MQsTTang Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (83)

Idioma

en	46
ru	24
fr	12
pl	2

País

us	54
ru	12
tt	8

Actores

MQsTTang	4
RedLine Stealer	2
Cobalt Strike	2
TA551	1
Ursnif	1

Interesse

Tipo

Not Defined	28
Operating System	6
Forum Software	2
Server Management Software	2
Groupware Software	2

Fabricante

Not Defined	12
Microsoft	6
Pps.jussieu	2
LS Electric	2
Thomas R. Pasawicz	2

Produto

Devilz Clanportal	4
vBulletin	2
Pps.jussieu Polipo	2
LS Electric PLC	2
LS Electric XG5000	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	LS Electric PLC/XG5000 Encriptação fraca	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00144	0.04	CVE-2022-2758
3	Devilz Clanportal File Upload vulnerabilidade desconhecida	5.3	4.4	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.05362	0.07	CVE-2006-6338
4	Omron PLC CJ/PLC CS Fraca autenticação	6.8	6.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00133	0.04	CVE-2019-13533
5	Omron CX-Position Project File Excesso de tampão	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00099	0.00	CVE-2022-26417
6	Microsoft Windows Remote Procedure Call Runtime Remote Code Execution	9.8	8.9	$100k e mais	$5k-$25k	Unproven	Official Fix	0.01558	0.00	CVE-2022-26809
7	Microsoft Windows IKE Protocol Extension Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.01093	0.02	CVE-2022-34721
8	RoundCube Webmail Email Message rcube_string_replacer.php linkref_addindex Roteiro Cruzado de Sítios	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00612	0.00	CVE-2020-35730
9	IBOS OA Interview edit&op=status Injecção SQL	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00343	0.04	CVE-2023-3826
10	Dahua Smart Park Management direitos alargados	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02220	0.07	CVE-2023-3836
11	NxFilter user.jsp Falsificação de Pedido Cross Site	4.3	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00058	0.00	CVE-2023-3841
12	Devilz Clanportal Injecção SQL	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00684	0.08	CVE-2006-6339
13	Aspindir Aspee Ziyaretci Defteri giris.asp Injecção SQL	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00237	0.00	CVE-2006-6337
14	Creativeitem Atlas Business Directory Listing search Roteiro Cruzado de Sítios	3.5	3.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00046	0.13	CVE-2023-3756
15	FasterXML jackson-databind Java Negação de Serviço	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00218	0.00	CVE-2020-36518
16	FasterXML jackson-databind Deserialize Negação de Serviço	5.5	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00205	0.03	CVE-2022-42003
17	FasterXML jackson-databind Array BeanDeserializer._deserializeFromArray Negação de Serviço	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00214	0.04	CVE-2022-42004
18	GLPI htmlawed Module htmLawedTest.php direitos alargados	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.97405	0.04	CVE-2022-35914
19	FreeBSD System Call Privilege Escalation	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00119	0.02	CVE-2021-29628
20	Realtek rtl819x-SDK Web Interface direitos alargados	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00088	0.02	CVE-2022-29558

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	3.228.54.173	ec2-3-228-54-173.compute-1.amazonaws.com	MQsTTang	05/03/2024	verified	Médio
2	XX.XX.XXX.XXX		Xxxxxxxx	05/03/2024	verified	Alto
3	XX.XX.XXX.X		Xxxxxxxx	05/03/2024	verified	Alto
4	XXX.XXX.XX.XX		Xxxxxxxx	05/03/2024	verified	Alto

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1040	CAPEC-102	CWE-294, CWE-319	Authentication Bypass by Capture-replay	predictive	Alto
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
7	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
8	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Alto
9	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
10	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Alto
11	TXXXX.XXX	CAPEC-0	CWE-XXX	Xxxxxxxx Xxxxxx Xxxx	predictive	Alto
12	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
13	TXXXX	CAPEC-112	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto
14	TXXXX.XXX	CAPEC-59	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Alto
15	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/?r=recruit/resume/edit&op=status	predictive	Alto
2	File	/emap/devicePoint_addImgIco?hasSubsystem=true	predictive	Alto
3	File	/home/search	predictive	Médio
4	File	/usr/bin/at	predictive	Médio
5	File	/xxxxxx/xxxxxxxx/xxxxxxxx/xxxxxxxxxxxx.xxx	predictive	Alto
6	File	xxxxxxx/xxxxxxx.xxx	predictive	Alto
7	File	xxxxxxx.xxx	predictive	Médio
8	File	xxxxxx.x	predictive	Médio
9	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
10	File	xxxxx.xxx	predictive	Médio
11	File	xxxxxx/xxxxxxxxxx.x	predictive	Alto
12	File	xxxxx_xxxxxx_xxx.xxx	predictive	Alto
13	File	xxxxx_xxxxxx_xxxxxxxx.xxx	predictive	Alto
14	File	xxxxxxxxxx.xxx	predictive	Alto
15	File	xxxx.xxx	predictive	Médio
16	File	xxxxxx.xxx	predictive	Médio
17	Argument	xxxx	predictive	Baixo
18	Argument	xx	predictive	Baixo
19	Argument	xxxxxx	predictive	Baixo
20	Argument	xxxxxxxxx	predictive	Médio
21	Argument	xxxxxxxx	predictive	Médio
22	Argument	xxxxxx/xxxxxx_xxxxxx	predictive	Alto
23	Argument	xxxxxx_xxxxxx	predictive	Alto
24	Argument	xxxxxx	predictive	Baixo
25	Argument	xxx	predictive	Baixo
26	Argument	xxx	predictive	Baixo

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!