Tonto Team Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (53)

Lang

en	36
zh	18

Land

cn	38
us	16

Skådespelare

Cobalt Strike	2
Sliver	1
Tonto Team	1

Intressera

Typ

Groupware Software	10
Not Defined	10
Content Management System	4
Solution Stack Software	2
File Transfer Software	2

Säljare

Not Defined	14
Microsoft	12
SAP	2
Ivanti	2
Revive	2

Produkt

Microsoft Exchange Server	10
SAP NetWeaver AS JAVA	2
vsftpd	2
Ivanti Pulse Connect Secure	2
Dreamer CMS	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	DaSchTour matomo-mediawiki-extension Username Piwik.hooks.php cross site scripting	3.8	3.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00094	0.00	CVE-2017-20175
2	Apache HTTP Server server-status informationsgivning	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Workaround	0.00000	0.00
3	Juniper Junos JDHCPD informationsgivning	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00103	0.00	CVE-2020-1671
4	SonicWall SSLVPN SMA100 sql injektion	7.3	7.3	$0-$5k	$0-$5k	High	Not Defined	0.02628	0.04	CVE-2021-20016
5	LangChain Configuration load_chain kataloggenomgång	5.0	4.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00045	0.08	CVE-2024-28088
6	Cisco IOS XE Linux Shell privilegier eskalering	8.0	7.7	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00164	0.02	CVE-2020-3218
7	Tmax Soft JEUS Web Application Server url.jsp cross site scripting	4.3	4.1	$0-$5k	$0-$5k	High	Official Fix	0.00000	0.02
8	Revive Adserver informationsgivning	5.6	5.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00151	0.29	CVE-2023-26756
9	Microsoft Exchange Server Privilege Escalation	8.8	8.1	$25k-$100k	$0-$5k	Unproven	Official Fix	0.01502	0.03	CVE-2022-23277
10	Microsoft Exchange Server PowerShell ProxyNotShell Privilege Escalation	7.7	7.3	$5k-$25k	$0-$5k	High	Official Fix	0.10698	0.03	CVE-2022-41082
11	Microsoft Exchange Server informationsgivning	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00333	0.04	CVE-2023-21709
12	OMICARD EDM kataloggenomgång	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00186	0.00	CVE-2022-32963
13	HPE System Management Homepage privilegier eskalering	6.5	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.04	CVE-2017-12547
14	Aruba Networks ArubaOS-CX Switches Recovery Console svag autentisering	6.5	6.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00060	0.04	CVE-2022-23691
15	Netgear Prosafe Switch /filesystem/ Script förnekande av tjänsten	5.3	5.0	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.96771	0.00	CVE-2013-4776
16	Microsoft Exchange Server Privilege Escalation	8.0	7.3	$5k-$25k	$5k-$25k	Unproven	Official Fix	0.00111	0.04	CVE-2023-28310
17	Microsoft Windows win32k.sys privilegier eskalering	7.3	7.0	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.49900	0.04	CVE-2014-4148
18	Dreamer CMS File Upload cross site scripting	4.1	4.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00082	0.05	CVE-2023-1746
19	Netgate pfSense XML File config.xml restore_rrddata privilegier eskalering	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.45928	0.01	CVE-2023-27253
20	Boa Webserver GET wapopen kataloggenomgång	6.4	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.73540	0.05	CVE-2017-9833

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Kampanjer	Identified	Typ	Förtroende
1	45.133.194.135		Tonto Team		18/03/2024	verified	Hög
2	XX.XX.XXX.XX		Xxxxx Xxxx		11/06/2021	verified	Hög

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Hög
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Hög
3	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
4	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
5	TXXXX.XXX	CAPEC-16	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
7	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Hög
8	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
9	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/cgi-bin/wapopen	predictive	Hög
2	File	/server-status	predictive	Hög
3	File	/webmail/	predictive	Medium
4	File	xxxxxx.xxx	predictive	Medium
5	File	xxxxxxx_xxxx.xxxx.xxx/xxxxxxx_xxxx.xxx	predictive	Hög
6	File	xxxxxxxxxx/	predictive	Medium
7	File	xxx.xx	predictive	Låg
8	File	xxxxx.xxxxx.xxx	predictive	Hög
9	File	xxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxx	predictive	Hög
10	File	xxxxxxxxx/xx/xx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx	predictive	Hög
11	File	xxx.xxx	predictive	Låg
12	File	xxx/xxxxx.xxx	predictive	Hög
13	File	xxx_xxxxxxxx.xxx	predictive	Hög
14	Library	xxxxxx.xxx	predictive	Medium
15	Argument	$_xxxxxx['xxxx_xxxx_xxxxx']	predictive	Hög
16	Argument	xxxxxxxxxxxxxx	predictive	Hög
17	Argument	xxxxxxxxxx	predictive	Medium
18	Argument	xxx	predictive	Låg
19	Argument	xxxx	predictive	Låg
20	Argument	xxxxxxx	predictive	Låg
21	Argument	xxxxxxxx	predictive	Medium
22	Input Value	../..	predictive	Låg

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Interested in the pricing of exploits?

See the underground prices here!