TA410 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (265)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en230
zh16
ru8
fr4
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us90
cn72
ru10
la6
hk6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike14
NetSupportManager RAT11
TA4109
Raccoon9
SideWinder8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined112
WordPress Plugin14
Content Management System12
Firewall Software12
Router Operating System10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined86
Microsoft18
Computrols6
Sophos6
Siemens6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress8
Microsoft Windows8
Computrols CBAS6
QNAP QTS6
Siemens SPPA-T3000 Application Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.34CVE-2010-0966
2Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.04CVE-2013-5033
3WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.07CVE-2022-21664
4Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001120.03CVE-2021-3056
5VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.00CVE-2019-13275
6Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
7Linksys WRT54GL Web Management Interface SysInfo1.htm information disclosure4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.07CVE-2024-1406
8MW WP Form Plugin unrestricted upload7.37.1$0-$5k$0-$5kNot DefinedNot Defined0.002480.04CVE-2023-6316
9request-baskets API Request {name} server-side request forgery6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.081090.04CVE-2023-27163
10Teclib GLPI unlock_tasks.php sql injection8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.121490.04CVE-2019-10232
11Sophos Firewall User Portal/Webadmin improper authentication8.58.5$0-$5k$0-$5kHighNot Defined0.974340.00CVE-2022-1040
12CutePHP CuteNews unrestricted upload7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.021070.08CVE-2019-11447
13WordPress Object injection5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.004320.04CVE-2022-21663
14Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.3$25k-$100k$0-$5kHighOfficial Fix0.070840.05CVE-2022-26923
15QNAP QTS Media Library access control8.58.2$0-$5k$0-$5kHighOfficial Fix0.015750.03CVE-2017-13067
16Microsoft Exchange Server ProxyShell Remote Code Execution9.58.7$25k-$100k$5k-$25kHighOfficial Fix0.973190.07CVE-2021-34473
17Microsoft Exchange Server Privilege Escalation8.88.3$25k-$100k$0-$5kHighOfficial Fix0.965370.04CVE-2021-42321
18Bitcoin Core bitcoin-qt wallet.dat Memory inadequate encryption5.05.0$0-$5k$0-$5kNot DefinedNot Defined0.002360.05CVE-2019-15947
19OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.31CVE-2016-6210
20Samurai Build File util.c canonpath out-of-bounds write6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000850.00CVE-2019-19795

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.252.179.227no-rdns.mivocloud.comTA41010/05/2022verifiedHigh
243.254.216.104TA41010/05/2022verifiedHigh
343.254.219.153TA41010/05/2022verifiedHigh
445.124.115.10345.124.115.103.static.xtom.hkTA41010/05/2022verifiedHigh
5XX.XXX.XX.XXXxxxx10/05/2022verifiedHigh
6XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxxxx.xxxXxxxx10/05/2022verifiedHigh
7XXX.XX.XX.XXXxxxx.xxxxxxx-xxxxxx.xxxXxxxx02/16/2024verifiedHigh
8XXX.XXX.X.XXXXxxxx02/16/2024verifiedHigh
9XXX.XXX.X.XXXxxxx10/05/2022verifiedHigh
10XXX.XX.XXX.XXXXxxxx10/05/2022verifiedHigh
11XXX.XXX.XXX.XXXxxxx10/05/2022verifiedHigh
12XXX.XX.XXX.Xxxxxxx-xxx-xx-xxx-x.xxxxxx.xx.xxXxxxx10/05/2022verifiedHigh
13XXX.XXX.XX.XXxxxx.xxxxxxxxxxxxxxx.xxxXxxxx10/05/2022verifiedHigh
14XXX.XXX.XX.XXxx-xxxx.xxxxxxxxx.xxxXxxxx10/05/2022verifiedHigh
15XXX.XXX.XXX.XXXxxxx02/16/2024verifiedHigh
16XXX.XXX.XXX.XXXXxxxx10/05/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (119)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/baskets/{name}predictiveHigh
2File/api/RecordingList/DownloadRecord?file=predictiveHigh
3File/api /v3/authpredictiveHigh
4File/apply.cgipredictiveMedium
5File/cgi-bin/wlogin.cgipredictiveHigh
6File/gena.cgipredictiveMedium
7File/MIME/INBOX-MM-1/predictiveHigh
8File/netflow/jspui/editProfile.jsppredictiveHigh
9File/php/ping.phppredictiveHigh
10File/rapi/read_urlpredictiveHigh
11File/scripts/unlock_tasks.phppredictiveHigh
12File/sec/content/sec_asa_users_local_db_add.htmlpredictiveHigh
13File/see_more_details.phppredictiveHigh
14File/xxxxxxxx.xxxpredictiveHigh
15File/xxxxxxx_xxxx.xxxpredictiveHigh
16File/xxxxxx/xxxx/xxxxxxx/xxx_xxxxx/xxxxxxxxxx.xxxpredictiveHigh
17File/xx-xxxxx/xxxxx-xxxx.xxx?xx_xxxx=x&xxxxxx_xxxxpredictiveHigh
18Filexxxxxxxxxxx/xxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
19Filexxxxxxx/xxxx.xxxpredictiveHigh
20Filexxxx-xxxx.xpredictiveMedium
21Filexxxxxx.xxxpredictiveMedium
22Filexxx-xxx/xxxxx_xxx_xxxpredictiveHigh
23Filexxxxxx/xxx.xpredictiveMedium
24Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
25Filexxxxxxxxx.xxx.xxxpredictiveHigh
26Filexxxxx/xxxxx.xxxpredictiveHigh
27Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
28Filexxxx_xxxxx.xxxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexxxxxx.xxxpredictiveMedium
31Filexx/xx-xx.xpredictiveMedium
32Filexxx/xxxx_xxxx.xpredictiveHigh
33Filexxxxxx/xxxxxxxxxxxpredictiveHigh
34Filexxxx_xxxxxx.xpredictiveHigh
35Filexxxx/xxxxxxx.xpredictiveHigh
36Filexxx/xxxxxx.xxxpredictiveHigh
37Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
38Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
39Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveHigh
40Filexxxxx.xxxpredictiveMedium
41Filexxxxx.xxx?x=xxxxx&x=xxxxx&x=xxxxxpredictiveHigh
42Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
43Filexxxxxxxxxx.xxxpredictiveHigh
44Filexxxxxx_xxxx_xxxxxxx.xxxpredictiveHigh
45Filexxxxx.xxxpredictiveMedium
46Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
47Filexxxx.xpredictiveLow
48Filexxx/xxx.xxxpredictiveMedium
49Filexxx/xxxxx.xxxxpredictiveHigh
50Filexxxx_xxxxxxx.xxxpredictiveHigh
51Filexxx%xx.xxxpredictiveMedium
52Filexxxxxx.xpredictiveMedium
53Filexxxx.xxxpredictiveMedium
54Filexxxxx.xxxpredictiveMedium
55Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
56Filexxxxxxxx.xxxpredictiveMedium
57Filexxxxxxxx.xxxpredictiveMedium
58Filexxxx.xxxpredictiveMedium
59Filexxxxx/xxxxx.xxxpredictiveHigh
60Filexxxxxxxx.xxxpredictiveMedium
61Filexxxx-xxxxxxxx.xxxpredictiveHigh
62Filexxxxxxxxx.xxxpredictiveHigh
63Filexxxxxxxxx.xxxpredictiveHigh
64Filexxxx.xpredictiveLow
65FilexxxxxxxxxxpredictiveMedium
66Filexxxxxxx/xxxxx.xxxpredictiveHigh
67Filexxxxxx.xxxpredictiveMedium
68Filexxx/xxxxxx/xxx/xxxxxxxxx.xxxpredictiveHigh
69Libraryxxxxx.xxxpredictiveMedium
70Argumentxx/xxpredictiveLow
71ArgumentxxxxxxpredictiveLow
72Argumentxxxxxxx_xxxxpredictiveMedium
73Argumentxxxxxx_xxxxpredictiveMedium
74ArgumentxxxxxxxxpredictiveMedium
75ArgumentxxxpredictiveLow
76ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
77ArgumentxxxxxpredictiveLow
78Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
79Argumentxxxxxx_xxpredictiveMedium
80ArgumentxxxxpredictiveLow
81ArgumentxxxxxxpredictiveLow
82ArgumentxxxxpredictiveLow
83ArgumentxxxxpredictiveLow
84ArgumentxxpredictiveLow
85Argumentxxxxx_xxxxpredictiveMedium
86Argumentxxxxxxxx[xx]predictiveMedium
87ArgumentxxxpredictiveLow
88ArgumentxxxxxxxpredictiveLow
89Argumentxxxx/xxx_xxxxxxxxxpredictiveHigh
90Argumentxxx_xxxxpredictiveMedium
91Argumentxxxx_xxxxxpredictiveMedium
92ArgumentxxxxxxxxpredictiveMedium
93Argumentxxxx_xxxxpredictiveMedium
94ArgumentxxpredictiveLow
95Argumentxxxxxxx/xxxxxpredictiveHigh
96ArgumentxxxxxxxxxxpredictiveMedium
97Argumentxxxxxx_xxxpredictiveMedium
98Argumentxxxx_xxxxxxpredictiveMedium
99Argumentxxxx_xxpredictiveLow
100Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
101Argumentxxx_xxxx[x][]predictiveHigh
102ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
103Argumentxxxx_xxpredictiveLow
104ArgumentxxxpredictiveLow
105ArgumentxxxpredictiveLow
106ArgumentxxxxpredictiveLow
107ArgumentxxxxxxxxpredictiveMedium
108ArgumentxxxxxxxxpredictiveMedium
109Argumentxxxx/xx/xxxx/xxxpredictiveHigh
110Input Value.%xx.../.%xx.../predictiveHigh
111Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
112Input Valuexxxxxxx -xxxpredictiveMedium
113Input ValuexxxxxxxxxxpredictiveMedium
114Network PortxxxxpredictiveLow
115Network PortxxxxpredictiveLow
116Network Portxxxx xxxxpredictiveMedium
117Network Portxxx/xxxpredictiveLow
118Network Portxxx/xxxpredictiveLow
119Network Portxxx/xxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!