Maze Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (164)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en122
pl16
zh10
ru6
de6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us58
cn18
pl14
ru14
fr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

FIN612
Mirai2
Cobalt Strike2
IcedID2
NjRAT1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined62
Content Management System22
Router Operating System18
Web Server8
Forum Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined72
MikroTik10
Microsoft6
Dasan4
Apache4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

MikroTik RouterOS10
WordPress6
lighttpd4
Dasan GPON Home Router4
phpMyAdmin4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.350.01302CVE-2007-0354
2WordPress WP_Query sql injection6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.93536CVE-2022-21661
3Chipmunk Scripts CMScore index.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00217CVE-2005-0368
4ampleShop category.cfm sql injection7.37.3$0-$5kCalculatingNot DefinedUnavailable0.020.00621CVE-2006-2038
5Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
6Dasan GPON Home Router menu.html improper authentication8.58.4$0-$5k$0-$5kHighWorkaround0.000.97117CVE-2018-10561
7lighttpd mod_evhost/mod_simple_vhost path traversal5.34.6$0-$5kCalculatingProof-of-ConceptOfficial Fix0.000.14448CVE-2013-2324
8libssh SSH2_MSG_USERAUTH_SUCCESS Message improper authentication8.58.4$25k-$100k$0-$5kHighOfficial Fix0.030.15306CVE-2018-10933
9libxml2 Entity Expansion parser.c xmlParserHandlePEReference denial of service5.34.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.02360CVE-2014-0191
10Gin-Vue-Admin Download Module path traversal6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.090.00154CVE-2022-47762
11pomelo-monitor injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00371CVE-2020-7620
12CodeIgniter DB_query_builder.php or_where sql injection8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.040.00153CVE-2022-40824
13CodeIgniter HTTP Request input validation8.38.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00195CVE-2022-24711
14Rakuten Viber Secret Chat information disclosure4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00051CVE-2018-3987
15Plesk Obsidian Login Page injection5.85.7$0-$5k$0-$5kNot DefinedNot Defined0.030.00174CVE-2023-24044
16SourceCodester Web-Based Student Clearance System Edit User Profile Page edit-admin.php sql injection4.74.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00045CVE-2024-1928
17Elastic Elasticsearch Simulate Pipeline API exceptional condition6.16.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00046CVE-2023-46673
18Microsoft SQL Server Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.040.00762CVE-2023-21713
1970mai a500s Recording access control7.37.2$0-$5k$0-$5kNot DefinedNot Defined0.020.00088CVE-2023-43271
20MikroTik RouterOS Web Server memory corruption8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00320CVE-2017-20149

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • MAZE

IOC - Indicator of Compromise (38)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.199.167.188FIN6MAZE12/16/2020verifiedHigh
237.1.213.9FIN6MAZE12/16/2020verifiedHigh
337.252.7.142FIN6MAZE12/16/2020verifiedHigh
454.39.233.188mail.ov120.slpmt.netFIN6MAZE12/16/2020verifiedHigh
591.208.184.174sell.mybeststore.clubFIN6MAZE12/16/2020verifiedHigh
691.218.114.4FIN6MAZE12/16/2020verifiedHigh
791.218.114.11Maze03/11/2022verifiedHigh
891.218.114.31FIN6MAZE12/16/2020verifiedHigh
9XX.XXX.XXX.XXXxxxXxxx12/16/2020verifiedHigh
10XX.XXX.XXX.XXXxxxXxxx12/16/2020verifiedHigh
11XX.XXX.XXX.XXXxxxXxxx12/16/2020verifiedHigh
12XX.XXX.XXX.XXXxxxXxxx12/16/2020verifiedHigh
13XX.XXX.XXX.XXXxxxXxxx12/16/2020verifiedHigh
14XX.XX.X.XXxx-xx-x-xx.xxxxxxxxx.xxxXxxxXxxx12/16/2020verifiedHigh
15XX.XX.XX.XXXxx-xx-xx-xxx.xxxxxxxxx.xxxXxxxXxxx12/16/2020verifiedHigh
16XX.XX.XX.Xxx-xx-xx-x.xxxxxxxxx.xxxXxxxXxxx12/16/2020verifiedHigh
17XX.XX.XX.Xxx-xx-xx-x.xxxxxxxxx.xxxXxxxXxxx12/16/2020verifiedHigh
18XX.XX.XX.XXXxx.xx.xx.xx.xxx.xx.xxxxx.xxxxxx.xx-xxxxx.xxxXxxxXxxx12/16/2020verifiedHigh
19XX.XX.XX.XXXxx.xx.xx.xx.xxx.xx.xxxxx.xxxxxx.xx-xxxxx.xxxXxxxXxxx12/16/2020verifiedHigh
20XX.XX.XX.Xxxxxxxxx-xx-x.xxx.xxXxxxXxxx12/16/2020verifiedHigh
21XX.XX.XX.XXxxxx.xxxxxxxxxx.xxxxXxxxXxxx12/16/2020verifiedHigh
22XX.XX.XX.XXxx-xx-xx-xx.xx.xxx.xxXxxxXxxx12/16/2020verifiedHigh
23XX.XX.XX.XXxxx.xxxxxxxxxxxxxx.xxx.xxXxxxXxxx12/16/2020verifiedHigh
24XX.XX.XX.XXXxx-xx-xx-xxx.xx.xxx.xxXxxxXxxx12/16/2020verifiedHigh
25XX.XX.XXX.Xxxxxxxx.xxXxxxXxxx12/16/2020verifiedHigh
26XX.XX.XXX.XXXxxxXxxx12/16/2020verifiedHigh
27XX.XXX.XX.XXXXxxx05/31/2021verifiedHigh
28XXX.XXX.XXX.XXxxxxx.xxxxxxxxxxxxxxx.xxxXxxxXxxx12/16/2020verifiedHigh
29XXX.XXX.XXX.XXXxxxxxx-xxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxxXxxxXxxx12/16/2020verifiedHigh
30XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxxXxxx12/16/2020verifiedHigh
31XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxxXxxx12/16/2020verifiedHigh
32XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxxXxxx12/16/2020verifiedHigh
33XXX.XX.XXX.XXXXxxxXxxx12/16/2020verifiedHigh
34XXX.XXX.XX.XXXxxxXxxx12/16/2020verifiedHigh
35XXX.XXX.XX.XXXxxx04/29/2022verifiedHigh
36XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxxXxxxXxxx12/16/2020verifiedHigh
37XXX.XXX.XXX.XXXxxxxxx-xxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxxXxxxXxxx12/16/2020verifiedHigh
38XXX.XX.XXX.XXXxxxxxxxxxx.xxxXxxxXxxx12/16/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (122)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File//predictiveLow
2File/admin/edit-admin.phppredictiveHigh
3File/ajax-files/postComment.phppredictiveHigh
4File/cgi-bin/login_action.cgipredictiveHigh
5File/cgi-bin/webprocpredictiveHigh
6File/exportpredictiveLow
7File/forum/away.phppredictiveHigh
8File/index.phppredictiveMedium
9File/index.php/weblinks-categoriespredictiveHigh
10File/menu.htmlpredictiveMedium
11File/mics/j_spring_security_checkpredictiveHigh
12File/mybb_1806/Upload/admin/index.phppredictiveHigh
13File/scp/directory.phppredictiveHigh
14File/uncpath/predictiveMedium
15File/var/log/nginxpredictiveHigh
16Fileaccount/gallery.phppredictiveHigh
17Fileadd_edit_cat.asppredictiveHigh
18Fileadmin.php?mod=user&act=delpredictiveHigh
19Filexxxxx/xxxxx_xxxxxxx.xxxpredictiveHigh
20Filexxxxxxxxx.xxpredictiveMedium
21Filexxx.xxxpredictiveLow
22Filexxx/xxxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
23Filexxx/xxxxxxxx/xxxxx/xxxxx_xxxxx.xpredictiveHigh
24Filexxx.xxxpredictiveLow
25Filexxxxxxxx.xxxpredictiveMedium
26Filexxxxxxxx.xxxpredictiveMedium
27Filexxx-xxx/xxx_xxx_xxxxxx.xxxpredictiveHigh
28Filexxxxxxxx.xxxpredictiveMedium
29Filexxxxxx/xxxx/x_xxxx.xpredictiveHigh
30Filexxxxxxx.xxxpredictiveMedium
31Filexx/xx_xxxxxxxx.xxxpredictiveHigh
32Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
33Filexxxxx.xxxpredictiveMedium
34Filexxxxxxx.xpredictiveMedium
35Filexxxx.xxxpredictiveMedium
36Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xxpredictiveHigh
37Filexxx.xxxpredictiveLow
38Filexxxxx.xxxpredictiveMedium
39Filexxxx.xxxpredictiveMedium
40Filexxxxxxxxxx/xxxxxxxxxxx_xxxxxx.xxxpredictiveHigh
41Filexxxxxxxx/xxxx_xxxxpredictiveHigh
42Filexxxx.xxxpredictiveMedium
43Filexxxxx.xxxpredictiveMedium
44Filexxxxx.xxxpredictiveMedium
45Filexxxxx.xxxpredictiveMedium
46Filexxxx_xxxxxxxx.xxxpredictiveHigh
47Filexxx/xxxx_xxx.xxxpredictiveHigh
48Filexxxxxxx\xxxxxxxxx\xxxxxxx.xxxpredictiveHigh
49Filexxxx.xxxpredictiveMedium
50Filexxxxxxxx.xxxx/xxxx.xxxxpredictiveHigh
51Filexxxxxx.xpredictiveMedium
52Filexxxxxxxx.xxxpredictiveMedium
53Filexxxxxxxxxx.xxxpredictiveHigh
54Filexxxxxxx_xxxx.xxxpredictiveHigh
55Filexxxxx.xxxpredictiveMedium
56Filexxxx/xxxx.xxxpredictiveHigh
57Filexxxx_xxxxxxxx.xxx/xxxx_xxxx.xxxpredictiveHigh
58Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
59Filexxx_xxxxxxx.xxxpredictiveHigh
60Filexxxxxxxx-x.xpredictiveMedium
61Filexxxxxx.xxxpredictiveMedium
62Filexxxx/xxxxxxxxxx.xxx?xxxxxx=xxxxpredictiveHigh
63Filexxxxxxxx.xxxpredictiveMedium
64Filexxxx_xxxx.xxxpredictiveHigh
65Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
66Filexx-xxxxx/xxxx-xxx.xxxpredictiveHigh
67Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
68Filexxxxxxxxxxxxxx.xxxpredictiveHigh
69Filexxxxxx.xxxpredictiveMedium
70Libraryxxxxxx.xxxpredictiveMedium
71Libraryxxxxxxxxx/xxxxxxx_xxx.xxx.xxxpredictiveHigh
72Argument$xxxxx_xxxxxxxxxxpredictiveHigh
73Argument?xxxxxxpredictiveLow
74ArgumentxxxpredictiveLow
75ArgumentxxxxpredictiveLow
76ArgumentxxxpredictiveLow
77ArgumentxxxxxpredictiveLow
78Argumentxxx_xxpredictiveLow
79ArgumentxxxpredictiveLow
80ArgumentxxxxxxxxxxxpredictiveMedium
81Argumentxxxxxxxxx_xxxxxx/xxxxxxxxx_xxxxxxpredictiveHigh
82ArgumentxxxxpredictiveLow
83Argumentxxxx_xxxxxx=xxxxpredictiveHigh
84ArgumentxxxpredictiveLow
85ArgumentxxxxpredictiveLow
86Argumentxxxx/xxxxxxpredictiveMedium
87ArgumentxxxxxxxxpredictiveMedium
88ArgumentxxxxxxxpredictiveLow
89ArgumentxxxxxxxxpredictiveMedium
90Argumentxxxxxxx[xxxx_xxx][$xxxx->xxxx][xxxxxxxxxxxxxxpredictiveHigh
91ArgumentxxxpredictiveLow
92ArgumentxxxxpredictiveLow
93ArgumentxxxxxxxxpredictiveMedium
94ArgumentxxpredictiveLow
95ArgumentxxxxxxpredictiveLow
96Argumentx_xxxxxxxxpredictiveMedium
97Argumentxxxx[*][xxxx]predictiveHigh
98ArgumentxxxpredictiveLow
99Argumentxxxx_xxxxxx_xxpredictiveHigh
100ArgumentxxxxpredictiveLow
101ArgumentxxxxpredictiveLow
102Argumentxxx_xxxxxxxpredictiveMedium
103ArgumentxxxxxpredictiveLow
104ArgumentxxxxpredictiveLow
105Argumentxxxx=predictiveLow
106ArgumentxxxxxxpredictiveLow
107Argumentx_xxxxpredictiveLow
108Argumentxxxxx_xxpredictiveMedium
109ArgumentxxxpredictiveLow
110ArgumentxxxpredictiveLow
111ArgumentxxxxxpredictiveLow
112ArgumentxxxxxxxxxxxxxxpredictiveHigh
113Argumentxxxxx_xxxxxxxxxpredictiveHigh
114Argumentxxxx_xx[]predictiveMedium
115Argumentxxxxxxxx/xxxx xxxxxxpredictiveHigh
116ArgumentxxxpredictiveLow
117ArgumentxxxxxxxxpredictiveMedium
118Argumentxxxx_xx[]predictiveMedium
119Input Value' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxxpredictiveHigh
120Input Value../predictiveLow
121Input Valuex%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xxpredictiveHigh
122Input Valuexx xxxxxxxxx xxxxxxx(xxxxxxxxxxxx(xxxx(),xxxxxx(xxxx,xxxxxxx())),x);predictiveHigh

References (5)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!