PittyTiger Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (38)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	22
zh	16

Country

cn	28
us	10

Actors

PittyTiger	5
Pitty Panda	1

Activities

Interest

Timeline

Type

Not Defined	18
Application Server Software	4
Programming Language Software	2
Network Management Software	2
File Transfer Software	2

Vendor

Not Defined	8
Apache	6
Insyde	4
Phplinkdirectory	2
Fuji Xerox	2

Product

Apache Tomcat	4
Insyde InsydeH2O	4
Mail2000	4
Phplinkdirectory PHP Link Directory	2
Apache Shiro	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	AMD EPYC SEV VM observable behavioral discrepancy	4.5	4.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00054	0.02	CVE-2023-20575
2	Tianocore EDK II BIOS Firmware denial of service	5.7	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00075	0.00	CVE-2021-38576
3	Apache Tomcat JsonErrorReportValve injection	6.5	6.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00475	0.00	CVE-2022-45143
4	social-warfare Plugin Stored cross site scripting	5.2	5.1	$0-$5k	$0-$5k	High	Official Fix	0.97149	0.00	CVE-2019-9978
5	Insyde InsydeH2O IhisiServicesSmm SetVariable Privilege Escalation	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00043	0.03	CVE-2023-39284
6	Microsoft Windows AMD information disclosure	7.4	7.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00043	0.04	CVE-2023-20569
7	Sun Solaris Authentication improper authentication	9.8	9.6	$5k-$25k	$0-$5k	High	Workaround	0.01297	0.00	CVE-1999-0502
8	OpenSSL RC4-MD5 data authenticity	5.6	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00146	0.03	CVE-2022-1434
9	AMI Megarac Redfish/API weak password hash	4.5	4.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00068	0.08	CVE-2022-40258
10	Intel Xeon information disclosure	3.3	3.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.03	CVE-2022-21131
11	WordPress REST API class-wp-rest-users-controller.php information disclosure	5.3	5.1	$5k-$25k	$0-$5k	Functional	Official Fix	0.87410	0.04	CVE-2017-5487
12	Fuji Xerox DocuCentre-VII/ApeosPort-VII/ApeosPort/DocuPrint Command denial of service	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00173	0.04	CVE-2021-20679
13	F5 BIG-IP iControl REST Endpoint privileges management	7.5	7.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00104	0.04	CVE-2022-35243
14	Apple macOS WebRTC memory corruption	7.5	7.4	$5k-$25k	$0-$5k	High	Official Fix	0.01152	0.00	CVE-2022-2294
15	Tianocore EDK2 SmmEntryPoint integer underflow	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00185	0.05	CVE-2021-38578
16	Juniper Junos IGMP Packet denial of service	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00874	0.00	CVE-2014-0614
17	Insyde InsydeH2O SMM memory corruption	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2021-41837
18	InsydeH2O SWSMI IdeBusDxe buffer overflow	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.03	CVE-2021-45970
19	Insyde InsydeH2O access control	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00201	0.03	CVE-2020-5955
20	InsydeH2O SMI AtaLegacySmm buffer overflow	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00306	0.03	CVE-2021-41842

IOC - Indicator of Compromise (60)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	3.7.4.1	ec2-3-7-4-1.ap-south-1.compute.amazonaws.com	PittyTiger	01/01/2021	verified	Medium
2	12.0.9.149		PittyTiger	01/01/2021	verified	High
3	23.226.178.162		PittyTiger	12/20/2020	verified	High
4	27.16.139.143		PittyTiger	12/20/2020	verified	High
5	27.151.0.224		PittyTiger	12/20/2020	verified	High
6	27.155.90.80		PittyTiger	12/20/2020	verified	High
7	27.155.109.89		PittyTiger	12/20/2020	verified	High
8	27.155.110.81		PittyTiger	12/20/2020	verified	High
9	27.156.49.223	223.49.156.27.broad.fz.fj.dynamic.163data.com.cn	PittyTiger	12/20/2020	verified	High
10	58.61.40.5	5.40.61.58.broad.sz.gd.dynamic.163data.com.cn	PittyTiger	12/20/2020	verified	High
11	58.64.175.191		PittyTiger	01/01/2021	verified	High
12	58.64.175.255		PittyTiger	01/01/2021	verified	High
13	XX.XX.XXX.XX		Xxxxxxxxxx	12/20/2020	verified	High
14	XX.XX.XXX.XXX		Xxxxxxxxxx	01/01/2021	verified	High
15	XX.XX.XXX.XXX		Xxxxxxxxxx	01/01/2021	verified	High
16	XX.XX.XX.XX		Xxxxxxxxxx	12/20/2020	verified	High
17	XX.XXX.XX.XXX	xx-xxx-xx-xxx.xxxxx-xx.xxxxx.xxx	Xxxxxxxxxx	01/01/2021	verified	High
18	XX.XXX.XXX.XXX	xx-xxx-xxx-xxx.xxxxxxx-xx.xxxxx.xxx	Xxxxxxxxxx	01/01/2021	verified	High
19	XX.XXX.XXX.XX		Xxxxxxxxxx	01/01/2021	verified	High
20	XX.XXX.XX.XXX	xx-xxx-xx-xxx.xxxxx-xx.xxxxx.xxx	Xxxxxxxxxx	01/01/2021	verified	High
21	XX.XXX.XXX.XXX	xx-xxx-xxx-xxx.xxxxxxx-xx.xxxxx.xxx	Xxxxxxxxxx	01/01/2021	verified	High
22	XX.XXX.XX.XX		Xxxxxxxxxx	01/01/2021	verified	High
23	XX.XX.XX.XXX		Xxxxxxxxxx	01/01/2021	verified	High
24	XX.XXX.X.XXX		Xxxxxxxxxx	01/01/2021	verified	High
25	XX.XXX.XX.XXX		Xxxxxxxxxx	01/01/2021	verified	High
26	XX.XXX.XXX.X	x-xx-xxx-xxx-x.xxxx.xx.xxxxxxx.xxx	Xxxxxxxxxx	01/01/2021	verified	High
27	XXX.XX.XXX.XX		Xxxxxxxxxx	12/20/2020	verified	High
28	XXX.XX.XX.XXX	xxx.xx.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xx	Xxxxxxxxxx	12/20/2020	verified	High
29	XXX.XX.XX.XX	xx.xx.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xx	Xxxxxxxxxx	12/20/2020	verified	High
30	XXX.XX.XX.XXX	xxx.xx.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xx	Xxxxxxxxxx	12/20/2020	verified	High
31	XXX.XX.XXX.XXX		Xxxxxxxxxx	01/01/2021	verified	High
32	XXX.XX.XXX.XXX		Xxxxxxxxxx	01/01/2021	verified	High
33	XXX.XX.XXX.XXX		Xxxxxxxxxx	01/01/2021	verified	High
34	XXX.XX.XXX.XXX		Xxxxxxxxxx	01/01/2021	verified	High
35	XXX.XX.XXX.XX		Xxxxxxxxxx	01/01/2021	verified	High
36	XXX.XX.XXX.XX		Xxxxxxxxxx	01/01/2021	verified	High
37	XXX.XX.XXX.XXX		Xxxxxxxxxx	01/01/2021	verified	High
38	XXX.XX.XXX.XX	xx.xxx.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xx	Xxxxxxxxxx	12/20/2020	verified	High
39	XXX.XX.XXX.XXX	xxx.xxx.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xx	Xxxxxxxxxx	12/20/2020	verified	High
40	XXX.XX.XXX.XXX	xxx.xxx.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xx	Xxxxxxxxxx	12/20/2020	verified	High
41	XXX.XXX.XX.XXX	xxx.xx.xxx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xx	Xxxxxxxxxx	12/20/2020	verified	High
42	XXX.XXX.XX.XXX	xxx.xx.xxx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xx	Xxxxxxxxxx	12/20/2020	verified	High
43	XXX.XXX.XX.XXX	xxx.xx.xxx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xx	Xxxxxxxxxx	12/20/2020	verified	High
44	XXX.XX.XX.XXX		Xxxxxxxxxx	01/01/2021	verified	High
45	XXX.XX.XX.XXX		Xxxxxxxxxx	01/01/2021	verified	High
46	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxxxxxxxxxx.xxx	Xxxxxxxxxx	01/01/2021	verified	High
47	XXX.XX.XX.XXX		Xxxxxxxxxx	12/20/2020	verified	High
48	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xxxxxx.xxxxxxxxxxxxxx.xxx	Xxxxxxxxxx	01/01/2021	verified	High
49	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xxxxxx.xxxxxxxxxxxxxx.xxx	Xxxxxxxxxx	01/01/2021	verified	High
50	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxx.xxxxxxxxxxxxxx.xxx	Xxxxxxxxxx	01/01/2021	verified	High
51	XXX.XX.XXX.XX		Xxxxxxxxxx	01/01/2021	verified	High
52	XXX.XX.XXX.XXX		Xxxxxxxxxx	01/01/2021	verified	High
53	XXX.XX.XXX.X	xxx-xx-xxx-x.xxxxx-xx.xxxxx.xxx	Xxxxxxxxxx	01/01/2021	verified	High
54	XXX.XX.XXX.XXX	xxx-xx-xxx-xxx.xxxxx-xx.xxxxx.xxx	Xxxxxxxxxx	01/01/2021	verified	High
55	XXX.XXX.XXX.XXX		Xxxxxxxxxx	01/01/2021	verified	High
56	XXX.XX.XXX.XXX	xxx-xx-xxx-xxx.xxxxxx.xxxxxx.xxxxx.xxx	Xxxxxxxxxx	01/01/2021	verified	High
57	XXX.XX.XXX.XXX		Xxxxxxxxxx	01/01/2021	verified	High
58	XXX.XX.XXX.XX		Xxxxxxxxxx	01/01/2021	verified	High
59	XXX.XXX.XXX.XXX		Xxxxxxxxxx	01/01/2021	verified	High
60	XXX.XXX.XXX.XXX		Xxxxxxxxxx	01/01/2021	verified	High

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	High
2	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	High
3	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
4	TXXXX	CAPEC-55	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX.XXX	CAPEC-	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
6	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
7	TXXXX.XXX	CAPEC-	CWE-XX	Xxxxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/cgi-bin/go	predictive	Medium
2	File	/cgi-bin/portal	predictive	High
3	File	xxxxx/xxxx_xxxxx_xxxx.xxx	predictive	High
4	File	xxxxxx.x	predictive	Medium
5	File	xx-xxxxx/xxxxx-xxxx.xxx?xxx_xxxxx=xxxx_xxxxxxx	predictive	High
6	File	xx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxx	predictive	High
7	Argument	xxxxxx	predictive	Low
8	Argument	xxxxxxxxxx	predictive	Medium
9	Argument	xxxxxxxxxx/xxxxxxxxxxxxxx	predictive	High
10	Argument	xxxxxxx_xxx	predictive	Medium
11	Argument	xxxxxxxx	predictive	Medium
12	Argument	xxx_xxx	predictive	Low

References (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!