Stately Taurus Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (38)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en38

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ru18
us12
ir4
cn2
gr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Stately Taurus4
IcedID2
Cobalt Strike2
Dridex1
Gozi1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined22
Anti-Malware Software6
Operating System2
Network Management Software2
Wireless LAN Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined10
Trend Micro6
F-Secure4
mintplex-labs2
Microsoft2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Trend Micro Antivirus2
Trend Micro OfficeScan2
node-jsonwebtoken2
mintplex-labs anything-llm2
F-Secure Support Tool2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Hestia Control Panel Domain Name Privilege Escalation5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.001390.00CVE-2021-27231
2Rocklobster Contact Form 7 unrestricted upload6.36.3$0-$5k$0-$5kNot DefinedOfficial Fix0.850540.00CVE-2020-35489
3ConnectWise ScreenConnect authentication bypass9.99.9$0-$5k$0-$5kHighOfficial Fix0.944640.04CVE-2024-1709
4CodeAstro House Rental Management System signing.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.08CVE-2024-1824
5mintplex-labs anything-llm Chat cross site scripting5.85.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-0435
6F-Secure Internet Security input validation9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.062420.03CVE-2007-2967
7f-secure internet gatekeeper suid.cgi Local Privilege Escalation8.47.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000650.03CVE-2005-3546
8F-Secure Anti-Virus Remote Code Execution9.89.3$25k-$100k$0-$5kProof-of-ConceptNot Defined0.011200.02CVE-2007-3300
9F-Secure Support Tool Configuration File Privilege Escalation6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000440.00CVE-2021-44750
10F-Secure WithSecure PE File aegen.dll denial of service5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000890.04CVE-2022-28882
11Trend Micro AntiVirus input validation9.89.5$5k-$25k$5k-$25kNot DefinedUnavailable0.006940.03CVE-2008-5545
12Trend Micro Antivirus RAR File Parser access control7.57.1$25k-$100k$0-$5kProof-of-ConceptNot Defined0.974680.03CVE-2012-1443
13Trend Micro Antivirus Web Threat Protection race condition4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000450.03CVE-2020-27014
14Trend Micro Antivirus Local Privilege access control7.87.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.03CVE-2021-28648
15Trend Micro Apex Central modTMMS sql injection6.76.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.003270.03CVE-2023-32529
16Trend Micro Mobile Security Log File information disclosure5.95.9$5k-$25k$0-$5kNot DefinedNot Defined0.001120.00CVE-2023-35695
17Trend Micro OfficeScan privileges management6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.03CVE-2004-2006
18Trend Micro Internet Security ActiveX Control UfPBCtrl.dll extSetOwner code injection10.010.0$25k-$100k$0-$5kHighNot Defined0.954080.03CVE-2010-3189
19Linux Kernel BPF is_spilled_reg stack-based overflow8.07.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.05CVE-2023-52462
20Git Plugin Build authorization6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.011560.03CVE-2022-36883

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
137.120.222.19Stately Taurus02/01/2024verifiedHigh
2XXX.XXX.XXX.XXXxxxxxx Xxxxxx02/01/2024verifiedHigh
3XXX.XXX.XX.XXxxxxx.xxxxxxxxxxxxxxxxxxxx.xxxXxxxxxx Xxxxxx02/01/2024verifiedHigh
4XXX.XXX.XX.XXXxxxxxx Xxxxxx04/02/2024verifiedHigh
5XXX.XXX.XXX.XXXxxxxxx Xxxxxx04/02/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/index2.htmlpredictiveHigh
2File/data/config.ftp.phppredictiveHigh
3File/mgmt/tm/util/bashpredictiveHigh
4File/xxxxxxx/predictiveMedium
5Filexxxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxxpredictiveHigh
6Filexxxxxxxx_xxx.xxxpredictiveHigh
7Filexxxxxxxxx.xxxpredictiveHigh
8Filexxxxxxx.xxxpredictiveMedium
9Filexxxxxxx.xxxpredictiveMedium
10Filexxxx.xxxpredictiveMedium
11Libraryxxxxx.xxxpredictiveMedium
12Libraryxxx/xx/xxx.xxpredictiveHigh
13Libraryxxxxxxxx.xxxpredictiveMedium
14Argumentxxx_xxpredictiveLow
15ArgumentxxxxxxxxpredictiveMedium
16ArgumentxxxxpredictiveLow
17ArgumentxxpredictiveLow
18ArgumentxxxxpredictiveLow
19ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
20Argumentxxxxx/xxxxxxxxpredictiveHigh
21ArgumentxxxxxxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!