MQsTTang Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (83)

Linguaggio

en	38
ru	24
fr	12
pl	6
de	2

Nazione

us	46
ru	16
tt	8

Attori

MQsTTang	4
RedLine Stealer	2
Cobalt Strike	2
TA551	1
Ursnif	1

Interesse

Genere

Not Defined	32
Programming Language Software	8
Mail Client Software	6
Operating System	4
Bug Tracking Software	2

Fornitore

Not Defined	12
FasterXML	6
Microsoft	4
RoundCube	4
Hikvision	2

Prodotto

FasterXML jackson-databind	6
Microsoft Windows	4
RoundCube Webmail	4
Hikvision Product	2
clinical-genomics scout	2

Vulnerabilità

#	Vulnerabilità	Base	Temp	0day	Oggi	Sfr	Con	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	LS Electric PLC/XG5000 crittografia debole	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00144	0.00	CVE-2022-2758
3	Devilz Clanportal File Upload vulnerabilità sconosciuta	5.3	4.4	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.05362	0.03	CVE-2006-6338
4	Omron PLC CJ/PLC CS autenticazione debole	6.8	6.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00133	0.04	CVE-2019-13533
5	Omron CX-Position Project File buffer overflow	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00099	0.00	CVE-2022-26417
6	Microsoft Windows Remote Procedure Call Runtime Remote Code Execution	9.8	8.9	$100k et plus	$5k-$25k	Unproven	Official Fix	0.01558	0.00	CVE-2022-26809
7	Microsoft Windows IKE Protocol Extension Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.01093	0.02	CVE-2022-34721
8	RoundCube Webmail Email Message rcube_string_replacer.php linkref_addindex cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00612	0.00	CVE-2020-35730
9	IBOS OA Interview edit&op=status sql injection	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00343	0.09	CVE-2023-3826
10	Dahua Smart Park Management escalazione di privilegi	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02220	0.07	CVE-2023-3836
11	NxFilter user.jsp cross site request forgery	4.3	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00058	0.10	CVE-2023-3841
12	Devilz Clanportal sql injection	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00684	0.08	CVE-2006-6339
13	Aspindir Aspee Ziyaretci Defteri giris.asp sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00237	0.00	CVE-2006-6337
14	Creativeitem Atlas Business Directory Listing search cross site scripting	3.5	3.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00046	0.03	CVE-2023-3756
15	FasterXML jackson-databind Java denial of service	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00218	0.00	CVE-2020-36518
16	FasterXML jackson-databind Deserialize denial of service	5.5	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00205	0.03	CVE-2022-42003
17	FasterXML jackson-databind Array BeanDeserializer._deserializeFromArray denial of service	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00214	0.04	CVE-2022-42004
18	GLPI htmlawed Module htmLawedTest.php escalazione di privilegi	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.97405	0.04	CVE-2022-35914
19	FreeBSD System Call Privilege Escalation	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00119	0.02	CVE-2021-29628
20	Realtek rtl819x-SDK Web Interface escalazione di privilegi	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00088	0.02	CVE-2022-29558

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	indirizzo IP	Hostname	Attore	Identified	Genere	Fiducia
1	3.228.54.173	ec2-3-228-54-173.compute-1.amazonaws.com	MQsTTang	05/03/2024	verified	Media
2	XX.XX.XXX.XXX		Xxxxxxxx	05/03/2024	verified	Alto
3	XX.XX.XXX.X		Xxxxxxxx	05/03/2024	verified	Alto
4	XXX.XXX.XX.XX		Xxxxxxxx	05/03/2024	verified	Alto

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classe	Vulnerabilità	Accesso al vettore	Genere	Fiducia
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1040	CAPEC-102	CWE-294, CWE-319	Authentication Bypass by Capture-replay	predictive	Alto
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
7	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
8	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Alto
9	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
10	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Alto
11	TXXXX.XXX	CAPEC-0	CWE-XXX	Xxxxxxxx Xxxxxx Xxxx	predictive	Alto
12	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
13	TXXXX	CAPEC-112	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto
14	TXXXX.XXX	CAPEC-59	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Alto
15	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Genere	Fiducia
1	File	/?r=recruit/resume/edit&op=status	predictive	Alto
2	File	/emap/devicePoint_addImgIco?hasSubsystem=true	predictive	Alto
3	File	/home/search	predictive	Media
4	File	/usr/bin/at	predictive	Media
5	File	/xxxxxx/xxxxxxxx/xxxxxxxx/xxxxxxxxxxxx.xxx	predictive	Alto
6	File	xxxxxxx/xxxxxxx.xxx	predictive	Alto
7	File	xxxxxxx.xxx	predictive	Media
8	File	xxxxxx.x	predictive	Media
9	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
10	File	xxxxx.xxx	predictive	Media
11	File	xxxxxx/xxxxxxxxxx.x	predictive	Alto
12	File	xxxxx_xxxxxx_xxx.xxx	predictive	Alto
13	File	xxxxx_xxxxxx_xxxxxxxx.xxx	predictive	Alto
14	File	xxxxxxxxxx.xxx	predictive	Alto
15	File	xxxx.xxx	predictive	Media
16	File	xxxxxx.xxx	predictive	Media
17	Argument	xxxx	predictive	Basso
18	Argument	xx	predictive	Basso
19	Argument	xxxxxx	predictive	Basso
20	Argument	xxxxxxxxx	predictive	Media
21	Argument	xxxxxxxx	predictive	Media
22	Argument	xxxxxx/xxxxxx_xxxxxx	predictive	Alto
23	Argument	xxxxxx_xxxxxx	predictive	Alto
24	Argument	xxxxxx	predictive	Basso
25	Argument	xxx	predictive	Basso
26	Argument	xxx	predictive	Basso

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrecedenteVisione D'insiemeIl prossimo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!