Exchange Marauder Analysis

IOB - Indicator of Behavior (312)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en256
zh34
ru8
fr6
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us168
cn84
ru20
kr6
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress6
Microsoft IIS6
Trend Micro Apex One4
Trend Micro Worry-Free Business Security4
Microsoft Windows4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2net2ftp path traversal7.36.4$0-$5k$0-$5kUnprovenOfficial Fix0.035010.00CVE-2008-5275
3Linux Kernel Pipe Dirty Pipe Privilege Escalation6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.075840.03CVE-2022-0847
4MWChat Pro Help about.php file inclusion7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.006500.02CVE-2006-5904
5Phicomm k2 command injection6.66.5$0-$5k$0-$5kNot DefinedNot Defined0.000540.03CVE-2023-40796
6Metalinks Metacart2 productsbycategory.asp sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001420.04CVE-2005-1363
7Yii Yii2 Gii cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000560.03CVE-2022-34297
8Microsoft Windows Clipboard User Service Privilege Escalation7.26.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.08CVE-2022-21869
9SourceCodester Online Flight Booking Management System POST Parameter review_search.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001340.04CVE-2023-0283
10Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.28CVE-2014-4078
11FuelPHP code injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.031290.00CVE-2014-1999
12phpLDAPadmin LDAP injection ldap injection8.57.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.216520.00CVE-2018-12689
13FreeBSD setrlimit memory corruption6.55.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001260.00CVE-2017-1085
14DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.99CVE-2010-0966
15Zoho ManageEngine ServiceDesk Plus API Endpoint User credentials management5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.004660.00CVE-2018-7248
16WebARX Plugin Stored cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.002130.00CVE-2019-17213
17jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.06CVE-2019-7550
18ShowDoc access control5.35.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001220.00CVE-2018-19620
19Chevereto CMS Stored cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.00CVE-2017-1000058
20Bitrix Upload from Local Disk Feature restore.php unrestricted upload6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2022-29268

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Exchange Marauder

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (123)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/cgi-bin/luci/api/authpredictiveHigh
3File/filemanager/upload.phppredictiveHigh
4File/resources//../predictiveHigh
5File/src/Illuminate/Laravel.phppredictiveHigh
6File/usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.phppredictiveHigh
7File/usr/local/WowzaStreamingEngine/bin/predictiveHigh
8File/wp-json/oembed/1.0/embed?urlpredictiveHigh
9Fileabout.phppredictiveMedium
10Fileadmin/modules/tools/ip_history_logs.phppredictiveHigh
11Fileadminer.phppredictiveMedium
12Fileadmin_feature.phppredictiveHigh
13Fileapi_poller.phppredictiveHigh
14Fileapplication/controllers/admin/dataentry.phppredictiveHigh
15Filexxx.xxxpredictiveLow
16Filexxxxxx/xxxxxxxx.xxxxpredictiveHigh
17Filexxxxxxx.xxpredictiveMedium
18Filexxx-xxx/xxxxxx.xxxpredictiveHigh
19Filexxxxxxxxxx.xxxpredictiveHigh
20Filexxx.xxx?xxx=xxxxx_xxxxpredictiveHigh
21Filexxx.xxxpredictiveLow
22Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
23Filexxxxxxxx.xxxpredictiveMedium
24Filexxxx_xxxxxxx.xxxpredictiveHigh
25Filexxxxxxxxxxxxx.xxxpredictiveHigh
26Filexxx/xxxxxx/xxxxxx.xpredictiveHigh
27Filexxxxxxx.xxxpredictiveMedium
28Filexxxxxxxxx/xx/xxxxxxxxxxxx.xxxpredictiveHigh
29Filexx_xxxx.xxxpredictiveMedium
30Filexxxxxxxxx.xxxpredictiveHigh
31Filexxx/xxxxxx.xxxpredictiveHigh
32Filexxxxxxxx/xxxx/xxxxx-xxxxx.xxxpredictiveHigh
33Filexxxxx.xxxpredictiveMedium
34Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
35Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
36Filexx_xxxxxx.xxxpredictiveHigh
37Filexxxxxxx.xxxpredictiveMedium
38Filexxxxxxxxx/xxxx_xxxxxxx.xxx.xxxpredictiveHigh
39Filexxxx/xxxxxxxxxx.xxxpredictiveHigh
40Filexxx.xxxpredictiveLow
41Filexxxxxx.xxpredictiveMedium
42Filexxxxxxx/xx?xxxxxxxx=predictiveHigh
43Filexxxxxxxxxxx-xxxx.xxpredictiveHigh
44Filexxx/xxxxxxx/xxx.xxxpredictiveHigh
45Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
46Filexxxxxxx_xxxx.xxxpredictiveHigh
47Filexxxxxxx/xxxxx/xxxxxxxxxxx/xxxxx.xxxpredictiveHigh
48Filexxxxxxxx.xxxpredictiveMedium
49Filexxxx.xxxpredictiveMedium
50Filexxxxx-xxxxxxpredictiveMedium
51Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
52Filexxxxxxx.xxxpredictiveMedium
53Filexxxxxx_xxxxxx.xxxpredictiveHigh
54Filexxxxxx/xxx/xx/xxx.xxpredictiveHigh
55Filexxxxxxxxxx.xxxxpredictiveHigh
56Filexxxxxx_xxx_xxxxxx.xxxpredictiveHigh
57Filexxxxxx_xxxxx.xxx/xxxxx_xxxxxxx_xxxxxxxxxx.xxpredictiveHigh
58Filexxxxxx.xpredictiveMedium
59Filexxxxxxx/xxxx/xxxxxxx_xxxxxxxx_xxxx.xxxpredictiveHigh
60Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
61Filexx/xx_xxxxxx.xxxpredictiveHigh
62Filexx\xxxxxxx.xxxxpredictiveHigh
63Filexxxx-xxxxxxx-xxxxxx.xxxpredictiveHigh
64File\xxxxxxx\xxxxxxxxxxxx.xxxxpredictiveHigh
65Library/xxx/xxx/xxxx.xxxpredictiveHigh
66Libraryxxxxxx[xxxxxx_xxxxpredictiveHigh
67Libraryxxxx.xxx.xxxpredictiveMedium
68Libraryxxxxxx.xxxpredictiveMedium
69Libraryxx-xxxxxxx/xxxxxxx/xx-xxxx-xxxxxxx/xxx/xxxxx/predictiveHigh
70Argument%xpredictiveLow
71ArgumentxxxxxxxpredictiveLow
72ArgumentxxxpredictiveLow
73Argumentxxxxxx_xxxxpredictiveMedium
74ArgumentxxxxxxxxpredictiveMedium
75ArgumentxxxxpredictiveLow
76ArgumentxxxpredictiveLow
77ArgumentxxxxxpredictiveLow
78ArgumentxxxxxxxpredictiveLow
79ArgumentxxxpredictiveLow
80ArgumentxxxxxxxxpredictiveMedium
81ArgumentxxxxxxxxxpredictiveMedium
82Argumentxxxxxx[xxxxxx_xxxx]predictiveHigh
83Argumentxxxxxx_xxxxx_xxxxxxxxxxxxxpredictiveHigh
84ArgumentxxpredictiveLow
85ArgumentxxxxxxxxxxxpredictiveMedium
86ArgumentxxxxpredictiveLow
87ArgumentxxxxxpredictiveLow
88Argumentxx-xxxxpredictiveLow
89ArgumentxxxxxxxxpredictiveMedium
90ArgumentxxpredictiveLow
91Argumentxx_xxxxpredictiveLow
92ArgumentxxxxxxxxxpredictiveMedium
93Argumentxxxx/xxx_xxxxpredictiveHigh
94ArgumentxxxxxxxpredictiveLow
95ArgumentxxxpredictiveLow
96Argumentxxxxxxx/xxxxxxx/xxxxxxpredictiveHigh
97ArgumentxxxxpredictiveLow
98Argumentxxxxx_xxpredictiveMedium
99Argumentxxxx_xxpredictiveLow
100ArgumentxxxxxxxxxxxxxpredictiveHigh
101Argumentxxxx_xxpredictiveLow
102Argumentxxxxx_xxxxxxpredictiveMedium
103Argumentxxxxxx xxxxpredictiveMedium
104ArgumentxxxxxxxpredictiveLow
105Argumentxxxxxxx xxxxpredictiveMedium
106ArgumentxxxxxxpredictiveLow
107Argumentxxxxxx_xxpredictiveMedium
108ArgumentxxxxpredictiveLow
109Argumentxxxx_xxxxxx/xxxxxx/xxxxxxpredictiveHigh
110Argumentxxxxxxxx_xxxxxpredictiveHigh
111ArgumentxxxpredictiveLow
112Argumentxxxxxxxxxx/xxxxxxxxxxxxxxxpredictiveHigh
113ArgumentxxxxxxxxxpredictiveMedium
114ArgumentxxxpredictiveLow
115ArgumentxxxpredictiveLow
116ArgumentxxxxxxxxxpredictiveMedium
117ArgumentxxxxxxpredictiveLow
118Argumentxxxx_xxpredictiveLow
119ArgumentxxxpredictiveLow
120Argumentx-xxxxxxxxx-xxxpredictiveHigh
121Argumentxx_xxxx_xxxxxpredictiveHigh
122Argument_xxxpredictiveLow
123Input Valuexxxx%xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!