Magniber Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (46)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en34
zh12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA28
CN: China12
IR: Iran4
GB: Great Britain2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Magniber6
Space Pirates1
Qakbot1
ShadowPad1
Wizard Spider1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined12
Content Management System6
Chat Software4
Operating System4
Firewall Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined14
Tencent4
Microsoft4
Forcepoint2
Oracle2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows4
WordPress4
Forcepoint NGFW Engine2
Tencent WeChat2
Oracle Database Server2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
2Apache RocketMQ Broker path traversal6.36.3$5k-$25k$5k-$25kNot definedNot defined 0.015470.09CVE-2019-17572
3Z-BlogPHP Theme Management Module cross site scripting4.84.7$0-$5k$0-$5kNot definedNot defined 0.025930.08CVE-2024-39203
4Huawei E3276 cross-site request forgery6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.001140.00CVE-2014-5395
5Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot definedNot defined 0.000002.29
6firefly-iii input validation6.86.8$0-$5k$0-$5kNot definedOfficial fix 0.000380.00CVE-2023-1789
7Nacos Access Control privileges management5.35.3$0-$5k$0-$5kNot definedNot defined 0.003790.00CVE-2020-19676
8firefly-iii session expiration6.96.8$0-$5k$0-$5kNot definedOfficial fix 0.000740.00CVE-2023-1788
9RainLoop Webmail XSS Protection Mechanism cross site scripting5.25.1$0-$5k$0-$5kNot definedOfficial fix 0.002600.00CVE-2019-13389
10Freeciv Packet resource consumption6.46.1$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.093070.00CVE-2012-6083
11Cisco IOS XE Web-based User Interface os command injection7.27.1$5k-$25k$0-$5kNot definedOfficial fix 0.139920.02CVE-2019-12650
12ThinkPHP deserialization7.67.5$0-$5k$0-$5kNot definedNot defined 0.009720.00CVE-2022-45982
13F5 BIG-IP Configuration Utility improper authentication9.29.1$5k-$25k$0-$5kHighOfficial fixverified0.943000.00CVE-2023-46747
14Ivanti Pulse Connect Secure Push Configuration targets.cgi source code2.72.6$0-$5k$0-$5kNot definedOfficial fix 0.012070.00CVE-2021-44720
15Pulse Secure Pulse Connect Secure Applet tncc.jar certificate validation8.28.2$0-$5k$0-$5kNot definedNot defined 0.002480.02CVE-2020-11580
16Oracle Database Server Remote Code Execution7.36.9$5k-$25k$0-$5kProof-of-ConceptNot defined 0.110530.06CVE-2009-1019
17WordPress Pingback server-side request forgery5.75.7$5k-$25k$5k-$25kNot definedNot defined 0.207960.00CVE-2022-3590
18KubeOperator System API improper authorization7.37.3$0-$5k$0-$5kNot definedOfficial fixexpected0.844910.00CVE-2023-22480
19Umbraco FeedProxy.aspx.cs Page_Load server-side request forgery7.77.4$0-$5k$0-$5kNot definedOfficial fixexpected0.834480.00CVE-2015-8813
20Adobe Connect Server AMF Message deserialization8.58.4$5k-$25k$0-$5kNot definedOfficial fix 0.249330.03CVE-2021-40719

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.32.170.3845.32.170.38.vultrusercontent.comMagniber03/18/2024verifiedMedium
251.68.238.215Magniber03/18/2024verifiedHigh
3XX.XXX.XXX.XXXXxxxxxxx03/18/2024verifiedHigh
4XX.XXX.XXX.XXxxxx.xx-xx-xxx-xxx.xxXxxxxxxx07/28/2022verifiedMedium
5XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxXxxxxxxx07/28/2022verifiedMedium
6XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxx12/09/2022verifiedLow
7XXX.XX.XXX.XXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxx03/18/2024verifiedHigh
8XXX.XXX.XXX.XXxxxx.xx-xxx-xxx-xxx.xxXxxxxxxx07/28/2022verifiedMedium
9XXX.XX.XX.XXXxxxxx.xx-xxx-xx-xx.xxXxxxxxxx07/28/2022verifiedMedium
10XXX.XXX.XXX.XXXxxxxxxx03/18/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-XXXCWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/controller/Index.phppredictiveHigh
2File/menu.htmlpredictiveMedium
3Filexxxxx.xxxpredictiveMedium
4Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
5Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
6Filexxxxxxx.xxxpredictiveMedium
7Filexxxx.xxxpredictiveMedium
8Filexxxxxxx.xxx/xxxxxxx.xxxxxxxxxxxx/xxxxxxx/xxxxxxxxx/xxxxxxxxx.xxxx.xxpredictiveHigh
9Argument?xxxxxxpredictiveLow
10ArgumentxxxxxxxxxxpredictiveMedium
11ArgumentxxxxxxxxxpredictiveMedium
12ArgumentxxxpredictiveLow

References (5)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!