Deep Panda Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (73)

Idioma

en	68
fr	4
pl	2

País

us	50
ca	14
cn	6
dz	4

Actores

Deep Panda	3
Shell Crew	1

Interesar

Escribe

Not Defined	12
Operating System	6
Firewall Software	4
Web Server	4
Forum Software	2

Proveedor

Not Defined	18
SloughFlash	2
Exacq	2
DZCP	2
Todd Miller	2

Producto

SloughFlash SF-Users	2
Exacq exacqVision Enterprise System Manager	2
TheWebForum	2
HAProxy	2
DZCP deV!L`z Clanportal	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	CTI	EPSS	CVE
1	DZCP deV!L`z Clanportal config.php escalada de privilegios	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.79	0.00943	CVE-2010-0966
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
3	vsftpd deny_file vulnerabilidad desconocida	3.7	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00312	CVE-2015-1419
4	HAProxy Header Field escalada de privilegios	8.2	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00207	CVE-2023-25725
5	nginx escalada de privilegios	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.09	0.00241	CVE-2020-12440
6	Exacq exacqVision Enterprise System Manager escalada de privilegios	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00112	CVE-2019-7588
7	Smartstore WebApi Authentication autenticación débil	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00309	CVE-2020-15243
8	codemirror Regular Expression escalada de privilegios	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05	0.01484	CVE-2020-7760
9	WordPress Pingback escalada de privilegios	5.7	5.7	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00	0.00120	CVE-2022-3590
10	WordPress Private Post escalada de privilegios	4.6	4.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00272	CVE-2020-11028
11	Oracle Solaris Common Desktop Environment Format String	8.3	7.9	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00043	CVE-2022-43752
12	JunosOS J-Web escalada de privilegios	7.8	7.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00275	CVE-2022-22241
13	Microsoft Windows Workstation Service desbordamiento de búfer	7.3	6.8	$100k y más	$0-$5k	High	Official Fix	0.02	0.96674	CVE-2006-4691
14	Todd Miller sudo sudoedit sudoers escalada de privilegios	7.8	7.0	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00061	CVE-2015-5602
15	WonderCMS Plugin Installer index.php addCustomThemePluginRepository escalada de privilegios	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.12296	CVE-2020-35313
16	PostgreSQL escalada de privilegios	5.9	5.9	$0-$5k	$0-$5k	High	Not Defined	0.04	0.97475	CVE-2019-9193
17	Dovecot Indexer-Worker Process desbordamiento de búfer	8.1	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00044	CVE-2019-7524
18	SmartStoreNET Privilege Escalation	7.6	7.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00353	CVE-2020-27996
19	CutePHP CuteNews escalada de privilegios	7.5	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.08	0.02086	CVE-2019-11447
20	Cisco Firepower System Software Detection Engine escalada de privilegios	6.9	6.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00140	CVE-2019-12697

Campañas (1)

These are the campaigns that can be associated with the actor:

Log4Shell

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Campañas	Identified	Escribe	Confianza
1	1.9.5.38		Deep Panda		2021-01-01	verified	Alto
2	103.224.80.76		Deep Panda		2022-08-04	verified	Alto
3	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxx.xxxxxxxxx.xxx	Xxxx Xxxxx	Xxxxxxxxx	2022-04-01	verified	Alto
4	XXX.XX.XX.XXX	xxx.xxx.xxxx	Xxxx Xxxxx		2020-12-16	verified	Alto
5	XXX.XX.XXX.X		Xxxx Xxxxx		2020-12-16	verified	Alto
6	XXX.XX.XX.XX	xxxx.xx-xxx-xx-xx.xxx	Xxxx Xxxxx	Xxxxxxxxx	2022-04-01	verified	Alto
7	XXX.XXX.XXX.XXX		Xxxx Xxxxx		2020-12-16	verified	Alto
8	XXX.XXX.XX.XXX		Xxxx Xxxxx		2021-01-01	verified	Alto
9	XXX.XX.XXX.X	xxxxxxxxxxxx.xxxxxx.xxxxx.xxx	Xxxx Xxxxx		2021-01-01	verified	Alto

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1006	CWE-22	Path Traversal	predictive	Alto
2	T1059	CWE-94	Argument Injection	predictive	Alto
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Alto
7	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
8	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Alto
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
10	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/etc/sudoers	predictive	Medio
2	File	data/gbconfiguration.dat	predictive	Alto
3	File	fs/aio.c	predictive	Medio
4	File	xxx/xxxxxx.xxx	predictive	Alto
5	File	xxxxx.xxx	predictive	Medio
6	File	xxxxx.xxx?xxx=xxxx&xxx=xxxxxxxx	predictive	Alto
7	File	xxxxx_xx.xxxx	predictive	Alto
8	File	xxx/xxxx/xxxx.xx	predictive	Alto
9	File	xxxxxxxx.x	predictive	Medio
10	File	xxxxxxxx.xxx	predictive	Medio
11	File	xxxxxx/xxx/xx/xxx.xx	predictive	Alto
12	Argument	xxxxxx_xxxx	predictive	Medio
13	Argument	xxxxxxxx	predictive	Medio
14	Argument	xxxxxx_xx	predictive	Medio
15	Argument	xx_xxxxxx	predictive	Medio
16	Argument	xxx	predictive	Bajo
17	Pattern	\|xx xx\|	predictive	Bajo

Referencias (7)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!