Prolific Puma Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (21)

Idioma

en	14
zh	6
es	2

País

cn	12
us	10

Actores

Prolific Puma	4
Cobalt Strike	1
Quasar RAT	1

Interesse

Tipo

Router Operating System	4
Not Defined	4
Customer Relationship Management System	2
Connectivity Software	2
Vehicle Software	2

Fabricante

Not Defined	6
D-Link	2
VNC	2
AdRem	2
Sitecore	2

Produto

D-Link DIR-645	2
VNC RealVNC	2
AdRem NetCrunch	2
Sitecore CRM	2
OpenSSH	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Digi ConnectPort X2e Python S50dropbear.sh direitos alargados	8.3	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00080	0.00	CVE-2020-12878
2	cURL tool_cb_wrt.c tool_cb_wrt Excesso de tampão	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.02	CVE-2023-52071
3	Oracle MySQL Enterprise Monitor Monitoring Remote Code Execution	9.6	9.4	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00205	0.04	CVE-2023-34034
4	Oracle MySQL Server cURL Negação de Serviço	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00492	0.00	CVE-2021-22926
5	Microsoft Exchange Server Privilege Escalation	8.0	7.3	$5k-$25k	$5k-$25k	Unproven	Official Fix	0.00111	0.04	CVE-2023-28310
6	Pivotal Spring Framework direitos alargados	9.8	9.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02444	0.00	CVE-2016-1000027
7	Weaver E-Office direitos alargados	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00073	0.04	CVE-2023-2523
8	Email Extension Plugin Template direitos alargados	7.7	7.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00118	0.00	CVE-2023-25765
9	AdRem NetCrunch Credential Manager direitos alargados	2.3	2.2	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00088	0.00	CVE-2019-14483
10	Sitecore CRM download.aspx Directório Traversal	4.6	4.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00350	0.00	CVE-2017-5966
11	VNC RealVNC Fraca autenticação	7.3	7.1	$0-$5k	$0-$5k	High	Workaround	0.97198	0.05	CVE-2006-2369
12	Yamaha Rtx1100 Management Interface Falsificação de Pedido Cross Site	6.3	6.0	$0-$5k	$0-$5k	High	Official Fix	0.00231	0.02	CVE-2008-0524
13	Tesla SolarCity Solar Monitoring Gateway Digi ConnectPort X2e Fraca autenticação	8.8	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00132	0.07	CVE-2020-9306
14	Juniper Junos Kernel Negação de Serviço	5.9	5.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02791	0.00	CVE-2018-0049
15	Alias Robotics MiR100/MiR200/MiR250/MiR500/MiR1000 Computational Graph Divulgação de Informação	9.1	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00340	0.00	CVE-2020-10271
16	OpenSSH Authentication Username Divulgação de Informação	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.10737	0.09	CVE-2016-6210
17	Boa Terminal direitos alargados	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02395	0.02	CVE-2009-4496
18	D-Link DIR-645 Authentication getcfg.php Divulgação de Informação	8.6	8.2	$5k-$25k	$0-$5k	High	Official Fix	0.00000	0.02
19	nginx SPDY Excesso de tampão	7.3	6.4	$0-$5k	$0-$5k	Unproven	Official Fix	0.03711	0.04	CVE-2014-0133
20	Data Format Extension XmlMapper XML External Entity	9.8	9.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00217	0.04	CVE-2016-3720

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	45.32.147.158	45.32.147.158.vultrusercontent.com	Prolific Puma	02/11/2023	verified	Alto
2	XX.XX.XXX.XX	xx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxx Xxxx	02/11/2023	verified	Alto
3	XX.X.XX.XX	xxxxxx.xxx.xxxxxxx	Xxxxxxxx Xxxx	02/11/2023	verified	Alto
4	XXX.XXX.X.XX	xxx.xxx.x.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxx Xxxx	02/11/2023	verified	Alto

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1068	CAPEC-19	CWE-284	Execution with Unnecessary Privileges	predictive	Alto
3	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Alto
4	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
6	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/etc/init.d/S50dropbear.sh	predictive	Alto
2	File	/getcfg.php	predictive	Médio
3	File	xxx/xxxx/xxxx.xxx?xxxxxx=xxxxxx_xxxxxx_xxxx	predictive	Alto
4	File	xxxxxxxx/xxxxx/xxxxxxxx.xxxx	predictive	Alto
5	File	xxx/xxxx_xx_xxx.x	predictive	Alto
6	Argument	xxxx	predictive	Baixo
7	Argument	xxxxxxxx	predictive	Médio
8	Argument	xxxxxxxx	predictive	Médio
9	Argument	xxxxxx_xxxxx	predictive	Médio
10	Input Value	xxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxx	predictive	Alto
11	Network Port	xxx xxxxxx xxxx	predictive	Alto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!