Vicious Panda Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (118)

Zeitverlauf

Sprache

en74
zh26
fr6
es4
de4

Land

us56
cn28
vn14
jp2
gb2

Akteure

Vicious Panda7
RedLine Stealer2
Purple Fox2
Cobalt Strike1
Farseer1

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined48
Content Management System8
Programming Language Software6
Database Software6
Connectivity Software4

Hersteller

Not Defined46
Microsoft6
Apple4
Cisco4
Apache4

Produkt

Microsoft IIS4
Tribal Systems Zenario CMS2
Phplinkdirectory PHP Link Directory2
Oracle Database Server2
LiquidFiles2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2Tiki Wiki CMS Groupware tiki-jsplugin.php erweiterte Rechte8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.034540.02CVE-2010-4239
3Tabit API Information Disclosure4.54.5$0-$5k$0-$5kNot DefinedNot Defined0.001500.00CVE-2022-34776
4Phplinkdirectory PHP Link Directory conf_users_edit.php Cross Site Request Forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.00CVE-2011-0643
5PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.04CVE-2015-4134
6FasterXML jackson-databind Default Typing Information Disclosure7.46.9$0-$5k$0-$5kNot DefinedOfficial Fix0.003250.03CVE-2019-12086
7DZCP deV!L`z Clanportal config.php erweiterte Rechte7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.86CVE-2010-0966
8UliCMS index.php Cross Site Scripting5.75.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.006300.04CVE-2019-11398
9D-Link DIR-865L register_send.php schwache Authentisierung7.57.1$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.001090.02CVE-2013-3096
10WebCalendar settings.php erweiterte Rechte7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030930.00CVE-2005-2717
11Cisco ASR901 IPv4 Packet Denial of Service5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.022490.02CVE-2014-3293
12Earl Miles Views Filters SQL Injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003610.00CVE-2011-4113
13Microsoft IIS Frontpage Server Extensions shtml.dll Username Information Disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.159580.35CVE-2000-0114
14MikroTik RouterOS erweiterte Rechte7.47.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.059230.00CVE-2019-3924
15Google Chrome Downloads Remote Code Execution7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.004970.07CVE-2023-5857
16DHIS 2 API Endpoint trackedEntityInstances SQL Injection7.77.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2021-41187
17DHIS2 Core Web API schwache Authentisierung5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000600.00CVE-2023-31139
18ALPACA schwache Authentisierung5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001100.09CVE-2021-3618
19Bomgar Remote Support Portal JavaStart.jar Applet Directory Traversal9.19.1$0-$5k$0-$5kNot DefinedNot Defined0.001950.03CVE-2017-12815
20Drupal File Download erweiterte Rechte5.05.0$0-$5k$0-$5kNot DefinedNot Defined0.000490.04CVE-2023-31250

Kampagnen (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
145.76.34.14745.76.34.147.vultrusercontent.comVicious PandaRussian Research Institutes01.05.2022verifiziertHigh
295.179.156.9795.179.156.97.vultr.comVicious PandaCOVID-1910.02.2022verifiziertMedium
3XX.XXX.XXX.XXxx.xxx.xxx.xx.xxxxx.xxxXxxxxxx XxxxxXxxxx-xx10.02.2022verifiziertMedium
4XX.XXX.XXX.Xxx.xxx.xxx.x.xxxxx.xxxXxxxxxx XxxxxXxxxx-xx10.02.2022verifiziertMedium
5XX.XXX.XXX.XXxx.xxx.xxx.xx.xxxxx.xxxXxxxxxx XxxxxXxxxx-xx10.02.2022verifiziertMedium
6XXX.XX.XX.XXXxxx-xxxxxxxxx.xxxxxxx.xxxXxxxxxx XxxxxXxxxxxx Xxxxxxxx Xxxxxxxxxx01.05.2022verifiziertHigh
7XXX.XX.XXX.XXXxx-xxx.xxxxxxx.xxXxxxxxx XxxxxXxxxxxx Xxxxxxxx Xxxxxxxxxx01.05.2022verifiziertHigh
8XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxx.xxxXxxxxxx XxxxxXxxxxxx Xxxxxxxx Xxxxxxxxxx01.05.2022verifiziertHigh
9XXX.XX.XXX.XXXXxxxxxx XxxxxXxxxxxx Xxxxxxxx Xxxxxxxxxx01.05.2022verifiziertHigh
10XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxx.xxxXxxxxxx XxxxxXxxxx-xx10.02.2022verifiziertMedium

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-22Path TraversalprädiktivHigh
2T1059CWE-94Argument InjectionprädiktivHigh
3T1059.007CWE-79, CWE-80Cross Site ScriptingprädiktivHigh
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
5TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxprädiktivHigh
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxprädiktivHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxprädiktivHigh
9TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
10TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxprädiktivHigh
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxprädiktivHigh

IOA - Indicator of Attack (64)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/api/trackedEntityInstancesprädiktivHigh
2File/cgi-bin/luci/api/diagnoseprädiktivHigh
3File/cgi-bin/mesh.cgi?page=upgradeprädiktivHigh
4File/guest_auth/cfg/upLoadCfg.phpprädiktivHigh
5File/phppath/phpprädiktivMedium
6File/uncpath/prädiktivMedium
7File/WEB-INF/web.xmlprädiktivHigh
8Fileabook_database.phpprädiktivHigh
9Filexxxxxxx.xxxprädiktivMedium
10Filexxxxx.xxxprädiktivMedium
11Filexxxxx/xxxx_xxxxx_xxxx.xxxprädiktivHigh
12Filexxxxx/xxxxx.xxxprädiktivHigh
13Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxprädiktivHigh
14Filexxxx.xxxprädiktivMedium
15Filexxxxxxxx.xxxprädiktivMedium
16Filexxxx/xxxxxxxxxxxxxxx.xxxprädiktivHigh
17Filexx_xxxxxx.xxxprädiktivHigh
18Filexxxx_xxxx.xxxxprädiktivHigh
19Filexxxxxxxxxx.xxxprädiktivHigh
20Filexxxxx.xxxprädiktivMedium
21Filexxx_xxxxxxx.xxxprädiktivHigh
22Filexxxx.xxxprädiktivMedium
23Filexxxx_xxxxxxx.xxx.xxxprädiktivHigh
24Filexxxx/xxx-xxxxxxxx.xxxprädiktivHigh
25Filexxx/xxxxxx.xxxprädiktivHigh
26Filexxx/xxxxxxxxxxx/xxxxxxx.xxxprädiktivHigh
27Filexxxxx.xxxprädiktivMedium
28Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxprädiktivHigh
29Filexxxxx.xxx?xxx=xxxx&xxx=xxxx_xxxxxxxprädiktivHigh
30Filexxxxxxxx/xxxx?xxxxxx=xxprädiktivHigh
31Filexxxxxxx.xxxprädiktivMedium
32Filexxxxxx.xprädiktivMedium
33Filexxxxxxxx_xxxx.xxxprädiktivHigh
34Filexxxx/xxx/xxx_xxxx.xprädiktivHigh
35Filexxxxxxxx.xxxprädiktivMedium
36Filexxxxx.xxxprädiktivMedium
37Filexxxx-xxxxxxxx.xxxprädiktivHigh
38Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxprädiktivHigh
39Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxprädiktivHigh
40Library/_xxx_xxx/xxxxx.xxxprädiktivHigh
41Libraryxxxxxxx/xxx/xxxxxx.xxx.xxxprädiktivHigh
42Argument$_xxxxxx['xxxxx_xxxxxx']prädiktivHigh
43Argumentxxxxxxx_xxprädiktivMedium
44Argumentxxxxxxxxxxxxxx[xxx][x][xxxxxxxx]prädiktivHigh
45ArgumentxxxxxxxxprädiktivMedium
46ArgumentxxxprädiktivLow
47Argumentxxx_xxxxxxx_xxxprädiktivHigh
48ArgumentxxxxprädiktivLow
49ArgumentxxxxxxxxprädiktivMedium
50ArgumentxxxxxprädiktivLow
51ArgumentxxprädiktivLow
52ArgumentxxprädiktivLow
53ArgumentxxprädiktivLow
54ArgumentxxxprädiktivLow
55ArgumentxxxxxxxxprädiktivMedium
56Argumentxxxx_xxxxprädiktivMedium
57ArgumentxxprädiktivLow
58ArgumentxxxxxxxxprädiktivMedium
59ArgumentxxxxxxxxprädiktivMedium
60ArgumentxxxprädiktivLow
61Input Value-xprädiktivLow
62Pattern|xx xx xx xx xx xx xx xx|prädiktivHigh
63Network Portxxx/xx (xxx xxxxxxxx)prädiktivHigh
64Network Portxxx/xxxxxprädiktivMedium

Referenzen (3)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Want to stay up to date on a daily basis?

Enable the mail alert feature now!