TA578 Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (11)

Zeitverlauf

Sprache

en12

Land

us8
ru2

Akteure

FIN71
TA5051
Zusy1
Mikey1
B1txor201

Aktivitäten

Interesse

Zeitverlauf

Typ

Content Management System4
Operating System Utility Software2
Operating System2
Firewall Software2
Endpoint Management Software2

Hersteller

Not Defined4
Joomla2
Microsoft2
Fortinet2
Quest2

Produkt

sudo2
Joomla CMS2
Microsoft Windows2
Joomla2
Fortinet FortiOS2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1Fortinet FortiOS SSL-VPN Pufferüberlauf9.89.6$25k-$100k$25k-$100kHighOfficial Fix0.090.02287CVE-2024-21762
2SonicWALL GMS/Analytics Web Service Information Disclosure5.05.0$0-$5k$0-$5kNot DefinedNot Defined0.000.00049CVE-2023-34134
3Microsoft Windows Kerberos schwache Authentisierung8.98.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.00048CVE-2024-20674
4Joomla SQL Injection6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00142CVE-2022-23797
5Joomla CMS com_fields erweiterte Rechte6.46.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00268CVE-2018-11321
6Joomla! Module Layout Settings Privilege Escalation5.55.5$5k-$25k$0-$5kNot DefinedNot Defined0.000.00110CVE-2021-26031
7sudo Runas Restriction erweiterte Rechte8.88.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.030.30814CVE-2019-14287
8McAfee ePolicy Orchestrator Cross Site Scripting3.63.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00054CVE-2021-31835
9Quest KACE Systems Management Appliance Server Center ticket_associated_tickets.php Cross Site Scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00055CVE-2019-13081
10Pidgin Protocol Plugin msg.c erweiterte Rechte5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01234CVE-2012-2318
11FreeBSD sendmsg(2) erweiterte Rechte7.87.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00070CVE-2016-1887

Kampagnen (1)

These are the campaigns that can be associated with the actor:

  • BumbleBee

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
1194.165.16.60TA578BumbleBee17.06.2022verifiziertHigh

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1059.007CWE-79Cross Site ScriptingprädiktivHigh
2TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
3TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
4TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/common/ticket_associated_tickets.phpprädiktivHigh
2Filexxx.xprädiktivLow
3ArgumentxxxxxprädiktivLow
4Input Value-x/xxxxxxxxxxprädiktivHigh

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Do you want to use VulDB in your project?

Use the official API to access entries easily!