MATA Analysis

IOB - Indicator of Behavior (141)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	122
zh	6
ru	4
de	4
es	4

Country

la	84
us	46
cn	4
ca	4
gb	2

Actors

MATA	9
Lazarus	5
APT29	1
Dark Caracal	1
Gallmaker	1

Activities

Interest

Timeline

Type

Not Defined	42
Content Management System	16
Programming Language Software	6
Office Suite Software	6
Smartphone Operating System	4

Vendor

Not Defined	36
Microsoft	12
Google	4
Alt-N	4
Atlassian	4

Product

Microsoft Office	6
Google Android	4
WordPress	4
Microsoft Windows	4
Ecommerce-CodeIgniter-Bootstrap	4

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	WordPress AdServe adclick.php sql injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.05	0.00986	CVE-2008-0507
2	Microsoft Office Remote Code Execution	7.0	6.1	$5k-$25k	$0-$5k	Unproven	Official Fix	0.01	0.01103	CVE-2023-21735
3	Alt-N MDaemon Worldclient injection	4.9	4.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.10855	CVE-2021-27182
4	CouchCMS mysql2i.func.php Path information disclosure	3.3	3.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01	0.00000	CVE-2019-1010042
5	Esri ArcGIS Server sql injection	8.1	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.01055	CVE-2021-29114
6	TP-LINK TL-WR940N PingIframeRpm.htm ipAddrDispose memory corruption	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Workaround	0.02	0.04891	CVE-2019-6989
7	PHPWind goto.php redirect	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.01213	CVE-2015-4134
8	LogicBoard CMS away.php redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.41	0.00000
9	phpMyAdmin Redirect url.php 7pk security	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.01408	CVE-2015-7873
10	JoomlaTune Com Jcomments admin.jcomments.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.02945	CVE-2010-5048
11	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.43	0.04187	CVE-2010-0966
12	Microsoft Exchange Server Privilege Escalation	8.3	7.3	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.03	0.00885	CVE-2023-21764
13	SalesForce Tableau Server Administration Agent path traversal	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01	0.01156	CVE-2022-22128
14	Strapi Admin Panel authorization	5.6	5.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00890	CVE-2021-28128
15	Xampp Installation default permission	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.05	0.01086	CVE-2022-29376
16	CodeIgniter DB_query_builder.php sql injection	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00885	CVE-2022-40835
17	ZZZCMS zzzphp File Upload unrestricted upload	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00885	CVE-2019-16720
18	M-Files Server/Web excessive authentication	5.0	5.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00885	CVE-2021-41807
19	Plesk Obsidian REST API commands cross-site request forgery	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00885	CVE-2022-45130
20	SAP BusinessObjects BI Platform Central Management Console/BI LaunchPad deserialization	9.3	9.1	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.00	0.00885	CVE-2022-41203

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Type	Confidence
1	23.227.199.53	23-227-199-53.static.hvvc.us	MATA	verified	High
2	23.227.199.69	23-227-199-69.static.hvvc.us	MATA	verified	High
3	23.254.119.12		MATA	verified	High
4	67.43.239.146		MATA	verified	High
5	XX.XXX.XXX.XX		Xxxx	verified	High
6	XXX.XXX.XX.X		Xxxx	verified	High
7	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxx	verified	High
8	XXX.XXX.XX.XX	xxxxxxx.xxx-xxxxxxxxxxx.xxxx	Xxxx	verified	High
9	XXX.XX.XXX.XXX	xxxx.xxxxxxxxxxxxxxxxxxxxx.xxx	Xxxx	verified	High
10	XXX.XX.XXX.XXX	xxxxxxx.xxxxx.xx	Xxxx	verified	High
11	XXX.XX.XXX.XX	xx-xxx-xx-xxx-xx.xxxx.xxxxxxxxx.xxx	Xxxx	verified	High
12	XXX.XX.XXX.XX		Xxxx	verified	High
13	XXX.XX.XXX.XXX	xxx-xxx-xx-xxx.xxxxxxx-xxx	Xxxx	verified	High
14	XXX.XX.XX.XXX		Xxxx	verified	High
15	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx	Xxxx	verified	High
16	XXX.XXX.XXX.X		Xxxx	verified	High
17	XXX.XX.XXX.XX	xxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxx.xxx	Xxxx	verified	High
18	XXX.XXX.XX.XXX	xxxxxxx.xx-xxxx-xxx-xxxx.xxx	Xxxx	verified	High

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CWE-22	Pathname Traversal	predictive	High
2	T1055	CWE-74	Injection	predictive	High
3	T1059	CWE-94	Cross Site Scripting	predictive	High
4	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	High
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
6	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx Xxxxxxxx	predictive	High
7	TXXXX	CWE-XX	Xxxxxxx Xxxxxxxxx	predictive	High
8	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
9	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
10	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
11	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
12	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	High
13	TXXXX.XXX	CWE-XXX	Xxxxxxxx	predictive	High
14	TXXXX	CWE-XXX	Xxxxxxxxxxxxx	predictive	High
15	TXXXX	CWE-XXX	X2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx Xxxxxxxxxx	predictive	High
16	TXXXX.XXX	CWE-XXX	Xxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (91)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/admin/dl_sendmail.php	predictive	High
2	File	/api/v2/cli/commands	predictive	High
3	File	/forum/away.php	predictive	High
4	File	/out.php	predictive	Medium
5	File	/phppath/php	predictive	Medium
6	File	/spip.php	predictive	Medium
7	File	/systemrw/	predictive	Medium
8	File	adclick.php	predictive	Medium
9	File	admin.jcomments.php	predictive	High
10	File	application/modules/admin/views/ecommerce/products.php	predictive	High
11	File	base/ErrorHandler.php	predictive	High
12	File	blog.php	predictive	Medium
13	File	xxxxxxxx.xxx	predictive	Medium
14	File	xxxxxx.xxx	predictive	Medium
15	File	xxxx-xxxxxx.xxx	predictive	High
16	File	xxxx.xxx	predictive	Medium
17	File	xxx/xxxx/xxxx_xxxxxx.x	predictive	High
18	File	xxxxxxx.xxx	predictive	Medium
19	File	xxxxx.xxx	predictive	Medium
20	File	xxxx.xxx	predictive	Medium
21	File	xxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxx	predictive	High
22	File	xxx/xxxxxx.xxx	predictive	High
23	File	xxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxx	predictive	High
24	File	xxxxx.xxx	predictive	Medium
25	File	xxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxx	predictive	High
26	File	xxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxx	predictive	High
27	File	xxxx_xxxx.xxx	predictive	High
28	File	xxxxx.xxx	predictive	Medium
29	File	xxxxxx/xxxxxxxxx.xxx	predictive	High
30	File	xx_xxxx.x	predictive	Medium
31	File	xxx/xxxx/xxxx_xxxxxxxxx.x	predictive	High
32	File	xxxxxxxxxxxxx.xxx	predictive	High
33	File	xxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxx	predictive	High
34	File	xxxxx.xxx	predictive	Medium
35	File	xxxx.xxx	predictive	Medium
36	File	xxxxxxxx.xxx	predictive	Medium
37	File	xxxxxxxxxx.xxx	predictive	High
38	File	xxxxxxxx.xx	predictive	Medium
39	File	xxxxxxxxxxxxxx.xxx	predictive	High
40	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	High
41	File	xxxx_xxxxx.xxxx	predictive	High
42	File	xxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxx	predictive	High
43	File	xxxxxxx.xxx.xx.xxxxxxxxxxx.xxx	predictive	High
44	File	xxxx-xxxxx.xxx	predictive	High
45	File	xxxxxx.xxx	predictive	Medium
46	File	xxx.xxx	predictive	Low
47	File	xxxxxxx-xxxxx.xxx	predictive	High
48	File	xxxxxxxx.xxx	predictive	Medium
49	File	xxxxxxxxx.xxx	predictive	High
50	File	xx-xxxxx-xxxxxx.xxx	predictive	High
51	File	xx-xxxxxxxxx.xxx	predictive	High
52	File	_xxxxxxxx/xxxx?xxxx	predictive	High
53	File	~/xxx/xxxx-xxxxxxxxx.xxx	predictive	High
54	File	~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxx	predictive	High
55	Library	xxxxxx.xxx	predictive	Medium
56	Library	xxxxxx.xxx	predictive	Medium
57	Argument	xxxxxxxx	predictive	Medium
58	Argument	xxx_xxx_xx_xxx_xxxxxxxxxx_x	predictive	High
59	Argument	xxxxx_xxxx	predictive	Medium
60	Argument	xxx	predictive	Low
61	Argument	xxxxxxxxx	predictive	Medium
62	Argument	xxx_xx	predictive	Low
63	Argument	xxx	predictive	Low
64	Argument	xxx	predictive	Low
65	Argument	xxxxxxxxxxxxxxx	predictive	High
66	Argument	xxxx_xx	predictive	Low
67	Argument	xxx	predictive	Low
68	Argument	xxxxxxxxx_xxxxxx	predictive	High
69	Argument	xxxxxxxxx	predictive	Medium
70	Argument	xxxx	predictive	Low
71	Argument	xxxxxxxx	predictive	Medium
72	Argument	xxxxxxxxx	predictive	Medium
73	Argument	xxxxxxx[xxxxxxx]	predictive	High
74	Argument	xx	predictive	Low
75	Argument	xxxx	predictive	Low
76	Argument	xxxx/xxxxxxxx	predictive	High
77	Argument	xxxxxxx	predictive	Low
78	Argument	xxxx	predictive	Low
79	Argument	xxxxxx_xxxxxx	predictive	High
80	Argument	xxxxxxxx_xx	predictive	Medium
81	Argument	xxxxxx_xxxxx	predictive	Medium
82	Argument	xxx	predictive	Low
83	Argument	xxxxxxx	predictive	Low
84	Argument	xx_xx	predictive	Low
85	Argument	xxxxx_xx	predictive	Medium
86	Argument	xxx	predictive	Low
87	Argument	xxxxxx	predictive	Low
88	Argument	xxxxxxxx	predictive	Medium
89	Argument	_xxx_xxxxxxxxxxx_	predictive	High
90	Input Value	xxxxxxxxx' xxx 'x'='x	predictive	High
91	Network Port	xxx/xxxxx	predictive	Medium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!