MATA Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en	71
fr	7
zh	2
es	2
de	2

Country

us	42
la	23
cn	10
ca	7
co	1

Actors

MATA	27
APT29	20
GIMF	8
APT1	4
Qakbot	3

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Product

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	CVE
1	WordPress AdServe adclick.php sql injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00	CVE-2008-0507
2	TP-LINK TL-WR940N PingIframeRpm.htm ipAddrDispose memory corruption	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Workaround	0.07	CVE-2019-6989
3	PHPWind goto.php redirect	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.21	CVE-2015-4134
4	LogicBoard CMS away.php redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.36
5	phpMyAdmin Redirect url.php 7pk security	7.3	7.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.06	CVE-2015-7873
6	All in One SEO Best WordPress SEO Plugin Import/Export code injection	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	CVE-2021-24307
7	Microsoft Office memory corruption	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	CVE-2018-0851
8	Microsoft Outlook S/MIME resource management	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	CVE-2013-3870
9	Sophos Firewall User Portal/Webadmin improper authentication	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.11	CVE-2022-1040
10	Progress Telerik UI for ASP.NET AJAX Telerik.Web.UI.WebResource.axd command injection	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.07	CVE-2021-28141
11	Photo Gallery by 10Web Plugin SQL Statement bwg_frontend_data sql injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	CVE-2022-0169
12	Mongoose mg_mqtt.c parse_mqtt memory corruption	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.08	CVE-2019-12951
13	Yii Framework Exception Error ErrorHandler.php information disclosure	6.4	5.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	CVE-2018-6010
14	Qualcomm Snapdragon Mobile Thermal Engine use after free	6.5	6.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.04	CVE-2017-18157
15	SonicWALL Secure Remote Access cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	CVE-2021-20028
16	WP Super Cache Plugin Cache Settings wp-cache-config.php code injection	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	CVE-2021-24209
17	Rocklobster Contact Form 7 unrestricted upload	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.07	CVE-2020-35489
18	GNU Mailman cross-site request forgery	8.8	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05	CVE-2016-7123
19	WordPress WP_Query sql injection	6.3	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.46	CVE-2022-21661
20	Ecommerce-CodeIgniter-Bootstrap blog.php cross site scripting	5.4	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05	CVE-2020-25093

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Confidence
1	23.227.199.53	23-227-199-53.static.hvvc.us	MATA	High
2	23.227.199.69	23-227-199-69.static.hvvc.us	MATA	High
3	23.254.119.12		MATA	High
4	67.43.239.146		MATA	High
5	XX.XXX.XXX.XX		Xxxx	High
6	XXX.XXX.XX.X		Xxxx	High
7	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxx	High
8	XXX.XXX.XX.XX	xxxxxxx.xxx-xxxxxxxxxxx.xxxx	Xxxx	High
9	XXX.XX.XXX.XXX	xxxx.xxxxxxxxxxxxxxxxxxxxx.xxx	Xxxx	High
10	XXX.XX.XXX.XXX	xxxxxxx.xxxxx.xx	Xxxx	High
11	XXX.XX.XXX.XX	xx-xxx-xx-xxx-xx.xxxx.xxxxxxxxx.xxx	Xxxx	High
12	XXX.XX.XXX.XX		Xxxx	High
13	XXX.XX.XXX.XXX	xxx-xxx-xx-xxx.xxxxxxx-xxx	Xxxx	High
14	XXX.XX.XX.XXX		Xxxx	High
15	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx	Xxxx	High
16	XXX.XXX.XXX.X		Xxxx	High
17	XXX.XX.XXX.XX	xxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxx.xxx	Xxxx	High
18	XXX.XXX.XX.XXX	xxxxxxx.xx-xxxx-xxx-xxxx.xxx	Xxxx	High

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Confidence
1	T1059.007	CWE-79, CWE-80	Cross Site Scripting	High
2	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	High
3	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	High
4	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	High
5	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	High

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Confidence
1	File	/forum/away.php	High
2	File	/out.php	Medium
3	File	/phppath/php	Medium
4	File	/systemrw/	Medium
5	File	adclick.php	Medium
6	File	application/modules/admin/views/ecommerce/products.php	High
7	File	base/ErrorHandler.php	High
8	File	blog.php	Medium
9	File	category.php	Medium
10	File	xxxxxx.xxx	Medium
11	File	xxxx-xxxxxx.xxx	High
12	File	xxxx.xxx	Medium
13	File	xxx/xxxx/xxxx_xxxxxx.x	High
14	File	xxxxxxx.xxx	Medium
15	File	xxxxx.xxx	Medium
16	File	xxxx.xxx	Medium
17	File	xxxxx.xxx	Medium
18	File	xxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxx	High
19	File	xxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxx	High
20	File	xxxx_xxxx.xxx	High
21	File	xxxxxx/xxxxxxxxx.xxx	High
22	File	xx_xxxx.x	Medium
23	File	xxxxxxxxxxxxx.xxx	High
24	File	xxxxx.xxx	Medium
25	File	xxxx.xxx	Medium
26	File	xxxxxxxx.xxx	Medium
27	File	xxxxxxxxxx.xxx	High
28	File	xxxxxxxx.xx	Medium
29	File	xxxxxxxxxxxxxx.xxx	High
30	File	xxxx_xxxxxxx_xxxxxxxx.xxx	High
31	File	xxxxxxx.xxx.xx.xxxxxxxxxxx.xxx	High
32	File	xxx.xxx	Low
33	File	xxxxxxxx.xxx	Medium
34	File	xxxxxxxxx.xxx	High
35	File	xx-xxxxx-xxxxxx.xxx	High
36	File	xx-xxxxxxxxx.xxx	High
37	File	_xxxxxxxx/xxxx?xxxx	High
38	File	~/xxx/xxxx-xxxxxxxxx.xxx	High
39	Library	xxxxxx.xxx	Medium
40	Library	xxxxxx.xxx	Medium
41	Argument	xxx_xxx_xx_xxx_xxxxxxxxxx_x	High
42	Argument	xxxxx_xxxx	Medium
43	Argument	xxx	Low
44	Argument	xxxxxxxxx	Medium
45	Argument	xxx_xx	Low
46	Argument	xxx	Low
47	Argument	xxx	Low
48	Argument	xxxx_xx	Low
49	Argument	xxxxxxxx	Medium
50	Argument	xxxxxxxxx	Medium
51	Argument	xx	Low
52	Argument	xxxx/xxxxxxxx	High
53	Argument	xxxxxxx	Low
54	Argument	xxxx	Low
55	Argument	xxxxxx_xxxxx	Medium
56	Argument	xxx	Low
57	Argument	xxxxxxx	Low
58	Argument	xx_xx	Low
59	Argument	xxxxx_xx	Medium
60	Argument	xxx	Low
61	Argument	xxxxxx	Low
62	Argument	_xxx_xxxxxxxxxxx_	High
63	Network Port	xxx/xxxxx	Medium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!