MATA Analysis

IOB - Indicator of Behavior (141)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en122
zh6
ru4
de4
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

la84
us46
cn4
ca4
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Office6
Google Android4
WordPress4
Microsoft Windows4
Ecommerce-CodeIgniter-Bootstrap4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1WordPress AdServe adclick.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.050.00986CVE-2008-0507
2Microsoft Office Remote Code Execution7.06.1$5k-$25k$0-$5kUnprovenOfficial Fix0.010.01103CVE-2023-21735
3Alt-N MDaemon Worldclient injection4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.10855CVE-2021-27182
4CouchCMS mysql2i.func.php Path information disclosure3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.010.00000CVE-2019-1010042
5Esri ArcGIS Server sql injection8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01055CVE-2021-29114
6TP-LINK TL-WR940N PingIframeRpm.htm ipAddrDispose memory corruption7.57.4$0-$5k$0-$5kNot DefinedWorkaround0.020.04891CVE-2019-6989
7PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.020.01213CVE-2015-4134
8LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.410.00000
9phpMyAdmin Redirect url.php 7pk security7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01408CVE-2015-7873
10JoomlaTune Com Jcomments admin.jcomments.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.02945CVE-2010-5048
11DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.430.04187CVE-2010-0966
12Microsoft Exchange Server Privilege Escalation8.37.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.00885CVE-2023-21764
13SalesForce Tableau Server Administration Agent path traversal8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.010.01156CVE-2022-22128
14Strapi Admin Panel authorization5.65.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00890CVE-2021-28128
15Xampp Installation default permission6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.050.01086CVE-2022-29376
16CodeIgniter DB_query_builder.php sql injection8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-40835
17ZZZCMS zzzphp File Upload unrestricted upload7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2019-16720
18M-Files Server/Web excessive authentication5.05.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2021-41807
19Plesk Obsidian REST API commands cross-site request forgery4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2022-45130
20SAP BusinessObjects BI Platform Central Management Console/BI LaunchPad deserialization9.39.1$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000.00885CVE-2022-41203

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
14TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
15TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (91)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/dl_sendmail.phppredictiveHigh
2File/api/v2/cli/commandspredictiveHigh
3File/forum/away.phppredictiveHigh
4File/out.phppredictiveMedium
5File/phppath/phppredictiveMedium
6File/spip.phppredictiveMedium
7File/systemrw/predictiveMedium
8Fileadclick.phppredictiveMedium
9Fileadmin.jcomments.phppredictiveHigh
10Fileapplication/modules/admin/views/ecommerce/products.phppredictiveHigh
11Filebase/ErrorHandler.phppredictiveHigh
12Fileblog.phppredictiveMedium
13Filexxxxxxxx.xxxpredictiveMedium
14Filexxxxxx.xxxpredictiveMedium
15Filexxxx-xxxxxx.xxxpredictiveHigh
16Filexxxx.xxxpredictiveMedium
17Filexxx/xxxx/xxxx_xxxxxx.xpredictiveHigh
18Filexxxxxxx.xxxpredictiveMedium
19Filexxxxx.xxxpredictiveMedium
20Filexxxx.xxxpredictiveMedium
21Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
22Filexxx/xxxxxx.xxxpredictiveHigh
23Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
26Filexxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxxpredictiveHigh
27Filexxxx_xxxx.xxxpredictiveHigh
28Filexxxxx.xxxpredictiveMedium
29Filexxxxxx/xxxxxxxxx.xxxpredictiveHigh
30Filexx_xxxx.xpredictiveMedium
31Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveHigh
32Filexxxxxxxxxxxxx.xxxpredictiveHigh
33Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHigh
34Filexxxxx.xxxpredictiveMedium
35Filexxxx.xxxpredictiveMedium
36Filexxxxxxxx.xxxpredictiveMedium
37Filexxxxxxxxxx.xxxpredictiveHigh
38Filexxxxxxxx.xxpredictiveMedium
39Filexxxxxxxxxxxxxx.xxxpredictiveHigh
40Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
41Filexxxx_xxxxx.xxxxpredictiveHigh
42Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
43Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
44Filexxxx-xxxxx.xxxpredictiveHigh
45Filexxxxxx.xxxpredictiveMedium
46Filexxx.xxxpredictiveLow
47Filexxxxxxx-xxxxx.xxxpredictiveHigh
48Filexxxxxxxx.xxxpredictiveMedium
49Filexxxxxxxxx.xxxpredictiveHigh
50Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
51Filexx-xxxxxxxxx.xxxpredictiveHigh
52File_xxxxxxxx/xxxx?xxxxpredictiveHigh
53File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveHigh
54File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
55Libraryxxxxxx.xxxpredictiveMedium
56Libraryxxxxxx.xxxpredictiveMedium
57ArgumentxxxxxxxxpredictiveMedium
58Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictiveHigh
59Argumentxxxxx_xxxxpredictiveMedium
60ArgumentxxxpredictiveLow
61ArgumentxxxxxxxxxpredictiveMedium
62Argumentxxx_xxpredictiveLow
63ArgumentxxxpredictiveLow
64ArgumentxxxpredictiveLow
65ArgumentxxxxxxxxxxxxxxxpredictiveHigh
66Argumentxxxx_xxpredictiveLow
67ArgumentxxxpredictiveLow
68Argumentxxxxxxxxx_xxxxxxpredictiveHigh
69ArgumentxxxxxxxxxpredictiveMedium
70ArgumentxxxxpredictiveLow
71ArgumentxxxxxxxxpredictiveMedium
72ArgumentxxxxxxxxxpredictiveMedium
73Argumentxxxxxxx[xxxxxxx]predictiveHigh
74ArgumentxxpredictiveLow
75ArgumentxxxxpredictiveLow
76Argumentxxxx/xxxxxxxxpredictiveHigh
77ArgumentxxxxxxxpredictiveLow
78ArgumentxxxxpredictiveLow
79Argumentxxxxxx_xxxxxxpredictiveHigh
80Argumentxxxxxxxx_xxpredictiveMedium
81Argumentxxxxxx_xxxxxpredictiveMedium
82ArgumentxxxpredictiveLow
83ArgumentxxxxxxxpredictiveLow
84Argumentxx_xxpredictiveLow
85Argumentxxxxx_xxpredictiveMedium
86ArgumentxxxpredictiveLow
87ArgumentxxxxxxpredictiveLow
88ArgumentxxxxxxxxpredictiveMedium
89Argument_xxx_xxxxxxxxxxx_predictiveHigh
90Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
91Network Portxxx/xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!