Magento-analytics Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (69)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en60
zh6
de2
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA38
CN: China24
GB: Great Britain6
AU: Australia2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

magento-analytics8
Cobalt Strike2
Emotet2
Magecart1
WarmCookie1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined18
Programming Language Software6
Web Server4
Forum Software4
WordPress Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined22
HP4
Oracle4
Joomla2
Apple2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

PHP4
nginx2
Ajax Load More Plugin2
Joomla CMS2
Apple macOS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.40CVE-2010-0966
3Wireless IP Camera WIFICAM ini File access control7.57.3$0-$5k$0-$5kProof-of-ConceptOfficial fixpossible0.755660.02CVE-2017-8225
4HP Color LaserJet Pro M280-M281 Multifunction Printer Embedded Web Server Reflected cross site scripting5.25.2$5k-$25k$0-$5kNot definedNot defined 0.003510.02CVE-2019-6323
5HP DeskJet 3630 cross-site request forgery6.26.2$5k-$25k$0-$5kNot definedNot defined 0.001550.00CVE-2019-6319
6D-Link DIR-850L code injection8.07.9$5k-$25k$5k-$25kNot definedNot defined 0.014970.04CVE-2023-49004
7ThemeNectar Salient Core Plugin Shortcode nectar_icon filename control6.26.1$0-$5k$0-$5kNot definedNot defined 0.012320.00CVE-2024-3812
8HP Print/Digital Sending Link-Local Multicast Name Resolution buffer overflow6.36.3$5k-$25k$5k-$25kNot definedNot defined 0.035070.05CVE-2021-3942
9HP inkjet/LaserJet Pro/PageWide Pro privilege escalation8.08.0$5k-$25k$5k-$25kNot definedNot defined 0.036840.00CVE-2022-28721
10Oracle HTTP Server SSL Module out-of-bounds write9.89.6$100k and more$25k-$100kNot definedOfficial fixpossible0.709980.03CVE-2022-23943
11Zoho ManageEngine Desktop Central ZIP Archive improper authentication6.36.0$0-$5k$0-$5kNot definedOfficial fixpossible0.385740.04CVE-2021-44757
12Zoho ManageEngine ServiceDesk Plus MSP web.xml path traversal6.56.4$0-$5k$0-$5kNot definedOfficial fix 0.018240.02CVE-2022-32551
13SUSE Rancher improper authorization7.57.5$5k-$25k$0-$5kNot definedOfficial fix 0.001580.00CVE-2022-31247
14Rabbitmq Docker Image hard-coded password9.89.8$0-$5k$0-$5kNot definedOfficial fix 0.020140.05CVE-2020-35196
15JetBrains IntelliJ IDEA privilege escalation6.36.0$0-$5k$0-$5kNot definedOfficial fix 0.000050.00CVE-2021-45977
16Oracle Communications Policy Management CMP code injection9.89.7$25k-$100k$5k-$25kHighOfficial fixverified0.944640.00CVE-2022-22965
17Microsoft Windows Hyper-V privilege escalation8.07.3$100k and more$5k-$25kUnprovenOfficial fix 0.000630.00CVE-2022-24537
18Watchguard Firebox/XTM Remote Code Execution8.68.5$0-$5k$0-$5kHighOfficial fixverified0.927620.04CVE-2022-26318
19node-ipc backdoor8.07.9$0-$5k$0-$5kNot definedOfficial fix 0.033330.02CVE-2022-23812
20Cisco ASA SSL VPN exceptional condition6.26.1$5k-$25k$0-$5kNot definedOfficial fix 0.010480.00CVE-2019-12677

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
11.125.125.5Magento-analytics05/09/2019verifiedLow
245.76.75.3545.76.75.35.vultrusercontent.commagento-analytics08/10/2022verifiedLow
389.32.251.136maildc1526907690.mihandns.commagento-analytics02/11/2022verifiedLow
4XX.XXX.XXX.XXXXxxxxxx-xxxxxxxxx02/11/2022verifiedLow
5XX.XXX.XXX.XXxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxx-xxxxxxxxx08/10/2022verifiedLow
6XX.XXX.XXX.XXxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxx-xxxxxxxxx08/10/2022verifiedLow
7XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx-xxxxxxxxx08/10/2022verifiedLow
8XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx-xxxxxxxxx08/10/2022verifiedLow
9XXX.XXX.X.XXxxx.xxx.x.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxx-xxxxxxxxx08/10/2022verifiedLow
10XXX.XXX.X.XXXxxx.xxx.x.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx-xxxxxxxxx08/10/2022verifiedLow
11XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx-xxxxxxxxx08/10/2022verifiedLow

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (24)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File//predictiveLow
2File/interceptor/OutgoingChainInterceptor.javapredictiveHigh
3File/uncpath/predictiveMedium
4File/wp-admin/admin-ajax.phppredictiveHigh
5Filexxxxxxxxx.xpredictiveMedium
6Filexxxxxxx_xxx.xxxpredictiveHigh
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
8Filexxxx.xxxpredictiveMedium
9Filexxx/xxxxxx.xxxpredictiveHigh
10Filexxxxx.xxxpredictiveMedium
11Filexxxxx.xxxxpredictiveMedium
12Filexxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxxx.xxxpredictiveMedium
14Filexxxxxx.xxxpredictiveMedium
15Filexxxxxx/xxx.xxxpredictiveHigh
16ArgumentxxxxpredictiveLow
17ArgumentxxxxxxxxpredictiveMedium
18ArgumentxxpredictiveLow
19Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictiveHigh
20Argumentxxxxxx_xxpredictiveMedium
21ArgumentxxxxxxxxpredictiveMedium
22ArgumentxxpredictiveLow
23ArgumentxxxxxxxxpredictiveMedium
24ArgumentxxxpredictiveLow

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!