TokyoX Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en8
zh4
fr2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us14
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

TokyoX1
Ramnit1
Mekotio1
Havoc1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined4
Content Management System4
Database Administration Software2
Backup Software2
Forum Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined14
Intel2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress4
phpMyAdmin2
ClipperCMS2
Tableau2
WP Database Backup Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1ClipperCMS index.php server-side request forgery7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.002520.00CVE-2022-41497
2WP Database Backup Plugin Setting cross site scripting3.63.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.03CVE-2022-2271
3Tableau Password access control4.34.1$0-$5kCalculatingNot DefinedOfficial Fix0.000800.00CVE-2022-22127
4Alt-N MDaemon Worldclient injection4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.03CVE-2021-27182
5Intel Baseboard Management Controller memory corruption7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.001100.00CVE-2019-11182
6Intel Baseboard Management Controller access control8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.002900.00CVE-2018-12171
7Microsoft Outlook Express InetComm.dll MimeOleClearDirtyTree resource management5.35.3$5k-$25k$0-$5kNot DefinedNot Defined0.025960.00CVE-2008-5424
8phpMyAdmin PMA_safeUnserialize deserialization9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.004330.00CVE-2016-9865
9phpMyAdmin Username sql injection7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.003260.03CVE-2016-9864
10WordPress Media Attachment media-upload.php access control5.45.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001850.03CVE-2012-6634
11WordPress press-this.php Security Bypass access control4.33.8$5k-$25k$0-$5kUnprovenOfficial Fix0.000970.00CVE-2011-5270
12PHP PCRE memory corruption7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.000000.00
13WordPress information disclosure4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.003580.00CVE-2013-2202
14Plone Session BrowserIdManager.py Reflected cross site scripting6.25.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002920.00CVE-2013-7062
15PunBB admin_options.php unknown vulnerability4.24.0$0-$5k$0-$5kNot DefinedOfficial Fix0.008410.00CVE-2006-4759
16lighttpd request.c http_request_split_value resource management7.56.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.710910.03CVE-2012-5533

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
131.192.107.187TokyoX03/22/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
2TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
3TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/manager/index.phppredictiveHigh
2Fileadmin_options.phppredictiveHigh
3Filexxxxxxxxxxxxxxxx.xxpredictiveHigh
4Filexxxxx-xxxx.xxxpredictiveHigh
5Filexxx/xxxxxxx.xpredictiveHigh
6Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
7Libraryxxxxxxxx.xxxpredictiveMedium
8Argumentxxxxxxx_xxxpredictiveMedium
9Argumentxxxxxxx_xx_xxxxxxxpredictiveHigh
10Argumentxxx_xxxpredictiveLow
11Argumentxxxx_xxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!