TA416 Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (50)

Idioma

en	38
zh	8
es	2
fr	2

País

cn	38
us	4
fr	2

Actores

Mustang Panda	2
PingPull	1
Cobalt Strike	1
Sliver	1
PlugX	1

Interesse

Tipo

Not Defined	28
JavaScript Library	4
Operating System	4
File Transfer Software	4
Database Software	2

Fabricante

Not Defined	24
Dmxready	2
TIBCO	2
Array Networks	2
Microsoft	2

Produto

Next.js	4
Samba	4
Score Extension	2
Dmxready Site Chassis Manager	2
jeecg-boot	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Oracle Diagnostic Assistant Jsch/jQuery Roteiro Cruzado de Sítios	6.1	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00660	0.00	CVE-2015-9251
2	F-Secure Safe Browser Address Bar direitos alargados	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00078	0.00	CVE-2022-28873
3	Samba AD Domain Privilege Escalation	8.8	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00099	0.00	CVE-2020-25717
4	Dmxready Site Chassis Manager Roteiro Cruzado de Sítios	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00147	0.00	CVE-2004-2188
5	Axiomatic Bento4 mp42aac Negação de Serviço	4.5	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.00	CVE-2023-29575
6	Counter Box Plugin Falsificação de Pedido Cross Site	6.5	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00106	0.00	CVE-2022-2245
7	AVEVA Wonderware System Platform IPC Credentials direitos alargados	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00104	0.02	CVE-2019-6525
8	IBM Engineering Web UI Roteiro Cruzado de Sítios	4.4	4.4	$0-$5k	$5k-$25k	Not Defined	Not Defined	0.00050	0.04	CVE-2020-4857
9	SAP Business Connector Resource Settings Page Roteiro Cruzado de Sítios	3.6	3.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00043	0.02	CVE-2024-30215
10	pimcore Roteiro Cruzado de Sítios	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00056	0.00	CVE-2023-2630
11	Apache Struts direitos alargados	9.8	9.4	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.95739	0.07	CVE-2013-2135
12	AirTies Air 5343v2 top.html Roteiro Cruzado de Sítios	5.2	5.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00110	0.03	CVE-2018-17591
13	cpp-ethereum JSON-RPC miner_setEtherbase API direitos alargados	6.8	6.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01274	0.06	CVE-2017-12115
14	Microsoft Windows Active Directory Domain Services Privilege Escalation	8.8	8.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00246	0.05	CVE-2022-34691
15	Georg Ringer News Injecção SQL	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00157	0.00	CVE-2013-4748
16	Huawei HarmonyOS Security Module Negação de Serviço	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00097	0.00	CVE-2022-41582
17	MySQL Excesso de tampão	7.3	6.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00907	0.00	CVE-2001-1274
18	Adobe Connect Fraca autenticação	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00994	0.00	CVE-2018-12804
19	DedeCMS article_coonepage_rule.php Injecção SQL	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00207	0.04	CVE-2022-23337
20	topthink Framework Driver Class direitos alargados	6.6	6.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00306	0.03	CVE-2021-23592

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	45.154.14.235		TA416	12/03/2022	verified	Alto
2	XX.XX.XXX.XXX		Xxxxx	12/03/2022	verified	Alto
3	XX.XXX.XXX.XX	xx.xxx.xxx.xx.xxxxxx.xxxx.xxx	Xxxxx	12/03/2022	verified	Alto
4	XXX.XXX.XXX.XX		Xxxxx	12/03/2022	verified	Alto
5	XXX.XXX.XX.XXX	xxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxx	01/06/2021	verified	Alto

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CWE-21, CWE-22	Path Traversal	predictive	Alto
2	T1059	CWE-94	Argument Injection	predictive	Alto
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Alto
4	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
7	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Alto
8	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
9	TXXXX.XXX	CWE-XXX	Xxxxxxxxxxxx	predictive	Alto
10	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
11	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
12	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto
13	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/file/upload/1	predictive	Alto
2	File	/_error	predictive	Baixo
3	File	article_coonepage_rule.php	predictive	Alto
4	File	xxxx-xxx/xxxxxxx.x	predictive	Alto
5	File	xxxxxxxx/xxxxxxxxx	predictive	Alto
6	File	xxxx.xxxxxx.xx	predictive	Alto
7	File	xxxxx/_xxxxx.xx	predictive	Alto
8	File	xxx.xxxxxxxxx	predictive	Alto
9	File	xxxxxx/xxxxxxx/xxxxxx/xxxx_xxxx.xxx	predictive	Alto
10	File	xxxxxxxxxxxx.xxx	predictive	Alto
11	File	xxx.xxxx	predictive	Médio
12	File	xxx/xxxxxx/xxxxxxxx/xxxxxxxxx.xxx	predictive	Alto
13	Argument	${}	predictive	Baixo
14	Argument	xxxxxxxxxxx	predictive	Médio
15	Argument	xxxxxx	predictive	Baixo
16	Argument	xxx	predictive	Baixo
17	Argument	xxxxx	predictive	Baixo
18	Argument	xxxxxxxxxxxxxxxx	predictive	Alto
19	Argument	xxx	predictive	Baixo
20	Argument	xxxxxxxx	predictive	Médio
21	Network Port	xxxxx xxx-xxx	predictive	Alto

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!