MATA Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (381)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en304
zh52
de8
pl6
ru4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

LA: Laos240
US: USA64
CN: China22
ME: Montenegro20
GB: Great Britain12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike20
Ave Maria10
MATA10
RedLine Stealer9
Lazarus9

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined128
Content Management System34
Operating System28
Application Server Software14
Groupware Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined150
Microsoft32
Apache14
Google8
Linux6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows20
WordPress10
Apache Tomcat8
Google Android8
phpMyAdmin8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000001.93
2TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010752.17CVE-2006-6168
3Watchdog Anti-Virus IoControlCode wsdk-driver.sys 0x80002008 access control5.35.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000470.00CVE-2023-1453
4Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009367.29CVE-2020-15906
5WordPress AdServe adclick.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000790.43CVE-2008-0507
6Rocklobster Contact Form 7 unrestricted upload6.36.3$0-$5k$0-$5kNot DefinedOfficial Fix0.817280.10CVE-2020-35489
7Matomo Plugin cross site scripting4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.05CVE-2023-6923
8CodeIgniter old deserialization6.66.5$0-$5kCalculatingNot DefinedOfficial Fix0.099900.05CVE-2022-21647
9SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.77CVE-2022-28959
10Primetek Primefaces inadequate encryption8.58.3$0-$5k$0-$5kHighNot Defined0.970130.04CVE-2017-1000486
11Drupal Sanitization API cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.04CVE-2020-13672
12Microsoft Windows HMAC Key Derivation Local Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000480.04CVE-2023-36400
13LiteSpeed Cache Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000510.00CVE-2023-4372
14WebTitan Appliance Extensions Persistent cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
15ipTIME NAS-I Bulletin Manage unrestricted upload7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.009880.06CVE-2020-7847
16RARLabs WinRAR ZIP Archive Remote Code Execution7.06.9$0-$5k$0-$5kHighOfficial Fix0.198560.04CVE-2023-38831
17request-baskets API Request {name} server-side request forgery6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.094300.05CVE-2023-27163
18DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.50CVE-2010-0966
19PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.017440.14CVE-2007-1287
20nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.55CVE-2020-12440

IOC - Indicator of Compromise (23)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
12.4.17.15lfbn-mon-1-592-15.w2-4.abo.wanadoo.frMata07/25/2020verifiedLow
223.227.199.5323-227-199-53.static.hvvc.usMATA03/31/2022verifiedMedium
323.227.199.6923-227-199-69.static.hvvc.usMATA03/31/2022verifiedMedium
423.254.119.12MATA03/31/2022verifiedMedium
537.120.222.191MATA06/18/2024verifiedVery High
6XX.XX.XXX.XXXXxxx03/31/2022verifiedMedium
7XX.XXX.XXX.XXXxxx03/31/2022verifiedMedium
8XX.XXX.XX.XXXxxxxxxxxXxxx06/18/2024verifiedVery High
9XXX.XXX.XX.XXxxx03/31/2022verifiedMedium
10XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxx03/31/2022verifiedMedium
11XXX.XXX.XX.XXxxxxxxx.xxx-xxxxxxxxxxx.xxxxXxxx03/31/2022verifiedMedium
12XXX.XX.XXX.XXXxxxx.xxxxxxxxxxxxxxxxxxxxx.xxxXxxx03/31/2022verifiedMedium
13XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxXxxx03/31/2022verifiedMedium
14XXX.XX.XXX.XXxx-xxx-xx-xxx-xx.xxxx.xxxxxxxxx.xxxXxxx03/31/2022verifiedMedium
15XXX.XX.XXX.XXXxxx03/31/2022verifiedMedium
16XXX.XX.XXX.XXXxxx-xxx-xx-xxx.xxxxxxx-xxxXxxx03/31/2022verifiedMedium
17XXX.XX.XX.XXXxxxx-xxxxx.xxxxxxx.xxxxXxxx06/18/2024verifiedHigh
18XXX.XX.XX.XXXxxxxxx.xxxxxx-xx-xxxx.xxxXxxx06/18/2024verifiedHigh
19XXX.XX.XX.XXXXxxx03/31/2022verifiedMedium
20XXX.XXX.XXX.XXXxxx.xxx.xxx.xxxXxxx03/31/2022verifiedMedium
21XXX.XXX.XXX.XXxxx03/31/2022verifiedMedium
22XXX.XX.XXX.XXxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxx.xxxXxxx03/31/2022verifiedMedium
23XXX.XXX.XX.XXXxxxxxxx.xx-xxxx-xxx-xxxx.xxxXxxx03/31/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-24Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-112CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
17TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
20TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
21TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (194)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.procmailrcpredictiveMedium
2File/admin/dl_sendmail.phppredictiveHigh
3File/admin/index2.htmlpredictiveHigh
4File/adminPage/conf/reloadpredictiveHigh
5File/api/baskets/{name}predictiveHigh
6File/api/v2/cli/commandspredictiveHigh
7File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictiveHigh
8File/DXR.axdpredictiveMedium
9File/forum/away.phppredictiveHigh
10File/mfsNotice/pagepredictiveHigh
11File/mgmt/tm/util/bashpredictiveHigh
12File/novel/bookSetting/listpredictiveHigh
13File/novel/userFeedback/listpredictiveHigh
14File/out.phppredictiveMedium
15File/owa/auth/logon.aspxpredictiveHigh
16File/phppath/phppredictiveMedium
17File/register.phppredictiveHigh
18File/spip.phppredictiveMedium
19File/systemrw/predictiveMedium
20File/uncpath/predictiveMedium
21File/x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3predictiveHigh
22File/zm/index.phppredictiveHigh
23Fileadclick.phppredictiveMedium
24Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
25Filexxxxx/xx_xxxx.xxxpredictiveHigh
26Filexxxxxxxxxxx/xxxxxxx/xxxxx/xxxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
27Filexxxxxxx.xxpredictiveMedium
28Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
29Filexxxx.xxxpredictiveMedium
30Filexx_xxxx_xx_xxxx_xxxx.xxxpredictiveHigh
31Filexxxx_xxxxxxx.xxxpredictiveHigh
32Filexxxxxxxx.xxxpredictiveMedium
33Filexxxxxx.xxxpredictiveMedium
34Filexxx-xxx/xxxxxxx.xxpredictiveHigh
35Filexxxxx.xxxpredictiveMedium
36Filexxx.xxx?xxx=xxxxx_xxxxpredictiveHigh
37Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictiveHigh
38Filexxxxx-xxxxxxx.xxxpredictiveHigh
39Filexxxxxxxx_xxx.xxxpredictiveHigh
40Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
41Filexxxxxxxxxx\xxxx.xxxpredictiveHigh
42Filexxxxxxxxxxx.xxxpredictiveHigh
43Filexxxxxxxxx.xxxpredictiveHigh
44Filexxxx-xxxxxx.xxxpredictiveHigh
45Filexxxx.xxxpredictiveMedium
46Filexxx/xxxx/xxxx_xxxxxx.xpredictiveHigh
47Filexxxxxxxxxxx.xxxxx.xxxpredictiveHigh
48Filexxxxxxx.xxxpredictiveMedium
49Filexxxxx.xxxpredictiveMedium
50Filexxxx.xxxpredictiveMedium
51Filexxxxx_xxxx.xxxpredictiveHigh
52Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
53Filexxx/xxxxxx.xxxpredictiveHigh
54Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveHigh
55Filexxxxx.xxxxpredictiveMedium
56Filexxxxx.xxxpredictiveMedium
57Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
58Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictiveHigh
59Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHigh
60Filexxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxxpredictiveHigh
61Filexxxx_xxxx.xxxpredictiveHigh
62Filexxxx_xxxxxxx.xxxpredictiveHigh
63Filexxxxx.xxxxpredictiveMedium
64Filexxxxx.xxxpredictiveMedium
65Filexxxx.xxxxpredictiveMedium
66Filexxxxxx/xxxxxxxxx.xxxpredictiveHigh
67Filexx_xxxx.xpredictiveMedium
68Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveHigh
69Filexxxxxxx_xxxx.xxxpredictiveHigh
70Filexxxxxx.xxxpredictiveMedium
71Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
72Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictiveHigh
73Filexxxxxxx.xxxpredictiveMedium
74Filexxxxxxxxxxxxx.xxxpredictiveHigh
75Filexxxxxxxxxxxx.xxxpredictiveHigh
76Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHigh
77Filexxxxx.xxxpredictiveMedium
78Filexxxx.xxxpredictiveMedium
79Filexxxxxxxx.xxxpredictiveMedium
80Filexxxxxxxxxx.xxxpredictiveHigh
81Filexxxxxxxx.xxpredictiveMedium
82Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
83Filexxxxxxxxxxxxxx.xxxpredictiveHigh
84Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
85Filexxxx_xxxxx.xxxxpredictiveHigh
86Filexxx/xxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
87Filexxxxxxxxxx_xxxx.xxxpredictiveHigh
88Filexxx/xxxx/xxxxpredictiveHigh
89Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
90Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
91Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
92Filexxxx_xxxxxx.xxpredictiveHigh
93Filexxxx-xxxxx.xxxpredictiveHigh
94Filexxxx-xxxxxxxx.xxxpredictiveHigh
95Filexxxxxx_xxxxx.xxxpredictiveHigh
96Filexxxxxx.xxxpredictiveMedium
97Filexxx.xxxpredictiveLow
98Filexxxxxxx-xxxxx.xxxpredictiveHigh
99Filexxxx_xxxxx.xxxpredictiveHigh
100Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
101Filexxxx.xxxpredictiveMedium
102Filexxxxxxxx.xxxpredictiveMedium
103Filexxxxxxxxx.xxxpredictiveHigh
104Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
105Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
106Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
107Filexx-xxxxxxxxx.xxxpredictiveHigh
108Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
109Filexxxx.xxxpredictiveMedium
110File_xxxxxxxx/xxxx?xxxxpredictiveHigh
111File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveHigh
112File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
113Libraryxxxxxx.xxxpredictiveMedium
114Libraryxxxxxxx/xxxx/xxxxxx/xxx_xxxxxxxx.xpredictiveHigh
115Libraryxxxxxx.xxxpredictiveMedium
116Libraryxxxxxx.xxxpredictiveMedium
117Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictiveHigh
118Libraryxxxx-xxxxxx.xxxpredictiveHigh
119Argumentxxx_xxxpredictiveLow
120ArgumentxxxxpredictiveLow
121ArgumentxxxxxxxxxpredictiveMedium
122ArgumentxxxxxxxxpredictiveMedium
123Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictiveHigh
124Argumentxxxxx_xxxxpredictiveMedium
125Argumentxxxx_xxx_xxxxpredictiveHigh
126ArgumentxxxpredictiveLow
127ArgumentxxxxxxxxxpredictiveMedium
128ArgumentxxxxxxxxxxpredictiveMedium
129Argumentxxx_xxpredictiveLow
130ArgumentxxxpredictiveLow
131ArgumentxxxpredictiveLow
132ArgumentxxxxxxxxxxxxxxxpredictiveHigh
133Argumentxxxx_xxpredictiveLow
134ArgumentxxxxxxpredictiveLow
135ArgumentxxxpredictiveLow
136ArgumentxxxxpredictiveLow
137Argumentxxxxxxxxx_xxxxxxpredictiveHigh
138ArgumentxxxxxxxxxpredictiveMedium
139Argumentxx_xxxxxxxpredictiveMedium
140ArgumentxxxxpredictiveLow
141ArgumentxxxxxxxxpredictiveMedium
142ArgumentxxxxxpredictiveLow
143Argumentxxxxxx_xxxxxpredictiveMedium
144ArgumentxxxxxxxxxpredictiveMedium
145Argumentxxxxxxxxx/xxxxxxpredictiveHigh
146Argumentxx_xxpredictiveLow
147Argumentxxxxxxx[xxxxxxx]predictiveHigh
148ArgumentxxxxxxxpredictiveLow
149ArgumentxxxxxxpredictiveLow
150ArgumentxxxxxpredictiveLow
151ArgumentxxxxpredictiveLow
152ArgumentxxpredictiveLow
153ArgumentxxxpredictiveLow
154ArgumentxxxxxxpredictiveLow
155ArgumentxxxxpredictiveLow
156ArgumentxxxxpredictiveLow
157Argumentxxxx/xxxxxxxxpredictiveHigh
158Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictiveHigh
159ArgumentxxxxxxxxpredictiveMedium
160Argumentxx_xxpredictiveLow
161Argumentxxxxxx/xxxxx/xxxxpredictiveHigh
162ArgumentxxxxxxxpredictiveLow
163ArgumentxxxxxxxpredictiveLow
164ArgumentxxxxpredictiveLow
165ArgumentxxxxxxxxpredictiveMedium
166Argumentxxxxxx_xxxxxxpredictiveHigh
167Argumentxxxxxxxx_xxpredictiveMedium
168Argumentxxxxxxxx_xxxpredictiveMedium
169Argumentxxxxxx_xxxxxpredictiveMedium
170ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
171Argumentxxxxxx_xxpredictiveMedium
172ArgumentxxxpredictiveLow
173Argumentxxxx_xxxxpredictiveMedium
174ArgumentxxxxpredictiveLow
175ArgumentxxxpredictiveLow
176ArgumentxxxxxxpredictiveLow
177ArgumentxxxxxxxpredictiveLow
178Argumentxxx_xxxxpredictiveMedium
179ArgumentxxxpredictiveLow
180Argumentxx_xxpredictiveLow
181ArgumentxxxxxpredictiveLow
182Argumentxxxxx_xxpredictiveMedium
183ArgumentxxxpredictiveLow
184ArgumentxxxxxxpredictiveLow
185ArgumentxxxxxxxxpredictiveMedium
186Argumentxxxx->xxxxxxxpredictiveHigh
187Argument\xxxx\xxxxpredictiveMedium
188Argument_xxx_xxxxxxxxxxx_predictiveHigh
189Input Value<xxxxxx >xxxxx(xxx)</xxxxxx>predictiveHigh
190Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
191Input ValuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
192Pattern|xx xx xx xx|predictiveHigh
193Network PortxxxxxpredictiveLow
194Network Portxxx/xxxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!