TA406 Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (59)

Lang

en	52
es	4
pt	2
de	2

Land

us	32
gb	6
ru	2
pt	2
de	2

Skådespelare

TA406	4
BumbleBee	3
Cobalt Strike	3
Ryuk	2
Meterpreter	2

Intressera

Typ

Not Defined	22
Operating System	8
Web Server	4
Content Management System	4
E-Commerce Management Software	2

Säljare

Not Defined	12
Microsoft	8
Linux	2
Atlassian	2
Genivia	2

Produkt

Microsoft Windows	6
libssh	2
Microsoft IIS	2
Linux Kernel	2
php-fusion	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Microsoft Windows SPNEGO Extended Negotiation Remote Code Execution	7.9	7.2	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00662	0.00	CVE-2022-37958
2	Secomea GateManager privilegier eskalering	5.9	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00054	0.04	CVE-2022-25782
3	Microsoft Windows Mark of the Web okänd sårbarhet	5.4	4.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00343	0.00	CVE-2022-41091
4	Synacor Zimbra Collaboration Suite sudo Configuration zmslapd privilegier eskalering	8.3	8.3	$0-$5k	$0-$5k	High	Official Fix	0.00114	0.04	CVE-2022-37393
5	vsftpd Service Port 6200 privilegier eskalering	8.5	8.4	$25k-$100k	$25k-$100k	Not Defined	Workaround	0.85861	0.25	CVE-2011-2523
6	Genivia gSOAP WS-Addressing Plugin minneskorruption	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03786	0.02	CVE-2020-13576
7	Citrix ADC/Gateway cross site scripting	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.07218	0.01	CVE-2023-24488
8	sitepress-multilingual-cms Plugin class-wp-installer.php förfalskning på begäran över webbplatsen	6.5	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00579	0.04	CVE-2020-10568
9	Kingsoft WPS Office Registry wpsupdater.exe privilegier eskalering	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00924	0.02	CVE-2022-24934
10	Microsoft Windows Scripting Language tävlingsvillkor	7.5	6.8	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00416	0.00	CVE-2022-41118
11	php-fusion downloads.php cross site scripting	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00159	0.00	CVE-2020-12708
12	Gallarific PHP Photo Gallery script gallery.php sql injektion	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00112	0.04	CVE-2011-0519
13	Gallery My Photo Gallery image.php sql injektion	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.02
14	Host Web Server phpinfo.php phpinfo informationsgivning	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Workaround	0.00000	0.04
15	ESMI PayPal Storefront products1h.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05468	0.00	CVE-2005-0936
16	Ecommerce Online Store Kit shop.php sql injektion	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03763	0.04	CVE-2004-0300
17	Simple Real Estate Portal System sql injektion	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00172	0.00	CVE-2022-28410
18	Microsoft Office Remote Code Execution	5.8	5.3	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00220	0.00	CVE-2022-29107
19	automad Dashboard cross site scripting	3.5	3.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00054	0.15	CVE-2022-1536
20	Encode httpx privilegier eskalering	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00109	0.00	CVE-2021-41945

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Identified	Typ	Förtroende
1	108.62.12.11		TA406	21/11/2021	verified	Hög
2	XXX.XXX.XXX.XXX		Xxxxx	21/11/2021	verified	Hög
3	XXX.XXX.XXX.X	xxxxxx-xx.xxxxxxxxxxx.xxx	Xxxxx	21/11/2021	verified	Hög
4	XXX.XXX.XX.XXX		Xxxxx	21/11/2021	verified	Hög
5	XXX.XXX.XXX.XXX		Xxxxx	21/11/2021	verified	Hög

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1		CAPEC-10	CWE-20, CWE-119, CWE-120, CWE-125, CWE-189, CWE-190, CWE-287, CWE-352, CWE-362, CWE-400, CWE-404, CWE-835, CWE-862, CWE-863	Unknown Vulnerability	predictive	Hög
2	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Hög
3	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxxxxx Xxxxxxxxx	predictive	Hög
4	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
7	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Hög
8	TXXXX.XXX	CAPEC-133	CWE-XXX	Xxxxxxxx	predictive	Hög
9	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
10	TXXXX.XXX	CAPEC-19	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/admin/admin_manage/delete	predictive	Hög
2	File	/my_photo_gallery/image.php	predictive	Hög
3	File	/reps/classes/Users.php?f=delete_agent	predictive	Hög
4	File	/s/	predictive	Låg
5	File	xxxxxxxxx.xxx	predictive	Hög
6	File	xx.xxx	predictive	Låg
7	File	xxxxxxxxx/xxxxxxxxx.xxx	predictive	Hög
8	File	xxxxxxx/xxx/xxxxxxxx/xx.x	predictive	Hög
9	File	xxxxxxx.xxx	predictive	Medium
10	File	xxx/xxxxxx.xxx	predictive	Hög
11	File	xxxxxxxx/xxxxx-xx-xxxxxxxxx.xxx	predictive	Hög
12	File	xxxxxxx.xxx	predictive	Medium
13	File	xxxxxxxxxx.xxx	predictive	Hög
14	File	xxxx.xxx	predictive	Medium
15	File	xxxx.xxx	predictive	Medium
16	File	xxxxxxxxxx.xxx	predictive	Hög
17	File	xxxxxxx	predictive	Låg
18	Argument	xxxxxxxx	predictive	Medium
19	Argument	xxx_xx	predictive	Låg
20	Argument	xxxxx.xxx/xxxxx.xxxxxx	predictive	Hög
21	Argument	xx	predictive	Låg
22	Argument	xxxxx	predictive	Låg
23	Argument	xxxxxx	predictive	Låg
24	Argument	xxx	predictive	Låg
25	Argument	xxxxx	predictive	Låg
26	Input Value	x xxxxx xxx xxxxxx xxxx,xxxx,xxxx,xxxx,xxxxxx(xxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxx)--	predictive	Hög
27	Input Value	xxxx</xxxxx><xxxxxx>xxxxx("xxxx")</xxxxxx><xxxxx>	predictive	Hög
28	Network Port	xxx/xxxx	predictive	Medium
29	Network Port	xxx/xxxxx	predictive	Medium

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!