Tortoiseshell Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (19)

Oś czasu

Język

en16
de2
pl2

Kraj

us20

Aktorzy

Tortoiseshell3
Cobalt Strike1

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined4
Web Server2
Web Browser2
Image Processing Software2
E-Commerce Management Software2

Sprzedawca

Not Defined4
Microsoft2
Google2
ADTRAN2
Ecommerce Online2

Produkt

Microsoft IIS2
Google Chrome2
ImageMagick2
ADTRAN Netvanta 70602
ADTRAN Netvanta 71002

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2Google Chrome Flash Player memory corruption9.99.5$100k i więcej$5k-$25kNot DefinedOfficial Fix0.006450.00CVE-2012-0724
3AWStats awstats.pl Path information disclosure5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001760.04CVE-2018-10245
4ADTRAN Netvanta 7060/Netvanta 7100 DNS Privilege Escalation6.56.3$0-$5k$0-$5kNot DefinedWorkaround0.028080.00CVE-2021-25681
5Apache HTTP Server HTTP/2 Request privilege escalation6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.006060.03CVE-2020-9490
6Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.11CVE-2017-0055
7ImageMagick heic.c ReadHEICImageByID information disclosure5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000560.06CVE-2020-10251
8SAP NetWeaver AS JAVA LM Configuration Wizard RECON weak authentication10.09.8$25k-$100k$0-$5kHighOfficial Fix0.975070.00CVE-2020-6287
9Media Library Assistant Plugin cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001150.00CVE-2020-11731
10media-library-assistant Plugin mla_gallery privilege escalation8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.010030.03CVE-2020-11928
11Wechat Broadcast Plugin Image.php directory traversal8.18.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.292410.02CVE-2018-16283
12Ecommerce Online Store Kit shop.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.037630.04CVE-2004-0300
13Microsoft Windows Remote Desktop/Terminal Services Web Connection weak authentication6.36.2$25k-$100k$0-$5kNot DefinedWorkaround0.000000.02
14F5 BIG-IP ASM pl_tree.php cross site scripting4.34.2$5k-$25k$0-$5kHighUnavailable0.002200.00CVE-2014-9342
15Sitecore IDE.aspx directory traversal4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001300.04CVE-2017-11440
16Coppermine Photo Gallery directory traversal4.23.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.013120.00CVE-2007-4976

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
164.235.39.45lasvegas-nv-datacenter.serverpoint.comTortoiseshell2021-06-01verifiedWysoki
2XX.XXX.XX.XXXxxxxxxxx-xx-xxxxxxxxxx.xxxxxxxxxxx.xxxXxxxxxxxxxxxx2021-06-01verifiedWysoki
3XXX.XXX.XX.XXXXxxxxxxxxxxxx2022-04-28verifiedWysoki
4XXX.XX.XXX.XXXXxxxxxxxxxxxx2022-04-28verifiedWysoki

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlasaLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CAPEC-126CWE-22Path TraversalpredictiveWysoki
2TXXXXCAPEC-10CWE-XXXxxxxxxx Xxxxxxxxxxxxxx Xx Xxxx Xxxxxx Xxxxx XxxxxxxxxxxpredictiveWysoki
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveWysoki
4TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveWysoki
5TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/uncpath/predictiveMedium
2Fileawstats.plpredictiveMedium
3Filexxxxxx\xxxx.xpredictiveWysoki
4Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveWysoki
5Filexxxxx.xxxpredictiveMedium
6Filexx_xxxx.xxxpredictiveMedium
7Filexxxxx/xxxxxxxxxxxx/xxxxxxx/xxx.xxxxpredictiveWysoki
8Filexxxx.xxxpredictiveMedium
9Argumentxxxxxxxxx/xxxxxxpredictiveWysoki
10ArgumentxxpredictiveNiski
11ArgumentxxxxxxxxxpredictiveMedium
12Argumentxxx_xxxxx/xxxx_xxxxx/xxxx_xxxxxpredictiveWysoki
13ArgumentxxxpredictiveNiski

Referencje (3)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Want to stay up to date on a daily basis?

Enable the mail alert feature now!