Tortoiseshell 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (19)

时间轴

语言

en16
fr2
de2

国家/地区

us16

演员

Tortoiseshell4
Cobalt Strike1
Cuba Ransomware1

活动

利益

时间轴

类型

Image Processing Software2
Not Defined2
Log Management Software2
E-Commerce Management Software2
Operating System2

供应商

Not Defined6
ADTRAN2
Ecommerce Online2
Microsoft2
Coppermine2

产品

ImageMagick2
ADTRAN Netvanta 70602
ADTRAN Netvanta 71002
AWStats2
Ecommerce Online Store Kit2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2Google Chrome Flash Player 内存损坏9.99.5$100k 以及更多$5k-$25kNot DefinedOfficial Fix0.006450.00CVE-2012-0724
3AWStats awstats.pl Path 信息公开5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001760.04CVE-2018-10245
4ADTRAN Netvanta 7060/Netvanta 7100 DNS Privilege Escalation6.56.3$0-$5k$0-$5kNot DefinedWorkaround0.028080.00CVE-2021-25681
5Apache HTTP Server HTTP/2 Request 权限升级6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.006060.04CVE-2020-9490
6Microsoft IIS 跨网站脚本5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.07CVE-2017-0055
7ImageMagick heic.c ReadHEICImageByID 信息公开5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000560.06CVE-2020-10251
8SAP NetWeaver AS JAVA LM Configuration Wizard RECON 弱身份验证10.09.5$100k 以及更多$0-$5kHighOfficial Fix0.975070.06CVE-2020-6287
9Media Library Assistant Plugin 跨网站脚本5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001150.00CVE-2020-11731
10media-library-assistant Plugin mla_gallery 权限升级8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.010030.00CVE-2020-11928
11Wechat Broadcast Plugin Image.php 目录遍历8.18.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.292410.02CVE-2018-16283
12Ecommerce Online Store Kit shop.php SQL注入9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.037630.03CVE-2004-0300
13Microsoft Windows Remote Desktop/Terminal Services Web Connection 弱身份验证6.36.2$25k-$100k$0-$5kNot DefinedWorkaround0.000000.02
14F5 BIG-IP ASM pl_tree.php 跨网站脚本4.34.2$5k-$25k$0-$5kHighUnavailable0.002200.00CVE-2014-9342
15Sitecore IDE.aspx 目录遍历4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001300.04CVE-2017-11440
16Coppermine Photo Gallery 目录遍历4.23.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.013120.00CVE-2007-4976

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
164.235.39.45lasvegas-nv-datacenter.serverpoint.comTortoiseshell2021-06-01verified
2XX.XXX.XX.XXXxxxxxxxx-xx-xxxxxxxxxx.xxxxxxxxxxx.xxxXxxxxxxxxxxxx2021-06-01verified
3XXX.XXX.XX.XXXXxxxxxxxxxxxx2022-04-28verified
4XXX.XX.XXX.XXXXxxxxxxxxxxxx2022-04-28verified

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2TXXXXCWE-XXXxxxxxxx Xxxxxxxxxxxxxx Xx Xxxx Xxxxxx Xxxxx Xxxxxxxxxxxpredictive
3TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCWE-XXXxx Xxxxxxxxxpredictive
5TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/uncpath/predictive
2Fileawstats.plpredictive
3Filexxxxxx\xxxx.xpredictive
4Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
5Filexxxxx.xxxpredictive
6Filexx_xxxx.xxxpredictive
7Filexxxxx/xxxxxxxxxxxx/xxxxxxx/xxx.xxxxpredictive
8Filexxxx.xxxpredictive
9Argumentxxxxxxxxx/xxxxxxpredictive
10Argumentxxpredictive
11Argumentxxxxxxxxxpredictive
12Argumentxxx_xxxxx/xxxx_xxxxx/xxxx_xxxxxpredictive
13Argumentxxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Might our Artificial Intelligence support you?

Check our Alexa App!