TA413 Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (63)

Lang

en	40
zh	24

Land

cn	44
us	16
gb	4

Skådespelare

TA413	3
Cobalt Strike	2

Intressera

Typ

Not Defined	14
Network Management Software	10
Content Management System	4
Firewall Software	4
Smartphone Operating System	4

Säljare

Not Defined	18
Cisco	6
Apple	4
Microsoft	4
Citrix	2

Produkt

PRTG Network Monitor	8
Apple iOS	4
Apple iPadOS	4
Cisco Wireless LAN Controller	2
Citrix ADC	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Fortinet FortiOS SSL VPN minneskorruption	8.7	8.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00261	0.05	CVE-2021-26109
2	Cisco Wireless LAN Controller CAPWAP informationsgivning	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00227	0.00	CVE-2018-0442
3	PRTG Network Monitor Screenshot informationsgivning	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00084	0.00	CVE-2021-27220
4	PRTG Network Monitor Web Console privilegier eskalering	6.7	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.53682	0.04	CVE-2018-9276
5	WordPress wp-db-backup.php kataloggenomgång	7.3	6.6	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.01009	0.02	CVE-2008-0194
6	WordPress wp_crop_image kataloggenomgång	5.9	5.8	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.95884	0.05	CVE-2019-8943
7	open-graph privilegier eskalering	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00260	0.03	CVE-2021-23419
8	Microsoft Windows Win32k Local Privilege Escalation	7.8	7.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00059	0.06	CVE-2024-20683
9	Oracle Database Java VM privilegier eskalering	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00182	0.03	CVE-2018-3004
10	Sierra Wireless AirLink LS300 privilegier eskalering	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00439	0.02	CVE-2018-10251
11	Apple iOS/iPadOS WebKit minneskorruption	6.3	6.0	$25k-$100k	$25k-$100k	High	Official Fix	0.00243	0.08	CVE-2022-22620
12	Apache APR-util apr-util apr_rmm.c apr_rmm_realloc Remote Code Execution	10.0	9.4	$25k-$100k	$0-$5k	Proof-of-Concept	Not Defined	0.10955	0.00	CVE-2009-2412
13	rails_multisite privilegier eskalering	7.4	7.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00104	0.00	CVE-2021-41263
14	RDoc Filename Privilege Escalation	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00065	0.06	CVE-2021-31799
15	Fortinet FortiOS/FortiProxy autod Daemon privilegier eskalering	8.3	8.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.02	CVE-2021-26110
16	Citrix ADC/Gateway/SD-WAN WANOP SAML Authentication privilegier eskalering	5.5	5.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00157	0.02	CVE-2021-22920
17	ManageEngine Desktop Central Notification Server privilegier eskalering	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00111	0.00	CVE-2021-28960
18	Palo Alto PAN-OS GlobalProtect Portal minneskorruption	9.8	9.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00234	0.04	CVE-2021-3064
19	Cisco IOS XE CAPWAP Packet minneskorruption	8.0	7.9	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00137	0.00	CVE-2021-34769
20	Fortinet FortiOS Two Factor Authentication svag autentisering	8.0	7.9	$0-$5k	$0-$5k	High	Official Fix	0.02923	0.00	CVE-2020-12812

Kampanjer (1)

These are the campaigns that can be associated with the actor:

FriarFox Browser Extension

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Kampanjer	Identified	Typ	Förtroende
1	115.126.6.47		TA413	FriarFox Browser Extension	31/05/2021	verified	Hög
2	XXX.XX.X.XX		Xxxxx	Xxxxxxxx Xxxxxxx Xxxxxxxxx	31/05/2021	verified	Hög
3	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxx.xxx	Xxxxx	Xxxxxxxx Xxxxxxx Xxxxxxxxx	31/05/2021	verified	Medium

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Hög
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Hög
3	TXXXX	CAPEC-242	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	Hög
4	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
5	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
6	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Hög
7	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
8	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
9	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/public/login.htm	predictive	Hög
2	File	/usr/bin/sonia	predictive	Hög
3	File	index.php	predictive	Medium
4	File	xxxxxxxxxx.xxx	predictive	Hög
5	File	xxxx/xxx_xxx.x	predictive	Hög
6	File	xxxxx.xxx	predictive	Medium
7	File	xxxxx.x	predictive	Låg
8	File	xxxxxxxxxxxxx.xxx	predictive	Hög
9	File	xxx xxxxxxx	predictive	Medium
10	File	xx-xx-xxxxxx.xxx	predictive	Hög
11	Library	xxxxxxxxxxx.xxx	predictive	Hög
12	Argument	xxxxxx	predictive	Låg
13	Argument	xxxxxxx	predictive	Låg
14	Argument	xxxx->xxxxxxx	predictive	Hög
15	Input Value	.xxx?/../../xxxx.xxx	predictive	Hög
16	Input Value	xxxxxxxx	predictive	Medium

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Do you need the next level of professionalism?

Upgrade your account now!