Tovkater Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (352)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en192
es76
fr26
it22
de16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us302
ru26
gb8
ir6
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Tovkater7
RedLine Stealer1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined144
Operating System36
Application Server Software22
Web Server16
Content Management System12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined74
Microsoft26
IBM22
Cisco20
Google16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

IBM WebSphere Application Server18
Cisco ONS 15454 Optical Transport Platform8
Google Chrome8
Cisco ONS 154548
FreeBSD8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Cisco ONS 15454 TCP Port Management input validation7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002420.02CVE-2016-9211
2phpRank Return Code improper authentication7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.011520.00CVE-2002-1952
3nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.60CVE-2020-12440
4Zoho ManageEngine ManageEngine OpManager Group Chat unrestricted upload6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000740.00CVE-2017-11561
5Zoho ManageEngine ManageEngine OpManager getmailserversettings sql injection6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.003230.00CVE-2017-11559
6Cisco ONS 15454 Optical Transport Platform denial of service5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.014920.00CVE-2004-1433
7Cisco ONS 15454 Optical Transport Platform denial of service5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.021850.00CVE-2004-1434
8Cisco ONS 15454 Optical Transport Platform denial of service5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.017870.00CVE-2004-1435
9Cisco ONS 15454 Optical Transport Platform User Account denial of service7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.015590.00CVE-2004-1436
10Cisco ONS input validation7.56.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.012820.00CVE-2008-3818
11Cisco ONS 15454 Controller Card input validation7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001330.00CVE-2013-6703
12Google Android System permission7.06.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.003060.07CVE-2017-13209
13SalesAgility SuiteCRM sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.003590.00CVE-2019-6506
14Sendmail Local Privilege Escalation5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000000.00
15Microsoft IIS GET Request access.cnf Path information disclosure5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.010150.03CVE-2002-1717
16Alcatel Speed Touch Home Port denial of service5.35.2$0-$5k$0-$5kNot DefinedWorkaround0.005100.00CVE-2002-0119
17Hosting Controller browse.asp path traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.017080.00CVE-2002-0775
18Microsoft Site Server hard-coded credentials7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.081240.00CVE-2002-1769
19Pinboard Tasklist cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001170.00CVE-2002-1900
20Google Android NVIDIA Video Driver information disclosure4.44.4$5k-$25k$5k-$25kNot DefinedNot Defined0.000790.03CVE-2016-8397

IOC - Indicator of Compromise (26)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.149.255.178Tovkater04/08/2022verifiedHigh
213.107.21.200Tovkater05/11/2022verifiedHigh
334.107.221.8282.221.107.34.bc.googleusercontent.comTovkater05/11/2022verifiedMedium
434.213.158.239ec2-34-213-158-239.us-west-2.compute.amazonaws.comTovkater05/11/2022verifiedMedium
534.214.44.170ec2-34-214-44-170.us-west-2.compute.amazonaws.comTovkater05/11/2022verifiedMedium
634.216.80.151ec2-34-216-80-151.us-west-2.compute.amazonaws.comTovkater05/11/2022verifiedMedium
7XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx05/11/2022verifiedMedium
8XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx05/11/2022verifiedMedium
9XX.XXX.XX.XXxx.xx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxx05/11/2022verifiedMedium
10XX.XXX.XXX.XXXxxx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxx05/11/2022verifiedMedium
11XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx05/11/2022verifiedMedium
12XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx05/11/2022verifiedMedium
13XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx05/11/2022verifiedMedium
14XX.XX.XXX.XXXxxx-xx-xx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx05/11/2022verifiedMedium
15XX.XX.XXX.XXxxx-xx-xx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx05/11/2022verifiedMedium
16XX.XX.XX.XXXxxx-xx-xx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxx05/11/2022verifiedMedium
17XX.XX.XXX.Xxxxxxx-xx-xx-xxx-x.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxx05/11/2022verifiedHigh
18XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxx05/11/2022verifiedHigh
19XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxx05/11/2022verifiedHigh
20XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxx05/11/2022verifiedHigh
21XX.XX.XXX.XXXxxxxxx-xx-xx-xxx-xxx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxx05/11/2022verifiedHigh
22XX.XX.XXX.XXXxxxxxx-xx-xx-xxx-xxx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxx05/11/2022verifiedHigh
23XXX.XX.XXX.XXxxxxxxx04/12/2022verifiedHigh
24XXX.XX.XX.XXxxxxxxxx.xxxxxxxxx.xxxXxxxxxxx04/08/2022verifiedHigh
25XXX.XXX.XX.XXxxxxxxx04/12/2022verifiedHigh
26XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxxxxx05/11/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (139)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/predictiveLow
2File/admin/account/changepasswordpredictiveHigh
3File/admin/users.phppredictiveHigh
4File/api/json/admin/getmailserversettingspredictiveHigh
5File/artist.phppredictiveMedium
6File/bin/supredictiveLow
7File/data/system/users/0/settings_secure.xmlpredictiveHigh
8File/dev/mempredictiveMedium
9File/dev/urandompredictiveMedium
10File/etc/dtpredictiveLow
11File/etc/passwordpredictiveHigh
12File/show_group_members.phppredictiveHigh
13File/usr/etc/rpc.passwdpredictiveHigh
14File/v2/customerdb/operator.svc/apredictiveHigh
15File/WEB-INF/web.xmlpredictiveHigh
16File/_vti_pvt/access.cnfpredictiveHigh
17Filexxxxxxxx.xxxpredictiveMedium
18FilexxxxxxxxxxxxxxpredictiveHigh
19Filexxxxxxxxxxx.xxxpredictiveHigh
20Filexxxxxxxxxx.xxxpredictiveHigh
21Filexxxxxxx.xxxpredictiveMedium
22Filexxxxxxx.xxxpredictiveMedium
23Filexxxxxx.xxxxxxx.xxxpredictiveHigh
24Filexxxxxxx_xxx/xxxxxx_xxxxxx.xxxpredictiveHigh
25Filexxxxxx.xxxpredictiveMedium
26Filexxxxxxxxx.xxxxpredictiveHigh
27Filexxxxxxxxx.xxxxpredictiveHigh
28Filexxxxxx.xxxpredictiveMedium
29Filexxxxxx/x.xpredictiveMedium
30Filexxxxxxxxxx.xxxpredictiveHigh
31Filexxxxxx.xxxpredictiveMedium
32Filexxxxxx.xxxpredictiveMedium
33Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
34Filexxxxx.xxxpredictiveMedium
35Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxxpredictiveHigh
36Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=xpredictiveHigh
37Filexxxxx.xxxxxxx/xxxxx.xxxxxxxxpredictiveHigh
38Filexxxxxx.xxxpredictiveMedium
39Filexxxxxxxx.xxxpredictiveMedium
40Filexxxxx.xxxxpredictiveMedium
41Filexxx/xxxxx/xxxxx.xxxx.xxxpredictiveHigh
42Filexxxxx.xxxpredictiveMedium
43Filexxxxxxx/xxxxxxx.xpredictiveHigh
44Filexxx.xxxxxx.xxxpredictiveHigh
45Filexxxxxxx.xxx/xxxxx.xxxpredictiveHigh
46Filexxxxxxx/xxx_xxxxxxxx.xxxpredictiveHigh
47FilexxxxxxxxpredictiveMedium
48Filexxxxx.xxxpredictiveMedium
49Filexxxxx.xxxxx.xxxpredictiveHigh
50Filexxxxx-xxxx.xpredictiveMedium
51Filexxxxxxx_xxx.xxxpredictiveHigh
52Filexxxxxxx.xxxpredictiveMedium
53Filexxxxxxxxxx.xxxpredictiveHigh
54Filexxxxxx.xxxpredictiveMedium
55Filexx.xxxpredictiveLow
56Filexxxxxx.xxxpredictiveMedium
57Filexxxxxx.xxxpredictiveMedium
58Filexxxxxxx.xxxpredictiveMedium
59Filexxxxxxxx.xxxpredictiveMedium
60Filexxxxxxxxx.xxxpredictiveHigh
61Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
62Filexxxxxxx.xxxpredictiveMedium
63Filexxxxx.xxxpredictiveMedium
64Filexxxxxx.xxxpredictiveMedium
65Filexxxxxxxxxxx.xxxpredictiveHigh
66Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
67Filexx-xxxxxxxx/xx-xxxxxxxxx.xxxpredictiveHigh
68Libraryxxxxxx.xxxpredictiveMedium
69Libraryxxxxxx.xxxpredictiveMedium
70Libraryxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
71Argument$xxxxxxxxxx/$xxxpredictiveHigh
72Argument-xpredictiveLow
73Argument-xpredictiveLow
74Argumentxxxxxxxx_xxxxpredictiveHigh
75Argumentxxxxxxxxx/xxxxxxxxxxxxxpredictiveHigh
76ArgumentxxxxxxpredictiveLow
77ArgumentxxxxxxxxxxxpredictiveMedium
78ArgumentxxxxxxxxpredictiveMedium
79ArgumentxxxxxxpredictiveLow
80Argumentxxx_xxpredictiveLow
81ArgumentxxxpredictiveLow
82Argumentxxxxx/xxxxxxxpredictiveHigh
83ArgumentxxxxxxxxpredictiveMedium
84ArgumentxxxxxxxxxxxxxxxpredictiveHigh
85ArgumentxxxxxxpredictiveLow
86ArgumentxxxxxxxxxxxxpredictiveMedium
87ArgumentxxxxxpredictiveLow
88ArgumentxxxxxxxxxpredictiveMedium
89ArgumentxxxxxxxxpredictiveMedium
90ArgumentxxxxxxxxpredictiveMedium
91Argumentxx_xxxxxxxxpredictiveMedium
92ArgumentxxxpredictiveLow
93ArgumentxxxxxxpredictiveLow
94ArgumentxxxxpredictiveLow
95ArgumentxxpredictiveLow
96Argumentxx_xxxxxxxxxpredictiveMedium
97ArgumentxxxxxxxxxpredictiveMedium
98Argumentxxxxx/xxpredictiveMedium
99Argumentxxxx xxx_xxxxxxxxpredictiveHigh
100Argumentxxxx/x-xxxxpredictiveMedium
101Argumentxxxx/xxxxxpredictiveMedium
102ArgumentxxxxxxxxxxpredictiveMedium
103Argumentxx-xxxxx-xxxpredictiveMedium
104ArgumentxxxxpredictiveLow
105ArgumentxxxxxxxxpredictiveMedium
106ArgumentxxxxpredictiveLow
107ArgumentxxxxxpredictiveLow
108ArgumentxxxxxxxxpredictiveMedium
109ArgumentxxxxxxxpredictiveLow
110Argumentxxxxxxx_xxxxxxxpredictiveHigh
111ArgumentxxxxxpredictiveLow
112ArgumentxxxpredictiveLow
113ArgumentxxxxpredictiveLow
114ArgumentxxxxxxxxxxxpredictiveMedium
115Argumentxxx/xxxxxxxxpredictiveMedium
116ArgumentxxxxxxxxxpredictiveMedium
117ArgumentxxxxxxxxpredictiveMedium
118ArgumentxxxxpredictiveLow
119Argumentxxxx xxxx xx xxxxpredictiveHigh
120ArgumentxxxxpredictiveLow
121Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
122Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
123Argumentxxxxxxxx/xxxxxxxx/xxxxxxxxpredictiveHigh
124Input Value'xx''='predictiveLow
125Input Value' xx 'x'='xpredictiveMedium
126Input Value-x%xxxxxxx%xxxxx%xxxxxxxx%xxx,x,x,x,xxxxxxxx()predictiveHigh
127Input Value-xx/xxx/xxpredictiveMedium
128Input Value/../predictiveLow
129Input Value</xxxxxx><xx>xxx/* </xxxxxx><x xxxx=xxx.xxx>predictiveHigh
130Input Value<xxx>.predictiveLow
131Input Valuex:/predictiveLow
132Input Valuexxxxxxxxxxxx_xpredictiveHigh
133Input ValuexxxxxxxpredictiveLow
134Input Value^xpredictiveLow
135Network PortxxxxpredictiveLow
136Network PortxxxxpredictiveLow
137Network Portxxx/xxxx (xxxxxxxxxx)predictiveHigh
138Network Portxxx/xxx (xxxx)predictiveHigh
139Network Portxxx xxxxxx xxxxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!