Triton Analyse

IOB - Indicator of Behavior (11)

Zeitverlauf

Sprache

en12

Land

ru10
us2

Akteure

Aktivitäten

Interesse

Zeitverlauf

Typ

Hersteller

Produkt

Peplink Balance2
com_tag2
Microsoft IIS2
Microsoft Windows2
OpenSSL2

Schwachstellen

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
187.245.143.140Triton22.12.2020verifiziertHigh

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1059.007CWE-79Cross Site ScriptingprädiktivHigh
2TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
3TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
4TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/+CSCOE+/logon.htmlprädiktivHigh
2Filecgi-bin/MANGA/admin.cgiprädiktivHigh
3Filexxxxx.xxxprädiktivMedium
4Filexxxxxxx.xxxprädiktivMedium
5ArgumentxxxxxprädiktivLow
6ArgumentxxxprädiktivLow
7Input Value::$xxxxx_xxxxxxxxxxprädiktivHigh
8Network Portxxx xxxxxx xxxxprädiktivHigh

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!