Tick Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (36)

Chronologie

Langue

en34
zh2

De campagne

us26
cn8
kr2

Acteurs

Tick4
Cobalt Strike2
PlugX1

Activités

Intérêt

Chronologie

Taper

Not Defined16
Forum Software2
Web Server2
WordPress Plugin2
Firewall Software2

Fournisseur

Not Defined14
Kyocera2
Canon2
Bomgar2
Microsoft2

Produit

Discuz!2
PHPWind2
Kyocera ECOSYS M5526cdw2
FLDS2
Task Rabbit Clone2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2Canon MF210/MF220 System Manager Mode login.html authentification faible8.58.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.013670.00CVE-2018-11711
3WP Contacts Manager Plugin sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.001720.00CVE-2022-1014
4NodeBB abort cross site request forgery4.34.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000830.00CVE-2022-3978
5Nodebb JSON File directory traversal4.64.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.03CVE-2021-43788
6TerraMaster TOS Parameter exportUser.php elévation de privilèges9.38.9$0-$5k$0-$5kNot DefinedOfficial Fix0.966230.04CVE-2020-15568
7Plex Media Server Camera Upload elévation de privilèges7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.011140.04CVE-2019-19141
8Kyocera ECOSYS M5526cdw Web Application buffer overflow7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000960.07CVE-2019-13206
9Synacor Zimbra Collaboration XML External Entity8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004410.02CVE-2016-9924
10Fortinet FortiOS SSL VPN Web Portal buffer overflow5.45.3$0-$5k$0-$5kHighOfficial Fix0.008170.00CVE-2018-13383
11Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.29CVE-2017-0055
12Discuz! DiscuzX Attachment elévation de privilèges7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001830.04CVE-2018-5259
13Discuz! admin.php cross site scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000540.02CVE-2018-19464
14Microsoft SQL Server SQL Master Data Services dénie de service6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.004720.03CVE-2014-4061
15vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001220.07CVE-2018-6200
16LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.20
17FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.002030.43CVE-2008-5928
18PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.14CVE-2015-4134
19MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013021.57CVE-2007-0354
20esoftpro Online Guestbook Pro ogp_show.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001350.00CVE-2010-4996

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
152.84.186.239server-52-84-186-239.cdg50.r.cloudfront.netTick22/10/2018verifiedÉlevé
258.230.118.78mail.booksr.co.krTick14/03/2023verifiedÉlevé
361.106.60.47Tick27/03/2022verifiedÉlevé
4103.127.124.76Tick14/03/2023verifiedÉlevé
5XXX.XXX.XXX.XXXXxxx14/03/2023verifiedÉlevé
6XXX.XXX.XXX.XXXXxxx05/03/2024verifiedÉlevé
7XXX.XX.XX.XXXxxx14/03/2023verifiedÉlevé
8XXX.XX.XXX.XXXXxxx27/03/2022verifiedÉlevé
9XXX.XX.XXX.XXXxxx22/10/2018verifiedÉlevé
10XXX.XXX.XX.XXXXxxx14/03/2023verifiedÉlevé
11XXX.XXX.XXX.XXXxxx14/10/2022verifiedÉlevé
12XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxxxxxxxx.xxxXxxx14/03/2023verifiedÉlevé
13XXX.XXX.XXX.XXXXxxx22/10/2018verifiedÉlevé
14XXX.XXX.XX.XXXxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxx22/10/2018verifiedÉlevé
15XXX.XX.XXX.XXXXxxx22/10/2018verifiedÉlevé
16XXX.XXX.XX.XXXXxxx27/03/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnérabilitésVecteur d'accèsTaperConfiance
1CAPEC-10CWE-119, CWE-120, CWE-287, CWE-352, CWE-399, CWE-404, CWE-610, CWE-611, CWE-862, CWE-863Unknown VulnerabilitypredictiveÉlevé
2T1006CAPEC-126CWE-22Path TraversalpredictiveÉlevé
3TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxxxxx XxxxxxxxxpredictiveÉlevé
4TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
5TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveÉlevé
7TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveÉlevé
8TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
9TXXXX.XXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (23)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/forum/away.phppredictiveÉlevé
2File/login.htmlpredictiveMoyen
3File/register/abortpredictiveÉlevé
4File/uncpath/predictiveMoyen
5Filexxxxx.xxxpredictiveMoyen
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
7Filexxxxx.xxxpredictiveMoyen
8Filexxxx.xxxpredictiveMoyen
9Filexxxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
10Filexxxxxxx/xxxxxxxxxx.xxxpredictiveÉlevé
11Filexxxxxxx.xxxpredictiveMoyen
12Filexxxxxxxxx/predictiveMoyen
13Filexxx_xxxx.xxxpredictiveMoyen
14Filexxxxx.xxxpredictiveMoyen
15Filexxxxxxxxxx.xxxpredictiveÉlevé
16Filexxxxxx_xxxx.xxxpredictiveÉlevé
17ArgumentxxxpredictiveFaible
18Argumentxxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxxpredictiveÉlevé
19ArgumentxxxxpredictiveFaible
20ArgumentxxpredictiveFaible
21ArgumentxxxxxxpredictiveFaible
22ArgumentxxxxxxxxpredictiveMoyen
23ArgumentxxxpredictiveFaible

Références (5)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Do you need the next level of professionalism?

Upgrade your account now!