Taidoor Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (150)

Sequenza temporale

Linguaggio

en86
zh54
es4
fr2
ko2

Nazione

cn118
us14
kr12
se2
jp2

Attori

Taidoor13

Attività

Interesse

Sequenza temporale

Genere

Not Defined54
Operating System10
Forum Software8
Firewall Software8
Content Management System6

Fornitore

Not Defined52
Linux8
Cisco6
Dell EMC6
IBM4

Prodotto

Linux Kernel8
WordPress4
e-Quick Cart4
Progress Webspeed2
McAfee ePolicy Orchestrator2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1Linksys WRT54G Web Server denial of service5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.02
2Python mailcap Module escalazione di privilegi7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001410.37CVE-2015-20107
3Dell EMC Unity/UnityVSA/Unity XT Upgrade Readiness Utility crittografia debole1.91.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2021-21547
4Simple Machines Forum LogInOut.php escalazione di privilegi8.08.0$0-$5k$0-$5kNot DefinedOfficial Fix0.004890.00CVE-2016-5727
5Linux Kernel do_open_permission escalazione di privilegi5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2009-3286
6Dell PowerProtect DD cross site scripting6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000630.02CVE-2023-44286
7Cisco Firepower Threat Defense Security Intelligence Feed escalazione di privilegi4.84.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.001230.00CVE-2022-20730
8H2 Database Engine CLI rivelazione di un 'informazione6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000420.02CVE-2022-45868
9nginx escalazione di privilegi6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.44CVE-2020-12440
10Google Chrome Media Subsample Calculation/Conversion Remote Code Execution10.09.5$100k et plus$0-$5kNot DefinedOfficial Fix0.008340.00CVE-2013-6637
11OAuth2 Proxy Domain Whitelist escalazione di privilegi5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001290.00CVE-2021-21291
12PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.04CVE-2007-1287
13Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione5.35.2$5k-$25kCalcoloHighWorkaround0.020160.02CVE-2007-1192
14DZCP deV!L`z Clanportal config.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.87CVE-2010-0966
15Razer Synapse RazerConfigNative.dll escalazione di privilegi6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2017-11653
16Apache Tomcat HTTP/2 GOAWAY Frame denial of service6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.863290.03CVE-2017-5650
17LibTIFF TIFFYCbCrtoRGB escalazione di privilegi5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.024000.00CVE-2010-2595
18Memcached Proxy Mode buffer overflow6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.03CVE-2023-46852
19Poppler Splash.cc blitTransparent rivelazione di un 'informazione7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.018450.00CVE-2019-10872
20Linux Kernel Driver memory.c buffer overflow5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000730.00CVE-2022-3523

IOC - Indicator of Compromise (44)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
158.40.20.165Taidoor20/12/2020verifiedAlto
259.120.127.259-120-127-2.hinet-ip.hinet.netTaidoor06/04/2022verifiedAlto
360.248.56.18560-248-56-185.hinet-ip.hinet.netTaidoor06/04/2022verifiedAlto
460.248.216.19460-248-216-194.hinet-ip.hinet.netTaidoor20/12/2020verifiedAlto
560.249.219.8260-249-219-82.hinet-ip.hinet.netTaidoor20/12/2020verifiedAlto
660.250.39.7360-250-39-73.hinet-ip.hinet.netTaidoor20/12/2020verifiedAlto
761.218.233.5161-218-233-51.hinet-ip.hinet.netTaidoor20/12/2020verifiedAlto
861.222.190.10061-222-190-100.hinet-ip.hinet.netTaidoor20/12/2020verifiedAlto
961.222.205.180mail.tami.org.twTaidoor20/12/2020verifiedAlto
10XX.XX.XX.XXXxxxx.xx.xx.xx.xxx.xxxxxx.xxXxxxxxx20/12/2020verifiedAlto
11XX.XXX.XX.XXxx.xxx.xx.xx.xxxxxxxxxx.xxxXxxxxxx20/12/2020verifiedAlto
12XX.XX.XX.XXXXxxxxxx20/12/2020verifiedAlto
13XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxx-xx.xxxxxxxxxxx.xxxXxxxxxx20/12/2020verifiedAlto
14XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxxx.xxxx.xxxxxxx.xxxXxxxxxx06/04/2022verifiedAlto
15XX.XX.XXX.XXxxxx-xx-xx-xxx-xx.xxxx.xxx.xx.xxxXxxxxxx06/04/2022verifiedAlto
16XX.XX.XXX.XXXxxxx-xx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxxx.xxXxxxxxx20/12/2020verifiedAlto
17XXX.XXX.XX.XXXxxxxxx06/04/2022verifiedAlto
18XXX.XXX.XX.XXXXxxxxxx20/12/2020verifiedAlto
19XXX.XX.XXX.XXXXxxxxxx06/04/2022verifiedAlto
20XXX.XX.XX.XXXXxxxxxx06/04/2022verifiedAlto
21XXX.XX.XXX.XXXXxxxxxx06/04/2022verifiedAlto
22XXX.XXX.XXX.XXXXxxxxxx20/12/2020verifiedAlto
23XXX.XX.XXX.XXxxxx-xxx-xx.xxxxxxxx.xxxXxxxxxx20/12/2020verifiedAlto
24XXX.XXX.XXX.XXXXxxxxxx20/12/2020verifiedAlto
25XXX.XX.XXX.XXXxxxxxx20/12/2020verifiedAlto
26XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxXxxxxxx20/12/2020verifiedAlto
27XXX.XXX.XXX.XXXxxxxxx20/12/2020verifiedAlto
28XXX.XXX.XXX.XXXxxx-xxxxxx.xx.xxxxxxx.xxx.xxXxxxxxx20/12/2020verifiedAlto
29XXX.XXX.XXX.XXXXxxxxxx20/12/2020verifiedAlto
30XXX.XXX.XXX.XXXxxxxxxx.xxxxxxx.xx.xxXxxxxxx20/12/2020verifiedAlto
31XXX.XXX.XX.XXXXxxxxxx06/04/2022verifiedAlto
32XXX.XX.XXX.XXXXxxxxxx06/04/2022verifiedAlto
33XXX.XX.XX.XXxxxxxx.xxx.xxXxxxxxx20/12/2020verifiedAlto
34XXX.XX.XX.XXxxx-xxx-xx-xx.xxxxxxxxxxx.xxxXxxxxxx06/04/2022verifiedAlto
35XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxx-xx.xxxxx.xxxXxxxxxx06/04/2022verifiedAlto
36XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxx-xx.xxxxx.xxxXxxxxxx20/12/2020verifiedAlto
37XXX.XX.XXX.XXxxxxxx20/12/2020verifiedAlto
38XXX.XX.XX.XXXXxxxxxx20/12/2020verifiedAlto
39XXX.XX.XXX.XXXXxxxxxx06/04/2022verifiedAlto
40XXX.XX.XXX.XXXXxxxxxx06/04/2022verifiedAlto
41XXX.XXX.XXX.XXXxxxxxxxxxxx-xxx.xxx.xxxXxxxxxx20/12/2020verifiedAlto
42XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxx.xxxxxx.xxXxxxxxx06/04/2022verifiedAlto
43XXX.XXX.XXX.XXXxxxxxx20/12/2020verifiedAlto
44XXX.XX.XXX.XXxx-xxx-xx-xxx-xx-xxxx.xxxXxxxxxx06/04/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveAlto
2T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
4T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveAlto
5TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
9TXXXXCAPEC-CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
12TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
13TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
14TXXXXCAPEC-466CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveAlto
15TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
16TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveAlto
17TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
18TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (60)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/api/adduserspredictiveAlto
2File/api/baskets/{name}predictiveAlto
3FileAuth/Manager.phppredictiveAlto
4Fileawstats.plpredictiveMedia
5Fileboard.phppredictiveMedia
6Fileconf.cpredictiveBasso
7Filecrc32.cpredictiveBasso
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
9FilexxxxxxxxpredictiveMedia
10Filexxxxx_xxxxxxx_xxxx.xxxxx.xxxpredictiveAlto
11Filexxxxxxxx.xxxpredictiveMedia
12Filexxxxx.xxxpredictiveMedia
13Filexxx-xxxxpredictiveMedia
14Filexxx/xxxxxx.xxxpredictiveAlto
15Filexxxxx.xxxpredictiveMedia
16Filexxxxxxxxxxxxx-xxxx.xx.xpredictiveAlto
17Filexxxxx.xxxpredictiveMedia
18Filexxxxxxxx.xxxpredictiveMedia
19Filexx/xxxxxx.xpredictiveMedia
20Filexxx_xxxxx.xxxpredictiveAlto
21Filexxx/xxx/xxx_xxxxxx.xpredictiveAlto
22Filexxxxx.xpredictiveBasso
23Filexxxxx.xxxxpredictiveMedia
24Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveAlto
25Filexxxxxxxxxx.xxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
26Filexxxxxxxxxx.xxxpredictiveAlto
27Filexxxxxx/xxxxx/xxx.xpredictiveAlto
28Filexxxx/xxxxxxxpredictiveMedia
29Filexxxxxx.xxxpredictiveMedia
30Filexxxxxxxxxxxxxxxx.xxxpredictiveAlto
31Filexxxxxxxxxxxxxxx.xxxpredictiveAlto
32Filexxxxxx/xxxxxx.xxpredictiveAlto
33Filexxxxxxx/xxxxxxxx.xpredictiveAlto
34Filexxxxx/xxxxxxxx.xpredictiveAlto
35Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveAlto
36Filexx-xxxxx/xxxx.xxxpredictiveAlto
37Filexxxxxx.xxxpredictiveMedia
38Libraryxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
39Libraryxxx/xx_xxx.xpredictiveMedia
40Libraryxxxxx.xxxpredictiveMedia
41LibraryxxxxpredictiveBasso
42ArgumentxxxpredictiveBasso
43Argumentxxxxxx_xxxxxxpredictiveAlto
44ArgumentxxxxxxxxpredictiveMedia
45Argumentxxxxxxxxxx_xxxxpredictiveAlto
46ArgumentxxxpredictiveBasso
47ArgumentxxxxxxpredictiveBasso
48Argumentxxxx_xxxxxxpredictiveMedia
49ArgumentxxpredictiveBasso
50ArgumentxxxxpredictiveBasso
51Argumentxxxx_xxpredictiveBasso
52ArgumentxxxxxxpredictiveBasso
53ArgumentxxxpredictiveBasso
54ArgumentxxxxxpredictiveBasso
55ArgumentxxxpredictiveBasso
56Argumentxx_xxxxxxxpredictiveMedia
57ArgumentxxxpredictiveBasso
58Argumentxxxxxx-xxx[x][xxxx_xxxx]predictiveAlto
59Input Value<xxx>%xxpredictiveMedia
60Pattern|xx xx xx|predictiveMedia

Referenze (3)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you want to use VulDB in your project?

Use the official API to access entries easily!