Vicious Panda Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (118)

Язык

en	82
zh	20
de	8
es	4
fr	2

Страна

us	62
cn	26
vn	16
ru	4
tr	2

Акторы

Vicious Panda	7
Purple Fox	2
RedLine Stealer	2
Cobalt Strike	1
Ave Maria	1

Интерес

Тип

Not Defined	44
Programming Language Software	6
Operating System	4
Application Server Software	4
Web Server	4

Поставщик

Not Defined	38
Apache	6
Microsoft	6
IBM	4
FasterXML	4

Продукт

IBM WebSphere Application Server	4
phpMyAdmin	4
FasterXML jackson-databind	4
Apache Airflow	2
Aruba AOS-CX	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash раскрытие информации	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	Tiki Wiki CMS Groupware tiki-jsplugin.php эскалация привилегий	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03454	0.02	CVE-2010-4239
3	Tabit API раскрытие информации	4.5	4.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00150	0.00	CVE-2022-34776
4	Phplinkdirectory PHP Link Directory conf_users_edit.php неизвестная уязвимость	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00526	0.04	CVE-2011-0643
5	PHPWind goto.php Redirect	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00348	0.07	CVE-2015-4134
6	FasterXML jackson-databind Default Typing раскрытие информации	7.4	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00325	0.03	CVE-2019-12086
7	DZCP deV!L`z Clanportal config.php эскалация привилегий	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.70	CVE-2010-0966
8	UliCMS index.php межсайтовый скриптинг	5.7	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00630	0.04	CVE-2019-11398
9	D-Link DIR-865L register_send.php слабая аутентификация	7.5	7.1	$5k-$25k	$5k-$25k	Proof-of-Concept	Not Defined	0.00109	0.02	CVE-2013-3096
10	WebCalendar settings.php эскалация привилегий	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03093	0.00	CVE-2005-2717
11	Cisco ASR901 IPv4 Packet отказ в обслуживании	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.02249	0.02	CVE-2014-3293
12	Earl Miles Views Filters sql-инъекция	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00361	0.00	CVE-2011-4113
13	Microsoft IIS Frontpage Server Extensions shtml.dll Username раскрытие информации	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.15958	0.04	CVE-2000-0114
14	MikroTik RouterOS эскалация привилегий	7.4	7.2	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.05923	0.00	CVE-2019-3924
15	Google Chrome Downloads Remote Code Execution	7.5	7.4	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00497	0.07	CVE-2023-5857
16	DHIS 2 API Endpoint trackedEntityInstances sql-инъекция	7.7	7.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00087	0.00	CVE-2021-41187
17	DHIS2 Core Web API слабая аутентификация	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00060	0.00	CVE-2023-31139
18	ALPACA слабая аутентификация	5.6	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00110	0.22	CVE-2021-3618
19	Bomgar Remote Support Portal JavaStart.jar Applet обход каталога	9.1	9.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00195	0.03	CVE-2017-12815
20	Drupal File Download эскалация привилегий	5.0	5.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00049	0.04	CVE-2023-31250

Кампании (2)

These are the campaigns that can be associated with the actor:

COVID-19
Xxxxxxx Xxxxxxxx Xxxxxxxxxx

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Кампании	Identified	Тип	Уверенность
1	45.76.34.147	45.76.34.147.vultrusercontent.com	Vicious Panda	Russian Research Institutes	01.05.2022	verified	Высокий
2	95.179.156.97	95.179.156.97.vultr.com	Vicious Panda	COVID-19	10.02.2022	verified	Средний
3	XX.XXX.XXX.XX	xx.xxx.xxx.xx.xxxxx.xxx	Xxxxxxx Xxxxx	Xxxxx-xx	10.02.2022	verified	Средний
4	XX.XXX.XXX.X	xx.xxx.xxx.x.xxxxx.xxx	Xxxxxxx Xxxxx	Xxxxx-xx	10.02.2022	verified	Средний
5	XX.XXX.XXX.XX	xx.xxx.xxx.xx.xxxxx.xxx	Xxxxxxx Xxxxx	Xxxxx-xx	10.02.2022	verified	Средний
6	XXX.XX.XX.XXX	xxx-xxxxxxxxx.xxxxxxx.xxx	Xxxxxxx Xxxxx	Xxxxxxx Xxxxxxxx Xxxxxxxxxx	01.05.2022	verified	Высокий
7	XXX.XX.XXX.XXX	xx-xxx.xxxxxxx.xx	Xxxxxxx Xxxxx	Xxxxxxx Xxxxxxxx Xxxxxxxxxx	01.05.2022	verified	Высокий
8	XXX.XX.XXX.XXX	xxx.xx.xxx.xxx.xxxxxxxx.xxx	Xxxxxxx Xxxxx	Xxxxxxx Xxxxxxxx Xxxxxxxxxx	01.05.2022	verified	Высокий
9	XXX.XX.XXX.XXX		Xxxxxxx Xxxxx	Xxxxxxx Xxxxxxxx Xxxxxxxxxx	01.05.2022	verified	Высокий
10	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxx.xxx	Xxxxxxx Xxxxx	Xxxxx-xx	10.02.2022	verified	Средний

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Класс	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Высокий
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Высокий
3	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	Высокий
4	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
5	TXXXX.XXX	CAPEC-0	CWE-XXX	Xxx Xx Xxxx-xxxxx Xxxxxxxx	predictive	Высокий
6	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Высокий
7	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
8	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Высокий
9	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
10	TXXXX.XXX	CAPEC-0	CWE-XXX	Xxxxxxxx Xxxxxx Xxxx	predictive	Высокий
11	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
12	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxx Xxxxxx	predictive	Высокий

IOA - Indicator of Attack (64)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/api/trackedEntityInstances	predictive	Высокий
2	File	/cgi-bin/luci/api/diagnose	predictive	Высокий
3	File	/cgi-bin/mesh.cgi?page=upgrade	predictive	Высокий
4	File	/guest_auth/cfg/upLoadCfg.php	predictive	Высокий
5	File	/phppath/php	predictive	Средний
6	File	/uncpath/	predictive	Средний
7	File	/WEB-INF/web.xml	predictive	Высокий
8	File	abook_database.php	predictive	Высокий
9	File	xxxxxxx.xxx	predictive	Средний
10	File	xxxxx.xxx	predictive	Средний
11	File	xxxxx/xxxx_xxxxx_xxxx.xxx	predictive	Высокий
12	File	xxxxx/xxxxx.xxx	predictive	Высокий
13	File	xxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxx	predictive	Высокий
14	File	xxxx.xxx	predictive	Средний
15	File	xxxxxxxx.xxx	predictive	Средний
16	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Высокий
17	File	xx_xxxxxx.xxx	predictive	Высокий
18	File	xxxx_xxxx.xxxx	predictive	Высокий
19	File	xxxxxxxxxx.xxx	predictive	Высокий
20	File	xxxxx.xxx	predictive	Средний
21	File	xxx_xxxxxxx.xxx	predictive	Высокий
22	File	xxxx.xxx	predictive	Средний
23	File	xxxx_xxxxxxx.xxx.xxx	predictive	Высокий
24	File	xxxx/xxx-xxxxxxxx.xxx	predictive	Высокий
25	File	xxx/xxxxxx.xxx	predictive	Высокий
26	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	Высокий
27	File	xxxxx.xxx	predictive	Средний
28	File	xxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxx	predictive	Высокий
29	File	xxxxx.xxx?xxx=xxxx&xxx=xxxx_xxxxxxx	predictive	Высокий
30	File	xxxxxxxx/xxxx?xxxxxx=xx	predictive	Высокий
31	File	xxxxxxx.xxx	predictive	Средний
32	File	xxxxxx.x	predictive	Средний
33	File	xxxxxxxx_xxxx.xxx	predictive	Высокий
34	File	xxxx/xxx/xxx_xxxx.x	predictive	Высокий
35	File	xxxxxxxx.xxx	predictive	Средний
36	File	xxxxx.xxx	predictive	Средний
37	File	xxxx-xxxxxxxx.xxx	predictive	Высокий
38	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	Высокий
39	File	xx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxx	predictive	Высокий
40	Library	/_xxx_xxx/xxxxx.xxx	predictive	Высокий
41	Library	xxxxxxx/xxx/xxxxxx.xxx.xxx	predictive	Высокий
42	Argument	$_xxxxxx['xxxxx_xxxxxx']	predictive	Высокий
43	Argument	xxxxxxx_xx	predictive	Средний
44	Argument	xxxxxxxxxxxxxx[xxx][x][xxxxxxxx]	predictive	Высокий
45	Argument	xxxxxxxx	predictive	Средний
46	Argument	xxx	predictive	Низкий
47	Argument	xxx_xxxxxxx_xxx	predictive	Высокий
48	Argument	xxxx	predictive	Низкий
49	Argument	xxxxxxxx	predictive	Средний
50	Argument	xxxxx	predictive	Низкий
51	Argument	xx	predictive	Низкий
52	Argument	xx	predictive	Низкий
53	Argument	xx	predictive	Низкий
54	Argument	xxx	predictive	Низкий
55	Argument	xxxxxxxx	predictive	Средний
56	Argument	xxxx_xxxx	predictive	Средний
57	Argument	xx	predictive	Низкий
58	Argument	xxxxxxxx	predictive	Средний
59	Argument	xxxxxxxx	predictive	Средний
60	Argument	xxx	predictive	Низкий
61	Input Value	-x	predictive	Низкий
62	Pattern	\|xx xx xx xx xx xx xx xx\|	predictive	Высокий
63	Network Port	xxx/xx (xxx xxxxxxxx)	predictive	Высокий
64	Network Port	xxx/xxxxx	predictive	Средний

Ссылки (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!