Tovkater 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (352)

タイムライン

言語

en196
es66
fr26
de22
it20

国・地域

us300
ru28
gb10
ir6
es2

アクター

Tovkater7
RedLine Stealer1

アクティビティ

関心

タイムライン

タイプ

Not Defined136
Operating System28
Application Server Software26
Web Server24
Content Management System16

ベンダー

Not Defined74
IBM28
Microsoft24
Cisco22
Google16

製品

IBM WebSphere Application Server20
Microsoft Windows10
Cisco ONS 154548
Google Chrome8
Google Android8

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Cisco ONS 15454 TCP Port Management 特権昇格7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002420.02CVE-2016-9211
2phpRank Return Code 弱い認証7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.011520.02CVE-2002-1952
3nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.15CVE-2020-12440
4Zoho ManageEngine ManageEngine OpManager Group Chat 特権昇格6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000740.00CVE-2017-11561
5Zoho ManageEngine ManageEngine OpManager getmailserversettings SQLインジェクション6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.003230.00CVE-2017-11559
6Cisco ONS 15454 Optical Transport Platform サービス拒否5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.014920.00CVE-2004-1433
7Cisco ONS 15454 Optical Transport Platform サービス拒否5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.021850.00CVE-2004-1434
8Cisco ONS 15454 Optical Transport Platform サービス拒否5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.017870.00CVE-2004-1435
9Cisco ONS 15454 Optical Transport Platform User Account サービス拒否7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.015590.00CVE-2004-1436
10Cisco ONS 特権昇格7.56.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.012820.00CVE-2008-3818
11Cisco ONS 15454 Controller Card 特権昇格7.57.5$5k-$25k$0-$5kNot DefinedNot Defined0.001330.00CVE-2013-6703
12Google Android System 特権昇格7.06.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.003060.07CVE-2017-13209
13SalesAgility SuiteCRM SQLインジェクション8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.003590.00CVE-2019-6506
14Sendmail Local Privilege Escalation5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000000.00
15Microsoft IIS GET Request access.cnf Path 情報の漏洩5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.010150.03CVE-2002-1717
16Alcatel Speed Touch Home Port サービス拒否5.35.2$0-$5k$0-$5kNot DefinedWorkaround0.005100.00CVE-2002-0119
17Hosting Controller browse.asp ディレクトリトラバーサル5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.017080.00CVE-2002-0775
18Microsoft Site Server 弱い認証7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.081240.02CVE-2002-1769
19Pinboard Tasklist クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001080.00CVE-2002-1900
20Google Android NVIDIA Video Driver 情報の漏洩4.44.4$5k-$25k$5k-$25kNot DefinedNot Defined0.000790.03CVE-2016-8397

IOC - Indicator of Compromise (26)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.149.255.178Tovkater2022年04月08日verified
213.107.21.200Tovkater2022年05月11日verified
334.107.221.8282.221.107.34.bc.googleusercontent.comTovkater2022年05月11日verified
434.213.158.239ec2-34-213-158-239.us-west-2.compute.amazonaws.comTovkater2022年05月11日verified
534.214.44.170ec2-34-214-44-170.us-west-2.compute.amazonaws.comTovkater2022年05月11日verified
634.216.80.151ec2-34-216-80-151.us-west-2.compute.amazonaws.comTovkater2022年05月11日verified
7XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx2022年05月11日verified
8XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx2022年05月11日verified
9XX.XXX.XX.XXxx.xx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxx2022年05月11日verified
10XX.XXX.XXX.XXXxxx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxx2022年05月11日verified
11XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx2022年05月11日verified
12XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx2022年05月11日verified
13XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx2022年05月11日verified
14XX.XX.XXX.XXXxxx-xx-xx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx2022年05月11日verified
15XX.XX.XXX.XXxxx-xx-xx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx2022年05月11日verified
16XX.XX.XX.XXXxxx-xx-xx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx2022年05月11日verified
17XX.XX.XXX.Xxxxxxx-xx-xx-xxx-x.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxx2022年05月11日verified
18XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxx2022年05月11日verified
19XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxx2022年05月11日verified
20XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxx2022年05月11日verified
21XX.XX.XXX.XXXxxxxxx-xx-xx-xxx-xxx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxx2022年05月11日verified
22XX.XX.XXX.XXXxxxxxx-xx-xx-xxx-xxx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxx2022年05月11日verified
23XXX.XX.XXX.XXxxxxxxx2022年04月12日verified
24XXX.XX.XX.XXxxxxxxxx.xxxxxxxxx.xxxXxxxxxxx2022年04月08日verified
25XXX.XXX.XX.XXxxxxxxx2022年04月12日verified
26XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxxxxx2022年05月11日verified

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCAPEC-0CWE-XXXXxxxxxxxxx Xxxxxxpredictive
11TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
13TXXXXCAPEC-0CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
15TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictive
16TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
17TXXXX.XXXCAPEC-0CWE-XXXxxxxxxxxxxxxpredictive
18TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
19TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (139)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/predictive
2File/admin/account/changepasswordpredictive
3File/admin/users.phppredictive
4File/api/json/admin/getmailserversettingspredictive
5File/artist.phppredictive
6File/bin/supredictive
7File/data/system/users/0/settings_secure.xmlpredictive
8File/dev/mempredictive
9File/dev/urandompredictive
10File/etc/dtpredictive
11File/etc/passwordpredictive
12File/show_group_members.phppredictive
13File/usr/etc/rpc.passwdpredictive
14File/v2/customerdb/operator.svc/apredictive
15File/WEB-INF/web.xmlpredictive
16File/_vti_pvt/access.cnfpredictive
17Filexxxxxxxx.xxxpredictive
18Filexxxxxxxxxxxxxxpredictive
19Filexxxxxxxxxxx.xxxpredictive
20Filexxxxxxxxxx.xxxpredictive
21Filexxxxxxx.xxxpredictive
22Filexxxxxxx.xxxpredictive
23Filexxxxxx.xxxxxxx.xxxpredictive
24Filexxxxxxx_xxx/xxxxxx_xxxxxx.xxxpredictive
25Filexxxxxx.xxxpredictive
26Filexxxxxxxxx.xxxxpredictive
27Filexxxxxxxxx.xxxxpredictive
28Filexxxxxx.xxxpredictive
29Filexxxxxx/x.xpredictive
30Filexxxxxxxxxx.xxxpredictive
31Filexxxxxx.xxxpredictive
32Filexxxxxx.xxxpredictive
33Filexxxxxxxxxxxxxxx.xxxpredictive
34Filexxxxx.xxxpredictive
35Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxxpredictive
36Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=xpredictive
37Filexxxxx.xxxxxxx/xxxxx.xxxxxxxxpredictive
38Filexxxxxx.xxxpredictive
39Filexxxxxxxx.xxxpredictive
40Filexxxxx.xxxxpredictive
41Filexxx/xxxxx/xxxxx.xxxx.xxxpredictive
42Filexxxxx.xxxpredictive
43Filexxxxxxx/xxxxxxx.xpredictive
44Filexxx.xxxxxx.xxxpredictive
45Filexxxxxxx.xxx/xxxxx.xxxpredictive
46Filexxxxxxx/xxx_xxxxxxxx.xxxpredictive
47Filexxxxxxxxpredictive
48Filexxxxx.xxxpredictive
49Filexxxxx.xxxxx.xxxpredictive
50Filexxxxx-xxxx.xpredictive
51Filexxxxxxx_xxx.xxxpredictive
52Filexxxxxxx.xxxpredictive
53Filexxxxxxxxxx.xxxpredictive
54Filexxxxxx.xxxpredictive
55Filexx.xxxpredictive
56Filexxxxxx.xxxpredictive
57Filexxxxxx.xxxpredictive
58Filexxxxxxx.xxxpredictive
59Filexxxxxxxx.xxxpredictive
60Filexxxxxxxxx.xxxpredictive
61Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
62Filexxxxxxx.xxxpredictive
63Filexxxxx.xxxpredictive
64Filexxxxxx.xxxpredictive
65Filexxxxxxxxxxx.xxxpredictive
66Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
67Filexx-xxxxxxxx/xx-xxxxxxxxx.xxxpredictive
68Libraryxxxxxx.xxxpredictive
69Libraryxxxxxx.xxxpredictive
70Libraryxxxxxxxxxxxxxxxxx.xxxpredictive
71Argument$xxxxxxxxxx/$xxxpredictive
72Argument-xpredictive
73Argument-xpredictive
74Argumentxxxxxxxx_xxxxpredictive
75Argumentxxxxxxxxx/xxxxxxxxxxxxxpredictive
76Argumentxxxxxxpredictive
77Argumentxxxxxxxxxxxpredictive
78Argumentxxxxxxxxpredictive
79Argumentxxxxxxpredictive
80Argumentxxx_xxpredictive
81Argumentxxxpredictive
82Argumentxxxxx/xxxxxxxpredictive
83Argumentxxxxxxxxpredictive
84Argumentxxxxxxxxxxxxxxxpredictive
85Argumentxxxxxxpredictive
86Argumentxxxxxxxxxxxxpredictive
87Argumentxxxxxpredictive
88Argumentxxxxxxxxxpredictive
89Argumentxxxxxxxxpredictive
90Argumentxxxxxxxxpredictive
91Argumentxx_xxxxxxxxpredictive
92Argumentxxxpredictive
93Argumentxxxxxxpredictive
94Argumentxxxxpredictive
95Argumentxxpredictive
96Argumentxx_xxxxxxxxxpredictive
97Argumentxxxxxxxxxpredictive
98Argumentxxxxx/xxpredictive
99Argumentxxxx xxx_xxxxxxxxpredictive
100Argumentxxxx/x-xxxxpredictive
101Argumentxxxx/xxxxxpredictive
102Argumentxxxxxxxxxxpredictive
103Argumentxx-xxxxx-xxxpredictive
104Argumentxxxxpredictive
105Argumentxxxxxxxxpredictive
106Argumentxxxxpredictive
107Argumentxxxxxpredictive
108Argumentxxxxxxxxpredictive
109Argumentxxxxxxxpredictive
110Argumentxxxxxxx_xxxxxxxpredictive
111Argumentxxxxxpredictive
112Argumentxxxpredictive
113Argumentxxxxpredictive
114Argumentxxxxxxxxxxxpredictive
115Argumentxxx/xxxxxxxxpredictive
116Argumentxxxxxxxxxpredictive
117Argumentxxxxxxxxpredictive
118Argumentxxxxpredictive
119Argumentxxxx xxxx xx xxxxpredictive
120Argumentxxxxpredictive
121Argumentxxxxxxxx/xxxxxxxxpredictive
122Argumentxxxxxxxx/xxxxxxxxpredictive
123Argumentxxxxxxxx/xxxxxxxx/xxxxxxxxpredictive
124Input Value'xx''='predictive
125Input Value' xx 'x'='xpredictive
126Input Value-x%xxxxxxx%xxxxx%xxxxxxxx%xxx,x,x,x,xxxxxxxx()predictive
127Input Value-xx/xxx/xxpredictive
128Input Value/../predictive
129Input Value</xxxxxx><xx>xxx/* </xxxxxx><x xxxx=xxx.xxx>predictive
130Input Value<xxx>.predictive
131Input Valuex:/predictive
132Input Valuexxxxxxxxxxxx_xpredictive
133Input Valuexxxxxxxpredictive
134Input Value^xpredictive
135Network Portxxxxpredictive
136Network Portxxxxpredictive
137Network Portxxx/xxxx (xxxxxxxxxx)predictive
138Network Portxxx/xxx (xxxx)predictive
139Network Portxxx xxxxxx xxxxpredictive

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you need the next level of professionalism?

Upgrade your account now!