Taidoor Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (150)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en88
zh44
es8
ko4
pt2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn104
us28
kr12
pt2
th2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Taidoor15

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined54
Operating System12
Programming Language Software8
Content Management System8
Web Server6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined62
Linux6
Asus4
Microsoft4
Cisco4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel6
nginx4
Microsoft Windows4
OpenSSH4
WordPress4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Linksys WRT54G Web Server denial of service5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.02
2Python mailcap Module os command injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001410.00CVE-2015-20107
3Dell EMC Unity/UnityVSA/Unity XT Upgrade Readiness Utility cleartext storage1.91.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2021-21547
4Simple Machines Forum LogInOut.php code injection8.08.0$0-$5k$0-$5kNot DefinedOfficial Fix0.004890.00CVE-2016-5727
5Linux Kernel do_open_permission access control5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2009-3286
6Dell PowerProtect DD cross site scripting6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000630.02CVE-2023-44286
7Cisco Firepower Threat Defense Security Intelligence Feed access control4.84.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.001230.00CVE-2022-20730
8H2 Database Engine CLI information disclosure6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000420.02CVE-2022-45868
9nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.75CVE-2020-12440
10Google Chrome Media Subsample Calculation/Conversion integer coercion10.09.5$100k and more$0-$5kNot DefinedOfficial Fix0.008340.00CVE-2013-6637
11OAuth2 Proxy Domain Whitelist access control5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001290.00CVE-2021-21291
12PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.00CVE-2007-1287
13Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.02CVE-2007-1192
14DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.19CVE-2010-0966
15Razer Synapse RazerConfigNative.dll permission6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2017-11653
16Apache Tomcat HTTP/2 GOAWAY Frame resource management6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.863290.03CVE-2017-5650
17LibTIFF TIFFYCbCrtoRGB input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.024000.00CVE-2010-2595
18Memcached Proxy Mode buffer overflow6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.03CVE-2023-46852
19Poppler Splash.cc blitTransparent out-of-bounds7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.018450.00CVE-2019-10872
20Linux Kernel Driver memory.c use after free5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000730.00CVE-2022-3523

IOC - Indicator of Compromise (44)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
158.40.20.165Taidoor12/20/2020verifiedHigh
259.120.127.259-120-127-2.hinet-ip.hinet.netTaidoor04/06/2022verifiedHigh
360.248.56.18560-248-56-185.hinet-ip.hinet.netTaidoor04/06/2022verifiedHigh
460.248.216.19460-248-216-194.hinet-ip.hinet.netTaidoor12/20/2020verifiedHigh
560.249.219.8260-249-219-82.hinet-ip.hinet.netTaidoor12/20/2020verifiedHigh
660.250.39.7360-250-39-73.hinet-ip.hinet.netTaidoor12/20/2020verifiedHigh
761.218.233.5161-218-233-51.hinet-ip.hinet.netTaidoor12/20/2020verifiedHigh
861.222.190.10061-222-190-100.hinet-ip.hinet.netTaidoor12/20/2020verifiedHigh
961.222.205.180mail.tami.org.twTaidoor12/20/2020verifiedHigh
10XX.XX.XX.XXXxxxx.xx.xx.xx.xxx.xxxxxx.xxXxxxxxx12/20/2020verifiedHigh
11XX.XXX.XX.XXxx.xxx.xx.xx.xxxxxxxxxx.xxxXxxxxxx12/20/2020verifiedHigh
12XX.XX.XX.XXXXxxxxxx12/20/2020verifiedHigh
13XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxx-xx.xxxxxxxxxxx.xxxXxxxxxx12/20/2020verifiedHigh
14XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxxx.xxxx.xxxxxxx.xxxXxxxxxx04/06/2022verifiedHigh
15XX.XX.XXX.XXxxxx-xx-xx-xxx-xx.xxxx.xxx.xx.xxxXxxxxxx04/06/2022verifiedHigh
16XX.XX.XXX.XXXxxxx-xx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxxx.xxXxxxxxx12/20/2020verifiedHigh
17XXX.XXX.XX.XXXxxxxxx04/06/2022verifiedHigh
18XXX.XXX.XX.XXXXxxxxxx12/20/2020verifiedHigh
19XXX.XX.XXX.XXXXxxxxxx04/06/2022verifiedHigh
20XXX.XX.XX.XXXXxxxxxx04/06/2022verifiedHigh
21XXX.XX.XXX.XXXXxxxxxx04/06/2022verifiedHigh
22XXX.XXX.XXX.XXXXxxxxxx12/20/2020verifiedHigh
23XXX.XX.XXX.XXxxxx-xxx-xx.xxxxxxxx.xxxXxxxxxx12/20/2020verifiedHigh
24XXX.XXX.XXX.XXXXxxxxxx12/20/2020verifiedHigh
25XXX.XX.XXX.XXXxxxxxx12/20/2020verifiedHigh
26XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxXxxxxxx12/20/2020verifiedHigh
27XXX.XXX.XXX.XXXxxxxxx12/20/2020verifiedHigh
28XXX.XXX.XXX.XXXxxx-xxxxxx.xx.xxxxxxx.xxx.xxXxxxxxx12/20/2020verifiedHigh
29XXX.XXX.XXX.XXXXxxxxxx12/20/2020verifiedHigh
30XXX.XXX.XXX.XXXxxxxxxx.xxxxxxx.xx.xxXxxxxxx12/20/2020verifiedHigh
31XXX.XXX.XX.XXXXxxxxxx04/06/2022verifiedHigh
32XXX.XX.XXX.XXXXxxxxxx04/06/2022verifiedHigh
33XXX.XX.XX.XXxxxxxx.xxx.xxXxxxxxx12/20/2020verifiedHigh
34XXX.XX.XX.XXxxx-xxx-xx-xx.xxxxxxxxxxx.xxxXxxxxxx04/06/2022verifiedHigh
35XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxx-xx.xxxxx.xxxXxxxxxx04/06/2022verifiedHigh
36XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxx-xx.xxxxx.xxxXxxxxxx12/20/2020verifiedHigh
37XXX.XX.XXX.XXxxxxxx12/20/2020verifiedHigh
38XXX.XX.XX.XXXXxxxxxx12/20/2020verifiedHigh
39XXX.XX.XXX.XXXXxxxxxx04/06/2022verifiedHigh
40XXX.XX.XXX.XXXXxxxxxx04/06/2022verifiedHigh
41XXX.XXX.XXX.XXXxxxxxxxxxxx-xxx.xxx.xxxXxxxxxx12/20/2020verifiedHigh
42XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxx.xxxxxx.xxXxxxxxx04/06/2022verifiedHigh
43XXX.XXX.XXX.XXXxxxxxx12/20/2020verifiedHigh
44XXX.XX.XXX.XXxx-xxx-xx-xxx-xx-xxxx.xxxXxxxxxx04/06/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
5TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-466CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
15TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (60)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/adduserspredictiveHigh
2File/api/baskets/{name}predictiveHigh
3FileAuth/Manager.phppredictiveHigh
4Fileawstats.plpredictiveMedium
5Fileboard.phppredictiveMedium
6Fileconf.cpredictiveLow
7Filecrc32.cpredictiveLow
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
9FilexxxxxxxxpredictiveMedium
10Filexxxxx_xxxxxxx_xxxx.xxxxx.xxxpredictiveHigh
11Filexxxxxxxx.xxxpredictiveMedium
12Filexxxxx.xxxpredictiveMedium
13Filexxx-xxxxpredictiveMedium
14Filexxx/xxxxxx.xxxpredictiveHigh
15Filexxxxx.xxxpredictiveMedium
16Filexxxxxxxxxxxxx-xxxx.xx.xpredictiveHigh
17Filexxxxx.xxxpredictiveMedium
18Filexxxxxxxx.xxxpredictiveMedium
19Filexx/xxxxxx.xpredictiveMedium
20Filexxx_xxxxx.xxxpredictiveHigh
21Filexxx/xxx/xxx_xxxxxx.xpredictiveHigh
22Filexxxxx.xpredictiveLow
23Filexxxxx.xxxxpredictiveMedium
24Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
25Filexxxxxxxxxx.xxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
26Filexxxxxxxxxx.xxxpredictiveHigh
27Filexxxxxx/xxxxx/xxx.xpredictiveHigh
28Filexxxx/xxxxxxxpredictiveMedium
29Filexxxxxx.xxxpredictiveMedium
30Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
31Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxx/xxxxxx.xxpredictiveHigh
33Filexxxxxxx/xxxxxxxx.xpredictiveHigh
34Filexxxxx/xxxxxxxx.xpredictiveHigh
35Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
36Filexx-xxxxx/xxxx.xxxpredictiveHigh
37Filexxxxxx.xxxpredictiveMedium
38Libraryxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
39Libraryxxx/xx_xxx.xpredictiveMedium
40Libraryxxxxx.xxxpredictiveMedium
41LibraryxxxxpredictiveLow
42ArgumentxxxpredictiveLow
43Argumentxxxxxx_xxxxxxpredictiveHigh
44ArgumentxxxxxxxxpredictiveMedium
45Argumentxxxxxxxxxx_xxxxpredictiveHigh
46ArgumentxxxpredictiveLow
47ArgumentxxxxxxpredictiveLow
48Argumentxxxx_xxxxxxpredictiveMedium
49ArgumentxxpredictiveLow
50ArgumentxxxxpredictiveLow
51Argumentxxxx_xxpredictiveLow
52ArgumentxxxxxxpredictiveLow
53ArgumentxxxpredictiveLow
54ArgumentxxxxxpredictiveLow
55ArgumentxxxpredictiveLow
56Argumentxx_xxxxxxxpredictiveMedium
57ArgumentxxxpredictiveLow
58Argumentxxxxxx-xxx[x][xxxx_xxxx]predictiveHigh
59Input Value<xxx>%xxpredictiveMedium
60Pattern|xx xx xx|predictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!