DEV-0322 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (89)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en58
zh20
pl4
sv2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn48
us40

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

DEV-03228
Cobalt Strike5
APT411

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined54
File Transfer Software4
JavaScript Library4
Smartphone Operating System4
Connectivity Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined34
Microsoft4
Adobe4
Apple4
Linux Foundation2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Next.js4
Adobe Magento Commerce4
FileZilla2
Linux Foundation Xen2
Texas Imperial Software wftpd2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013021.34CVE-2007-0354
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
3VMware Horizon Client/Horizon Message Framework Library out-of-bounds6.46.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.003180.03CVE-2018-6970
4parisneo lollms-webui open_file command injection9.19.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-4267
5Atlassian Confluence Data Center Privilege Escalation8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.17CVE-2024-21683
6D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection8.18.1$5k-$25k$0-$5kHighWorkaround0.833610.21CVE-2024-3273
7Sustainsys.Saml2 authentication bypass by alternate name6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.05CVE-2023-41890
8WeiYe-Jing datax-web HTTP POST Request killJob os command injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002560.04CVE-2023-7116
9cskefu permission6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.000840.02CVE-2022-36521
10Apple macOS AppleMobileFileIntegrity information disclosure3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000600.04CVE-2023-23499
11Tesla Model 3 Mobile App Phone Key Authentication authentication spoofing6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000470.04CVE-2022-37709
12SSH SSH-1 Protocol cryptographic issues7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002580.08CVE-2001-1473
13Laravel PendingBroadcast.php __destruct deserialization6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2022-31279
14EmdedThis GoAhead unrestricted upload5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.034170.00CVE-2021-42342
15Next.js URL denial of service6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.003740.04CVE-2021-43803
16Next.js _error.js redirect5.04.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000660.08CVE-2021-37699
17Swagger UI CSS injection7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.017410.04CVE-2019-17495
18OpenSSL c_rehash os command injection5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.106490.04CVE-2022-1292
19Hikvision Product Message command injection5.55.5$0-$5k$0-$5kHighNot Defined0.974850.00CVE-2021-36260
20HD-Network Real-time Monitoring System Parameter lang pathname traversal5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.054040.03CVE-2021-45043

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
124.64.36.238mail.target-realty.comDEV-0322ManageEngine ADSelfService Plus11/11/2021verifiedHigh
245.63.62.10945.63.62.109.vultr.comDEV-0322ManageEngine ADSelfService Plus11/11/2021verifiedMedium
345.76.173.10345.76.173.103.vultr.comDEV-0322ManageEngine ADSelfService Plus11/11/2021verifiedMedium
4XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxx.xxxXxx-xxxxXxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx11/11/2021verifiedMedium
5XX.XX.XX.XXXxx.xx.xx.xxx.xxxxx.xxxXxx-xxxxXxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx11/11/2021verifiedMedium
6XX.XXX.XXX.XXxxxxxxx-xxx-xxx-xx-xxx-xxx-xx.xxxxxx.xxXxx-xxxxXxx-xxxx-xxxxx07/14/2021verifiedHigh
7XX.XX.XX.XXxxxx-xx-xx-xx-xx.xx.xxx.xx.xxxXxx-xxxxXxx-xxxx-xxxxx07/14/2021verifiedHigh
8XX.XXX.XXX.XXxxxx-xxx-xxx-xx.xx.xx.xxx.xxxXxx-xxxxXxx-xxxx-xxxxx07/14/2021verifiedHigh
9XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxx.xxxXxx-xxxxXxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx11/11/2021verifiedMedium
10XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxx.xxxXxx-xxxxXxx-xxxx-xxxxx07/14/2021verifiedHigh
11XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxx.xxxXxx-xxxxXxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx11/11/2021verifiedMedium
12XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxx.xxxXxx-xxxxXxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx11/11/2021verifiedMedium
13XXX.XXX.XX.XXXXxx-xxxxXxxxxxxxxxxx Xxxxxxxxxxxxx Xxxx11/11/2021verifiedHigh
14XXX.XXX.XX.XXxx.xx.xxx.xxx.xxxxxx.xxxx.xxxxx.xxXxx-xxxxXxx-xxxx-xxxxx07/14/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (42)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/log/killJobpredictiveHigh
2File/cgi-bin/nas_sharing.cgipredictiveHigh
3File/language/langpredictiveHigh
4Fileadmin/conf_users_edit.phppredictiveHigh
5Filec_rehashpredictiveMedium
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
7Filexxxxx.xxxpredictiveMedium
8Filexxxx.xxxpredictiveMedium
9Filexxxxxx/xxxxxxxxxxxxpredictiveHigh
10Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
11Filexxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxx_xxxxxxx.xxxpredictiveHigh
13Filexxxxxxx.xpredictiveMedium
14Filexxxxxxx.xxxpredictiveMedium
15Filexxxxx/_xxxxx.xxpredictiveHigh
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxxxx.xxxpredictiveMedium
18Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
19Filexxxxxxxx_xxxx.xxxpredictiveHigh
20Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
21Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
22Filexx/xxxxxxxxx/xxpredictiveHigh
23Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
24Filexxx/xxx-xxxxxxxxxx/xxxx-xxxxxx/xxxxxx.xxxpredictiveHigh
25Filexx-xxxxx.xxxpredictiveMedium
26Filexx/xx/xxxxxpredictiveMedium
27Argument--xxxxxx/--xxxxxxxxpredictiveHigh
28ArgumentxxxxxxxxxxpredictiveMedium
29Argumentxxxxx_xxxxxxpredictiveMedium
30ArgumentxxpredictiveLow
31ArgumentxxpredictiveLow
32ArgumentxxxxxpredictiveLow
33Argumentxxxxxxx_xxxpredictiveMedium
34ArgumentxxxxxxxxxpredictiveMedium
35Argumentxxxxxx_xxxpredictiveMedium
36ArgumentxxxxxxpredictiveLow
37Argumentx_xxxxxxxxpredictiveMedium
38Argumentxxxxxxx.xx-xxxxx-xxxxpredictiveHigh
39Input Value/../predictiveLow
40Input Value[]xxxxxx{}/x["xxx"]predictiveHigh
41PatternxxxxxxxxxxxpredictiveMedium
42Network Portxxx/xxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!