Tonto Team 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (53)

时间轴

语言

en36
zh18

国家/地区

cn38
us16

演员

Cobalt Strike2
Sliver1
Tonto Team1

活动

利益

时间轴

类型

Groupware Software10
Firewall Software6
Content Management System4
Social Network Software4
Not Defined4

供应商

Microsoft12
Not Defined10
Facebook4
SmarterTools2
SAP2

产品

Microsoft Exchange Server10
Facebook WhatsApp4
Facebook WhatsApp Business4
WordPress2
Facebook WhatsApp for Portal2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1DaSchTour matomo-mediawiki-extension Username Piwik.hooks.php 跨网站脚本3.83.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000940.12CVE-2017-20175
2Apache HTTP Server server-status 信息公开5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.000000.06
3Juniper Junos JDHCPD 信息公开7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001030.00CVE-2020-1671
4SonicWall SSLVPN SMA100 SQL注入7.37.1$0-$5k$0-$5kFunctionalNot Defined0.026280.00CVE-2021-20016
5LangChain Configuration load_chain 目录遍历5.04.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.08CVE-2024-28088
6Cisco IOS XE Linux Shell 权限升级8.07.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.001640.02CVE-2020-3218
7Tmax Soft JEUS Web Application Server url.jsp 跨网站脚本4.34.1$0-$5k$0-$5kHighOfficial Fix0.000000.02
8Revive Adserver 信息公开5.65.6$0-$5k$0-$5kNot DefinedNot Defined0.001670.09CVE-2023-26756
9Microsoft Exchange Server Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.015020.03CVE-2022-23277
10Microsoft Exchange Server PowerShell ProxyNotShell Privilege Escalation7.77.3$5k-$25k$0-$5kHighOfficial Fix0.115060.03CVE-2022-41082
11Microsoft Exchange Server 信息公开9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.003330.04CVE-2023-21709
12OMICARD EDM 目录遍历6.46.3$0-$5k$0-$5kNot DefinedNot Defined0.001860.00CVE-2022-32963
13HPE System Management Homepage 权限升级6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2017-12547
14Aruba Networks ArubaOS-CX Switches Recovery Console 弱身份验证6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000600.04CVE-2022-23691
15Netgear Prosafe Switch /filesystem/ Script 拒绝服务5.35.0$5k-$25k$0-$5kProof-of-ConceptNot Defined0.967710.00CVE-2013-4776
16Microsoft Exchange Server Privilege Escalation8.07.3$5k-$25k$5k-$25kUnprovenOfficial Fix0.001110.04CVE-2023-28310
17Microsoft Windows win32k.sys 权限升级7.37.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.499000.04CVE-2014-4148
18Dreamer CMS File Upload 跨网站脚本4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000820.15CVE-2023-1746
19Netgate pfSense XML File config.xml restore_rrddata 权限升级5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.459280.01CVE-2023-27253
20Boa Webserver GET wapopen 目录遍历6.46.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.735400.09CVE-2017-9833

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
145.133.194.135Tonto Team2024-03-18verified
2XX.XX.XXX.XXXxxxx Xxxx2021-06-11verified

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2T1059CWE-94Argument Injectionpredictive
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCWE-XXXxx Xxxxxxxxxpredictive
9TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/cgi-bin/wapopenpredictive
2File/server-statuspredictive
3File/webmail/predictive
4Filexxxxxx.xxxpredictive
5Filexxxxxxx_xxxx.xxxx.xxx/xxxxxxx_xxxx.xxxpredictive
6Filexxxxxxxxxx/predictive
7Filexxx.xxpredictive
8Filexxxxx.xxxxx.xxxpredictive
9Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictive
10Filexxxxxxxxx/xx/xx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxpredictive
11Filexxx.xxxpredictive
12Filexxx/xxxxx.xxxpredictive
13Filexxx_xxxxxxxx.xxxpredictive
14Libraryxxxxxx.xxxpredictive
15Argument$_xxxxxx['xxxx_xxxx_xxxxx']predictive
16Argumentxxxxxxxxxxxxxxpredictive
17Argumentxxxxxxxxxxpredictive
18Argumentxxxpredictive
19Argumentxxxxpredictive
20Argumentxxxxxxxpredictive
21Argumentxxxxxxxxpredictive
22Input Value../..predictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Want to stay up to date on a daily basis?

Enable the mail alert feature now!