Prolific Puma Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (21)

Lang

en	14
zh	6
es	2

Land

cn	18
us	2

Skådespelare

Prolific Puma	3
Cobalt Strike	1
Quasar RAT	1

Intressera

Typ

Not Defined	10
Jenkins Plugin	2
Network Utility Software	2
Vehicle Software	2
Router Operating System	2

Säljare

Not Defined	10
Tesla	2
Alias Robotics	2
VNC	2
Weaver	2

Produkt

Email Extension Plugin	2
cURL	2
Boa	2
Tesla SolarCity Solar Monitoring Gateway	2
Data Format Extension	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Digi ConnectPort X2e Python S50dropbear.sh privilegier eskalering	8.3	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00080	0.00	CVE-2020-12878
2	cURL tool_cb_wrt.c tool_cb_wrt minneskorruption	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.02	CVE-2023-52071
3	Oracle MySQL Enterprise Monitor Monitoring Remote Code Execution	9.6	9.4	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00205	0.04	CVE-2023-34034
4	Oracle MySQL Server cURL förnekande av tjänsten	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00492	0.00	CVE-2021-22926
5	Microsoft Exchange Server Privilege Escalation	8.0	7.3	$5k-$25k	$5k-$25k	Unproven	Official Fix	0.00111	0.04	CVE-2023-28310
6	Pivotal Spring Framework privilegier eskalering	9.8	9.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02444	0.00	CVE-2016-1000027
7	Weaver E-Office privilegier eskalering	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00073	0.14	CVE-2023-2523
8	Email Extension Plugin Template privilegier eskalering	7.7	7.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00118	0.00	CVE-2023-25765
9	AdRem NetCrunch Credential Manager privilegier eskalering	2.3	2.2	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00088	0.00	CVE-2019-14483
10	Sitecore CRM download.aspx kataloggenomgång	4.6	4.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00350	0.00	CVE-2017-5966
11	VNC RealVNC svag autentisering	7.3	7.1	$0-$5k	$0-$5k	High	Workaround	0.97198	0.05	CVE-2006-2369
12	Yamaha Rtx1100 Management Interface förfalskning på begäran över webbplatsen	6.3	6.0	$0-$5k	$0-$5k	High	Official Fix	0.00231	0.02	CVE-2008-0524
13	Tesla SolarCity Solar Monitoring Gateway Digi ConnectPort X2e svag autentisering	8.8	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00132	0.07	CVE-2020-9306
14	Juniper Junos Kernel förnekande av tjänsten	5.9	5.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02791	0.00	CVE-2018-0049
15	Alias Robotics MiR100/MiR200/MiR250/MiR500/MiR1000 Computational Graph informationsgivning	9.1	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00340	0.00	CVE-2020-10271
16	OpenSSH Authentication Username informationsgivning	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.10737	0.19	CVE-2016-6210
17	Boa Terminal privilegier eskalering	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02395	0.02	CVE-2009-4496
18	D-Link DIR-645 Authentication getcfg.php informationsgivning	8.6	8.2	$5k-$25k	$0-$5k	High	Official Fix	0.00000	0.02
19	nginx SPDY minneskorruption	7.3	6.4	$0-$5k	$0-$5k	Unproven	Official Fix	0.03711	0.04	CVE-2014-0133
20	Data Format Extension XmlMapper XML External Entity	9.8	9.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00217	0.04	CVE-2016-3720

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Identified	Typ	Förtroende
1	45.32.147.158	45.32.147.158.vultrusercontent.com	Prolific Puma	02/11/2023	verified	Hög
2	XX.XX.XXX.XX	xx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxx Xxxx	02/11/2023	verified	Hög
3	XX.X.XX.XX	xxxxxx.xxx.xxxxxxx	Xxxxxxxx Xxxx	02/11/2023	verified	Hög
4	XXX.XXX.X.XX	xxx.xxx.x.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxx Xxxx	02/11/2023	verified	Hög

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1		CAPEC-10	CWE-20, CWE-59, CWE-61, CWE-119, CWE-129, CWE-200, CWE-284, CWE-287, CWE-352, CWE-404, CWE-476, CWE-502, CWE-610, CWE-611, CWE-668, CWE-862, CWE-863	Unknown Vulnerability	predictive	Hög
2	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Hög
3	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
4	TXXXX.XXX	CAPEC-191	CWE-XXX, CWE-XXX, CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Hög
5	TXXXX	CAPEC-0	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
7	TXXXX.XXX	CAPEC-19	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/etc/init.d/S50dropbear.sh	predictive	Hög
2	File	/getcfg.php	predictive	Medium
3	File	xxx/xxxx/xxxx.xxx?xxxxxx=xxxxxx_xxxxxx_xxxx	predictive	Hög
4	File	xxxxxxxx/xxxxx/xxxxxxxx.xxxx	predictive	Hög
5	File	xxx/xxxx_xx_xxx.x	predictive	Hög
6	Argument	xxxx	predictive	Låg
7	Argument	xxxxxxxx	predictive	Medium
8	Argument	xxxxxxxx	predictive	Medium
9	Argument	xxxxxx_xxxxx	predictive	Medium
10	Input Value	xxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxx	predictive	Hög
11	Network Port	xxx xxxxxx xxxx	predictive	Hög

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Interested in the pricing of exploits?

See the underground prices here!