TA578 Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (11)

Chronologie

Langue

en12

De campagne

us4
ru4

Acteurs

FIN71
TA5051
Zusy1
Mikey1
B1txor201

Activités

Intérêt

Chronologie

Taper

Content Management System2
Endpoint Management Software2
Operating System2
Messaging Software2
Operating System Utility Software2

Fournisseur

Not Defined4
Joomla2
Quest2
Microsoft2
Fortinet2

Produit

Joomla CMS2
Quest KACE Systems Management Appliance Server Cen ...2
Microsoft Windows2
Pidgin2
sudo2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Fortinet FortiOS SSL-VPN buffer overflow9.89.6$25k-$100k$25k-$100kHighOfficial Fix0.018420.04CVE-2024-21762
2SonicWALL GMS/Analytics Web Service divulgation de l'information5.05.0$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2023-34134
3Microsoft Windows Kerberos authentification faible8.98.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000480.04CVE-2024-20674
4Joomla sql injection6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001420.00CVE-2022-23797
5Joomla CMS com_fields elévation de privilèges6.46.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.002680.04CVE-2018-11321
6Joomla! Module Layout Settings Privilege Escalation5.55.5$5k-$25k$0-$5kNot DefinedNot Defined0.001100.00CVE-2021-26031
7sudo Runas Restriction elévation de privilèges8.88.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.308140.04CVE-2019-14287
8McAfee ePolicy Orchestrator cross site scripting3.63.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.00CVE-2021-31835
9Quest KACE Systems Management Appliance Server Center ticket_associated_tickets.php cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000550.00CVE-2019-13081
10Pidgin Protocol Plugin msg.c elévation de privilèges5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.012340.00CVE-2012-2318
11FreeBSD sendmsg(2) elévation de privilèges7.87.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000700.02CVE-2016-1887

Campagnes (1)

These are the campaigns that can be associated with the actor:

  • BumbleBee

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
1194.165.16.60TA578BumbleBee17/06/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnérabilitésVecteur d'accèsTaperConfiance
1T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveÉlevé
2TXXXXCAPEC-CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
3TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveÉlevé
4TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/common/ticket_associated_tickets.phppredictiveÉlevé
2Filexxx.xpredictiveFaible
3ArgumentxxxxxpredictiveFaible
4Input Value-x/xxxxxxxxxxpredictiveÉlevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Might our Artificial Intelligence support you?

Check our Alexa App!