ToddyCat Analyse

IOB - Indicator of Behavior (18)

Zeitverlauf

Sprache

en16
zh2

Land

cn12
us6

Akteure

Aktivitäten

Interesse

Zeitverlauf

Typ

Hersteller

Produkt

Kingsoft WPS Office2
Nostromo nhttpd2
DZCP deV!L`z Clanportal2
QNAP QTS2
QNAP QuTS Hero2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1request-baskets API Request {name} erweiterte Rechte6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.020.05974CVE-2023-27163
2bassmaster plugin batch.js internalsbatch erweiterte Rechte9.89.4$0-$5k$0-$5kHighOfficial Fix0.050.87462CVE-2014-7205
3QNAP QTS/QuTS Hero/QVP/QVR erweiterte Rechte6.76.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00067CVE-2023-23355
4Kingsoft WPS Office Registry wpsupdater.exe erweiterte Rechte5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00924CVE-2022-24934
5ZyXEL P660HN-T v1 ViewLog.asp erweiterte Rechte7.36.4$5k-$25k$0-$5kProof-of-ConceptWorkaround0.020.00000
6ARM Cortex-M33/Cortex-M35P/Cortex-M55/China STAR-MC VLLDM Instruction erweiterte Rechte5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00053CVE-2021-35465
7VMware Workstation/Fusion/ESX/View VMCI.SYS erweiterte Rechte8.47.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.00062CVE-2013-1406
8Oracle MySQL Server LDAP Auth Privilege Escalation8.07.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00076CVE-2020-14878
9Oracle WebLogic Server Core Components erweiterte Rechte9.89.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.01213CVE-2019-17195
10SAP Knowledge Management File API Directory Traversal8.28.2$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00182CVE-2020-6225
11Microsoft Windows Bluetooth Driver Object BlueBorne erweiterte Rechte7.77.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00117CVE-2017-8628
12Nostromo nhttpd http_verify Directory Traversal8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.97418CVE-2019-16278
13Django SQL Injection8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00742CVE-2020-7471
14Spring Data Commons XMLBeam XML External Entity7.47.2$0-$5k$0-$5kHighOfficial Fix0.020.00366CVE-2018-1259
15PHP Server Monitor Cross Site Request Forgery5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00071CVE-2018-18921
16DeDeCMS recommend.php SQL Injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.02577CVE-2017-17731
17DZCP deV!L`z Clanportal config.php erweiterte Rechte7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.690.00954CVE-2010-0966
18DeDeCMS list.php SQL Injection7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.00618CVE-2011-5200

Kampagnen (1)

These are the campaigns that can be associated with the actor:

  • Ninja

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
145.76.78.23745.76.78.237.vultrusercontent.comToddyCat31.07.2022verifiziertHigh
2XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxx31.07.2022verifiziertHigh
3XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxXxxxx28.06.2022verifiziertHigh

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-22Path TraversalprädiktivHigh
2TXXXXCWE-XXXxxxxxxx XxxxxxxxxprädiktivHigh
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
4TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
5TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/api/baskets/{name}prädiktivHigh
2Fileinc/config.phpprädiktivHigh
3Filexxxx.xxxprädiktivMedium
4Filexxxx/xxxxxxxxx.xxxprädiktivHigh
5Filexxxxxxx.xxxprädiktivMedium
6Filexxxx.xxxprädiktivMedium
7Filexxxxxxxxxx.xxxprädiktivHigh
8Libraryxxx/xxxxx.xxprädiktivMedium
9Argument$_xxxxxprädiktivLow
10ArgumentxxxxxxxxprädiktivMedium
11ArgumentxxprädiktivLow
12Argumentxxxxxx_xxxxprädiktivMedium
13Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxprädiktivHigh

Referenzen (3)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!