Tonto Team Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (53)

Sprache

en	32
zh	22

Land

cn	42
us	12

Akteure

Cobalt Strike	2
Sliver	1
Tonto Team	1

Interesse

Typ

Not Defined	14
Content Management System	6
Solution Stack Software	4
Social Network Software	4
Groupware Software	2

Hersteller

Not Defined	18
Microsoft	6
SAP	4
Facebook	4
DaSchTour	2

Produkt

SAP NetWeaver AS JAVA	4
Facebook WhatsApp	4
Facebook WhatsApp Business	4
DaSchTour matomo-mediawiki-extension	2
Facebook WhatsApp for Portal	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	DaSchTour matomo-mediawiki-extension Username Piwik.hooks.php Cross Site Scripting	3.8	3.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00094	CVE-2017-20175
2	Apache HTTP Server server-status Information Disclosure	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Workaround	0.00	0.00000
3	Juniper Junos JDHCPD Information Disclosure	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00103	CVE-2020-1671
4	SonicWall SSLVPN SMA100 SQL Injection	7.3	7.1	$0-$5k	$0-$5k	Functional	Not Defined	0.02	0.02628	CVE-2021-20016
5	LangChain Configuration load_chain Directory Traversal	5.0	4.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.08	0.00045	CVE-2024-28088
6	Cisco IOS XE Linux Shell erweiterte Rechte	8.0	7.7	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.02	0.00164	CVE-2020-3218
7	Tmax Soft JEUS Web Application Server url.jsp Cross Site Scripting	4.3	4.1	$0-$5k	$0-$5k	High	Official Fix	0.02	0.00000
8	Revive Adserver Information Disclosure	5.6	5.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00100	CVE-2023-26756
9	Microsoft Exchange Server Privilege Escalation	8.8	8.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00	0.01502	CVE-2022-23277
10	Microsoft Exchange Server PowerShell ProxyNotShell Privilege Escalation	7.7	7.3	$5k-$25k	$0-$5k	High	Official Fix	0.03	0.11506	CVE-2022-41082
11	Microsoft Exchange Server Information Disclosure	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.04	0.00333	CVE-2023-21709
12	OMICARD EDM Directory Traversal	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00186	CVE-2022-32963
13	HPE System Management Homepage erweiterte Rechte	6.5	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00042	CVE-2017-12547
14	Aruba Networks ArubaOS-CX Switches Recovery Console schwache Authentisierung	6.5	6.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.04	0.00060	CVE-2022-23691
15	Netgear Prosafe Switch /filesystem/ Script Denial of Service	5.3	5.0	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.96771	CVE-2013-4776
16	Microsoft Exchange Server Privilege Escalation	8.0	7.3	$5k-$25k	$5k-$25k	Unproven	Official Fix	0.04	0.00095	CVE-2023-28310
17	Microsoft Windows win32k.sys erweiterte Rechte	7.3	7.0	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.04	0.42142	CVE-2014-4148
18	Dreamer CMS File Upload Cross Site Scripting	4.1	4.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00082	CVE-2023-1746
19	Netgate pfSense XML File config.xml restore_rrddata erweiterte Rechte	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01	0.45928	CVE-2023-27253
20	Boa Webserver GET wapopen Directory Traversal	6.4	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.73540	CVE-2017-9833

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Kampagnen	Identifiziert	Typ	Akzeptanz
1	45.133.194.135		Tonto Team		18.03.2024	verifiziert	High
2	XX.XX.XXX.XX		Xxxxx Xxxx		11.06.2021	verifiziert	High

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CWE-22	Path Traversal	prädiktiv	High
2	T1059	CWE-94	Argument Injection	prädiktiv	High
3	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	prädiktiv	High
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
5	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	prädiktiv	High
6	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	prädiktiv	High
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
9	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/cgi-bin/wapopen	prädiktiv	High
2	File	/server-status	prädiktiv	High
3	File	/webmail/	prädiktiv	Medium
4	File	xxxxxx.xxx	prädiktiv	Medium
5	File	xxxxxxx_xxxx.xxxx.xxx/xxxxxxx_xxxx.xxx	prädiktiv	High
6	File	xxxxxxxxxx/	prädiktiv	Medium
7	File	xxx.xx	prädiktiv	Low
8	File	xxxxx.xxxxx.xxx	prädiktiv	High
9	File	xxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxx	prädiktiv	High
10	File	xxxxxxxxx/xx/xx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx	prädiktiv	High
11	File	xxx.xxx	prädiktiv	Low
12	File	xxx/xxxxx.xxx	prädiktiv	High
13	File	xxx_xxxxxxxx.xxx	prädiktiv	High
14	Library	xxxxxx.xxx	prädiktiv	Medium
15	Argument	$_xxxxxx['xxxx_xxxx_xxxxx']	prädiktiv	High
16	Argument	xxxxxxxxxxxxxx	prädiktiv	High
17	Argument	xxxxxxxxxx	prädiktiv	Medium
18	Argument	xxx	prädiktiv	Low
19	Argument	xxxx	prädiktiv	Low
20	Argument	xxxxxxx	prädiktiv	Low
21	Argument	xxxxxxxx	prädiktiv	Medium
22	Input Value	../..	prädiktiv	Low

Referenzen (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!