Exchange Marauder Analysis

IOB - Indicator of Behavior (241)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en214
zh22
ru2
fr2
ko2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us144
cn74
kr8
in2
il2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel6
FreeBSD6
Microsoft Windows6
Wowza Streaming Engine4
WordPress4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
2net2ftp path traversal7.36.4$0-$5k$0-$5kUnprovenOfficial Fix0.020.06523CVE-2008-5275
3Linux Kernel Pipe Dirty Pipe Privilege Escalation6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.060.06503CVE-2022-0847
4Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.520.29797CVE-2014-4078
5FuelPHP code injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.020.06523CVE-2014-1999
6phpLDAPadmin LDAP injection ldap injection8.57.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.08382CVE-2018-12689
7FreeBSD setrlimit memory corruption6.55.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.02108CVE-2017-1085
8DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.830.04187CVE-2010-0966
9Zoho ManageEngine ServiceDesk Plus API Endpoint User credentials management5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000.01760CVE-2018-7248
10WebARX Plugin Stored cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2019-17213
11jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.040.04499CVE-2019-7550
12ShowDoc access control5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000.01061CVE-2018-19620
13Chevereto CMS Stored cross site scripting5.24.9$0-$5kCalculatingNot DefinedOfficial Fix0.040.00885CVE-2017-1000058
14OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.750.00986CVE-2005-1612
15Proxmox Mail Gateway redirect6.25.9$0-$5k$0-$5kNot DefinedOfficial Fix0.040.01055CVE-2015-9058
16WordPress Object injection5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01034CVE-2022-21663
17phpMyAdmin SearchController sql injection8.07.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.17166CVE-2020-26935
18FormCraft Plugin formcraft3_get server-side request forgery6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00885CVE-2022-0591
19CuteSoft Components Cute Editor for ASP.NET path traversal5.35.1$0-$5k$0-$5kHighOfficial Fix0.060.04187CVE-2009-4665
20Wowza Streaming Engine path traversal5.95.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2017-16922

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Exchange Marauder

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (70)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/luci/api/authpredictiveHigh
2File/filemanager/upload.phppredictiveHigh
3File/resources//../predictiveHigh
4File/usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.phppredictiveHigh
5File/usr/local/WowzaStreamingEngine/bin/predictiveHigh
6File/wp-json/oembed/1.0/embed?urlpredictiveHigh
7Fileadmin/modules/tools/ip_history_logs.phppredictiveHigh
8Fileadmin_feature.phppredictiveHigh
9Filexxx_xxxxxx.xxxpredictiveHigh
10Filexxxxxxxxxxx/xxxxxxxxxxx/xxxxx/xxxxxxxxx.xxxpredictiveHigh
11Filexxx.xxx?xxx=xxxxx_xxxxpredictiveHigh
12Filexxx.xxxpredictiveLow
13Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxx_xxxxxxx.xxxpredictiveHigh
15Filexxxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxxxxx/xx/xxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxxxx.xxxpredictiveHigh
18Filexxx/xxxxxx.xxxpredictiveHigh
19Filexxxxxxxx/xxxx/xxxxx-xxxxx.xxxpredictiveHigh
20Filexxxxx.xxxpredictiveMedium
21Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
22Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
23Filexxxxxxx.xxxpredictiveMedium
24Filexxxxxx.xxpredictiveMedium
25Filexxxxxxx/xx?xxxxxxxx=predictiveHigh
26Filexxxxxxxxxxx-xxxx.xxpredictiveHigh
27Filexxxxxxx/xxxxx/xxxxxxxxxxx/xxxxx.xxxpredictiveHigh
28Filexxxx.xxxpredictiveMedium
29Filexxxxx-xxxxxxpredictiveMedium
30Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
31Filexxxxxx/xxx/xx/xxx.xxpredictiveHigh
32Filexxxxxxxxxx.xxxxpredictiveHigh
33Filexxxxxx_xxxxx.xxx/xxxxx_xxxxxxx_xxxxxxxxxx.xxpredictiveHigh
34Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
35Library/xxx/xxx/xxxx.xxxpredictiveHigh
36Libraryxxxxxx.xxxpredictiveMedium
37Libraryxx-xxxxxxx/xxxxxxx/xx-xxxx-xxxxxxx/xxx/xxxxx/predictiveHigh
38Argument%xpredictiveLow
39Argumentxxxxxx_xxxxpredictiveMedium
40ArgumentxxxxxxxxpredictiveMedium
41ArgumentxxxxpredictiveLow
42ArgumentxxxpredictiveLow
43ArgumentxxxxxxxxpredictiveMedium
44ArgumentxxxxxxxxxpredictiveMedium
45ArgumentxxxxxxxxxxxpredictiveMedium
46ArgumentxxxxpredictiveLow
47ArgumentxxpredictiveLow
48Argumentxxxx/xxx_xxxxpredictiveHigh
49ArgumentxxxxpredictiveLow
50Argumentxxxxx_xxpredictiveMedium
51Argumentxxxx_xxpredictiveLow
52ArgumentxxxxxxxxxxxxxpredictiveHigh
53Argumentxxxxx_xxxxxxpredictiveMedium
54Argumentxxxxxx xxxxpredictiveMedium
55ArgumentxxxxxxxpredictiveLow
56Argumentxxxxxxx xxxxpredictiveMedium
57ArgumentxxxxxxpredictiveLow
58Argumentxxxxxx_xxpredictiveMedium
59ArgumentxxxxpredictiveLow
60Argumentxxxxxxxx_xxxxxpredictiveHigh
61ArgumentxxxpredictiveLow
62Argumentxxxxxxxxxx/xxxxxxxxxxxxxxxpredictiveHigh
63ArgumentxxxpredictiveLow
64ArgumentxxxpredictiveLow
65ArgumentxxxxxxxxxpredictiveMedium
66ArgumentxxxxxxpredictiveLow
67Argumentxxxx_xxpredictiveLow
68Argumentx-xxxxxxxxx-xxxpredictiveHigh
69Argumentxx_xxxx_xxxxxpredictiveHigh
70Argument_xxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!