Tortoiseshell Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (19)

Idioma

en	14
fr	2
de	2
pl	2

País

us	18

Actores

Tortoiseshell	4
Cobalt Strike	1
Cuba Ransomware	1

Interesar

Escribe

Software Library	4
Photo Gallery Software	2
Solution Stack Software	2
Web Server	2
Firewall Software	2

Proveedor

Not Defined	6
Coppermine	2
SAP	2
Apache	2
F5	2

Producto

Coppermine Photo Gallery	2
media-library-assistant Plugin	2
SAP NetWeaver AS JAVA	2
Apache HTTP Server	2
Media Library Assistant Plugin	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	CTI	EPSS	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
2	Google Chrome Flash Player desbordamiento de búfer	9.9	9.5	$100k y más	$5k-$25k	Not Defined	Official Fix	0.00	0.00645	CVE-2012-0724
3	AWStats awstats.pl Path divulgación de información	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.06	0.00176	CVE-2018-10245
4	ADTRAN Netvanta 7060/Netvanta 7100 DNS Privilege Escalation	6.5	6.3	$0-$5k	$0-$5k	Not Defined	Workaround	0.00	0.02808	CVE-2021-25681
5	Apache HTTP Server HTTP/2 Request escalada de privilegios	6.4	6.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.02	0.00606	CVE-2020-9490
6	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.00548	CVE-2017-0055
7	ImageMagick heic.c ReadHEICImageByID divulgación de información	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.06	0.00056	CVE-2020-10251
8	SAP NetWeaver AS JAVA LM Configuration Wizard RECON autenticación débil	10.0	9.5	$100k y más	$0-$5k	High	Official Fix	0.06	0.97502	CVE-2020-6287
9	Media Library Assistant Plugin cross site scripting	5.2	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00115	CVE-2020-11731
10	media-library-assistant Plugin mla_gallery escalada de privilegios	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.01003	CVE-2020-11928
11	Wechat Broadcast Plugin Image.php directory traversal	8.1	8.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.29241	CVE-2018-16283
12	Ecommerce Online Store Kit shop.php sql injection	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.03763	CVE-2004-0300
13	Microsoft Windows Remote Desktop/Terminal Services Web Connection autenticación débil	6.3	6.2	$25k-$100k	$0-$5k	Not Defined	Workaround	0.02	0.00000
14	F5 BIG-IP ASM pl_tree.php cross site scripting	4.3	4.2	$5k-$25k	$0-$5k	High	Unavailable	0.00	0.00220	CVE-2014-9342
15	Sitecore IDE.aspx directory traversal	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00130	CVE-2017-11440
16	Coppermine Photo Gallery directory traversal	4.2	3.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.01312	CVE-2007-4976

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Identified	Escribe	Confianza
1	64.235.39.45	lasvegas-nv-datacenter.serverpoint.com	Tortoiseshell	2021-06-01	verified	Alto
2	XX.XXX.XX.XXX	xxxxxxxx-xx-xxxxxxxxxx.xxxxxxxxxxx.xxx	Xxxxxxxxxxxxx	2021-06-01	verified	Alto
3	XXX.XXX.XX.XXX		Xxxxxxxxxxxxx	2022-04-28	verified	Alto
4	XXX.XX.XXX.XXX		Xxxxxxxxxxxxx	2022-04-28	verified	Alto

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1006	CWE-22	Path Traversal	predictive	Alto
2	TXXXX	CWE-XX	Xxxxxxxx Xxxxxxxxxxxxxx Xx Xxxx Xxxxxx Xxxxx Xxxxxxxxxxx	predictive	Alto
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/uncpath/	predictive	Medio
2	File	awstats.pl	predictive	Medio
3	File	xxxxxx\xxxx.x	predictive	Alto
4	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
5	File	xxxxx.xxx	predictive	Medio
6	File	xx_xxxx.xxx	predictive	Medio
7	File	xxxxx/xxxxxxxxxxxx/xxxxxxx/xxx.xxxx	predictive	Alto
8	File	xxxx.xxx	predictive	Medio
9	Argument	xxxxxxxxx/xxxxxx	predictive	Alto
10	Argument	xx	predictive	Bajo
11	Argument	xxxxxxxxx	predictive	Medio
12	Argument	xxx_xxxxx/xxxx_xxxxx/xxxx_xxxxx	predictive	Alto
13	Argument	xxx	predictive	Bajo

Referencias (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!