Tonto Team Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (53)

Język

en	38
zh	16

Kraj

cn	38
us	16

Aktorzy

Cobalt Strike	2
Sliver	1
Tonto Team	1

Wysiłek

Rodzaj

Groupware Software	14
Firewall Software	6
Not Defined	6
Router Operating System	4
Content Management System	4

Sprzedawca

Microsoft	18
Not Defined	12
SAP	2
Netgate	2
Cisco	2

Produkt

Microsoft Exchange Server	14
SAP NetWeaver AS JAVA	2
Microsoft Office	2
Netgate pfSense	2
Cisco IOS XE	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	DaSchTour matomo-mediawiki-extension Username Piwik.hooks.php cross site scripting	3.8	3.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00094	0.06	CVE-2017-20175
2	Apache HTTP Server server-status information disclosure	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Workaround	0.00000	0.00
3	Juniper Junos JDHCPD information disclosure	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00103	0.00	CVE-2020-1671
4	SonicWall SSLVPN SMA100 sql injection	7.3	7.1	$0-$5k	$0-$5k	Functional	Not Defined	0.02628	0.00	CVE-2021-20016
5	LangChain Configuration load_chain directory traversal	5.0	4.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00045	0.08	CVE-2024-28088
6	Cisco IOS XE Linux Shell privilege escalation	8.0	7.7	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00164	0.02	CVE-2020-3218
7	Tmax Soft JEUS Web Application Server url.jsp cross site scripting	4.3	4.1	$0-$5k	$0-$5k	High	Official Fix	0.00000	0.02
8	Revive Adserver information disclosure	5.6	5.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00100	0.00	CVE-2023-26756
9	Microsoft Exchange Server Privilege Escalation	8.8	8.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.01502	0.03	CVE-2022-23277
10	Microsoft Exchange Server PowerShell ProxyNotShell Privilege Escalation	7.7	7.3	$5k-$25k	$0-$5k	High	Official Fix	0.11506	0.03	CVE-2022-41082
11	Microsoft Exchange Server information disclosure	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00333	0.04	CVE-2023-21709
12	OMICARD EDM directory traversal	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00186	0.00	CVE-2022-32963
13	HPE System Management Homepage privilege escalation	6.5	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2017-12547
14	Aruba Networks ArubaOS-CX Switches Recovery Console weak authentication	6.5	6.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00060	0.04	CVE-2022-23691
15	Netgear Prosafe Switch /filesystem/ Script denial of service	5.3	5.0	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.96771	0.02	CVE-2013-4776
16	Microsoft Exchange Server Privilege Escalation	8.0	7.3	$5k-$25k	$5k-$25k	Unproven	Official Fix	0.00095	0.04	CVE-2023-28310
17	Microsoft Windows win32k.sys privilege escalation	7.3	7.0	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.49900	0.04	CVE-2014-4148
18	Dreamer CMS File Upload cross site scripting	4.1	4.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00082	0.06	CVE-2023-1746
19	Netgate pfSense XML File config.xml restore_rrddata privilege escalation	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.45928	0.01	CVE-2023-27253
20	Boa Webserver GET wapopen directory traversal	6.4	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.73540	0.09	CVE-2017-9833

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Kampanie	Identified	Rodzaj	Pewność siebie
1	45.133.194.135		Tonto Team		2024-03-18	verified	Wysoki
2	XX.XX.XXX.XX		Xxxxx Xxxx		2021-06-11	verified	Wysoki

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1006	CWE-22	Path Traversal	predictive	Wysoki
2	T1059	CWE-94	Argument Injection	predictive	Wysoki
3	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Wysoki
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
5	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Wysoki
6	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Wysoki
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Wysoki
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
9	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/cgi-bin/wapopen	predictive	Wysoki
2	File	/server-status	predictive	Wysoki
3	File	/webmail/	predictive	Medium
4	File	xxxxxx.xxx	predictive	Medium
5	File	xxxxxxx_xxxx.xxxx.xxx/xxxxxxx_xxxx.xxx	predictive	Wysoki
6	File	xxxxxxxxxx/	predictive	Medium
7	File	xxx.xx	predictive	Niski
8	File	xxxxx.xxxxx.xxx	predictive	Wysoki
9	File	xxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxx	predictive	Wysoki
10	File	xxxxxxxxx/xx/xx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx	predictive	Wysoki
11	File	xxx.xxx	predictive	Niski
12	File	xxx/xxxxx.xxx	predictive	Wysoki
13	File	xxx_xxxxxxxx.xxx	predictive	Wysoki
14	Library	xxxxxx.xxx	predictive	Medium
15	Argument	$_xxxxxx['xxxx_xxxx_xxxxx']	predictive	Wysoki
16	Argument	xxxxxxxxxxxxxx	predictive	Wysoki
17	Argument	xxxxxxxxxx	predictive	Medium
18	Argument	xxx	predictive	Niski
19	Argument	xxxx	predictive	Niski
20	Argument	xxxxxxx	predictive	Niski
21	Argument	xxxxxxxx	predictive	Medium
22	Input Value	../..	predictive	Niski

Referencje (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Do you need the next level of professionalism?

Upgrade your account now!