APP84VN Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (80)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en44
zh36

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn70
us10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

APP84VN2
APT101
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined32
Application Server Software8
Mail Client Software4
Content Management System4
Router Operating System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined26
Apache14
Hgiga2
TRENDnet2
SAP2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache Tomcat6
ZCMS4
Hgiga MailSherlock2
Apache ActiveMQ2
TRENDnet IP Camera2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Netgate pfSense XML File config.xml restore_rrddata command injection5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.459280.01CVE-2023-27253
2Tildeslash Monit HTTP Basic Authentication cervlet.c _viewlog Persistent cross site scripting5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001790.00CVE-2019-11454
3Swagger UI URL information disclosure4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002650.04CVE-2018-25031
4Google gson writeReplace deserialization6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.002470.04CVE-2022-25647
5Microsoft Windows Print Spooler Service spoolsv.exe RpcAddPrinterDriverEx PrintNightmare access control8.88.7$25k-$100k$0-$5kHighOfficial Fix0.967350.04CVE-2021-34527
6Vobot Clock SSH Server hard-coded credentials9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.006590.00CVE-2018-6825
7Hgiga MailSherlock cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001170.00CVE-2023-24839
8GNUBOARD5 install_db.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.001550.03CVE-2020-18662
9Gin-Vue-Admin File Upload path traversal7.57.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001240.02CVE-2022-39345
10pfSense File Name browser.php cross site scripting4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.02CVE-2022-42247
11Microsoft Exchange Server unknown vulnerability5.44.9$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.001310.04CVE-2021-1730
12SalesForce Tableau Server SAML Remote Code Execution6.36.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002220.02CVE-2020-6939
13graphql-java GraphQL Query denial of service4.34.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002070.00CVE-2022-37734
14Apache Tomcat information disclosure5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003440.00CVE-2007-3385
15Apple Safari WebKit out-of-bounds write7.57.4$5k-$25k$0-$5kHighOfficial Fix0.005260.00CVE-2022-32893
16Kubernetes kubelet pprof information disclosure7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.556250.04CVE-2019-11248
17Camunda Modeler IPC Message writeFile state issue7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.008710.02CVE-2021-28154
18Cisco IOS XE Lua Interpreter memory corruption6.56.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2020-3423
19beego Route Lookup access control5.55.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002620.00CVE-2021-30080
20Cisco IOS XE SD-WAN vDaemon buffer overflow9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.021120.00CVE-2021-34727

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
127.102.66.105APP84VN04/20/2022verifiedHigh
2XX.XXX.XXX.XXXXxxxxxx04/20/2022verifiedHigh
3XXX.XXX.XX.XXXXxxxxxx04/20/2022verifiedHigh
4XXX.XXX.XXX.XXXxxxxxx04/20/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin.php?p=/User/indexpredictiveHigh
2File/anony/mjpg.cgipredictiveHigh
3File/debug/pprofpredictiveMedium
4File/mgmt/tm/util/bashpredictiveHigh
5File/xxxxxxx_xxxx.xxxpredictiveHigh
6Filexxxxx/?x=xxxx&x=xxxxx&x=xxxxxxxxxxpredictiveHigh
7Filexxxxxxx.xxxpredictiveMedium
8Filexxxxxx.xxxpredictiveMedium
9Filexxxxx/predictiveLow
10Filexxxx/xxxxxxx.xpredictiveHigh
11Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxx_xx.xxxpredictiveHigh
13Filexxx/xxx_xxxxx/xx_xxxxx.xpredictiveHigh
14Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHigh
15Filexxxxx_xxxxx.xxxpredictiveHigh
16Filexxxxx.xpredictiveLow
17Filexxxxxxx.xxxpredictiveMedium
18Filexxxx/xxx.xxx?xx=xxxxxxpredictiveHigh
19Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
20Argument-xpredictiveLow
21ArgumentxxxpredictiveLow
22ArgumentxxxxxxxxxxxxxxxpredictiveHigh
23ArgumentxxxpredictiveLow
24Argumentxxxxx_xxxxxxpredictiveMedium
25ArgumentxxxxpredictiveLow
26Input ValuexxxxxxpredictiveLow
27Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!