Torii Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (146)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en90
it42
fr12
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us146

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Torii3
StrikeSuit Gif1
APT321
APT291
Quasar RAT1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined52
Operating System14
Programming Tool Software8
Smartphone Operating System8
Router Operating System6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined44
Apple16
IBM8
Google8
Cisco6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android8
Cisco IOS XE6
GitLab Community Edition6
Apple macOS6
Mozilla Firefox6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Microsoft IIS WebDAV ScStoragePathFromUrl Immortal/ExploidingCan memory corruption8.58.4$25k-$100k$0-$5kHighOfficial Fix0.971210.04CVE-2017-7269
2Apple Mac OS X Server Wiki Server cross site scripting4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.002630.04CVE-2009-2814
3Ghostscript JBIG2 Image jbig2_decode_gray_scale_image memory corruption5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001840.00CVE-2016-9601
4Apple watchOS WebKit memory corruption7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.006270.00CVE-2017-7165
5IBM Rational License Key Server Administration/Reporting Tool information disclosure3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2015-5045
6Eaton ELCSoft input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.006040.00CVE-2018-7511
7Mozilla Firefox memory corruption8.07.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.007680.03CVE-2018-5145
8Amazon Music Player input validation7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.025930.00CVE-2018-1169
9GNU binutils libbfd coffgen.c coff_pointerize_aux input validation6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.008610.00CVE-2018-7208
10Microsoft Power BI Report Server cross site scripting5.25.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001680.04CVE-2019-1332
11Siemens Mendix Forgot Password observable response discrepancy5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000500.00CVE-2023-27464
12TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.0107510.00CVE-2006-6168
13SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002200.05CVE-2023-2090
14DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.67CVE-2010-0966
15Indexu suggest_category.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.05
16MilliScripts register.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.005180.04CVE-2005-4161
17AlstraSoft AskMe Pro forum_answer.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
18Linux Kernel FXSAVE x87 Register cryptographic issues4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001010.04CVE-2006-1056
19Phorum register.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001830.04CVE-2004-2110
20Expinion.net News Manager Lite comment_add.asp cross site scripting4.33.8$0-$5k$0-$5kUnprovenOfficial Fix0.006070.00CVE-2004-1845

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
166.85.157.90ip-66-85-157-90.billpaysolution.comTorii03/27/2022verifiedHigh
2XXX.XXX.XXX.XXxxxxxx.xxxxxxxxxxx.xxxXxxxx03/27/2022verifiedHigh
3XXX.XXX.XXX.XXxxxxxx.xxxxxxxxxxx.xxxXxxxx03/27/2022verifiedHigh
4XXX.XX.XX.XXxxxxxx.xxxxxxxxxxxxxxxxxxxx.xxxXxxxx03/27/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (53)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/index.phppredictiveHigh
2File/admin/maintenance/view_designation.phppredictiveHigh
3File/cgi-bin/cgiServer.exxpredictiveHigh
4Fileadd_vhost.phppredictiveHigh
5Fileadv2.php?action=modifypredictiveHigh
6Fileasm/float.cpredictiveMedium
7Fileasm/nasm.cpredictiveMedium
8Filexxxxxx/xxx.xpredictiveMedium
9Filexxxxxx/xxxx.xpredictiveHigh
10Filexxxxxxx.xpredictiveMedium
11Filexxxxxxx_xxx.xxxpredictiveHigh
12Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxx/xxx/xxx/xxx/xxx_xx.xpredictiveHigh
14Filexxx.xpredictiveLow
15Filexxxxxx-xxxxxxx.xxpredictiveHigh
16Filexxxx.xxxpredictiveMedium
17Filexxxxx_xxxxxx.xxxpredictiveHigh
18Filexxxxxxxxx.xxxpredictiveHigh
19Filexxx/xxxxxx.xxxpredictiveHigh
20Filexxxxx.xxxpredictiveMedium
21Filexxxx.xpredictiveLow
22Filexxxxx.xpredictiveLow
23Filexxxxxxxxxxx.xxpredictiveHigh
24Filexxxxxx/xxxxxx/xxxx.xpredictiveHigh
25Filexxxx/xxxxx/xxxxxxxxxxx/xxx/xxxxxxxxxxxx.xxxxxpredictiveHigh
26Filexxxx/xxxxxxxxxx.xpredictiveHigh
27Filexxxxx.xxxpredictiveMedium
28Filexxxxxx/xxxxx.xxx/xxxxpredictiveHigh
29Filexxxxxx/xxxxx.xxx/xxxx/xxxxxxxxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
30Filexxxxxxxx.xxxpredictiveMedium
31Filexxxxxx.xxpredictiveMedium
32Filexxxxxxx_xxxxxxxx.xxxpredictiveHigh
33Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
34Filexxxx-xxxxxxxx.xxxpredictiveHigh
35Libraryxxxxxxxxxxxxx.xxxpredictiveHigh
36Libraryxx/xxxxx/xxxxxx_xxxxxx.xpredictiveHigh
37Libraryxxxxxxx_xxxx_xxx.xxxpredictiveHigh
38Libraryxxxxxxx_xxx.xxxpredictiveHigh
39Argument%xpredictiveLow
40ArgumentxxxxxxxxpredictiveMedium
41ArgumentxxxxxxxxxxpredictiveMedium
42Argumentxxxxx_xxxpredictiveMedium
43Argumentxxxx_xxxxxpredictiveMedium
44ArgumentxxpredictiveLow
45Argumentx/xx/xxxpredictiveMedium
46ArgumentxxxxxxxxpredictiveMedium
47ArgumentxxxxpredictiveLow
48Argumentxxx_xxpredictiveLow
49ArgumentxxxpredictiveLow
50ArgumentxxxpredictiveLow
51Argument_xxxxxxxxxpredictiveMedium
52Pattern|xx|xx|xx|predictiveMedium
53Network PortxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!