Tortoiseshell Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (19)

Chronologie

Langue

en16
fr2
pl2

De campagne

us20

Acteurs

Tortoiseshell3
Cobalt Strike1

Activités

Intérêt

Chronologie

Taper

Not Defined4
Web Server4
Solution Stack Software2
Software Library2
Photo Gallery Software2

Fournisseur

Not Defined4
Thomas R. Pasawicz2
ADTRAN2
SAP2
Coppermine2

Produit

Thomas R. Pasawicz HyperBook Guestbook2
ADTRAN Netvanta 70602
ADTRAN Netvanta 71002
SAP NetWeaver AS JAVA2
Media Library Assistant Plugin2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25kCalculateurHighWorkaround0.020160.02CVE-2007-1192
2Google Chrome Flash Player buffer overflow9.99.5$100k et plus$5k-$25kNot DefinedOfficial Fix0.006450.00CVE-2012-0724
3AWStats awstats.pl Path divulgation de l'information5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001760.10CVE-2018-10245
4ADTRAN Netvanta 7060/Netvanta 7100 DNS Privilege Escalation6.56.3$0-$5k$0-$5kNot DefinedWorkaround0.028080.00CVE-2021-25681
5Apache HTTP Server HTTP/2 Request elévation de privilèges6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.006060.03CVE-2020-9490
6Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.24CVE-2017-0055
7ImageMagick heic.c ReadHEICImageByID divulgation de l'information5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000560.06CVE-2020-10251
8SAP NetWeaver AS JAVA LM Configuration Wizard RECON authentification faible10.09.8$25k-$100k$0-$5kHighOfficial Fix0.975070.00CVE-2020-6287
9Media Library Assistant Plugin cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001150.03CVE-2020-11731
10media-library-assistant Plugin mla_gallery elévation de privilèges8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.010030.03CVE-2020-11928
11Wechat Broadcast Plugin Image.php directory traversal8.18.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.292410.02CVE-2018-16283
12Ecommerce Online Store Kit shop.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.037630.04CVE-2004-0300
13Microsoft Windows Remote Desktop/Terminal Services Web Connection authentification faible6.36.2$25k-$100k$0-$5kNot DefinedWorkaround0.000000.02
14F5 BIG-IP ASM pl_tree.php cross site scripting4.34.2$5k-$25k$0-$5kHighUnavailable0.002200.00CVE-2014-9342
15Sitecore IDE.aspx directory traversal4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001300.04CVE-2017-11440
16Coppermine Photo Gallery directory traversal4.23.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.013120.00CVE-2007-4976

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
164.235.39.45lasvegas-nv-datacenter.serverpoint.comTortoiseshell01/06/2021verifiedÉlevé
2XX.XXX.XX.XXXxxxxxxxx-xx-xxxxxxxxxx.xxxxxxxxxxx.xxxXxxxxxxxxxxxx01/06/2021verifiedÉlevé
3XXX.XXX.XX.XXXXxxxxxxxxxxxx28/04/2022verifiedÉlevé
4XXX.XX.XXX.XXXXxxxxxxxxxxxx28/04/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnérabilitésVecteur d'accèsTaperConfiance
1CAPEC-10CWE-119, CWE-125, CWE-287, CWE-444Unknown VulnerabilitypredictiveÉlevé
2T1006CAPEC-126CWE-22Path TraversalpredictiveÉlevé
3TXXXXCAPEC-10CWE-XX, CWE-XXXXxxxxxxx Xxxxxxxxxxxxxx Xx Xxxx Xxxxxx Xxxxx XxxxxxxxxxxpredictiveÉlevé
4TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
5TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveÉlevé
6TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/uncpath/predictiveMoyen
2Fileawstats.plpredictiveMoyen
3Filexxxxxx\xxxx.xpredictiveÉlevé
4Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
5Filexxxxx.xxxpredictiveMoyen
6Filexx_xxxx.xxxpredictiveMoyen
7Filexxxxx/xxxxxxxxxxxx/xxxxxxx/xxx.xxxxpredictiveÉlevé
8Filexxxx.xxxpredictiveMoyen
9Argumentxxxxxxxxx/xxxxxxpredictiveÉlevé
10ArgumentxxpredictiveFaible
11ArgumentxxxxxxxxxpredictiveMoyen
12Argumentxxx_xxxxx/xxxx_xxxxx/xxxx_xxxxxpredictiveÉlevé
13ArgumentxxxpredictiveFaible

Références (3)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Want to stay up to date on a daily basis?

Enable the mail alert feature now!