PittyTiger Analyse

IOB - Indicator of Behavior (38)

Chronologie

Langue

en20
zh18

De campagne

cn28
us10

Acteurs

Activités

Intérêt

Chronologie

Taper

Fournisseur

Produit

Apache Tomcat4
Insyde InsydeH2O4
ABB RobotWare for OmniCore Robot Controller2
e2guardian2
Intel Xeon2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConCTIEPSSCVE
1AMD EPYC SEV VM divulgation de l'information4.54.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00054CVE-2023-20575
2Tianocore EDK II BIOS Firmware dénie de service5.75.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00075CVE-2021-38576
3Apache Tomcat JsonErrorReportValve elévation de privilèges6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00475CVE-2022-45143
4social-warfare Plugin Stored cross site scripting5.25.0$0-$5k$0-$5kFunctionalOfficial Fix0.020.97235CVE-2019-9978
5Insyde InsydeH2O IhisiServicesSmm SetVariable Privilege Escalation5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00043CVE-2023-39284
6Microsoft Windows AMD divulgation de l'information7.47.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.00042CVE-2023-20569
7Sun Solaris Authentication authentification faible9.89.6$5k-$25kCalculateurHighWorkaround0.020.01297CVE-1999-0502
8OpenSSL RC4-MD5 authentification faible5.65.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00146CVE-2022-1434
9AMI Megarac Redfish/API chiffrement faible4.54.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00068CVE-2022-40258
10Intel Xeon divulgation de l'information3.33.2$0-$5kCalculateurNot DefinedOfficial Fix0.000.00044CVE-2022-21131
11WordPress REST API class-wp-rest-users-controller.php divulgation de l'information5.35.1$5k-$25k$0-$5kFunctionalOfficial Fix0.080.87410CVE-2017-5487
12Fuji Xerox DocuCentre-VII/ApeosPort-VII/ApeosPort/DocuPrint Command dénie de service5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00173CVE-2021-20679
13F5 BIG-IP iControl REST Endpoint elévation de privilèges7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00104CVE-2022-35243
14Apple macOS WebRTC buffer overflow7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01152CVE-2022-2294
15Tianocore EDK2 SmmEntryPoint buffer overflow5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00185CVE-2021-38578
16Juniper Junos IGMP Packet dénie de service5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00874CVE-2014-0614
17Insyde InsydeH2O SMM buffer overflow5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2021-41837
18InsydeH2O SWSMI IdeBusDxe buffer overflow5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2021-45970
19Insyde InsydeH2O elévation de privilèges5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00201CVE-2020-5955
20InsydeH2O SMI AtaLegacySmm buffer overflow5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00306CVE-2021-41842

IOC - Indicator of Compromise (60)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
13.7.4.1ec2-3-7-4-1.ap-south-1.compute.amazonaws.comPittyTiger01/01/2021verifiedMoyen
212.0.9.149PittyTiger01/01/2021verifiedÉlevé
323.226.178.162PittyTiger20/12/2020verifiedÉlevé
427.16.139.143PittyTiger20/12/2020verifiedÉlevé
527.151.0.224PittyTiger20/12/2020verifiedÉlevé
627.155.90.80PittyTiger20/12/2020verifiedÉlevé
727.155.109.89PittyTiger20/12/2020verifiedÉlevé
827.155.110.81PittyTiger20/12/2020verifiedÉlevé
927.156.49.223223.49.156.27.broad.fz.fj.dynamic.163data.com.cnPittyTiger20/12/2020verifiedÉlevé
1058.61.40.55.40.61.58.broad.sz.gd.dynamic.163data.com.cnPittyTiger20/12/2020verifiedÉlevé
1158.64.175.191PittyTiger01/01/2021verifiedÉlevé
1258.64.175.255PittyTiger01/01/2021verifiedÉlevé
13XX.XX.XXX.XXXxxxxxxxxx20/12/2020verifiedÉlevé
14XX.XX.XXX.XXXXxxxxxxxxx01/01/2021verifiedÉlevé
15XX.XX.XXX.XXXXxxxxxxxxx01/01/2021verifiedÉlevé
16XX.XX.XX.XXXxxxxxxxxx20/12/2020verifiedÉlevé
17XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxx-xx.xxxxx.xxxXxxxxxxxxx01/01/2021verifiedÉlevé
18XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxx-xx.xxxxx.xxxXxxxxxxxxx01/01/2021verifiedÉlevé
19XX.XXX.XXX.XXXxxxxxxxxx01/01/2021verifiedÉlevé
20XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxx-xx.xxxxx.xxxXxxxxxxxxx01/01/2021verifiedÉlevé
21XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxx-xx.xxxxx.xxxXxxxxxxxxx01/01/2021verifiedÉlevé
22XX.XXX.XX.XXXxxxxxxxxx01/01/2021verifiedÉlevé
23XX.XX.XX.XXXXxxxxxxxxx01/01/2021verifiedÉlevé
24XX.XXX.X.XXXXxxxxxxxxx01/01/2021verifiedÉlevé
25XX.XXX.XX.XXXXxxxxxxxxx01/01/2021verifiedÉlevé
26XX.XXX.XXX.Xx-xx-xxx-xxx-x.xxxx.xx.xxxxxxx.xxxXxxxxxxxxx01/01/2021verifiedÉlevé
27XXX.XX.XXX.XXXxxxxxxxxx20/12/2020verifiedÉlevé
28XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxXxxxxxxxxx20/12/2020verifiedÉlevé
29XXX.XX.XX.XXxx.xx.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxXxxxxxxxxx20/12/2020verifiedÉlevé
30XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxXxxxxxxxxx20/12/2020verifiedÉlevé
31XXX.XX.XXX.XXXXxxxxxxxxx01/01/2021verifiedÉlevé
32XXX.XX.XXX.XXXXxxxxxxxxx01/01/2021verifiedÉlevé
33XXX.XX.XXX.XXXXxxxxxxxxx01/01/2021verifiedÉlevé
34XXX.XX.XXX.XXXXxxxxxxxxx01/01/2021verifiedÉlevé
35XXX.XX.XXX.XXXxxxxxxxxx01/01/2021verifiedÉlevé
36XXX.XX.XXX.XXXxxxxxxxxx01/01/2021verifiedÉlevé
37XXX.XX.XXX.XXXXxxxxxxxxx01/01/2021verifiedÉlevé
38XXX.XX.XXX.XXxx.xxx.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxXxxxxxxxxx20/12/2020verifiedÉlevé
39XXX.XX.XXX.XXXxxx.xxx.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxXxxxxxxxxx20/12/2020verifiedÉlevé
40XXX.XX.XXX.XXXxxx.xxx.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxXxxxxxxxxx20/12/2020verifiedÉlevé
41XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxXxxxxxxxxx20/12/2020verifiedÉlevé
42XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxXxxxxxxxxx20/12/2020verifiedÉlevé
43XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxXxxxxxxxxx20/12/2020verifiedÉlevé
44XXX.XX.XX.XXXXxxxxxxxxx01/01/2021verifiedÉlevé
45XXX.XX.XX.XXXXxxxxxxxxx01/01/2021verifiedÉlevé
46XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxxxxxxx.xxxXxxxxxxxxx01/01/2021verifiedÉlevé
47XXX.XX.XX.XXXXxxxxxxxxx20/12/2020verifiedÉlevé
48XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxxxx01/01/2021verifiedÉlevé
49XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxxxx01/01/2021verifiedÉlevé
50XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxxxx01/01/2021verifiedÉlevé
51XXX.XX.XXX.XXXxxxxxxxxx01/01/2021verifiedÉlevé
52XXX.XX.XXX.XXXXxxxxxxxxx01/01/2021verifiedÉlevé
53XXX.XX.XXX.Xxxx-xx-xxx-x.xxxxx-xx.xxxxx.xxxXxxxxxxxxx01/01/2021verifiedÉlevé
54XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxx-xx.xxxxx.xxxXxxxxxxxxx01/01/2021verifiedÉlevé
55XXX.XXX.XXX.XXXXxxxxxxxxx01/01/2021verifiedÉlevé
56XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxx.xxxxxx.xxxxx.xxxXxxxxxxxxx01/01/2021verifiedÉlevé
57XXX.XX.XXX.XXXXxxxxxxxxx01/01/2021verifiedÉlevé
58XXX.XX.XXX.XXXxxxxxxxxx01/01/2021verifiedÉlevé
59XXX.XXX.XXX.XXXXxxxxxxxxx01/01/2021verifiedÉlevé
60XXX.XXX.XXX.XXXXxxxxxxxxx01/01/2021verifiedÉlevé

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
2T1059.007CWE-79Cross Site ScriptingpredictiveÉlevé
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
4TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
5TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/cgi-bin/gopredictiveMoyen
2File/cgi-bin/portalpredictiveÉlevé
3Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveÉlevé
4Filexxxxxx.xpredictiveMoyen
5Filexx-xxxxx/xxxxx-xxxx.xxx?xxx_xxxxx=xxxx_xxxxxxxpredictiveÉlevé
6Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveÉlevé
7ArgumentxxxxxxpredictiveFaible
8ArgumentxxxxxxxxxxpredictiveMoyen
9Argumentxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveÉlevé
10Argumentxxxxxxx_xxxpredictiveMoyen
11ArgumentxxxxxxxxpredictiveMoyen
12Argumentxxx_xxxpredictiveFaible

Références (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!