MQsTTang Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (83)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en46
ru20
fr8
pl8
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us46
tt14
ru10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

MQsTTang4
RedLine Stealer2
Cobalt Strike2
TA5511
Ursnif1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined30
Programming Language Software8
Groupware Software2
Asset Management Software2
Bug Tracking Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined16
FasterXML4
cpp-ethereum2
ABB2
GE2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

FasterXML jackson-databind4
Devilz Clanportal4
cpp-ethereum JSON-RPC2
ABB Symphony Plus Operations2
ABB Symphony Plus Historian2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2LS Electric PLC/XG5000 inadequate encryption5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.001440.00CVE-2022-2758
3Devilz Clanportal File Upload unknown vulnerability5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.053620.08CVE-2006-6338
4Omron PLC CJ/PLC CS authentication replay6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.001330.04CVE-2019-13533
5Omron CX-Position Project File use after free7.06.9$0-$5k$0-$5kNot DefinedNot Defined0.000990.00CVE-2022-26417
6Microsoft Windows Remote Procedure Call Runtime Remote Code Execution9.88.9$100k and more$5k-$25kUnprovenOfficial Fix0.015580.00CVE-2022-26809
7Microsoft Windows IKE Protocol Extension Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.010930.04CVE-2022-34721
8RoundCube Webmail Email Message rcube_string_replacer.php linkref_addindex cross site scripting3.53.4$0-$5k$0-$5kHighOfficial Fix0.006120.00CVE-2020-35730
9IBOS OA Interview edit&op=status sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.003430.08CVE-2023-3826
10Dahua Smart Park Management unrestricted upload7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.026370.04CVE-2023-3836
11NxFilter user.jsp cross-site request forgery4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000580.03CVE-2023-3841
12Devilz Clanportal sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.006840.03CVE-2006-6339
13Aspindir Aspee Ziyaretci Defteri giris.asp sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.002370.04CVE-2006-6337
14Creativeitem Atlas Business Directory Listing search cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.15CVE-2023-3756
15FasterXML jackson-databind Java denial of service3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002180.00CVE-2020-36518
16FasterXML jackson-databind Deserialize resource consumption5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002310.03CVE-2022-42003
17FasterXML jackson-databind Array BeanDeserializer._deserializeFromArray resource consumption3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002420.00CVE-2022-42004
18GLPI htmlawed Module htmLawedTest.php code injection7.67.6$0-$5k$0-$5kHighNot Defined0.974110.00CVE-2022-35914
19FreeBSD System Call Privilege Escalation5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.001190.00CVE-2021-29628
20Realtek rtl819x-SDK Web Interface command injection7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000880.04CVE-2022-29558

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
13.228.54.173ec2-3-228-54-173.compute-1.amazonaws.comMQsTTang03/05/2024verifiedMedium
2XX.XX.XXX.XXXXxxxxxxx03/05/2024verifiedHigh
3XX.XX.XXX.XXxxxxxxx03/05/2024verifiedHigh
4XXX.XXX.XX.XXXxxxxxxx03/05/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294, CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-59CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/?r=recruit/resume/edit&op=statuspredictiveHigh
2File/emap/devicePoint_addImgIco?hasSubsystem=truepredictiveHigh
3File/home/searchpredictiveMedium
4File/usr/bin/atpredictiveMedium
5File/xxxxxx/xxxxxxxx/xxxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
6Filexxxxxxx/xxxxxxx.xxxpredictiveHigh
7Filexxxxxxx.xxxpredictiveMedium
8Filexxxxxx.xpredictiveMedium
9Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
10Filexxxxx.xxxpredictiveMedium
11Filexxxxxx/xxxxxxxxxx.xpredictiveHigh
12Filexxxxx_xxxxxx_xxx.xxxpredictiveHigh
13Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictiveHigh
14Filexxxxxxxxxx.xxxpredictiveHigh
15Filexxxx.xxxpredictiveMedium
16Filexxxxxx.xxxpredictiveMedium
17ArgumentxxxxpredictiveLow
18ArgumentxxpredictiveLow
19ArgumentxxxxxxpredictiveLow
20ArgumentxxxxxxxxxpredictiveMedium
21ArgumentxxxxxxxxpredictiveMedium
22Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
23Argumentxxxxxx_xxxxxxpredictiveHigh
24ArgumentxxxxxxpredictiveLow
25ArgumentxxxpredictiveLow
26ArgumentxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!