Matanbuchus Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (78)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en72
de4
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us24
tt10
se4
fr2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike2
Matanbuchus2
Quasar RAT1
Nanocore RAT1
BelialDemon1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined40
Web Browser4
Web Server2
Cloud Software2
Operating System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined20
Microsoft6
SourceCodester6
Cisco4
SonicBOOM2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

SonicBOOM riscv-boom2
Microsoft IIS2
ownCloud2
Cisco Vision Dynamic Signage Director2
Dell Rugged Control Center2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1SonicBOOM riscv-boom authorization5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00055CVE-2020-29561
2XenForo privileges management8.67.9$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00000
3United Planet Intrexx Professional cross site scripting4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00087CVE-2020-24188
4Huawei Mate 20 Digital Balance authorization3.93.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00058CVE-2020-1831
5Aviatrix Controller Web Interface cross-site request forgery5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00053CVE-2020-13416
6Facebook WhatsApp MP4 File stack-based overflow7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.00087CVE-2019-11931
7Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.380.00400CVE-2017-0055
8SourceCodester Simple Online Mens Salon Management System sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00077CVE-2023-3987
9Beijing Netcon NS-ASG test_status.php direct request5.04.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00052CVE-2023-3792
10Intergard SGS Change Password denial of service5.04.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.120.00048CVE-2023-3760
11PuneethReddyHC online-shopping-system-advanced addsuppliers.php cross site scripting3.43.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00051CVE-2023-3311
12spring-boot-actuator-logview LogViewEndpoint.view path traversal5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00047CVE-2023-29986
13SourceCodester Online Payroll System attendance_row.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00077CVE-2023-1848
14Dell Rugged Control Center Service Endpoint input validation7.87.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.00042CVE-2022-34443
15QNAP QTS/QuTS Hero command injection5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00179CVE-2020-2509
16Cisco Unified Communications Manager cross-site request forgery6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00109CVE-2013-3397
17Cisco Virtualization Experience Media Engine input validation5.35.3$5k-$25k$0-$5kNot DefinedNot Defined0.000.00258CVE-2013-3393
18Tenda Tenda W30E NatStaticSetting stack-based overflow6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00046CVE-2022-45516
19Tenda W30E CertListInfo stack-based overflow5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00046CVE-2022-45525
20SourceCodester Event Registration System unrestricted upload6.46.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00091CVE-2022-4232

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
134.94.151.129129.151.94.34.bc.googleusercontent.comBelialDemonMatanbuchus08/29/2021verifiedMedium
234.105.89.8282.89.105.34.bc.googleusercontent.comBelialDemonMatanbuchus08/29/2021verifiedMedium
3XX.XXX.XXX.XXXxxx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxxxXxxxxxxxxxx08/29/2021verifiedMedium
4XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxXxxxxx Xxxxxx07/22/2022verifiedMedium
5XXX.XXX.X.XXXxxxxxxxxxxXxxxxx Xxxxxx07/22/2022verifiedHigh
6XXX.XXX.XX.XXXXxxxxxxxxxxXxxxxx Xxxxxx07/22/2022verifiedHigh
7XXX.XXX.XXX.XXXxxxxxxxxxx07/06/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22, CWE-425Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3T1059.007CWE-79Cross Site ScriptingpredictiveHigh
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx XxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (42)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/?page=user/manage_user&id=3predictiveHigh
2File/admin/attendance_row.phppredictiveHigh
3File/admin/test_status.phppredictiveHigh
4File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
5File/edituser.phppredictiveHigh
6File/xxx/xxxxxxpredictiveMedium
7File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
8File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
9File/xxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
10File/xxxxxpredictiveLow
11File/xxxxxxx/predictiveMedium
12Filexxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
14Filexxx:.xxxpredictiveMedium
15Filexxxxxxx/xxxx.xxxxx.xxxpredictiveHigh
16Filexxxxx.xxxpredictiveMedium
17Filexx/xxxxxx.xxx.xxpredictiveHigh
18Filexxxxxxx-xxxx.xxxpredictiveHigh
19Filexxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
20Filexxxxxxxx.xpredictiveMedium
21Filexxxxxxxxx.xpredictiveMedium
22Filexxxxxxxxxxxx.xxxpredictiveHigh
23ArgumentxxxxxxxxpredictiveMedium
24ArgumentxxxpredictiveLow
25ArgumentxxxxxxxxxxpredictiveMedium
26Argumentxxxxx/xxxxxxpredictiveMedium
27ArgumentxxxxxxxxxxpredictiveMedium
28ArgumentxxxxxxxxxxxpredictiveMedium
29ArgumentxxxxxxxxpredictiveMedium
30Argumentxxxxx xxxxpredictiveMedium
31Argumentxxxxx xxxxpredictiveMedium
32ArgumentxxpredictiveLow
33ArgumentxxxxxxxpredictiveLow
34ArgumentxxxxpredictiveLow
35Argumentxxxxxxxxxx[x]predictiveHigh
36Argumentxx_xxxxpredictiveLow
37Argumentxx_xxpredictiveLow
38ArgumentxxxxxxxpredictiveLow
39Input Value-x'%xxxxxxx%xxxxxxxx%xxxx,xxxx(),xxx,xxx--+predictiveHigh
40Input Valuexxxxxxxxx-xxxxxxxx-xxxxxx-xx.x-xxxxxxx-xx.x%x%x%x%xx%x%x%x%x%x%x%x%x%x%x%x%x%x.xxxpredictiveHigh
41Input Value\xxx../../../../xxx/xxxxxxpredictiveHigh
42Pattern() {predictiveLow

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!