TA413 Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (63)

Idioma

en	40
zh	24

País

cn	44
us	20

Actores

TA413	3
Cobalt Strike	2

Interesse

Tipo

Not Defined	22
Network Management Software	8
Firewall Software	8
Cloud Software	4
Content Management System	4

Fabricante

Not Defined	18
Cisco	4
Fortinet	4
Palo Alto	4
Citrix	2

Produto

PRTG Network Monitor	6
Fortinet FortiOS	4
Palo Alto PAN-OS	4
MinIO	2
Cisco Wireless LAN Controller	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Fortinet FortiOS SSL VPN Excesso de tampão	8.7	8.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00261	0.05	CVE-2021-26109
2	Cisco Wireless LAN Controller CAPWAP Divulgação de Informação	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00227	0.00	CVE-2018-0442
3	PRTG Network Monitor Screenshot Divulgação de Informação	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00084	0.00	CVE-2021-27220
4	PRTG Network Monitor Web Console direitos alargados	6.7	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.53682	0.04	CVE-2018-9276
5	WordPress wp-db-backup.php Directório Traversal	7.3	6.6	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.01009	0.02	CVE-2008-0194
6	WordPress wp_crop_image Directório Traversal	5.9	5.8	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.95884	0.05	CVE-2019-8943
7	open-graph direitos alargados	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00260	0.03	CVE-2021-23419
8	Microsoft Windows Win32k Local Privilege Escalation	7.8	7.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00059	0.06	CVE-2024-20683
9	Oracle Database Java VM direitos alargados	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00182	0.03	CVE-2018-3004
10	Sierra Wireless AirLink LS300 direitos alargados	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00439	0.02	CVE-2018-10251
11	Apple iOS/iPadOS WebKit Excesso de tampão	6.3	6.0	$25k-$100k	$25k-$100k	High	Official Fix	0.00243	0.08	CVE-2022-22620
12	Apache APR-util apr-util apr_rmm.c apr_rmm_realloc Remote Code Execution	10.0	9.4	$25k-$100k	$0-$5k	Proof-of-Concept	Not Defined	0.10955	0.00	CVE-2009-2412
13	rails_multisite direitos alargados	7.4	7.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00104	0.00	CVE-2021-41263
14	RDoc Filename Privilege Escalation	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00065	0.06	CVE-2021-31799
15	Fortinet FortiOS/FortiProxy autod Daemon direitos alargados	8.3	8.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.02	CVE-2021-26110
16	Citrix ADC/Gateway/SD-WAN WANOP SAML Authentication direitos alargados	5.5	5.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00157	0.02	CVE-2021-22920
17	ManageEngine Desktop Central Notification Server direitos alargados	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00111	0.00	CVE-2021-28960
18	Palo Alto PAN-OS GlobalProtect Portal Excesso de tampão	9.8	9.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00234	0.04	CVE-2021-3064
19	Cisco IOS XE CAPWAP Packet Excesso de tampão	8.0	7.9	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00137	0.00	CVE-2021-34769
20	Fortinet FortiOS Two Factor Authentication Fraca autenticação	8.0	7.9	$0-$5k	$0-$5k	High	Official Fix	0.02923	0.00	CVE-2020-12812

Campanhas (1)

These are the campaigns that can be associated with the actor:

FriarFox Browser Extension

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Campanhas	Identified	Tipo	Aceitação
1	115.126.6.47		TA413	FriarFox Browser Extension	31/05/2021	verified	Alto
2	XXX.XX.X.XX		Xxxxx	Xxxxxxxx Xxxxxxx Xxxxxxxxx	31/05/2021	verified	Alto
3	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxx.xxx	Xxxxx	Xxxxxxxx Xxxxxxx Xxxxxxxxx	31/05/2021	verified	Médio

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
3	TXXXX	CAPEC-242	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	Alto
4	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
8	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
9	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/public/login.htm	predictive	Alto
2	File	/usr/bin/sonia	predictive	Alto
3	File	index.php	predictive	Médio
4	File	xxxxxxxxxx.xxx	predictive	Alto
5	File	xxxx/xxx_xxx.x	predictive	Alto
6	File	xxxxx.xxx	predictive	Médio
7	File	xxxxx.x	predictive	Baixo
8	File	xxxxxxxxxxxxx.xxx	predictive	Alto
9	File	xxx xxxxxxx	predictive	Médio
10	File	xx-xx-xxxxxx.xxx	predictive	Alto
11	Library	xxxxxxxxxxx.xxx	predictive	Alto
12	Argument	xxxxxx	predictive	Baixo
13	Argument	xxxxxxx	predictive	Baixo
14	Argument	xxxx->xxxxxxx	predictive	Alto
15	Input Value	.xxx?/../../xxxx.xxx	predictive	Alto
16	Input Value	xxxxxxxx	predictive	Médio

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you know our Splunk app?

Download it now for free!