TA402 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (91)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en60
de20
fr4
sv2
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us84
de8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike1
TA4021

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined18
Chip Software8
Operating System4
Information Management Software2
Supply Chain Management Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
Qualcomm8
IBM4
Thomas R. Pasawicz2
Oracle2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Qualcomm Snapdragon Auto8
Qualcomm Snapdragon Consumer IOT8
Qualcomm Snapdragon Mobile8
Qualcomm Snapdragon Voice 8
Qualcomm Music8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.02CVE-2007-1192
2jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
3Apple Mac OS X Server input validation6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2010-1821
4Fortinet FortiAnalyzer Appliance Filter Value on Log Access IPS Attack Listing Persistent cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
5Apple Mac OS X Server Profile Manager input validation7.56.5$5k-$25k$0-$5kUnprovenOfficial Fix0.018760.03CVE-2013-0269
6DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.78CVE-2010-0966
7myWebland myEvent viewevent.php file inclusion7.36.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.011520.00CVE-2006-4083
8PHPizabi template.class.php assignuser information disclosure4.34.2$0-$5k$0-$5kHighUnavailable0.005070.05CVE-2008-2018
9Crestron AM-100/AM-101 HTTP Endpoint file_transfer.cgi command injection9.89.7$0-$5k$0-$5kHighWorkaround0.973090.04CVE-2019-3929
10MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.69CVE-2007-0354
11BitDefender BOX 2 API update_setup improper resource locking7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003760.04CVE-2019-17102
12BitDefender AV BDLDaemon default permission5.25.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2019-17103
13BitDefender Total Security 2020 bdserviceshost.exe untrusted search path5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2019-17100
14Qualcomm Snapdragon Auto WMI Firmware Event buffer overflow6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2019-10480
15Qualcomm Snapdragon Auto SMS OTA Message out-of-bounds8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001880.00CVE-2019-10487
16s3bubble-amazon-s3-audio-streaming Plugin downloader.php path traversal7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.013680.02CVE-2015-9463
17s3bubble-amazon-s3-html-5-video-with-adverts Plugin downloader.php path traversal7.46.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.260850.00CVE-2015-9464
18Qualcomm Snapdragon Auto Digest use after free7.07.0$5k-$25k$5k-$25kNot DefinedNot Defined0.000440.00CVE-2019-2316
19Qualcomm Snapdragon Auto 802.11 Rx Management out-of-bounds8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.002510.00CVE-2019-2307
20Qualcomm Snapdragon Auto Vendor Command memory corruption6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000440.00CVE-2019-2312

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1191.101.78.189TA40211/16/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-1CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (31)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/update_setuppredictiveHigh
2File/opt/IBM/es/lib/libffq.cryptionjni.sopredictiveHigh
3File/tmp/etc/htpasswdpredictiveHigh
4Fileadverts/assets/plugins/ultimate/content/downloader.phppredictiveHigh
5Filexxxxxxxxxxxxxx.xxxpredictiveHigh
6Filexxxxxxx/xxxx@/xxx_xxxxx_xxxxx.xxxxpredictiveHigh
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
8Filexxxxx.xxxpredictiveMedium
9Filexxxxxxxxxxx/xxxxxx.xxx?xxx[xxxx][xxxxpredictiveHigh
10Filexxxx_xxxxxxxx.xxxpredictiveHigh
11Filexxx/xxxxxx.xxxpredictiveHigh
12Filexxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxx_xxxxxxx.xxxpredictiveHigh
14Filexxx_xxxx.xxxpredictiveMedium
15Filexxx.xxxpredictiveLow
16Filexxxxxxxx.xxxpredictiveMedium
17Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
18Filexxxxxxxx.xxxxx.xxxpredictiveHigh
19Filexxxx-xxxxxxxx.xxxpredictiveHigh
20Filexxxxxxxxx.xxxpredictiveHigh
21Libraryxxxxxxxxxxxxx.xxxpredictiveHigh
22Libraryxxx/xxx/xx/xxx/xxxxxx.xxxxxxxxxxx.xxpredictiveHigh
23ArgumentxxxxxxxxpredictiveMedium
24ArgumentxxxxxxpredictiveLow
25ArgumentxxxxxxxpredictiveLow
26Argumentxxxxxxxxxxx/xxxxxx.xxx?xxx[xxxx][xxxxpredictiveHigh
27ArgumentxxpredictiveLow
28ArgumentxxpredictiveLow
29Argumentxxxxxxx_xxxxpredictiveMedium
30ArgumentxxxxpredictiveLow
31ArgumentxxxxxxxxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!