TSCookie Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (8)

Idioma

en	8

País

cn	6
us	2

Actores

PLEAD	1

Interesar

Escribe

JavaScript Library	4
Not Defined	2
Connectivity Software	2

Proveedor

Not Defined	6
Citrix	2

Producto

Node.js	2
PHPWind	2
Citrix Application Delivery Controller	2
Citrix Gateway	2
PDF.js Viewer Plugin	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	CTI	EPSS	CVE
1	eSyndicat Directory Software suggest-listing.php cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.06	0.00000
2	PDF.js Viewer Plugin Shortcode cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00058	CVE-2021-24759
3	ProcessMaker Enterprise Core sql injection	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00063	CVE-2016-9048
4	Citrix Application Delivery Controller/Gateway directory traversal	8.5	8.4	$25k-$100k	$0-$5k	High	Official Fix	0.00	0.97535	CVE-2019-19781
5	Liferay Portal CE JSON Payload escalada de privilegios	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.01289	CVE-2019-16891
6	Yii Framework Exception Error ErrorHandler.php divulgación de información	6.4	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05	0.00246	CVE-2018-6010
7	Node.js Pathname Validator escalada de privilegios	7.4	7.1	$0-$5k	$0-$5k	High	Official Fix	0.03	0.96684	CVE-2017-14849
8	PHPWind goto.php cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.32	0.00254	CVE-2015-4135

Campañas (1)

These are the campaigns that can be associated with the actor:

TSCookie

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Campañas	Identified	Escribe	Confianza
1	45.76.102.145	45.76.102.145.vultr.com	BlackTech	TSCookie	2020-12-15	verified	Medio
2	XX.XXX.XX.XX	xx-xxx-xx-xx.xxxx.xxxx.xxx.xx	Xxxxxxxxx	Xxxxxxxx	2020-12-15	verified	Alto
3	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xxxxx-xx.xxxxx.xxx	Xxxxxxxxx	Xxxxxxxx	2020-12-15	verified	Alto

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1006	CWE-22	Path Traversal	predictive	Alto
2	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
3	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	base/ErrorHandler.php	predictive	Alto
2	File	goto.php	predictive	Medio
3	File	xxxxxxx-xxxxxxx.xxx	predictive	Alto
4	Argument	xxxxx	predictive	Bajo
5	Argument	xxx	predictive	Bajo

Referencias (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!