MATA 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (336)

タイムライン

言語

en262
zh52
es6
ru6
fr4

国・地域

la226
us52
cn18
gb18
me10

アクター

Cobalt Strike18
Ave Maria9
Lazarus7
RedLine Stealer6
MATA5

アクティビティ

関心

タイムライン

タイプ

Not Defined114
Content Management System30
Operating System20
WordPress Plugin16
Application Server Software8

ベンダー

Not Defined138
Microsoft24
Apache8
Atlassian6
Revive4

製品

Microsoft Windows16
WordPress8
Moodle6
DedeCMS4
Revive Adserver4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000005.89
2TikiWiki tiki-register.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.0107510.00CVE-2006-6168
3Watchdog Anti-Virus IoControlCode wsdk-driver.sys 0x80002008 特権昇格5.35.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000470.05CVE-2023-1453
4Tiki Admin Password tiki-login.php 弱い認証8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009366.66CVE-2020-15906
5WordPress AdServe adclick.php SQLインジェクション7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.70CVE-2008-0507
6SPIP spip.php クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.28CVE-2022-28959
7Primetek Primefaces 弱い暗号化8.58.3$0-$5k$0-$5kHighNot Defined0.970130.05CVE-2017-1000486
8Drupal Sanitization API クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.04CVE-2020-13672
9Microsoft Windows HMAC Key Derivation Local Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000480.00CVE-2023-36400
10LiteSpeed Cache Plugin Shortcode クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000510.00CVE-2023-4372
11WebTitan Appliance Extensions Persistent クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
12ipTIME NAS-I Bulletin Manage 特権昇格7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.009880.06CVE-2020-7847
13RARLabs WinRAR ZIP Archive Remote Code Execution6.36.0$0-$5k$0-$5kHighOfficial Fix0.338500.06CVE-2023-38831
14request-baskets API Request {name} 特権昇格6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.081090.07CVE-2023-27163
15DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.12CVE-2010-0966
16PHP phpinfo クロスサイトスクリプティング4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.019600.00CVE-2007-1287
17nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.31CVE-2020-12440
18Microsoft Windows Scripting Engine Remote Code Execution5.95.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.184890.00CVE-2021-34480
19NotificationX Plugin SQL Statement SQLインジェクション5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.024140.04CVE-2022-0349
20DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd 特権昇格4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.002050.00CVE-2022-41479

IOC - Indicator of Compromise (19)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
12.4.17.15lfbn-mon-1-592-15.w2-4.abo.wanadoo.frMata2020年07月25日verified
223.227.199.5323-227-199-53.static.hvvc.usMATA2022年03月31日verified
323.227.199.6923-227-199-69.static.hvvc.usMATA2022年03月31日verified
423.254.119.12MATA2022年03月31日verified
5XX.XX.XXX.XXXXxxx2022年03月31日verified
6XX.XXX.XXX.XXXxxx2022年03月31日verified
7XXX.XXX.XX.XXxxx2022年03月31日verified
8XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxx2022年03月31日verified
9XXX.XXX.XX.XXxxxxxxx.xxx-xxxxxxxxxxx.xxxxXxxx2022年03月31日verified
10XXX.XX.XXX.XXXxxxx.xxxxxxxxxxxxxxxxxxxxx.xxxXxxx2022年03月31日verified
11XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxXxxx2022年03月31日verified
12XXX.XX.XXX.XXxx-xxx-xx-xxx-xx.xxxx.xxxxxxxxx.xxxXxxx2022年03月31日verified
13XXX.XX.XXX.XXXxxx2022年03月31日verified
14XXX.XX.XXX.XXXxxx-xxx-xx-xxx.xxxxxxx-xxxXxxx2022年03月31日verified
15XXX.XX.XX.XXXXxxx2022年03月31日verified
16XXX.XXX.XXX.XXXxxx.xxx.xxx.xxxXxxx2022年03月31日verified
17XXX.XXX.XXX.XXxxx2022年03月31日verified
18XXX.XX.XXX.XXxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxx.xxxXxxx2022年03月31日verified
19XXX.XXX.XX.XXXxxxxxxx.xx-xxxx-xxx-xxxx.xxxXxxx2022年03月31日verified

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22, CWE-24Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
11TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
13TXXXXCAPEC-112CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictive
16TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
17TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictive
18TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
19TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (178)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/dl_sendmail.phppredictive
2File/adminPage/conf/reloadpredictive
3File/api/baskets/{name}predictive
4File/api/v2/cli/commandspredictive
5File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictive
6File/DXR.axdpredictive
7File/forum/away.phppredictive
8File/mfsNotice/pagepredictive
9File/novel/bookSetting/listpredictive
10File/novel/userFeedback/listpredictive
11File/out.phppredictive
12File/owa/auth/logon.aspxpredictive
13File/phppath/phppredictive
14File/spip.phppredictive
15File/systemrw/predictive
16File/x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3predictive
17File/zm/index.phppredictive
18Fileadclick.phppredictive
19Fileadmin.jcomments.phppredictive
20Fileadmin/gv_mail.phppredictive
21Fileapplication/modules/admin/views/ecommerce/products.phppredictive
22Filexxxxxxx.xxpredictive
23Filexxxx/xxxxxxxxxxxx.xxxpredictive
24Filexxxx.xxxpredictive
25Filexx_xxxx_xx_xxxx_xxxx.xxxpredictive
26Filexxxx_xxxxxxx.xxxpredictive
27Filexxxxxxxx.xxxpredictive
28Filexxxxxx.xxxpredictive
29Filexxx-xxx/xxxxxxx.xxpredictive
30Filexxxxx.xxxpredictive
31Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictive
32Filexxxxx-xxxxxxx.xxxpredictive
33Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictive
34Filexxxxxxxxxx\xxxx.xxxpredictive
35Filexxxxxxxxxxx.xxxpredictive
36Filexxxx-xxxxxx.xxxpredictive
37Filexxxx.xxxpredictive
38Filexxx/xxxx/xxxx_xxxxxx.xpredictive
39Filexxxxxxxxxxx.xxxxx.xxxpredictive
40Filexxxxxxx.xxxpredictive
41Filexxxxx.xxxpredictive
42Filexxxx.xxxpredictive
43Filexxxxx_xxxx.xxxpredictive
44Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictive
45Filexxx/xxxxxx.xxxpredictive
46Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictive
47Filexxxxx.xxxxpredictive
48Filexxxxx.xxxpredictive
49Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictive
50Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictive
51Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictive
52Filexxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxxpredictive
53Filexxxx_xxxx.xxxpredictive
54Filexxxx_xxxxxxx.xxxpredictive
55Filexxxxx.xxxxpredictive
56Filexxxxx.xxxpredictive
57Filexxxx.xxxxpredictive
58Filexxxxxx/xxxxxxxxx.xxxpredictive
59Filexx_xxxx.xpredictive
60Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictive
61Filexxxxxxx_xxxx.xxxpredictive
62Filexxxxxx.xxxpredictive
63Filexxxxxxxxxxxxxxxxx.xxxpredictive
64Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictive
65Filexxxxxxx.xxxpredictive
66Filexxxxxxxxxxxxx.xxxpredictive
67Filexxxxxxxxxxxx.xxxpredictive
68Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictive
69Filexxxxx.xxxpredictive
70Filexxxx.xxxpredictive
71Filexxxxxxxx.xxxpredictive
72Filexxxxxxxxxx.xxxpredictive
73Filexxxxxxxx.xxpredictive
74Filexxxx_xxxx_xxxxxx.xxxpredictive
75Filexxxxxxxxxxxxxx.xxxpredictive
76Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
77Filexxxx_xxxxx.xxxxpredictive
78Filexxxxxxxxxx_xxxx.xxxpredictive
79Filexxx/xxxx/xxxxpredictive
80Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictive
81Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictive
82Filexxxxxxxxx/xxxxxxxx.xxxpredictive
83Filexxxx_xxxxxx.xxpredictive
84Filexxxx-xxxxx.xxxpredictive
85Filexxxx-xxxxxxxx.xxxpredictive
86Filexxxxxx_xxxxx.xxxpredictive
87Filexxxxxx.xxxpredictive
88Filexxx.xxxpredictive
89Filexxxxxxx-xxxxx.xxxpredictive
90Filexxxx_xxxxx.xxxpredictive
91Filexxxx/xxx/xxxx-xxxxx.xxxpredictive
92Filexxxx.xxxpredictive
93Filexxxxxxxx.xxxpredictive
94Filexxxxxxxxx.xxxpredictive
95Filexx-xxxxx-xxxxxx.xxxpredictive
96Filexx-xxxxxxxx/xxxx.xxxpredictive
97Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictive
98Filexx-xxxxxxxxx.xxxpredictive
99Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictive
100Filexxxx.xxxpredictive
101File_xxxxxxxx/xxxx?xxxxpredictive
102File~/xxx/xxxx-xxxxxxxxx.xxxpredictive
103File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictive
104Libraryxxxxxx.xxxpredictive
105Libraryxxxxxx.xxxpredictive
106Libraryxxxxxx.xxxpredictive
107Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictive
108Libraryxxxx-xxxxxx.xxxpredictive
109Argumentxxx_xxxpredictive
110Argumentxxxxpredictive
111Argumentxxxxxxxxxpredictive
112Argumentxxxxxxxxpredictive
113Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictive
114Argumentxxxxx_xxxxpredictive
115Argumentxxxx_xxx_xxxxpredictive
116Argumentxxxpredictive
117Argumentxxxxxxxxxpredictive
118Argumentxxxxxxxxxxpredictive
119Argumentxxx_xxpredictive
120Argumentxxxpredictive
121Argumentxxxpredictive
122Argumentxxxxxxxxxxxxxxxpredictive
123Argumentxxxx_xxpredictive
124Argumentxxxxxxpredictive
125Argumentxxxpredictive
126Argumentxxxxpredictive
127Argumentxxxxxxxxx_xxxxxxpredictive
128Argumentxxxxxxxxxpredictive
129Argumentxx_xxxxxxxpredictive
130Argumentxxxxpredictive
131Argumentxxxxxxxxpredictive
132Argumentxxxxxpredictive
133Argumentxxxxxx_xxxxxpredictive
134Argumentxxxxxxxxxpredictive
135Argumentxxxxxxxxx/xxxxxxpredictive
136Argumentxx_xxpredictive
137Argumentxxxxxxx[xxxxxxx]predictive
138Argumentxxxxxxxpredictive
139Argumentxxxxxxpredictive
140Argumentxxxxxpredictive
141Argumentxxpredictive
142Argumentxxxpredictive
143Argumentxxxxpredictive
144Argumentxxxxpredictive
145Argumentxxxx/xxxxxxxxpredictive
146Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictive
147Argumentxxxxxxxxpredictive
148Argumentxx_xxpredictive
149Argumentxxxxxx/xxxxx/xxxxpredictive
150Argumentxxxxxxxpredictive
151Argumentxxxxxxxpredictive
152Argumentxxxxpredictive
153Argumentxxxxxxxxpredictive
154Argumentxxxxxx_xxxxxxpredictive
155Argumentxxxxxxxx_xxpredictive
156Argumentxxxxxxxx_xxxpredictive
157Argumentxxxxxx_xxxxxpredictive
158Argumentxxxpredictive
159Argumentxxxx_xxxxpredictive
160Argumentxxxxpredictive
161Argumentxxxxxxpredictive
162Argumentxxxxxxxpredictive
163Argumentxxx_xxxxpredictive
164Argumentxxxpredictive
165Argumentxx_xxpredictive
166Argumentxxxxxpredictive
167Argumentxxxxx_xxpredictive
168Argumentxxxpredictive
169Argumentxxxxxxpredictive
170Argumentxxxxxxxxpredictive
171Argument\xxxx\xxxxpredictive
172Argument_xxx_xxxxxxxxxxx_predictive
173Input Value<xxxxxx >xxxxx(xxx)</xxxxxx>predictive
174Input Valuexxxxxxxxx' xxx 'x'='xpredictive
175Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictive
176Pattern|xx xx xx xx|predictive
177Network Portxxxxxpredictive
178Network Portxxx/xxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!