Tranchulas Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (230)

Zeitverlauf

Sprache

en214
es14
it2

Land

us38
gb16
ru14
es12
ca4

Akteure

Tranchulas1

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined46
Router Operating System22
Firewall Software18
Operating System14
Hardware Driver Software12

Hersteller

Not Defined42
Cisco38
Microsoft22
NVIDIA12
Apache10

Produkt

Microsoft Windows12
Cisco NX-OS10
Cisco Firepower Threat Defense8
NVIDIA Windows GPU Display Driver8
Cisco ASA6

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasEPSSCTICVE
1Magento PageBuilder Template erweiterte Rechte8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.006690.02CVE-2019-8144
2Microsoft IIS Cross Site Scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.14CVE-2017-0055
3Apache HTTP Server HTTP Digest Authentication Challenge schwache Authentisierung8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.018150.04CVE-2018-1312
4WordPress Metadata erweiterte Rechte8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.015780.00CVE-2018-20148
5Juniper Junos jdhcpd Denial of Service6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.002680.00CVE-2017-2301
6Subrion CMS Cross Site Scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000760.00CVE-2019-11406
7Apache HTTP Server mod_proxy_fcgi.c handle_headers Pufferüberlauf5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.009530.05CVE-2014-3583
8Apple iOS WebKit erweiterte Rechte7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.061350.03CVE-2019-8506
9Microsoft IIS File Name Tilde erweiterte Rechte6.55.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.968170.04CVE-2005-4360
10Cisco Firepower Threat Defense Data Acquisition erweiterte Rechte7.97.9$5k-$25k$5k-$25kNot DefinedNot Defined0.001490.00CVE-2019-1669
11Zeescripts ZeeBuddy bannerclick.php SQL Injection8.58.3$0-$5k$0-$5kHighUnavailable0.001670.00CVE-2008-3604
12PHP Scripts Mall PHP Multivendor Ecommerce my_wishlist.php Cross Site Scripting5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.000750.00CVE-2017-17958
13Aj Square Ajauction subcat.php SQL Injection7.37.3$0-$5k$0-$5kHighUnavailable0.008210.03CVE-2007-1298
14WordPress User Search REST Endpoint Information Disclosure4.44.3$5k-$25k$0-$5kNot DefinedNot Defined0.000890.08CVE-2023-5561
15Void Contact Form 7 Widget for Elementor Page Builder Plugin void_cf7_opt_in_user_data_track Cross Site Request Forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000630.00CVE-2022-47166
16janobe Online Ordering System SQL Injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.001720.00CVE-2022-31356
17Adobe InDesign Pufferüberlauf7.06.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000850.00CVE-2021-40727
18Ubiquiti EdgeMAX EdgeRouter Firmware Update erweiterte Rechte8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003150.00CVE-2021-22909
19Verbatim Keypad Secure USB Lockout Information Disclosure5.04.8$0-$5k$0-$5kNot DefinedNot Defined0.001000.00CVE-2022-28386
20Micro CMS Comments Cross Site Scripting3.53.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.00

Kampagnen (1)

These are the campaigns that can be associated with the actor:

  • Bitterbug

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
146.4.139.224static.224.139.4.46.clients.your-server.deTranchulasBitterbug01.01.2021verifiziertHigh
246.4.139.225static.225.139.4.46.clients.your-server.deTranchulasBitterbug01.01.2021verifiziertHigh
3XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxx01.01.2021verifiziertHigh
4XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxx01.01.2021verifiziertHigh
5XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxx01.01.2021verifiziertHigh
6XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxx01.01.2021verifiziertHigh
7XXX.XX.XXX.XXXXxxxxxxxxxXxxxxxxxx01.01.2021verifiziertHigh

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassifizierungSchwachstellenZugriffsartTypAkzeptanz
1CAPEC-10CWE-19, CWE-20, CWE-59, CWE-119, CWE-120, CWE-125, CWE-134, CWE-189, CWE-190, CWE-200, CWE-284, CWE-285, CWE-287, CWE-290, CWE-345, CWE-347, CWE-352, CWE-354, CWE-361, CWE-362, CWE-399, CWE-400, CWE-404, CWE-415, CWE-416, CWE-476, CWE-502, CWE-610, CWE-611, CWE-665, CWE-668, CWE-693, CWE-787, CWE-824, CWE-843, CWE-862, CWE-863, CWE-908Unknown VulnerabilityprädiktivHigh
2T1006CAPEC-126CWE-22Path TraversalprädiktivHigh
3T1059CAPEC-10CWE-74, CWE-94, CWE-707Argument InjectionprädiktivHigh
4T1059.007CAPEC-10CWE-74, CWE-79, CWE-80, CWE-707Cross Site ScriptingprädiktivHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
6TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxprädiktivHigh
7TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
8TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx XxxxxxxxprädiktivHigh
9TXXXXCAPEC-0CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxprädiktivHigh
10TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxprädiktivHigh
11TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxprädiktivHigh
12TXXXXCAPEC-466CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxprädiktivHigh
13TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxprädiktivHigh
14TXXXX.XXXCAPEC-114CWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
15TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
16TXXXX.XXXCAPEC-0CWE-XXXxxxxxxxxxxxxprädiktivHigh
17TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx XxxxxxprädiktivHigh
18TXXXX.XXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxprädiktivHigh
19TXXXX.XXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxprädiktivHigh
20TXXXXCAPEC-0CWE-XXXXxxxxxxxxxx XxxxxxprädiktivHigh

IOA - Indicator of Attack (74)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/cgi/loginDefaultUserprädiktivHigh
2File/contentshare/image/data/user/0/com.sony.dtv.photosharingplus/files/_BRAVPSS.TMP/LJYT0010.JPGprädiktivHigh
3File/etc/shadowprädiktivMedium
4File/ordering/admin/store/index.php?view=editprädiktivHigh
5File/proc/ioportsprädiktivHigh
6File/uncpath/prädiktivMedium
7File/webconsole/APIControllerprädiktivHigh
8File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgiprädiktivHigh
9FileAccountStatus.jspprädiktivHigh
10Filexxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxprädiktivHigh
11Filexxxxxxxxx/xxxxxxxxxxxxxprädiktivHigh
12Filexxx/xxxxx/xxxxxx.xxxprädiktivHigh
13Filexxxxxxxxxxx.xxxprädiktivHigh
14Filexxxxxx_xxxxx.xprädiktivHigh
15Filexxxxxx/xxx-xxxxx.xprädiktivHigh
16Filexxxx/xx-xxxx-xx/xx-xxxx-xx.xprädiktivHigh
17Filexxxxxx_xxxx.xprädiktivHigh
18Filexxxxxxx/xxx/xxxxx/xxx-xxxxx.xprädiktivHigh
19Filexxxxxxx/xxx/xxxxxxxx/xxx/xxx_xxx_xxx.xprädiktivHigh
20Filexxxxxxx/xxxxx/xxxxx/xxxxxxx.xprädiktivHigh
21Filexxxxxxxx.xxxprädiktivMedium
22Filexxxx/xxxx/xxxx/xxxx.xxxprädiktivHigh
23Filexxxxx/xxxx/xxxx.xxxprädiktivHigh
24Filexxxxxxx/xxxxx/xxx_xxxx.xprädiktivHigh
25Filexxxxx.xxxprädiktivMedium
26Filexxxx.xxxprädiktivMedium
27Filexxxxxx.xprädiktivMedium
28Filexxxxxxxxxxxxx.xxxprädiktivHigh
29Filexxx_xxxxx_xxxx.xprädiktivHigh
30Filexxxxxxxx.xprädiktivMedium
31Filexx_xxxxxxxx.xxxprädiktivHigh
32Filexxxxxxxx_xxxxxx.xxxprädiktivHigh
33Filexxx/xxxx/xx_xxxxxxxx.xprädiktivHigh
34Filexxx/xxxxxx/xxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxxprädiktivHigh
35Filexxxxxxxxx.xxxxx.xxxprädiktivHigh
36Filexxxxxxx.xxxprädiktivMedium
37Filexxxxx.xxxprädiktivMedium
38FilexxxxxprädiktivLow
39Filexxxxxxxx.xxxprädiktivMedium
40Filexxxxxx.xxxprädiktivMedium
41Filexxxxxxxxxxxxxxxxx.xxxxprädiktivHigh
42Filexx/x.x.xx.xxxxxx/xxxxxxx/xx/xxxxx.xx.xxxxxxxxxprädiktivHigh
43Filexxxxxxxxxxxxxxx.xxxxprädiktivHigh
44Filexx-xxxxx/xxxxxxxx/xxxxx-xxxx-xxxxxx-xxxxxxxx.xxxprädiktivHigh
45File_xxxx/xx/xxxxxxxx/prädiktivHigh
46File_xx_xxxxxprädiktivMedium
47Libraryxxxxxxxxxxxxxxxx.xxxprädiktivHigh
48Libraryxxxxxxxx.xxxprädiktivMedium
49Libraryxxx/xxx/xxxx/prädiktivHigh
50ArgumentxxxxprädiktivLow
51Argumentxxxx_xxprädiktivLow
52ArgumentxxxprädiktivLow
53ArgumentxxxxxprädiktivLow
54ArgumentxxxprädiktivLow
55ArgumentxxxxprädiktivLow
56Argumentxxxx_xxxxxxxprädiktivMedium
57ArgumentxxprädiktivLow
58Argumentxxxx/xxxxx/xxxxxprädiktivHigh
59Argumentxxxxxxx=xxxxxxxxxxxxxxprädiktivHigh
60ArgumentxxxxxxxxprädiktivMedium
61ArgumentxxxxxxxxprädiktivMedium
62ArgumentxxprädiktivLow
63ArgumentxxxxprädiktivLow
64Argumentxxxxxx[xxx][xxxx]prädiktivHigh
65ArgumentxxxxxxxxxprädiktivMedium
66ArgumentxxxxxxxxprädiktivMedium
67Argumentxxxx->xxxxxxxprädiktivHigh
68Argumentx-xxxxxxxxx-xxxprädiktivHigh
69Input Value-x/xxxxxxxxxxprädiktivHigh
70Input Value::$xxxxx_xxxxxxxxxxprädiktivHigh
71Input ValuexxprädiktivLow
72Network Portxxx/xx (xxx)prädiktivMedium
73Network Portxxx/xxxxxprädiktivMedium
74Network Portxxx xxxxxx xxxxprädiktivHigh

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Might our Artificial Intelligence support you?

Check our Alexa App!