Koadic Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (14)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en8
zh6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn10
us2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike2
Koadic1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined6
Database Software2
Groupware Software2
Document Reader Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Microsoft4
Not Defined2
Ruijie2
Tenda2
Foxit2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

ThinkPHP2
Microsoft SQL Server2
Ruijie RG-BCR8602
Microsoft Exchange Server2
Tenda AC232

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Ruijie RG-BCR860 Network Diagnostic Page os command injection4.74.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.003480.15CVE-2023-3450
2Foxit PDF Reader exportXFAData Local Privilege Escalation5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.07CVE-2023-27363
3Tenda AC18 Authentication ngx_wdas.lua logincheck improper authentication8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.046450.03CVE-2020-24987
4ZyXEL NAS326/NAS540 HTTP Request os command injection9.89.6$5k-$25k$0-$5kHighOfficial Fix0.024270.04CVE-2023-27992
5Tenda AC23 Service Port 7329 ate command injection7.77.5$0-$5k$0-$5kProof-of-ConceptWorkaround0.001500.09CVE-2023-2649
6ZKTeco ZKTime hard-coded credentials6.96.8$0-$5k$0-$5kNot DefinedNot Defined0.001350.05CVE-2021-39434
7ThinkPHP System Environment Parameter index.php information disclosure3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.012610.00CVE-2022-25481
8Atlassian Confluence Server/Data Center Attachment information disclosure5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000710.03CVE-2023-22503
9Microsoft Exchange Server Privilege Escalation6.86.0$25k-$100k$0-$5kUnprovenOfficial Fix0.007110.00CVE-2021-26854
10Microsoft Exchange Server Privilege Escalation9.58.2$25k-$100k$0-$5kUnprovenOfficial Fix0.002540.00CVE-2021-26427
11Microsoft SQL Server access control7.36.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.009200.07CVE-2007-5090
12Linux Kernel vc4_gem.c vc4_get_bcl integer overflow6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2017-5576

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1157.245.92.178Koadic02/16/2024verifiedHigh
2XXX.XXX.XXX.XXXXxxxxx02/16/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1068CWE-264Execution with Unnecessary PrivilegespredictiveHigh
2TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
3TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (6)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/bin/atepredictiveMedium
2Filedrivers/gpu/drm/vc4/vc4_gem.cpredictiveHigh
3Filexxxxx.xxxpredictiveMedium
4Library/xxx/xxx/xxx/xxx_xxxxxxxxxx/xxx_xxxx.xxxpredictiveHigh
5ArgumentxxxxxxxxpredictiveMedium
6ArgumentxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!