CDRThief Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (10)

Langue

zh	8
en	2

De campagne

cn	10

Acteurs

CDRThief	3

Intérêt

Taper

Cloud Software	4
Not Defined	2
Jenkins Plugin	2
Connectivity Software	2

Fournisseur

Not Defined	6
ownCloud	4

Produit

ownCloud user_ldap	2
Jitsi Meet	2
ownCloud Server	2
Job and Node Ownership Plugin	2
OpenSSH	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	Hotline Connect Server divulgation de l'information	3.3	3.3	$0-$5k	$0-$5k	Not Defined	Workaround	0.00000	0.00
2	ownCloud Server Password Protected Public Links authentification faible	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00074	0.00	CVE-2021-35948
3	ownCloud user_ldap elévation de privilèges	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00054	0.00	CVE-2021-40537
4	Atlassian JIRA Server/Data Center Endpoint web.xml directory traversal	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.91900	0.03	CVE-2021-26086
5	Job and Node Ownership Plugin elévation de privilèges	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00055	0.00	CVE-2022-28151
6	PrinterLogic Web Stack chiffrement faible	7.7	7.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.06463	0.00	CVE-2021-42635
7	eEye Retina WiFi Scanner buffer overflow	10.0	10.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.12680	0.00	CVE-2009-3859
8	PHP SoapClient query dénie de service	6.4	6.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01231	0.00	CVE-2021-21702
9	Jitsi Meet authentification faible	8.5	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00196	0.03	CVE-2020-11878
10	OpenSSH Key Exchange Initialization kex_input_kexinit dénie de service	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.78351	0.01	CVE-2016-8858

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Identified	Taper	Confiance
1	34.94.199.142	142.199.94.34.bc.googleusercontent.com	CDRThief	31/05/2021	verified	Moyen
2	35.236.173.187	187.173.236.35.bc.googleusercontent.com	CDRThief	31/05/2021	verified	Moyen
3	XXX.XX.XXX.XX		Xxxxxxxx	31/05/2021	verified	Élevé
4	XXX.XXX.XXX.XXX		Xxxxxxxx	31/05/2021	verified	Élevé
5	XXX.XXX.XXX.XXX		Xxxxxxxx	31/05/2021	verified	Élevé
6	XXX.XXX.XX.XXX		Xxxxxxxx	31/05/2021	verified	Élevé

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1006	CWE-22	Path Traversal	predictive	Élevé
2	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Élevé
3	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé
4	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Élevé

IOA - Indicator of Attack (3)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/WEB-INF/web.xml	predictive	Élevé
2	File	xxxxxxxx/xxxx_xxxx	predictive	Élevé
3	Argument	xxx_xxx	predictive	Faible

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!