Tovkater Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (352)

Curso de tempo

Idioma

en184
es78
de30
fr20
it16

País

us304
ru28
ir6
gb4
es2

Actores

Tovkater6
RedLine Stealer1

Actividades

Interesse

Curso de tempo

Tipo

Not Defined134
Operating System38
Application Server Software30
Web Server20
Web Browser18

Fabricante

Not Defined80
IBM32
Microsoft26
Google16
Cisco16

Produto

IBM WebSphere Application Server26
Google Chrome10
Cisco ONS 1545410
Microsoft Windows8
Google Android6

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1Cisco ONS 15454 TCP Port Management direitos alargados7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002420.02CVE-2016-9211
2phpRank Return Code Fraca autenticação7.37.3$0-$5kCalculadoNot DefinedNot Defined0.011520.02CVE-2002-1952
3nginx direitos alargados6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.54CVE-2020-12440
4Zoho ManageEngine ManageEngine OpManager Group Chat direitos alargados6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000740.00CVE-2017-11561
5Zoho ManageEngine ManageEngine OpManager getmailserversettings Injecção SQL6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.003230.00CVE-2017-11559
6Cisco ONS 15454 Optical Transport Platform Negação de Serviço5.35.1$5k-$25kCalculadoNot DefinedOfficial Fix0.014920.00CVE-2004-1433
7Cisco ONS 15454 Optical Transport Platform Negação de Serviço5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.021850.00CVE-2004-1434
8Cisco ONS 15454 Optical Transport Platform Negação de Serviço5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.017870.00CVE-2004-1435
9Cisco ONS 15454 Optical Transport Platform User Account Negação de Serviço7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.015590.00CVE-2004-1436
10Cisco ONS direitos alargados7.56.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.012820.00CVE-2008-3818
11Cisco ONS 15454 Controller Card direitos alargados7.57.5$5k-$25k$0-$5kNot DefinedNot Defined0.001330.00CVE-2013-6703
12Google Android System direitos alargados7.06.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.003060.07CVE-2017-13209
13SalesAgility SuiteCRM Injecção SQL8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.003590.00CVE-2019-6506
14Sendmail Local Privilege Escalation5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000000.00
15Microsoft IIS GET Request access.cnf Path Divulgação de Informação5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.010150.03CVE-2002-1717
16Alcatel Speed Touch Home Port Negação de Serviço5.35.2$0-$5k$0-$5kNot DefinedWorkaround0.005100.00CVE-2002-0119
17Hosting Controller browse.asp Directório Traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.017080.00CVE-2002-0775
18Microsoft Site Server Fraca autenticação7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.081240.02CVE-2002-1769
19Pinboard Tasklist Roteiro Cruzado de Sítios4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001080.00CVE-2002-1900
20Google Android NVIDIA Video Driver Divulgação de Informação4.44.4$5k-$25k$5k-$25kNot DefinedNot Defined0.000790.03CVE-2016-8397

IOC - Indicator of Compromise (26)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
15.149.255.178Tovkater08/04/2022verifiedAlto
213.107.21.200Tovkater11/05/2022verifiedAlto
334.107.221.8282.221.107.34.bc.googleusercontent.comTovkater11/05/2022verifiedMédio
434.213.158.239ec2-34-213-158-239.us-west-2.compute.amazonaws.comTovkater11/05/2022verifiedMédio
534.214.44.170ec2-34-214-44-170.us-west-2.compute.amazonaws.comTovkater11/05/2022verifiedMédio
634.216.80.151ec2-34-216-80-151.us-west-2.compute.amazonaws.comTovkater11/05/2022verifiedMédio
7XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx11/05/2022verifiedMédio
8XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx11/05/2022verifiedMédio
9XX.XXX.XX.XXxx.xx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxx11/05/2022verifiedMédio
10XX.XXX.XXX.XXXxxx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxx11/05/2022verifiedMédio
11XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx11/05/2022verifiedMédio
12XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx11/05/2022verifiedMédio
13XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx11/05/2022verifiedMédio
14XX.XX.XXX.XXXxxx-xx-xx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx11/05/2022verifiedMédio
15XX.XX.XXX.XXxxx-xx-xx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx11/05/2022verifiedMédio
16XX.XX.XX.XXXxxx-xx-xx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx11/05/2022verifiedMédio
17XX.XX.XXX.Xxxxxxx-xx-xx-xxx-x.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxx11/05/2022verifiedAlto
18XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxx11/05/2022verifiedAlto
19XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxx11/05/2022verifiedAlto
20XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxx11/05/2022verifiedAlto
21XX.XX.XXX.XXXxxxxxx-xx-xx-xxx-xxx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxx11/05/2022verifiedAlto
22XX.XX.XXX.XXXxxxxxx-xx-xx-xxx-xxx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxx11/05/2022verifiedAlto
23XXX.XX.XXX.XXxxxxxxx12/04/2022verifiedAlto
24XXX.XX.XX.XXxxxxxxxx.xxxxxxxxx.xxxXxxxxxxx08/04/2022verifiedAlto
25XXX.XXX.XX.XXxxxxxxx12/04/2022verifiedAlto
26XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxxxxx11/05/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadesTipo de acessoTipoAceitação
1T1006CWE-22Path TraversalpredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CWE-94Argument InjectionpredictiveAlto
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
10TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
12TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
13TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
14TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
15TXXXX.XXXCWE-XXXXxxxxxxxpredictiveAlto
16TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
17TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveAlto
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
19TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (139)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/admin/predictiveBaixo
2File/admin/account/changepasswordpredictiveAlto
3File/admin/users.phppredictiveAlto
4File/api/json/admin/getmailserversettingspredictiveAlto
5File/artist.phppredictiveMédio
6File/bin/supredictiveBaixo
7File/data/system/users/0/settings_secure.xmlpredictiveAlto
8File/dev/mempredictiveMédio
9File/dev/urandompredictiveMédio
10File/etc/dtpredictiveBaixo
11File/etc/passwordpredictiveAlto
12File/show_group_members.phppredictiveAlto
13File/usr/etc/rpc.passwdpredictiveAlto
14File/v2/customerdb/operator.svc/apredictiveAlto
15File/WEB-INF/web.xmlpredictiveAlto
16File/_vti_pvt/access.cnfpredictiveAlto
17Filexxxxxxxx.xxxpredictiveMédio
18FilexxxxxxxxxxxxxxpredictiveAlto
19Filexxxxxxxxxxx.xxxpredictiveAlto
20Filexxxxxxxxxx.xxxpredictiveAlto
21Filexxxxxxx.xxxpredictiveMédio
22Filexxxxxxx.xxxpredictiveMédio
23Filexxxxxx.xxxxxxx.xxxpredictiveAlto
24Filexxxxxxx_xxx/xxxxxx_xxxxxx.xxxpredictiveAlto
25Filexxxxxx.xxxpredictiveMédio
26Filexxxxxxxxx.xxxxpredictiveAlto
27Filexxxxxxxxx.xxxxpredictiveAlto
28Filexxxxxx.xxxpredictiveMédio
29Filexxxxxx/x.xpredictiveMédio
30Filexxxxxxxxxx.xxxpredictiveAlto
31Filexxxxxx.xxxpredictiveMédio
32Filexxxxxx.xxxpredictiveMédio
33Filexxxxxxxxxxxxxxx.xxxpredictiveAlto
34Filexxxxx.xxxpredictiveMédio
35Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxxpredictiveAlto
36Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=xpredictiveAlto
37Filexxxxx.xxxxxxx/xxxxx.xxxxxxxxpredictiveAlto
38Filexxxxxx.xxxpredictiveMédio
39Filexxxxxxxx.xxxpredictiveMédio
40Filexxxxx.xxxxpredictiveMédio
41Filexxx/xxxxx/xxxxx.xxxx.xxxpredictiveAlto
42Filexxxxx.xxxpredictiveMédio
43Filexxxxxxx/xxxxxxx.xpredictiveAlto
44Filexxx.xxxxxx.xxxpredictiveAlto
45Filexxxxxxx.xxx/xxxxx.xxxpredictiveAlto
46Filexxxxxxx/xxx_xxxxxxxx.xxxpredictiveAlto
47FilexxxxxxxxpredictiveMédio
48Filexxxxx.xxxpredictiveMédio
49Filexxxxx.xxxxx.xxxpredictiveAlto
50Filexxxxx-xxxx.xpredictiveMédio
51Filexxxxxxx_xxx.xxxpredictiveAlto
52Filexxxxxxx.xxxpredictiveMédio
53Filexxxxxxxxxx.xxxpredictiveAlto
54Filexxxxxx.xxxpredictiveMédio
55Filexx.xxxpredictiveBaixo
56Filexxxxxx.xxxpredictiveMédio
57Filexxxxxx.xxxpredictiveMédio
58Filexxxxxxx.xxxpredictiveMédio
59Filexxxxxxxx.xxxpredictiveMédio
60Filexxxxxxxxx.xxxpredictiveAlto
61Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveAlto
62Filexxxxxxx.xxxpredictiveMédio
63Filexxxxx.xxxpredictiveMédio
64Filexxxxxx.xxxpredictiveMédio
65Filexxxxxxxxxxx.xxxpredictiveAlto
66Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveAlto
67Filexx-xxxxxxxx/xx-xxxxxxxxx.xxxpredictiveAlto
68Libraryxxxxxx.xxxpredictiveMédio
69Libraryxxxxxx.xxxpredictiveMédio
70Libraryxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
71Argument$xxxxxxxxxx/$xxxpredictiveAlto
72Argument-xpredictiveBaixo
73Argument-xpredictiveBaixo
74Argumentxxxxxxxx_xxxxpredictiveAlto
75Argumentxxxxxxxxx/xxxxxxxxxxxxxpredictiveAlto
76ArgumentxxxxxxpredictiveBaixo
77ArgumentxxxxxxxxxxxpredictiveMédio
78ArgumentxxxxxxxxpredictiveMédio
79ArgumentxxxxxxpredictiveBaixo
80Argumentxxx_xxpredictiveBaixo
81ArgumentxxxpredictiveBaixo
82Argumentxxxxx/xxxxxxxpredictiveAlto
83ArgumentxxxxxxxxpredictiveMédio
84ArgumentxxxxxxxxxxxxxxxpredictiveAlto
85ArgumentxxxxxxpredictiveBaixo
86ArgumentxxxxxxxxxxxxpredictiveMédio
87ArgumentxxxxxpredictiveBaixo
88ArgumentxxxxxxxxxpredictiveMédio
89ArgumentxxxxxxxxpredictiveMédio
90ArgumentxxxxxxxxpredictiveMédio
91Argumentxx_xxxxxxxxpredictiveMédio
92ArgumentxxxpredictiveBaixo
93ArgumentxxxxxxpredictiveBaixo
94ArgumentxxxxpredictiveBaixo
95ArgumentxxpredictiveBaixo
96Argumentxx_xxxxxxxxxpredictiveMédio
97ArgumentxxxxxxxxxpredictiveMédio
98Argumentxxxxx/xxpredictiveMédio
99Argumentxxxx xxx_xxxxxxxxpredictiveAlto
100Argumentxxxx/x-xxxxpredictiveMédio
101Argumentxxxx/xxxxxpredictiveMédio
102ArgumentxxxxxxxxxxpredictiveMédio
103Argumentxx-xxxxx-xxxpredictiveMédio
104ArgumentxxxxpredictiveBaixo
105ArgumentxxxxxxxxpredictiveMédio
106ArgumentxxxxpredictiveBaixo
107ArgumentxxxxxpredictiveBaixo
108ArgumentxxxxxxxxpredictiveMédio
109ArgumentxxxxxxxpredictiveBaixo
110Argumentxxxxxxx_xxxxxxxpredictiveAlto
111ArgumentxxxxxpredictiveBaixo
112ArgumentxxxpredictiveBaixo
113ArgumentxxxxpredictiveBaixo
114ArgumentxxxxxxxxxxxpredictiveMédio
115Argumentxxx/xxxxxxxxpredictiveMédio
116ArgumentxxxxxxxxxpredictiveMédio
117ArgumentxxxxxxxxpredictiveMédio
118ArgumentxxxxpredictiveBaixo
119Argumentxxxx xxxx xx xxxxpredictiveAlto
120ArgumentxxxxpredictiveBaixo
121Argumentxxxxxxxx/xxxxxxxxpredictiveAlto
122Argumentxxxxxxxx/xxxxxxxxpredictiveAlto
123Argumentxxxxxxxx/xxxxxxxx/xxxxxxxxpredictiveAlto
124Input Value'xx''='predictiveBaixo
125Input Value' xx 'x'='xpredictiveMédio
126Input Value-x%xxxxxxx%xxxxx%xxxxxxxx%xxx,x,x,x,xxxxxxxx()predictiveAlto
127Input Value-xx/xxx/xxpredictiveMédio
128Input Value/../predictiveBaixo
129Input Value</xxxxxx><xx>xxx/* </xxxxxx><x xxxx=xxx.xxx>predictiveAlto
130Input Value<xxx>.predictiveBaixo
131Input Valuex:/predictiveBaixo
132Input Valuexxxxxxxxxxxx_xpredictiveAlto
133Input ValuexxxxxxxpredictiveBaixo
134Input Value^xpredictiveBaixo
135Network PortxxxxpredictiveBaixo
136Network PortxxxxpredictiveBaixo
137Network Portxxx/xxxx (xxxxxxxxxx)predictiveAlto
138Network Portxxx/xxx (xxxx)predictiveAlto
139Network Portxxx xxxxxx xxxxpredictiveAlto

Referências (4)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Do you need the next level of professionalism?

Upgrade your account now!