Tick Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (36)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en30
zh6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us22
cn10
kr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Tick5
Cobalt Strike2
PlugX1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined16
Application Server Software2
Database Software2
Network Attached Storage Software2
Web Server2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
Microsoft4
Apache2
MGB2
Bomgar2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache Tomcat2
MGB OpenSource Guestbook2
Minecraft Servers List2
NodeBB2
Bomgar Remote Support2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2Canon MF210/MF220 System Manager Mode login.html improper authentication8.58.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.013670.00CVE-2018-11711
3WP Contacts Manager Plugin sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.001720.00CVE-2022-1014
4NodeBB abort cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000920.09CVE-2022-3978
5Nodebb JSON File path traversal4.64.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.03CVE-2021-43788
6TerraMaster TOS Parameter exportUser.php code injection9.38.9$0-$5k$0-$5kNot DefinedOfficial Fix0.965410.04CVE-2020-15568
7Plex Media Server Camera Upload unrestricted upload7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.011140.04CVE-2019-19141
8Kyocera ECOSYS M5526cdw Web Application buffer overflow7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000960.07CVE-2019-13206
9Synacor Zimbra Collaboration xml external entity reference8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004410.00CVE-2016-9924
10Fortinet FortiOS SSL VPN Web Portal memory corruption5.45.3$0-$5k$0-$5kHighOfficial Fix0.008170.04CVE-2018-13383
11Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.03CVE-2017-0055
12Discuz! DiscuzX Attachment access control7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001830.04CVE-2018-5259
13Discuz! admin.php cross site scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000540.06CVE-2018-19464
14Microsoft SQL Server SQL Master Data Services resource management6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.004720.03CVE-2014-4061
15vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001060.05CVE-2018-6200
16LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.18
17FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.002030.07CVE-2008-5928
18PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.47CVE-2015-4134
19MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.63CVE-2007-0354
20esoftpro Online Guestbook Pro ogp_show.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001350.04CVE-2010-4996

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
152.84.186.239server-52-84-186-239.cdg50.r.cloudfront.netTick10/22/2018verifiedHigh
258.230.118.78mail.booksr.co.krTick03/14/2023verifiedHigh
361.106.60.47Tick03/27/2022verifiedHigh
4103.127.124.76Tick03/14/2023verifiedHigh
5XXX.XXX.XXX.XXXXxxx03/14/2023verifiedHigh
6XXX.XXX.XXX.XXXXxxx03/05/2024verifiedHigh
7XXX.XX.XX.XXXxxx03/14/2023verifiedHigh
8XXX.XX.XXX.XXXXxxx03/27/2022verifiedHigh
9XXX.XX.XXX.XXXxxx10/22/2018verifiedHigh
10XXX.XXX.XX.XXXXxxx03/14/2023verifiedHigh
11XXX.XXX.XXX.XXXxxx10/14/2022verifiedHigh
12XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxxxxxxxx.xxxXxxx03/14/2023verifiedHigh
13XXX.XXX.XXX.XXXXxxx10/22/2018verifiedHigh
14XXX.XXX.XX.XXXxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxx10/22/2018verifiedHigh
15XXX.XX.XXX.XXXXxxx10/22/2018verifiedHigh
16XXX.XXX.XX.XXXXxxx03/27/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-19CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (23)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2File/login.htmlpredictiveMedium
3File/register/abortpredictiveHigh
4File/uncpath/predictiveMedium
5Filexxxxx.xxxpredictiveMedium
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
7Filexxxxx.xxxpredictiveMedium
8Filexxxx.xxxpredictiveMedium
9Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
10Filexxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
11Filexxxxxxx.xxxpredictiveMedium
12Filexxxxxxxxx/predictiveMedium
13Filexxx_xxxx.xxxpredictiveMedium
14Filexxxxx.xxxpredictiveMedium
15Filexxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxx_xxxx.xxxpredictiveHigh
17ArgumentxxxpredictiveLow
18Argumentxxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxxpredictiveHigh
19ArgumentxxxxpredictiveLow
20ArgumentxxpredictiveLow
21ArgumentxxxxxxpredictiveLow
22ArgumentxxxxxxxxpredictiveMedium
23ArgumentxxxpredictiveLow

References (5)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!