TAG-70 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (14)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en12
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us12
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

TAG-703
Bl00dy1
CopyKittens1
Cobalt Strike1
StrikeSuit Gif1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined6
Groupware Software2
Web Browser2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Microsoft2
Not Defined2
Hikvision2
Google2
SteVe Community2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Exchange Server2
Magento2
Hikvision Intercom Broadcasting System2
Google Chrome2
SteVe Community ocpp-jaxb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Hikvision Intercom Broadcasting System ping.php os command injection7.57.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.901600.08CVE-2023-6895
2SteVe Community ocpp-jaxb StartTransaction Open Charge Point Protocol sql injection6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000710.05CVE-2023-52096
3Microsoft Exchange Server ProxyShell Remote Code Execution9.58.7$25k-$100k$5k-$25kHighOfficial Fix0.973190.05CVE-2021-34473
4Byzoro S210 importexport.php injection7.57.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000580.19CVE-2023-7039
5Hikvision Intercom Broadcasting System exportrecord.php path traversal5.45.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000640.00CVE-2023-6893
6MediaTek MT6873/MT6875/MT6883/MT6885/MT6889/MT6891/MT6893 mdlactl Driver memory corruption6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2021-0655
7AdminLTE phpqueryads.php access control5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.016670.05CVE-2022-23513
8Google Chrome Animation use after free6.36.0$25k-$100k$5k-$25kHighOfficial Fix0.070580.00CVE-2022-0609
9Adobe Magento Child Theme path traversal4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002090.00CVE-2021-28584
10Magento unrestricted upload4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.001200.00CVE-2021-21014

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • CVE-2023-5631

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
138.180.2.23TAG-70CVE-2023-563102/23/2024verifiedHigh
238.180.3.57TAG-70CVE-2023-563102/23/2024verifiedHigh
3XX.XXX.XX.XXXxx-xxXxx-xxxx-xxxx02/23/2024verifiedHigh
4XX.XXX.XX.XXXXxx-xxXxx-xxxx-xxxx02/23/2024verifiedHigh
5XXX.XX.XX.XXXxx-xxXxx-xxxx-xxxx02/23/2024verifiedHigh
6XXX.XX.XX.XXXXxx-xxXxx-xxxx-xxxx02/23/2024verifiedHigh
7XXX.XX.XX.XXXXxx-xxXxx-xxxx-xxxx02/23/2024verifiedHigh
8XXX.XX.XXX.XXXxx-xxXxx-xxxx-xxxx02/23/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3TXXXXCAPEC-19CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/scripts/pi-hole/phpqueryads.phppredictiveHigh
2File/importexport.phppredictiveHigh
3File/xxx/xxxxxxxxxxxx.xxxpredictiveHigh
4File/xxx/xxxx.xxxpredictiveHigh
5ArgumentxxxxxxxxpredictiveMedium
6Argumentxxxxxxxx[xx]predictiveMedium
7ArgumentxxxpredictiveLow
8Input Valuex:\xxxxx\xxxx\xxx\xxx\xxxxxxxxxx.xxxpredictiveHigh
9Input Valuexxxxxxx -xxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!