PKPLUG Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (238)

Chronologie

Langue

en140
zh90
de4
jp4

De campagne

cn176
us62

Acteurs

PlugX8
Cobalt Strike7
Mustang Panda4
Sogu3
PingPull3

Activités

Intérêt

Chronologie

Taper

Not Defined96
Content Management System28
Operating System14
Firewall Software8
Web Server6

Fournisseur

Not Defined74
Apache12
Linux8
Trend Micro8
Oracle8

Produit

Linux Kernel8
Trend Micro Apex One6
WordPress6
Google Chrome4
PHP-Nuke4

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Sophos Firewall User Portal/Webadmin authentification faible8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.974340.08CVE-2022-1040
2XoruX LPAR2RRD/STOR2RRD authentification faible6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002620.00CVE-2021-42371
3Komodia Redirector SDK Web Companion chiffrement faible5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002200.00CVE-2015-2078
4SourceCodester Doctors Appointment System login.php sql injection7.47.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.07CVE-2023-4219
5IBM Security Guardium Request elévation de privilèges9.29.2$5k-$25k$5k-$25kNot DefinedNot Defined0.000660.00CVE-2023-35893
6Piwigo pwg.users.php sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000880.03CVE-2022-26266
7Pluck Theme Upload elévation de privilèges4.74.6$0-$5k$0-$5kNot DefinedNot Defined0.028930.00CVE-2022-26965
8Apache Struts ParameterInterceptor vulnérabilité inconnue5.35.3$5k-$25k$0-$5kHighNot Defined0.084840.03CVE-2010-1870
9Synacor Zimbra Collaboration Memcache Command elévation de privilèges6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.096650.02CVE-2022-27924
10OpenSSL c_rehash elévation de privilèges5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.106490.04CVE-2022-1292
11AfterLogic Aurora/WebMail Pro DAV DAVServer.php directory traversal7.67.6$0-$5kCalculateurNot DefinedNot Defined0.002900.02CVE-2021-26293
12Artifex MuJS buffer overflow5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002210.00CVE-2021-45005
13Discuz! DiscuzX Access Restriction index.php elévation de privilèges8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002570.02CVE-2018-5377
14Juniper Junos Pulse Secure Access Service SSL VPN Web Server cross site scripting6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001350.00CVE-2013-5649
15Matomo safemode.twig Path divulgation de l'information4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000580.03CVE-2019-12215
16Google Chrome V8 buffer overflow7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000800.04CVE-2024-0517
17tough-cookie Cookies Remote Code Execution7.97.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001070.09CVE-2023-26136
18ASUS RT-AC51U Network Request cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000620.00CVE-2023-29772
19Asus RT-AC2900 elévation de privilèges8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.085970.02CVE-2018-8826
20Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.67

Campagnes (1)

These are the campaigns that can be associated with the actor:

  • THOR

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
142.99.117.92PKPLUGTHOR29/08/2021verifiedÉlevé
242.99.117.95PKPLUGTHOR29/08/2021verifiedÉlevé
343.254.217.165PKPLUGTHOR29/08/2021verifiedÉlevé
445.142.166.112PKPLUGTHOR29/08/2021verifiedÉlevé
5XX.XXX.XX.XXXXxxxxxXxxx29/08/2021verifiedÉlevé
6XX.XXX.XX.XXXXxxxxxXxxx29/08/2021verifiedÉlevé
7XX.XXX.XX.XXXXxxxxxXxxx29/08/2021verifiedÉlevé
8XX.XXX.XXX.XXXxxxxxXxxx29/08/2021verifiedÉlevé
9XXX.XX.XX.XXxxx.xx.xx.xx.xxxxxx.xxxx.xxxXxxxxxXxxx29/08/2021verifiedÉlevé
10XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxx.xxxx.xxxXxxxxxXxxx29/08/2021verifiedÉlevé
11XXX.XX.XX.XXXXxxxxxXxxx29/08/2021verifiedÉlevé
12XXX.XXX.XXX.XXXxxxxxXxxx29/08/2021verifiedÉlevé
13XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxx.xxxx.xxxXxxxxxXxxx29/08/2021verifiedÉlevé
14XXX.XXX.XX.XXXXxxxxxXxxx29/08/2021verifiedÉlevé
15XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxx.xxxXxxxxxXxxx29/08/2021verifiedMoyen
16XXX.XXX.XX.XXXXxxxxxXxxx29/08/2021verifiedÉlevé
17XXX.XXX.XXX.XXXXxxxxxXxxx29/08/2021verifiedÉlevé
18XXX.XX.XXX.XXXxxxxxXxxx29/08/2021verifiedÉlevé
19XXX.XX.XXX.XXXXxxxxxXxxx29/08/2021verifiedÉlevé
20XXX.XXX.XXX.XXXxxxxxXxxx29/08/2021verifiedÉlevé

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnérabilitésVecteur d'accèsTaperConfiance
1CAPEC-10CWE-19, CWE-20, CWE-59, CWE-61, CWE-73, CWE-119, CWE-121, CWE-122, CWE-125, CWE-134, CWE-185, CWE-189, CWE-190, CWE-266, CWE-285, CWE-287, CWE-352, CWE-362, CWE-367, CWE-400, CWE-404, CWE-407, CWE-415, CWE-416, CWE-441, CWE-444, CWE-476, CWE-502, CWE-610, CWE-611, CWE-639, CWE-672, CWE-697, CWE-749, CWE-755, CWE-787, CWE-843, CWE-862, CWE-863, CWE-918, CWE-1018, CWE-1188Unknown VulnerabilitypredictiveÉlevé
2T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveÉlevé
3T1055CAPEC-10CWE-74, CWE-707Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
4T1059CAPEC-10CWE-74, CWE-94, CWE-707, CWE-1321Argument InjectionpredictiveÉlevé
5TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCAPEC-0CWE-XXX, CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveÉlevé
8TXXXX.XXXCAPEC-191CWE-XXX, CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
9TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
10TXXXXCAPEC-0CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
11TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveÉlevé
12TXXXX.XXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveÉlevé
13TXXXXCAPEC-0CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
14TXXXXCAPEC-466CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveÉlevé
15TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveÉlevé
16TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveÉlevé
17TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
18TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
19TXXXX.XXXCAPEC-0CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveÉlevé
20TXXXX.XXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (91)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/admin.php?action=themeinstallpredictiveÉlevé
2File/admin/ajax/avatar.phppredictiveÉlevé
3File/admin/uploads.phppredictiveÉlevé
4File/admin/users.php?source=edit_user&id=1predictiveÉlevé
5File/cgi-bin/portalpredictiveÉlevé
6File/etc/passwdpredictiveMoyen
7File/etc/shadowpredictiveMoyen
8File/htmlcode/html/indexdefault.asppredictiveÉlevé
9File/include/config.cache.phppredictiveÉlevé
10File/include/helpers/upload.helper.phppredictiveÉlevé
11File/patient/appointment.phppredictiveÉlevé
12File/xxxxxxx/xxxxxxpredictiveÉlevé
13File/xxxpredictiveFaible
14Filexxxxx.xxxpredictiveMoyen
15Filexxxxx/xxxx.xxxpredictiveÉlevé
16Filexxxx.xxxpredictiveMoyen
17Filexxxxxxxxxxx.xxxpredictiveÉlevé
18Filexxx\xxxxx\xxxxxxxxxx\xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
19Filexxxxxxxx\xxxxx.xxxpredictiveÉlevé
20Filexxx/xxxxxxx.xxpredictiveÉlevé
21Filexxxxx.xxxpredictiveMoyen
22Filexxx.xxxpredictiveFaible
23Filexxxxxx.xxxpredictiveMoyen
24Filex_xxxxxxpredictiveMoyen
25Filexxxxxxxxx.xxxpredictiveÉlevé
26Filexxxxxxx/xxxxx/xxxxxxxx/xxxxxpredictiveÉlevé
27Filexxxx-xxxxxxxx-xxxxxx.xxxpredictiveÉlevé
28Filexx/xx-xx.xpredictiveMoyen
29Filexxx/xxxxxx.xxxpredictiveÉlevé
30Filexxxxxxx\xxxxxxx\xxxxxxx_xxxxx.xxxpredictiveÉlevé
31Filexxxxx.xxxpredictiveMoyen
32Filexxxxx.xxx/xxxxxxxxxxxxx/xxxpredictiveÉlevé
33Filexxx/xxx.xpredictiveMoyen
34Filexxxxxx/xxx/xxxxxxxx.xpredictiveÉlevé
35Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveÉlevé
36Filexxxxxxxxx/xxxx_xxxxxxx.xxx.xxxpredictiveÉlevé
37Filexxxxx.xxxpredictiveMoyen
38Filexxxxx.xxxpredictiveMoyen
39Filexxxxxxx.xxxpredictiveMoyen
40Filexxxxxxx/xxxx/xxxxx/xxxxxxxxxxx.xxxpredictiveÉlevé
41Filexxxxxxx/xxxxx/xxxxxxx/xxxx.xxxpredictiveÉlevé
42Filexxxxxxx.xxpredictiveMoyen
43Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveÉlevé
44Filexxxx/xxxxxxxxx.xxxpredictiveÉlevé
45Filexxxxxx/xxxxx_xxxxxxxx/xxxxxxx.xxxxpredictiveÉlevé
46Filexxxxx.xxxpredictiveMoyen
47Filexxx.xxxxx.xxxpredictiveÉlevé
48Filexxx.xxxpredictiveFaible
49Filexxx.xxxxxxxxxpredictiveÉlevé
50Filexxx/xxx/xxx.xpredictiveÉlevé
51Filexxxxxxxx/xxxxxxxxpredictiveÉlevé
52Filexxxxxxxxx.xxxpredictiveÉlevé
53Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveÉlevé
54Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveÉlevé
55Filexx-xxxxxxxx/xxxx.xxxpredictiveÉlevé
56Filexxxxxxxxxxxxx.xxxxpredictiveÉlevé
57Libraryxxx/xxxxxx/xxxxxxxxx/xxxxxxx.xxpredictiveÉlevé
58Libraryxxxxxxx/xxxxxxx/xxxxxx/xxx/xxxxx.xxxxxxx.xxxpredictiveÉlevé
59Argument$_xxxxxpredictiveFaible
60ArgumentxxxxxxxpredictiveFaible
61ArgumentxxxpredictiveFaible
62ArgumentxxxxxxpredictiveFaible
63ArgumentxxxxxpredictiveFaible
64ArgumentxxxxxpredictiveFaible
65ArgumentxxxxxxxxpredictiveMoyen
66ArgumentxxxxxxxxxxpredictiveMoyen
67ArgumentxxxxxxxxxxxxxxxxxxxxxxxxpredictiveÉlevé
68ArgumentxxxxxxpredictiveFaible
69ArgumentxxxxxpredictiveFaible
70ArgumentxxxxxxpredictiveFaible
71ArgumentxxpredictiveFaible
72ArgumentxxpredictiveFaible
73Argumentxx_xxxxxxxxpredictiveMoyen
74ArgumentxxxxxxpredictiveFaible
75ArgumentxxxxxxxpredictiveFaible
76Argumentxxx_xxxpredictiveFaible
77ArgumentxxxxxxxpredictiveFaible
78Argumentxxxxxx_xxxxpredictiveMoyen
79ArgumentxxxxxxxxxxxpredictiveMoyen
80ArgumentxxxxpredictiveFaible
81ArgumentxxxpredictiveFaible
82ArgumentxxxxxxxxpredictiveMoyen
83ArgumentxxxpredictiveFaible
84ArgumentxxxxxxxxpredictiveMoyen
85Argumentxxxxxx[]predictiveMoyen
86ArgumentxxxxxxxxxpredictiveMoyen
87ArgumentxxxxxxxxpredictiveMoyen
88ArgumentxxxxxxxxpredictiveMoyen
89Input Value..predictiveFaible
90Input Value../predictiveFaible
91Pattern|xx|xx|xx|predictiveMoyen

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!