CryptoWire Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (19)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

zh	12
en	8

Country

cn	20

Actors

APT41	1
Conti	1
RecordBreaker	1
FIN7	1
Mirai	1

Activities

Interest

Timeline

Type

Not Defined	12
Cloud Software	2
Groupware Software	2
Operating System	2

Vendor

Not Defined	10
TOTOLINK	2
Shenzhen Youkate Industrial	2
Microsoft	2
Apple	2

Product

OPNsense	4
TOTOLINK A800R	2
TOTOLINK A810R	2
TOTOLINK A830R	2
TOTOLINK A950RG	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	OPNsense Access Control access control	6.4	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00051	0.00	CVE-2018-18958
2	Apple macOS Kernel state issue	5.4	5.3	$0-$5k	$0-$5k	High	Official Fix	0.00340	0.00	CVE-2023-38606
3	Shenzhen Youkate Industrial Facial Love Cloud Payment System Account SystemMng.ashx privileges management	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00063	0.04	CVE-2023-6099
4	EmpireCMS AdClass.php sql injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00172	0.04	CVE-2022-28585
5	Apache HTTP Server HTTP/2 Request request smuggling	6.4	6.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00606	0.00	CVE-2020-9490
6	Qualcomm Snapdragon Auto SIP sigcomp Message memory corruption	7.6	7.6	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.00188	0.00	CVE-2020-3639
7	OPNsense Login Page redirect	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00179	0.01	CVE-2020-23015
8	TOTOLINK A800R/A810R/A830R/A950RG/A3000RU/A3100R setWebWlanIdx command injection	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01702	0.00	CVE-2022-26208
9	Cisco RV340/RV345 Web-based Management Interface stack-based overflow	4.7	4.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00211	0.00	CVE-2022-20753
10	Wowza Streaming Engine Password File admin.password cleartext storage	3.3	3.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00042	0.00	CVE-2021-31539
11	Cisco IOS/IOS XE DHCP Relay input validation	9.8	9.7	$25k-$100k	$5k-$25k	High	Official Fix	0.05178	0.05	CVE-2017-12240
12	Freeware Advanced Audio Coder huff2.c huffcode memory corruption	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00051	0.00	CVE-2018-19890
13	Open Whisper Signal cross site scripting	5.2	5.2	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00186	0.00	CVE-2018-11101
14	phpBB Admin Control Panel file_exists input validation	5.9	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.77189	0.00	CVE-2018-19274
15	phpBB information disclosure	9.8	8.5	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00269	0.00	CVE-2008-1766
16	Microsoft Exchange Server Privilege Escalation	8.8	7.7	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.01258	0.00	CVE-2021-28482
17	Discuz! admin.php cross site scripting	3.6	3.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00054	0.06	CVE-2018-19464
18	Pulse Secure Pulse Connect Secure End User Portal custompage.cgi cross site scripting	3.6	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00054	0.00	CVE-2017-17947

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	194.156.98.51	vm1867589.stark-industries.solutions	CryptoWire		03/19/2024	verified	High

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	High
2	T1068	CAPEC-122	CWE-269, CWE-284	Execution with Unnecessary Privileges	predictive	High
3	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
4	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
6	TXXXX	CAPEC-37	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
7	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/SystemMng.ashx	predictive	High
2	File	AdClass.php	predictive	Medium
3	File	xxxxx.xxx	predictive	Medium
4	File	xxxx/xxxxx.xxxxxxxx	predictive	High
5	File	xxxxxxxxxx.xxx	predictive	High
6	File	xxxxxxx/xxxxx.x	predictive	High
7	Argument	xxxxxxxxxxxx	predictive	Medium
8	Argument	xxxxxx/xxxxxx/xxx	predictive	High
9	Argument	xxxxxxxx	predictive	Medium
10	Argument	xxx	predictive	Low
11	Argument	xxxxxxxxxx	predictive	Medium
12	Input Value	xx	predictive	Low

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!