GreenMwizi Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (200)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en198
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

KE: Kenya200

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

GreenMwizi1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined52
Web Server16
Operating System12
Smartphone Operating System8
Programming Language Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined56
Microsoft20
Apache14
Cisco6
Squid4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows12
Apache HTTP Server10
OpenSSH8
nginx4
Squid Proxy4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial fix 0.155470.33CVE-2014-4078
2Microsoft IIS uncpath cross site scripting5.25.0$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.013870.07CVE-2017-0055
3Samsung Galaxy OMACP Message Config 7pk error7.57.5$0-$5k$0-$5kNot definedNot defined 0.000770.00CVE-2016-7991
4OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial fixexpected0.924870.20CVE-2016-6210
5Apache Tomcat CORS Filter 7pk security8.58.4$5k-$25k$0-$5kNot definedOfficial fixpossible0.663360.00CVE-2018-8014
6Ilohamail cross site scripting4.34.1$0-$5k$0-$5kNot definedOfficial fix 0.000000.00
7Huawei B315s-22 information disclosure5.45.2$5k-$25k$0-$5kProof-of-ConceptNot defined 0.026430.05CVE-2018-7921
8JIRA Access Check CachingResourceDownloadRewriteRule access control7.47.2$0-$5k$0-$5kNot definedOfficial fixexpected0.926130.00CVE-2019-8442
9Portainer API Endpoint check credentials management8.58.5$0-$5k$0-$5kNot definedNot defined 0.003120.00CVE-2018-19367
10Apache HTTP Server suEXEC Feature .htaccess information disclosure5.35.0$5k-$25k$0-$5kProof-of-ConceptWorkaround 0.000000.02
11OpenNetAdmin os command injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.004830.20CVE-2019-25065
12Apache HTTP Server HTTP Digest Authentication Challenge improper authentication8.58.4$5k-$25k$0-$5kNot definedOfficial fix 0.055030.08CVE-2018-1312
13Rapidleech upload.php path traversal5.34.7$0-$5k$0-$5kUnprovenUnavailable 0.001930.00CVE-2009-1089
14Huawei HG532 Service Port 37215 input validation7.57.5$5k-$25k$0-$5kHighWorkaroundexpected0.919520.06CVE-2017-17215
15Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog cryptographic issues8.17.1$25k-$100k$0-$5kUnprovenOfficial fix 0.214580.05CVE-2013-1862
16OpenSSH access control8.47.9$25k-$100k$5k-$25kProof-of-ConceptNot defined 0.001350.03CVE-2008-1483
17Apache HTTP Server mod_http2 resource management5.95.8$5k-$25k$0-$5kNot definedOfficial fixpossible0.411940.09CVE-2016-1546
18D-Link DIR-645 Authentication getcfg.php information disclosure8.68.2$5k-$25k$0-$5kHighOfficial fixpossible0.000000.00
19Twig Template path traversal6.46.3$0-$5k$0-$5kNot definedOfficial fix 0.013290.00CVE-2022-39261
20Microsoft Azure Front Door HTTP Header Remote Code Execution6.36.3$5k-$25k$5k-$25kNot definedNot defined 0.000000.00

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1154.123.56.191kiboko.telkom.co.keGreenMwizi03/20/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
17TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (74)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/api/users/admin/checkpredictiveHigh
3File/getcfg.phppredictiveMedium
4File/goform/setDeviceSettingspredictiveHigh
5File/server-statuspredictiveHigh
6File/uncpath/predictiveMedium
7File/updown/upload.cgipredictiveHigh
8Fileadmin_main.phppredictiveHigh
9Fileapi/sms/send-smspredictiveHigh
10Filexxxxx/xxxxxxx/xxxxxxxxxxxxxpredictiveHigh
11Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
12Filexx_xxxxxxx/xxxxx.xxx?x=xxx&x=xxxxxxxpredictiveHigh
13Filexx-xxxxxx/xxxx/xxxxxx-xxxxxx.xxxpredictiveHigh
14Filexxxxxxxxxx/xxxxx.xxxpredictiveHigh
15Filexxxxxxx/xxxxxxxxx/xxxxpredictiveHigh
16Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxxx_xxxx.xxxxpredictiveHigh
18Filexxxxxxx-xxxxxxx/xxxx/xxxxxx/xxxxxxxx/xxx/xxxxxxxxx/xxxxxx.xxpredictiveHigh
19Filexxxxxxx_xxxxxx.xxxpredictiveHigh
20Filexxx/xxxxxxxx/xxxx_xxxxx.xpredictiveHigh
21Filexxxxxxxxxx.xxxxxpredictiveHigh
22Filexxxx_xxxxxx.xxxpredictiveHigh
23Filexxxxx.xxxpredictiveMedium
24Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictiveHigh
25Filexxxxxxx.xxpredictiveMedium
26Filexxxx/xxxxxxxxxxxxxx/xxxx_xxxxxxx.xpredictiveHigh
27Filexxxx-xxxxxx.xpredictiveHigh
28Filexxxxxxxxxxxxxxxx.xxxxpredictiveHigh
29Filexxx/xxxxxxxx.xpredictiveHigh
30Filexxxxx.xxxpredictiveMedium
31Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxx/predictiveLow
33Filexxx%xxxxx-xxxxxxxxxxxxx+xxxxxxx/xxxxxxx+xxxxx+xxxx/predictiveHigh
34Filexxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
36Filexxxxxx.xxxpredictiveMedium
37Filexxx_xxxxxx.xxxpredictiveHigh
38Filexxxx-xxxxxxx.xxxpredictiveHigh
39Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
40File\xxx\xxxxx\xxxxxx.xxxpredictiveHigh
41Libraryxxxxxxxxx.xxx/xxxxxxxxx.xxxpredictiveHigh
42Libraryxxxxxx.xxxpredictiveMedium
43Libraryxxxxxxx.xxx.xx.xxxpredictiveHigh
44ArgumentxxxxxxpredictiveLow
45Argumentxxx_xxpredictiveLow
46ArgumentxxxxxxxpredictiveLow
47Argumentxxxxxxx-xxxxxxpredictiveHigh
48Argumentxxxxxxxx/xxxx/xxxxpredictiveHigh
49ArgumentxxxxxxxpredictiveLow
50Argumentxxxx_xxxxxxxpredictiveMedium
51Argumentxxxx/xxxxxxxx xxxx/xxxxx/xxxxxxx/xxxxxxx/xxx xxxxx xxxxxxxxxpredictiveHigh
52Argumentxxx[xxxx][xx_xxxx_xxxx]predictiveHigh
53ArgumentxxxxxxpredictiveLow
54ArgumentxxxxxxxxxpredictiveMedium
55ArgumentxxxxxxxxpredictiveMedium
56ArgumentxxxxxxxxpredictiveMedium
57ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveHigh
58ArgumentxxxxpredictiveLow
59Argumentxxxxx/xxxxxxxxxxxpredictiveHigh
60Argumentxxxxxxxxxxx/xxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxx/xxxxxxx/xxxx/xxxxx/xxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxpredictiveHigh
61Argumentxxxxxxxx-xxxxxxxxpredictiveHigh
62Argumentxxxx_xxpredictiveLow
63ArgumentxxxxpredictiveLow
64Argumentxxxxxxxx/xxxxpredictiveHigh
65Argumentxxxx->xxxxxxxpredictiveHigh
66Argument_xxx_xxxxxxxxxxx_predictiveHigh
67Input Value/..predictiveLow
68Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
69Pattern|xx|xx|xx|predictiveMedium
70Network Portxxx/xxxx (xxxxx)predictiveHigh
71Network Portxxx/xxxxpredictiveMedium
72Network Portxxx/xxxxxpredictiveMedium
73Network Portxxx/xxx (xxx)predictiveHigh
74Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!