catDDoS Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (25)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

ru	14
en	8
zh	4

Country

ru	18
cn	8

Actors

catDDoS	5
GhostSec	1
Responder	1
IcedID	1
Amadey	1

Activities

Interest

Timeline

Type

Not Defined	6
Content Management System	4
Bug Tracking Software	4
Operating System	2
JavaScript Library	2

Vendor

Not Defined	14
Linux	2
WatchGuard	2
TP-Link	2
GitLab	2

Product

TP-Link TL-WR940N	4
WordPress	2
Linux Kernel	2
GitLab	2
Next.js	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	GitLab Community Edition/Enterprise Edition Runner Registration Token information disclosure	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03278	0.08	CVE-2022-0735
2	Microsoft IIS Frontpage Server Extensions shtml.dll Username information disclosure	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.15958	0.25	CVE-2000-0114
3	LogicBoard CMS away.php redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	3.85
4	Watchguard Firebox/XTM Remote Code Execution	6.3	6.0	$0-$5k	$0-$5k	High	Official Fix	0.84170	0.00	CVE-2022-26318
5	WatchGuard Firebox/XTM Endpoint information disclosure	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00420	0.00	CVE-2022-31790
6	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.08	CVE-2017-0055
7	Keycloak Login ldap injection	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.03	CVE-2022-2232
8	TP-Link TL-WR940N/TL-WR841N/TL-WR740N/TL-WR940N/TL-WR941ND HTTP GET Request denial of service	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00046	0.05	CVE-2023-36354
9	Microsoft .NET Framework Remote Code Execution	8.5	7.7	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00238	0.02	CVE-2022-26929
10	Linux Kernel Memory Management Subsystem mempolicy.c mbind use after free	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.02	CVE-2023-4611
11	Next.js URL denial of service	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00374	0.00	CVE-2021-43803
12	WordPress path traversal	5.7	5.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00326	0.09	CVE-2023-2745
13	Bitrix Site Manager Vote Module Remote Code Execution	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00668	0.08	CVE-2022-27228
14	GitLab Project Import permission assignment	8.7	8.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.63436	0.04	CVE-2022-2185
15	Gibbon file inclusion	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02842	0.09	CVE-2023-34598
16	OTRS index.pl login sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00226	0.03	CVE-2005-3893
17	Adminer adminer.php server-side request forgery	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02092	0.05	CVE-2021-21311
18	Microsoft Exchange Server Privilege Escalation	8.8	8.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.51598	0.05	CVE-2023-21707
19	WordPress sql injection	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00467	0.00	CVE-2022-21664
20	GNUBOARD5 install_db.php sql injection	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00155	0.03	CVE-2020-18662

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	77.105.138.202	v1935347.hosted-by-vdsina.ru	catDDoS	10/29/2023	verified	High
2	84.54.47.93	v1935329.hosted-by-vdsina.ru	catDDoS	10/29/2023	verified	High
3	XX.XXX.XX.XX	xxxx-xx-xxx-xx-xx.xxxxxx-xx-xxxxxx.xx	Xxxxxxx	10/29/2023	verified	High
4	XX.XXX.XX.XXX	xxxxxxxx.xxxxxx-xx-xxxxxx.xx	Xxxxxxx	10/29/2023	verified	High
5	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xx.xxxxxxxxxxxxxxxxx.xxx	Xxxxxxx	10/29/2023	verified	High
6	XXX.XXX.XX.XXX	xxxxxxxx.xxxxxx-xx-xxxxxx.xx	Xxxxxxx	10/29/2023	verified	High

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22, CWE-23	Path Traversal	predictive	High
2	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	High
3	TXXXX	CAPEC-19	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
4	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
5	TXXXX	CAPEC-108	CWE-XX, CWE-XX	Xxx Xxxxxxxxx	predictive	High
6	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (10)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/forum/away.php	predictive	High
2	File	/uncpath/	predictive	Medium
3	File	xxxxxxx.xxx	predictive	Medium
4	File	xxxxx.xx	predictive	Medium
5	File	xxxxxxx_xx.xxx	predictive	High
6	File	xx/xxxxxxxxx.x	predictive	High
7	Library	/_xxx_xxx/xxxxx.xxx	predictive	High
8	Argument	xxxxx_xxxxxx	predictive	Medium
9	Argument	xxxx	predictive	Low
10	Argument	xxxxxxxxxxxx	predictive	Medium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Might our Artificial Intelligence support you?

Check our Alexa App!