TA428 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (150)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en116
zh16
es6
ko4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us50
cn44
es2
gb2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

TA4287
KingMiner1
TA5051
Mirai1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined52
Web Server10
Operating System8
WordPress Plugin8
Router Operating System6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined62
Microsoft16
Google6
Samsung4
Oracle4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft IIS6
Microsoft Windows6
Redmine4
facebook-for-woocommerce Plugin4
Samsung Tizen4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.08CVE-2017-0055
3Sir GNUboard sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001120.00CVE-2014-2339
4Devilz Clanportal sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.006840.03CVE-2006-6339
5WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.00CVE-2017-5611
6Cisco ASA WebVPN Login Page logon.html cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001920.00CVE-2014-2120
7Microsoft Windows Registry Password information disclosure3.73.6$25k-$100k$0-$5kNot DefinedWorkaround0.000000.02
8Brocade Fabric OS CLI Local Privilege Escalation7.87.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2022-33182
9WordPress Password Reset wp-login.php mail password recovery6.15.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.028270.03CVE-2017-8295
10PHP Everywhere Plugin Shortcode Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001080.02CVE-2022-24663
11Microsoft Windows ICMP Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.028180.05CVE-2023-23415
12Microsoft Windows Win32k Local Privilege Escalation7.87.4$25k-$100k$0-$5kHighOfficial Fix0.001280.04CVE-2023-29336
13Google WebP libwebp heap-based overflow7.57.4$5k-$25k$0-$5kHighOfficial Fix0.680010.00CVE-2023-4863
14RARLabs WinRAR ZIP Archive Remote Code Execution6.36.0$0-$5k$0-$5kHighOfficial Fix0.338500.00CVE-2023-38831
15SourceCodester Doctors Appointment System login.php sql injection7.47.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.10CVE-2023-4219
16Microsoft Excel Remote Code Execution7.36.7$5k-$25k$0-$5kUnprovenOfficial Fix0.001130.00CVE-2023-33158
17Microsoft Visual Studio unknown vulnerability5.14.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000780.00CVE-2023-28299
18Microsoft Office Local Privilege Escalation7.06.4$0-$5k$0-$5kUnprovenOfficial Fix0.004110.00CVE-2023-33146
19Th3-822 Rapidleech zip.php zip_go cross site scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000630.09CVE-2021-4312
20Google Chrome Blink type confusion6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001310.00CVE-2022-3315

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.180.174.10TA42808/16/2022verifiedHigh
245.63.27.16245.63.27.162.vultrusercontent.comTA42808/16/2022verifiedHigh
3XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
4XX.XXX.XXX.XXXXxxxx08/16/2022verifiedHigh
5XX.XX.XXX.XXXxxx-xxxxxxxx.xxx.xxx.xxxXxxxx08/16/2022verifiedHigh
6XX.XXX.XXX.XXxxxxxxxxxx.xxXxxxx02/16/2024verifiedHigh
7XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
8XXX.XXX.XXX.XXXxxxxxxxxx.xxxxx.xxxXxxxx08/16/2022verifiedHigh
9XXX.XXX.XX.XXxxx-xxx-xx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxx02/16/2024verifiedHigh
10XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxx08/16/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-1CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
17TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (61)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/api/adduserspredictiveHigh
3File/debug/pprofpredictiveMedium
4File/forum/away.phppredictiveHigh
5File/uncpath/predictiveMedium
6Fileadclick.phppredictiveMedium
7Fileadmin.cgi?action=%spredictiveHigh
8Filexxxxxxxxxxx/xxxx/xxxxxxxxxx/xxxxxx.xxxpredictiveHigh
9Filexxxxx.xxxpredictiveMedium
10Filexxxxxxxx.xxxpredictiveMedium
11Filexxxxx/xxxxxxx.xxxpredictiveHigh
12Filexxxxxxx/xxxxxxx/xxx.xxxpredictiveHigh
13Filexxxxxx.xxxpredictiveMedium
14Filexxxxxxxxxxx/xxxxxx/xxx.xxxpredictiveHigh
15Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxx.xxxpredictiveMedium
17Filexxxx_xxx.xxxpredictiveMedium
18Filexxx/xxxxxx.xxxpredictiveHigh
19Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
20Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveHigh
21Filexxxxxxxxxxx/xx_xxxx.xpredictiveHigh
22Filexxx\xxxxxxx\xxxxxxxx\xxxxx.xxxxxxxxxxxxxxx.xxxpredictiveHigh
23Filexxxxx.xxxpredictiveMedium
24Filexxx_xxxxxx_xxxxxx.xxpredictiveHigh
25Filexxxxxx/xxxxxxxxxxx.xxx?xxxx=xx&x=xxxxxxxpredictiveHigh
26Filexxx/xxxxx_xxxx.xpredictiveHigh
27Filexxxxxx/xxxxxxxxxx.xxxpredictiveHigh
28Filexxxxxxxxxxxxxx/xxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxx.xxxxpredictiveHigh
29Filexxxxxxxx_xxxx.xxxpredictiveHigh
30Filexxxxxxx.xxx/xxxxx.xxxpredictiveHigh
31Filexxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxx.xxxpredictiveMedium
33Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
34Filexxx/xxx/xxx_xxxx/xxxx.xpredictiveHigh
35Filexxx/xxxxxxx.xpredictiveHigh
36Filexxxxxxxxxx.xxxpredictiveHigh
37Filexxxxxxxxxx.xxxxpredictiveHigh
38Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
39Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
40Filexx-xxxxx.xxxpredictiveMedium
41Libraryxxx-xx-xxx-xxxx-xxxx-xx-x-x.xxxpredictiveHigh
42Libraryxxx_xxxx.xxxpredictiveMedium
43Libraryxxxxxxxxxxxxxxx.xxxpredictiveHigh
44ArgumentxxxxxxxpredictiveLow
45ArgumentxxxxxxxxpredictiveMedium
46Argumentxxxxx_xxxxpredictiveMedium
47Argumentxxxxx_xxxx/xx_xxxxx_xxxxx_xx/xx_xxxxx_xxxxx_xxxxx_xxxx_xxxx/xxxxx_xxxxxxxxx_xxxx/xxxxxx_xxxxxx_xxxxxpredictiveHigh
48ArgumentxxxxxxxpredictiveLow
49ArgumentxxxxxxxxxxxxpredictiveMedium
50Argumentxxxx_xxxpredictiveMedium
51ArgumentxxxxpredictiveLow
52ArgumentxxxxpredictiveLow
53ArgumentxxpredictiveLow
54ArgumentxxxxxpredictiveLow
55Argumentxxxxxxx_xxxxpredictiveMedium
56ArgumentxxxxxxpredictiveLow
57ArgumentxxxxpredictiveLow
58ArgumentxxxxxxxxxpredictiveMedium
59Argumentxxxx->xxxxxxxpredictiveHigh
60Input Value..predictiveLow
61Input Value/../predictiveLow

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!