveعالي
3File/cgi-bin/mesh.cgi?page=upgradepredictiveعالي
4File/guest_auth/cfg/upLoadCfg.phppredictiveعالي
5File/phppath/phppredictiveمتوسط
6File/uncpath/predictiveمتوسط
7File/WEB-INF/web.xmlpredictiveعالي
8Fileabook_database.phppredictiveعالي
9Filexxxxxxx.xxxpredictiveمتوسط
10Filexxxxx.xxxpredictiveمتوسط
11Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveعالي
12Filexxxxx/xxxxx.xxxpredictiveعالي
13Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveعالي
14Filexxxx.xxxpredictiveمتوسط
15Filexxxxxxxx.xxxpredictiveمتوسط
16Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
17Filexx_xxxxxx.xxxpredictiveعالي
18Filexxxx_xxxx.xxxxpredictiveعالي
19Filexxxxxxxxxx.xxxpredictiveعالي
20Filexxxxx.xxxpredictiveمتوسط
21Filexxx_xxxxxxx.xxxpredictiveعالي
22Filexxxx.xxxpredictiveمتوسط
23Filexxxx_xxxxxxx.xxx.xxxpredictiveعالي
24Filexxxx/xxx-xxxxxxxx.xxxpredictiveعالي
25Filexxx/xxxxxx.xxxpredictiveعالي
26Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveعالي
27Filexxxxx.xxxpredictiveمتوسط
28Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictiveعالي
29Filexxxxx.xxx?xxx=xxxx&xxx=xxxx_xxxxxxxpredictiveعالي
30Filexxxxxxxx/xxxx?xxxxxx=xxpredictiveعالي
31Filexxxxxxx.xxxpredictiveمتوسط
32Filexxxxxx.xpredictiveمتوسط
33Filexxxxxxxx_xxxx.xxxpredictiveعالي
34Filexxxx/xxx/xxx_xxxx.xpredictiveعالي
35Filexxxxxxxx.xxxpredictiveمتوسط
36Filexxxxx.xxxpredictiveمتوسط
37Filexxxx-xxxxxxxx.xxxpredictiveعالي
38Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveعالي
39Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveعالي
40Library/_xxx_xxx/xxxxx.xxxpredictiveعالي
41Libraryxxxxxxx/xxx/xxxxxx.xxx.xxxpredictiveعالي
42Argument$_xxxxxx['xxxxx_xxxxxx']predictiveعالي
43Argumentxxxxxxx_xxpredictiveمتوسط
44Argumentxxxxxxxxxxxxxx[xxx][x][xxxxxxxx]predictiveعالي
45Argumentxxxxxxxxpredictiveمتوسط
46Argumentxxxpredictiveواطئ
47Argumentxxx_xxxxxxx_xxxpredictiveعالي
48Argumentxxxxpredictiveواطئ
49Argumentxxxxxxxxpredictiveمتوسط
50Argumentxxxxxpredictiveواطئ
51Argumentxxpredictiveواطئ
52Argumentxxpredictiveواطئ
53Argumentxxpredictiveواطئ
54Argumentxxxpredictiveواطئ
55Argumentxxxxxxxxpredictiveمتوسط
56Argumentxxxx_xxxxpredictiveمتوسط
57Argumentxxpredictiveواطئ
58Argumentxxxxxxxxpredictiveمتوسط
59Argumentxxxxxxxxpredictiveمتوسط
60Argumentxxxpredictiveواطئ
61Input Value-xpredictiveواطئ
62Pattern|xx xx xx xx xx xx xx xx|predictiveعالي
63Network Portxxx/xx (xxx xxxxxxxx)predictiveعالي
64Network Portxxx/xxxxxpredictiveمتوسط

المصادر (3)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Do you know our Splunk app?

Download it now for free!