Prolific Puma Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (21)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	14
zh	6
es	2

Country

cn	16
us	4

Actors

Prolific Puma	4
Cobalt Strike	1
Quasar RAT	1

Activities

Interest

Timeline

Type

Not Defined	10
Database Software	4
Router Operating System	2
Vehicle Software	2
Jenkins Plugin	2

Vendor

Not Defined	4
Oracle	4
Weaver	2
AdRem	2
Juniper	2

Product

Weaver E-Office	2
AdRem NetCrunch	2
Juniper Junos	2
Digi ConnectPort X2e	2
Data Format Extension	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Digi ConnectPort X2e Python S50dropbear.sh symlink	8.3	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00080	0.00	CVE-2020-12878
2	cURL tool_cb_wrt.c tool_cb_wrt array index	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.05	CVE-2023-52071
3	Oracle MySQL Enterprise Monitor Monitoring Remote Code Execution	9.6	9.4	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00205	0.00	CVE-2023-34034
4	Oracle MySQL Server cURL denial of service	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00492	0.03	CVE-2021-22926
5	Microsoft Exchange Server Privilege Escalation	8.0	7.3	$5k-$25k	$5k-$25k	Unproven	Official Fix	0.00111	0.05	CVE-2023-28310
6	Pivotal Spring Framework deserialization	9.8	9.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02444	0.00	CVE-2016-1000027
7	Weaver E-Office unrestricted upload	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00104	0.04	CVE-2023-2523
8	Email Extension Plugin Template access control	7.7	7.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00118	0.00	CVE-2023-25765
9	AdRem NetCrunch Credential Manager credentials storage	2.3	2.2	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00088	0.00	CVE-2019-14483
10	Sitecore CRM download.aspx path traversal	4.6	4.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00350	0.00	CVE-2017-5966
11	VNC RealVNC improper authentication	7.3	7.1	$0-$5k	$0-$5k	High	Workaround	0.97198	0.04	CVE-2006-2369
12	Yamaha Rtx1100 Management Interface cross-site request forgery	6.3	6.0	$0-$5k	$0-$5k	High	Official Fix	0.00231	0.02	CVE-2008-0524
13	Tesla SolarCity Solar Monitoring Gateway Digi ConnectPort X2e hard-coded credentials	8.8	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00132	0.07	CVE-2020-9306
14	Juniper Junos Kernel null pointer dereference	5.9	5.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02791	0.00	CVE-2018-0049
15	Alias Robotics MiR100/MiR200/MiR250/MiR500/MiR1000 Computational Graph exposure of resource	9.1	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00340	0.00	CVE-2020-10271
16	OpenSSH Authentication Username information disclosure	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.10737	0.26	CVE-2016-6210
17	Boa Terminal input validation	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02395	0.05	CVE-2009-4496
18	D-Link DIR-645 Authentication getcfg.php information disclosure	8.6	8.2	$5k-$25k	$0-$5k	High	Official Fix	0.00000	0.02
19	nginx SPDY memory corruption	7.3	6.4	$0-$5k	$0-$5k	Unproven	Official Fix	0.03711	0.06	CVE-2014-0133
20	Data Format Extension XmlMapper xml external entity reference	9.8	9.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00217	0.04	CVE-2016-3720

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	45.32.147.158	45.32.147.158.vultrusercontent.com	Prolific Puma	11/02/2023	verified	High
2	XX.XX.XXX.XX	xx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxx Xxxx	11/02/2023	verified	High
3	XX.X.XX.XX	xxxxxx.xxx.xxxxxxx	Xxxxxxxx Xxxx	11/02/2023	verified	High
4	XXX.XXX.X.XX	xxx.xxx.x.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxx Xxxx	11/02/2023	verified	High

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1068	CAPEC-19	CWE-284	Execution with Unnecessary Privileges	predictive	High
3	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	High
4	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
6	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/etc/init.d/S50dropbear.sh	predictive	High
2	File	/getcfg.php	predictive	Medium
3	File	xxx/xxxx/xxxx.xxx?xxxxxx=xxxxxx_xxxxxx_xxxx	predictive	High
4	File	xxxxxxxx/xxxxx/xxxxxxxx.xxxx	predictive	High
5	File	xxx/xxxx_xx_xxx.x	predictive	High
6	Argument	xxxx	predictive	Low
7	Argument	xxxxxxxx	predictive	Medium
8	Argument	xxxxxxxx	predictive	Medium
9	Argument	xxxxxx_xxxxx	predictive	Medium
10	Input Value	xxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxx	predictive	High
11	Network Port	xxx xxxxxx xxxx	predictive	High

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Might our Artificial Intelligence support you?

Check our Alexa App!