TA544 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (258)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en254
ru4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

co240
ru10
us6
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

TA5446
SpyEye1
LokiBot1
LokiLocker1
Meterpreter1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Web Browser62
Not Defined52
Operating System30
Document Reader Software16
Multimedia Processing Software14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined48
Mozilla28
Microsoft26
Google24
Adobe18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Mozilla Firefox26
Google Chrome22
Adobe Acrobat Reader14
Microsoft Windows14
FFmpeg14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$2k-$5k$0-$1kProof-of-ConceptOfficial Fix0.009430.85CVE-2010-0966
2LogicBoard CMS away.php redirect6.36.1$2k-$5k$0-$1kNot DefinedUnavailable0.000002.97
3TRENDnet TEW-652BRP Web Management Interface get_set.ccp cross site scripting3.63.6$0-$1k$0-$1kProof-of-ConceptNot Defined0.000540.09CVE-2023-0639
4TRENDnet TEW-652BRP Web Management Interface get_set.ccp command injection8.88.6$2k-$5k$0-$1kProof-of-ConceptNot Defined0.000760.05CVE-2023-0611
5vim heap-based overflow8.07.9$1k-$2k$0-$1kNot DefinedOfficial Fix0.001340.05CVE-2022-3520
6pdfkit URL command injection8.18.1$2k-$5k$0-$1kNot DefinedNot Defined0.352960.02CVE-2022-25765
7Nginx Open Source/Plus/Ingress Controller Resolver off-by-one5.55.5$2k-$5k$0-$1kNot DefinedNot Defined0.581800.04CVE-2021-23017
8OAID Tengine Serializer Module buffer overflow5.55.1$1k-$2k$0-$1kUnprovenNot Defined0.000510.00CVE-2020-28759
9MGB OpenSource Guestbook email.php sql injection7.37.3$2k-$5k$0-$1kHighUnavailable0.013020.76CVE-2007-0354
10Microsoft Edge/ChakraCore Scripting Engine memory corruption6.05.9$25k-$50k$5k-$10kNot DefinedOfficial Fix0.021300.00CVE-2019-0771
11Gempar Script Toko Online shop_display_products.php sql injection7.36.9$2k-$5k$0-$1kProof-of-ConceptNot Defined0.001000.02CVE-2009-0296
12Opt-X header.php file inclusion7.37.3$2k-$5k$0-$1kNot DefinedNot Defined0.060750.03CVE-2004-2368
13BlueCMS sql injection8.58.5$1k-$2k$0-$1kNot DefinedNot Defined0.002120.00CVE-2019-9594
14Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$10k-$25kCalculatingHighWorkaround0.020160.02CVE-2007-1192
15TYPO3 spell-check-logic.php unknown vulnerability4.84.3$25k-$50k$0-$1kProof-of-ConceptOfficial Fix0.050560.02CVE-2006-6690
16Microsoft Office memory corruption7.87.6$10k-$25k$0-$1kNot DefinedOfficial Fix0.700460.03CVE-2016-7228
17TIBCO Enterprise Messaging Service emsca cross-site request forgery6.96.9$1k-$2k$0-$1kNot DefinedNot Defined0.003650.00CVE-2018-12415
18Apache Tomcat WebSocket Client certificate validation7.57.3$10k-$25k$0-$1kNot DefinedOfficial Fix0.016970.03CVE-2018-8034
19phpMyAdmin phpinfo.php information disclosure5.35.1$5k-$10k$0-$1kNot DefinedOfficial Fix0.001420.05CVE-2016-9848
20Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$50k$0-$1kUnprovenOfficial Fix0.008170.30CVE-2014-4078

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Zeus

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
162.109.29.101imlejnnn.fvds.ruTA544Zeus06/07/2021verifiedHigh
269.55.49.159TA544Zeus06/07/2021verifiedHigh
3XX.XXX.XX.XXxx-xx-xxx-xx.xxxxxx.xxxxxxx.xxxx.xxxXxxxxXxxx06/07/2021verifiedHigh
4XX.XXX.XXX.XXXXxxxxXxxx06/07/2021verifiedHigh
5XX.XXX.XXX.XXXxxx.xxxxxxx.xxXxxxxXxxx06/07/2021verifiedHigh
6XX.XX.XXX.XXxxxxxxxx.xxxxxxxxx.xxxXxxxxXxxx06/07/2021verifiedHigh
7XX.XXX.XX.XXxxx.xxx.xxxXxxxxXxxx06/07/2021verifiedHigh
8XX.XXX.XXX.XXXxxxxxx.xxxxxxxx.xxxXxxxxXxxx06/07/2021verifiedHigh
9XXX.XXX.XX.XXxx.xx.xxx.xxx.xxx.xxx.xxXxxxxXxxx06/07/2021verifiedHigh
10XXX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxXxxx06/07/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
11TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (95)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2File/Tools/tools_admin.htmpredictiveHigh
3Fileadm/krgourl.phppredictiveHigh
4Fileadmin.phppredictiveMedium
5FileadministerspredictiveMedium
6FilecatchsegvpredictiveMedium
7Fileclassified.phppredictiveHigh
8Filecoders/mat.cpredictiveMedium
9Filedata/gbconfiguration.datpredictiveHigh
10Filedefault.asppredictiveMedium
11Filedrivers/char/lp.cpredictiveHigh
12Filexxxxxxx/xxx/xxxxxx.xpredictiveHigh
13Filexxxxx.xxxpredictiveMedium
14Filexxxxxxxx.xpredictiveMedium
15Filex_xxxxxxx.xpredictiveMedium
16Filexxx_xxx.xxxpredictiveMedium
17Filexxx/xx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxxx.xxxpredictiveMedium
19Filexxxxxx.xxxpredictiveMedium
20Filexxx/xxxxxx.xxxpredictiveHigh
21Filexxxxx.xxxpredictiveMedium
22Filexxxxxxxx/xxxx/xxxx.xxxpredictiveHigh
23Filexx_xxxx_xxxxx_xxxxxxxx_xxxxxxxxxxxxxx.xxxpredictiveHigh
24Filexxxxxxxxxx/xxxxxx.xpredictiveHigh
25Filexxxxxxxxxx/xxx.xpredictiveHigh
26Filexxxxxxxxxx/xxxx.xpredictiveHigh
27Filexxxxxxxxxx/xxxxxxxx.xpredictiveHigh
28Filexxxxxxxxxx/xxxxxxxxxx.xpredictiveHigh
29Filexxxxxxxxxxx/xxx.xpredictiveHigh
30Filexxxxxxxxxxx/xxx.xpredictiveHigh
31Filexxxxxxxxxxx/xxx.xpredictiveHigh
32Filexxxxxxxxxxx/xxxx.xpredictiveHigh
33Filexxxxxxxxxxx/xxxxx.xpredictiveHigh
34Filexxxxxxxxxxx/xxxxxxxx.xpredictiveHigh
35Filexxxxxxx/xxxxxxx.xpredictiveHigh
36Filexxxxx.xxxpredictiveMedium
37Filexxxx/xxx.xpredictiveMedium
38Filexxx/xxx/xx_xxx.xpredictiveHigh
39Filexxxxxxxxxxxx.xxxpredictiveHigh
40Filexxx_xxxxxxx.xpredictiveHigh
41Filexxxxxx.xxx.xxxpredictiveHigh
42Filexxxxxxx.xxxpredictiveMedium
43Filexxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
44Filexxxxxx/xxxxxxxxxx/xxx/xxxx.xxxpredictiveHigh
45Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
46Filexxxxx-xxxxx-xxxxx.xxxpredictiveHigh
47Filexxx/xx_xxxx.xpredictiveHigh
48Filexxxxxx.xxxpredictiveMedium
49Filexxxxxxx/xxxxx/xxxx.xxx?xxx=xxxxpredictiveHigh
50Filex_xxxxx.xpredictiveMedium
51Filexxxxxxx_xxxxxxx.xxxxxxxx.xxxx_xxxxxxxxpredictiveHigh
52Filexxxxxxx/xxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
53Filexxxxxxx/xxxx/xxxxx.xxxpredictiveHigh
54Filexxxxxxxxx_xx.xpredictiveHigh
55Libraryxx/xxx/xxxx_xxxxxx.xxxpredictiveHigh
56Libraryxx/xxx/xxxxxxx.xxxpredictiveHigh
57Libraryxxxxxx_xxxpredictiveMedium
58LibraryxxxxxxxpredictiveLow
59Libraryxxx/xxxxxx/xxxxx.xxpredictiveHigh
60Libraryxxxxxxxxxx/xxx_xxxxx.xpredictiveHigh
61Libraryxxxxx.xxxpredictiveMedium
62Libraryxxxxxxx.xxxpredictiveMedium
63Libraryxxxxxx.xxxpredictiveMedium
64ArgumentxxxxxxxxpredictiveMedium
65ArgumentxxxxxpredictiveLow
66Argumentxxx_xxpredictiveLow
67Argumentxxxxxx_xxxpredictiveMedium
68Argumentxxxxxxxx_xxxxpredictiveHigh
69ArgumentxxxxxxpredictiveLow
70ArgumentxxxxxxpredictiveLow
71ArgumentxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
72ArgumentxxpredictiveLow
73ArgumentxxxpredictiveLow
74Argumentx_xxxxxxxxxxxxxxxxpredictiveHigh
75ArgumentxxxxxxxxpredictiveMedium
76ArgumentxxxxxxxxpredictiveMedium
77ArgumentxxxxxxpredictiveLow
78ArgumentxxxxxxpredictiveLow
79Argumentxxxxx_xxxxxxx_xxxxx/xxxxx_xxxxxxx_xxxxx_xxx/xxxxx_xxxxxxx_xxxxxxxpredictiveHigh
80Argumentxxxxxx_xxpredictiveMedium
81Argumentxxxx_xxxpredictiveMedium
82ArgumentxxxxxxxxxxpredictiveMedium
83Argumentxxxxxx-xxxxxpredictiveMedium
84Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
85ArgumentxxxxxxxpredictiveLow
86Argumentxxxx_xxpredictiveLow
87Input ValuexxxxpredictiveLow
88Input ValuexxxxxpredictiveLow
89Input Valuexxxxx/xxxxxxxxpredictiveHigh
90Input ValuexxxxxpredictiveLow
91Input Valuexxxxx xxxxxxx xxxxxxpredictiveHigh
92Pattern|xx|/[predictiveLow
93Network Portxxxxxxxxxxxxxx xxxxxxpredictiveHigh
94Network Portxxx/xx (xxx)predictiveMedium
95Network Portxxx/xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!