Tranchulas 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (230)

时间轴

语言

en214
es14
de2

国家/地区

us52
gb18
es12
ru8
mm6

演员

Tranchulas1

活动

利益

时间轴

类型

Not Defined42
Router Operating System22
Firewall Software16
Smartphone Operating System14
Operating System14

供应商

Not Defined44
Cisco32
Apple16
Microsoft14
Apache12

产品

WordPress10
Cisco NX-OS10
Apple iOS10
NVIDIA Windows GPU Display Driver10
Cisco Firepower Threat Defense8

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Magento PageBuilder Template 权限升级8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.006690.02CVE-2019-8144
2Microsoft IIS 跨网站脚本5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.06CVE-2017-0055
3Apache HTTP Server HTTP Digest Authentication Challenge 弱身份验证8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.018150.03CVE-2018-1312
4WordPress Metadata 权限升级8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.015780.00CVE-2018-20148
5Juniper Junos jdhcpd 拒绝服务6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.002680.00CVE-2017-2301
6Subrion CMS 跨网站脚本5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000760.00CVE-2019-11406
7Apache HTTP Server mod_proxy_fcgi.c handle_headers 内存损坏5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.009530.03CVE-2014-3583
8Apple iOS WebKit 权限升级7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.061350.03CVE-2019-8506
9Microsoft IIS File Name Tilde 权限升级6.55.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.968170.04CVE-2005-4360
10Cisco Firepower Threat Defense Data Acquisition 权限升级7.97.9$5k-$25k$5k-$25kNot DefinedNot Defined0.001490.00CVE-2019-1669
11Zeescripts ZeeBuddy bannerclick.php SQL注入8.58.3$0-$5k计算HighUnavailable0.001670.00CVE-2008-3604
12PHP Scripts Mall PHP Multivendor Ecommerce my_wishlist.php 跨网站脚本5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.000750.00CVE-2017-17958
13Aj Square Ajauction subcat.php SQL注入7.37.3$0-$5k$0-$5kHighUnavailable0.008210.03CVE-2007-1298
14WordPress User Search REST Endpoint 信息公开4.44.3$5k-$25k$0-$5kNot DefinedNot Defined0.000890.08CVE-2023-5561
15Void Contact Form 7 Widget for Elementor Page Builder Plugin void_cf7_opt_in_user_data_track 跨网站请求伪造4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000630.00CVE-2022-47166
16janobe Online Ordering System SQL注入6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.001720.00CVE-2022-31356
17Adobe InDesign 内存损坏7.06.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000850.00CVE-2021-40727
18Ubiquiti EdgeMAX EdgeRouter Firmware Update 权限升级8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003150.00CVE-2021-22909
19Verbatim Keypad Secure USB Lockout 信息公开5.04.8$0-$5k$0-$5kNot DefinedNot Defined0.001000.00CVE-2022-28386
20Micro CMS Comments 跨网站脚本3.53.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.00

活动 (1)

These are the campaigns that can be associated with the actor:

  • Bitterbug

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
146.4.139.224static.224.139.4.46.clients.your-server.deTranchulasBitterbug2021-01-01verified
246.4.139.225static.225.139.4.46.clients.your-server.deTranchulasBitterbug2021-01-01verified
3XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxx2021-01-01verified
4XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxx2021-01-01verified
5XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxx2021-01-01verified
6XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxx2021-01-01verified
7XXX.XX.XXX.XXXXxxxxxxxxxXxxxxxxxx2021-01-01verified

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2T1059CWE-94Argument Injectionpredictive
3T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
4T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary Privilegespredictive
5TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
8TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictive
9TXXXXCWE-XXXxx Xxxxxxxxxpredictive
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
11TXXXXCWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictive
12TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
15TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictive
16TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
17TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive
19TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (74)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/cgi/loginDefaultUserpredictive
2File/contentshare/image/data/user/0/com.sony.dtv.photosharingplus/files/_BRAVPSS.TMP/LJYT0010.JPGpredictive
3File/etc/shadowpredictive
4File/ordering/admin/store/index.php?view=editpredictive
5File/proc/ioportspredictive
6File/uncpath/predictive
7File/webconsole/APIControllerpredictive
8File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictive
9FileAccountStatus.jsppredictive
10Filexxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxpredictive
11Filexxxxxxxxx/xxxxxxxxxxxxxpredictive
12Filexxx/xxxxx/xxxxxx.xxxpredictive
13Filexxxxxxxxxxx.xxxpredictive
14Filexxxxxx_xxxxx.xpredictive
15Filexxxxxx/xxx-xxxxx.xpredictive
16Filexxxx/xx-xxxx-xx/xx-xxxx-xx.xpredictive
17Filexxxxxx_xxxx.xpredictive
18Filexxxxxxx/xxx/xxxxx/xxx-xxxxx.xpredictive
19Filexxxxxxx/xxx/xxxxxxxx/xxx/xxx_xxx_xxx.xpredictive
20Filexxxxxxx/xxxxx/xxxxx/xxxxxxx.xpredictive
21Filexxxxxxxx.xxxpredictive
22Filexxxx/xxxx/xxxx/xxxx.xxxpredictive
23Filexxxxx/xxxx/xxxx.xxxpredictive
24Filexxxxxxx/xxxxx/xxx_xxxx.xpredictive
25Filexxxxx.xxxpredictive
26Filexxxx.xxxpredictive
27Filexxxxxx.xpredictive
28Filexxxxxxxxxxxxx.xxxpredictive
29Filexxx_xxxxx_xxxx.xpredictive
30Filexxxxxxxx.xpredictive
31Filexx_xxxxxxxx.xxxpredictive
32Filexxxxxxxx_xxxxxx.xxxpredictive
33Filexxx/xxxx/xx_xxxxxxxx.xpredictive
34Filexxx/xxxxxx/xxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictive
35Filexxxxxxxxx.xxxxx.xxxpredictive
36Filexxxxxxx.xxxpredictive
37Filexxxxx.xxxpredictive
38Filexxxxxpredictive
39Filexxxxxxxx.xxxpredictive
40Filexxxxxx.xxxpredictive
41Filexxxxxxxxxxxxxxxxx.xxxxpredictive
42Filexx/x.x.xx.xxxxxx/xxxxxxx/xx/xxxxx.xx.xxxxxxxxxpredictive
43Filexxxxxxxxxxxxxxx.xxxxpredictive
44Filexx-xxxxx/xxxxxxxx/xxxxx-xxxx-xxxxxx-xxxxxxxx.xxxpredictive
45File_xxxx/xx/xxxxxxxx/predictive
46File_xx_xxxxxpredictive
47Libraryxxxxxxxxxxxxxxxx.xxxpredictive
48Libraryxxxxxxxx.xxxpredictive
49Libraryxxx/xxx/xxxx/predictive
50Argumentxxxxpredictive
51Argumentxxxx_xxpredictive
52Argumentxxxpredictive
53Argumentxxxxxpredictive
54Argumentxxxpredictive
55Argumentxxxxpredictive
56Argumentxxxx_xxxxxxxpredictive
57Argumentxxpredictive
58Argumentxxxx/xxxxx/xxxxxpredictive
59Argumentxxxxxxx=xxxxxxxxxxxxxxpredictive
60Argumentxxxxxxxxpredictive
61Argumentxxxxxxxxpredictive
62Argumentxxpredictive
63Argumentxxxxpredictive
64Argumentxxxxxx[xxx][xxxx]predictive
65Argumentxxxxxxxxxpredictive
66Argumentxxxxxxxxpredictive
67Argumentxxxx->xxxxxxxpredictive
68Argumentx-xxxxxxxxx-xxxpredictive
69Input Value-x/xxxxxxxxxxpredictive
70Input Value::$xxxxx_xxxxxxxxxxpredictive
71Input Valuexxpredictive
72Network Portxxx/xx (xxx)predictive
73Network Portxxx/xxxxxpredictive
74Network Portxxx xxxxxx xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you want to use VulDB in your project?

Use the official API to access entries easily!