SharpPanda Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (140)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en106
zh26
it4
jp4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us82
cn26
sg26
jp4
id2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

SharpPanda11
Cobalt Strike5
Mustang Panda1
Stately Taurus1
Meterpreter1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined36
Firewall Software8
Database Software8
Programming Language Software6
Content Management System6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined32
Oracle10
Citrix8
Palo Alto6
Microsoft4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Oracle MySQL Server6
Palo Alto PAN-OS6
PHP4
MantisBT4
SeaCMS4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002380.04CVE-2007-6138
3PHP phpinfo cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.089850.05CVE-2006-0996
4vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001060.05CVE-2018-6200
5Cisco ASA Version information disclosure5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.002880.04CVE-2014-3398
6Apache HTTP Server mod_ssl ap_hook_process_connection null pointer dereference7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.011660.04CVE-2017-3169
7PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.019600.07CVE-2007-1287
8Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.31
9WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.00CVE-2006-5509
10Linux Foundation Xen EFLAGS Register SYSENTER input validation6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000620.02CVE-2013-1917
11AXIS 2110 Network Camera editcgi.cgi path traversal5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.014920.00CVE-2004-2426
12Synology DiskStation Manager SliceUpload imageSelector.cgi access control6.56.2$0-$5k$0-$5kHighOfficial Fix0.972960.04CVE-2013-6955
13Hestia Control Panel Domain Name Privilege Escalation5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.001390.00CVE-2021-27231
14Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.04CVE-2008-2052
15PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.14CVE-2007-0529
16Moodle server-side request forgery6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000600.04CVE-2023-35133
17Extreme Networks ExtremeWireless Aerohive HiveOS/IQ Engine NetConfig UI Administrative Interface code injection8.88.8$0-$5k$0-$5kNot DefinedNot Defined0.851390.02CVE-2020-16152
18Advance B2B Script tradeshow-list-detail.php sql injection8.58.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002420.00CVE-2017-17602
19Asus NAS-M25 Cookie os command injection9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.916470.04CVE-2022-4221
20Apache Log4j Socket Server deserialization8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.873840.02CVE-2017-5645

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • G20 Nations

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
113.236.189.80ec2-13-236-189-80.ap-southeast-2.compute.amazonaws.comSharpPandaG20 Nations06/02/2023verifiedMedium
245.76.190.21045.76.190.210.vultrusercontent.comSharpPanda03/10/2023verifiedHigh
345.91.225.139SharpPanda02/10/2022verifiedHigh
4XX.XXX.XXX.XXxxxxxxx-xxxxxxxx.xxxxxxxx.xxxXxxxxxxxxx02/10/2022verifiedHigh
5XX.XXX.XXX.XXXxxxxxxxxx03/10/2023verifiedHigh
6XX.XXX.XXX.XXXxxxxxxxxx03/10/2023verifiedHigh
7XXX.XX.XXX.XXXxxxxxxxxx03/10/2023verifiedHigh
8XXX.XXX.XXX.XXXxxxxxxxxx03/10/2023verifiedHigh
9XXX.XXX.XXX.XXXXxxxxxxxxx03/10/2023verifiedHigh
10XXX.XXX.XXX.XXXxxxxxxxxx03/10/2023verifiedHigh
11XXX.XXX.XXX.XXXxxxxx.xxxxxxx.xxxXxxxxxxxxx02/10/2022verifiedHigh
12XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx03/10/2023verifiedHigh
13XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx03/10/2023verifiedHigh
14XXX.XX.XXX.XXXxxxxxxxxx03/10/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4TXXXXCAPEC-137CWE-XX, CWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
12TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (60)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/system_mgr.cgipredictiveHigh
2File/data/config.ftp.phppredictiveHigh
3File/forum/away.phppredictiveHigh
4File/modules/profile/index.phppredictiveHigh
5File/out.phppredictiveMedium
6File/tmppredictiveLow
7File/uncpath/predictiveMedium
8Filexxxxxxx.xxxpredictiveMedium
9Filexxxxxxxx.xxxpredictiveMedium
10Filexxxxx_xxxxx.xxxpredictiveHigh
11Filexxxx-xxxxxxx.xpredictiveHigh
12Filexxxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxxpredictiveHigh
13Filexxx-xxx/xxxxxx.xxxpredictiveHigh
14Filexxxxxxx.xxxpredictiveMedium
15Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxxx.xxxxx.xxxpredictiveHigh
17Filexxxxxxx.xxxpredictiveMedium
18Filexxxx.xxxpredictiveMedium
19Filexxx_xxxx.xpredictiveMedium
20Filexxxx.xxxpredictiveMedium
21Filexxxx_xxxxx.xpredictiveMedium
22Filexxx/xxxxxx.xxxpredictiveHigh
23Filexxxxx.xxxxpredictiveMedium
24Filexxxxx.xxxpredictiveMedium
25Filexxx-xxx.xxxx.xxpredictiveHigh
26Filexxxxx.xxxpredictiveMedium
27Filexxxxxxxx.xxxpredictiveMedium
28Filexxxxxxxxxx.xxxpredictiveHigh
29Filexxxxxxxxx-xxxx-xxxxxx.xxxpredictiveHigh
30Filexxx.xxxpredictiveLow
31Filexxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
32Libraryxxxxxxxx.xxxpredictiveMedium
33Libraryxxxxxxxx/xxxxxxx/xxxxx/xxx.xxxpredictiveHigh
34Libraryxxxxxxxxxxx.xxxpredictiveHigh
35Argument--xxxxxx/--xxxxxxxxpredictiveHigh
36ArgumentxxxxxxpredictiveLow
37Argumentxxxxxx/xxxx/xxxx/xxxxx/xxxxxx/x_xxxxxxx/x_xxxxxxxx/x_xxxxxxx/x_xxxxxpredictiveHigh
38Argumentxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
39ArgumentxxxxxxxxxxxpredictiveMedium
40Argumentxxx_xxxxx_xxxxpredictiveHigh
41ArgumentxxxxxxxxpredictiveMedium
42ArgumentxxxxxxxpredictiveLow
43ArgumentxxxxxxpredictiveLow
44ArgumentxxxxpredictiveLow
45ArgumentxxxxpredictiveLow
46ArgumentxxxxxxxxpredictiveMedium
47ArgumentxxpredictiveLow
48ArgumentxxpredictiveLow
49ArgumentxxxxxxpredictiveLow
50ArgumentxxxxxxxxpredictiveMedium
51ArgumentxxxxpredictiveLow
52ArgumentxxxxxxxpredictiveLow
53Argumentxxxx_xxpredictiveLow
54ArgumentxxxpredictiveLow
55ArgumentxxxpredictiveLow
56ArgumentxxxxxxxxpredictiveMedium
57Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
58Input Value../predictiveLow
59Input Valuex' xx x=x--predictiveMedium
60Network Portxxx xxxxxx xxxxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!