TA416 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (56)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en44
zh8
ja2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn44
us4
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Mustang Panda2
PlugX1
Viper RAT1
PingPull1
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined26
JavaScript Library4
WordPress Plugin4
Operating System4
Router Operating System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined18
Apple4
Juniper2
Western Digital2
F-Secure2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Next.js4
Juniper Junos2
pimcore2
Western Digital My Cloud2
Western Digital My Cloud Mirror Gen22

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Apple watchOS Font out-of-bounds4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000660.00CVE-2021-30753
2Bannerlid Plugin cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.05CVE-2024-3048
3Ivanti Avalanche WLAvalancheService null pointer dereference6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000650.04CVE-2024-24991
4GossipSub Topic Message access control5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.001330.02CVE-2022-47547
5Apple macOS Audio memory corruption6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001440.03CVE-2019-8706
6Juniper Junos Multiservices PIC Management Daemon denial of service9.18.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.001030.00CVE-2020-1660
7Oracle Diagnostic Assistant Jsch/jQuery cross site scripting6.16.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.006600.00CVE-2015-9251
8F-Secure Safe Browser Address Bar clickjacking5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000780.00CVE-2022-28873
9Samba AD Domain Privilege Escalation8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000990.00CVE-2020-25717
10Dmxready Site Chassis Manager cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001560.00CVE-2004-2188
11Axiomatic Bento4 mp42aac memory leak4.54.4$0-$5k$0-$5kNot DefinedNot Defined0.000440.04CVE-2023-29575
12Counter Box Plugin cross-site request forgery6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001060.00CVE-2022-2245
13AVEVA Wonderware System Platform IPC Credentials credentials management6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001040.02CVE-2019-6525
14IBM Engineering Web UI cross site scripting4.44.4$0-$5k$5k-$25kNot DefinedNot Defined0.000500.04CVE-2020-4857
15SAP Business Connector Resource Settings Page cross site scripting3.63.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.02CVE-2024-30215
16pimcore cross site scripting4.34.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.00CVE-2023-2630
17Apache Struts code injection9.89.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.957390.05CVE-2013-2135
18AirTies Air 5343v2 top.html cross site scripting5.25.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.001100.03CVE-2018-17591
19cpp-ethereum JSON-RPC miner_setEtherbase API improper authorization6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.012740.06CVE-2017-12115
20Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.002460.05CVE-2022-34691

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.154.14.235TA41603/12/2022verifiedHigh
2XX.XX.XXX.XXXXxxxx03/12/2022verifiedHigh
3XX.XXX.XXX.XXxx.xxx.xxx.xx.xxxxxx.xxxx.xxxXxxxx03/12/2022verifiedHigh
4XXX.XXX.XXX.XXXxxxx03/12/2022verifiedHigh
5XXX.XXX.XX.XXXxxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxx06/01/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-19CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-154CWE-XXXXxxxxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/file/upload/1predictiveHigh
2File/_errorpredictiveLow
3Filearticle_coonepage_rule.phppredictiveHigh
4Filexxxx-xxx/xxxxxxx.xpredictiveHigh
5Filexxxxxxxx/xxxxxxxxxpredictiveHigh
6Filexxxx.xxxxxx.xxpredictiveHigh
7Filexxxxx/_xxxxx.xxpredictiveHigh
8Filexxx.xxxxxxxxxpredictiveHigh
9Filexxxxxx/xxxxxxx/xxxxxx/xxxx_xxxx.xxxpredictiveHigh
10Filexxxxxxxxxxxx.xxxpredictiveHigh
11Filexxx.xxxxpredictiveMedium
12Filexxx/xxxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
13Argument${}predictiveLow
14ArgumentxxxxxxxxxxxpredictiveMedium
15ArgumentxxxxxxpredictiveLow
16ArgumentxxxpredictiveLow
17ArgumentxxxxxpredictiveLow
18ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
19ArgumentxxxpredictiveLow
20ArgumentxxxxxxxxpredictiveMedium
21Network Portxxxxx xxx-xxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!