Maze Analysis

IOB - Indicator of Behavior (142)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en90
de14
es12
pl10
fr8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us44
cn12
es10
pl10
ru8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Dasan H660GW6
Microsoft Windows4
Dasan GPON Home Router4
WordPress4
Huawei E53322

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.520.02800CVE-2007-0354
2WordPress WP_Query sql injection6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.11157CVE-2022-21661
3Chipmunk Scripts CMScore index.php sql injection7.36.9$0-$5kCalculatingProof-of-ConceptNot Defined0.010.00986CVE-2005-0368
4ampleShop category.cfm sql injection7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.030.01408CVE-2006-2038
5Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.250.25090CVE-2017-0055
6Dasan GPON Home Router menu.html improper authentication8.58.3$0-$5k$0-$5kHighWorkaround0.000.12492CVE-2018-10561
7lighttpd mod_evhost/mod_simple_vhost path traversal5.34.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.080.25143CVE-2013-2324
8libssh SSH2_MSG_USERAUTH_SUCCESS Message improper authentication8.27.8$25k-$100k$0-$5kHighOfficial Fix0.090.92171CVE-2018-10933
9libxml2 Entity Expansion parser.c xmlParserHandlePEReference denial of service5.34.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.03407CVE-2014-0191
10lighttpd mod_evhost path traversal5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.37149CVE-2014-2324
11FreeBSD Ping pr_pack stack-based overflow7.37.0$5k-$25k$5k-$25kNot DefinedOfficial Fix0.060.00000CVE-2022-23093
12Cisco BroadWorks Application Server XSI-Actions Interface information disclosure4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01055CVE-2021-1562
13LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable2.220.00000
14Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.250.00000
15Wiki UI Main Wiki code injection8.38.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.02199CVE-2022-36099
16FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.460.01213CVE-2008-5928
17WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.150.01034CVE-2022-21664
18Xiaomi Redmi 5 external reference4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2019-15415
19Apple iOS OpenSSL a_type.c code5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.07559CVE-2015-0286
20OpenSSL TLS 1.3 Handshake SSL_check_chain null pointer dereference6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.070.35455CVE-2020-1967

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • MAZE

IOC - Indicator of Compromise (38)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.199.167.188MazeverifiedHigh
237.1.213.9FIN6MAZEverifiedHigh
337.252.7.142FIN6MAZEverifiedHigh
454.39.233.188mail.ov120.slpmt.netFIN6MAZEverifiedHigh
591.208.184.174sell.mybeststore.clubFIN6MAZEverifiedHigh
691.218.114.4MazeverifiedHigh
791.218.114.11MazeverifiedHigh
891.218.114.31FIN6MAZEverifiedHigh
9XX.XXX.XXX.XXXxxxXxxxverifiedHigh
10XX.XXX.XXX.XXXxxxXxxxverifiedHigh
11XX.XXX.XXX.XXXxxxXxxxverifiedHigh
12XX.XXX.XXX.XXXxxxXxxxverifiedHigh
13XX.XXX.XXX.XXXxxxXxxxverifiedHigh
14XX.XX.X.XXxx-xx-x-xx.xxxxxxxxx.xxxXxxxXxxxverifiedHigh
15XX.XX.XX.XXXxx-xx-xx-xxx.xxxxxxxxx.xxxXxxxXxxxverifiedHigh
16XX.XX.XX.Xxx-xx-xx-x.xxxxxxxxx.xxxXxxxXxxxverifiedHigh
17XX.XX.XX.Xxx-xx-xx-x.xxxxxxxxx.xxxXxxxXxxxverifiedHigh
18XX.XX.XX.XXXxx.xx.xx.xx.xxx.xx.xxxxx.xxxxxx.xx-xxxxx.xxxXxxxXxxxverifiedHigh
19XX.XX.XX.XXXxx.xx.xx.xx.xxx.xx.xxxxx.xxxxxx.xx-xxxxx.xxxXxxxXxxxverifiedHigh
20XX.XX.XX.Xxxxxxxxx-xx-x.xxx.xxXxxxXxxxverifiedHigh
21XX.XX.XX.XXxxxx.xxxxxxxxxx.xxxxXxxxXxxxverifiedHigh
22XX.XX.XX.XXxx-xx-xx-xx.xx.xxx.xxXxxxXxxxverifiedHigh
23XX.XX.XX.XXxxx.xxxxxxxxxxxxxx.xxx.xxXxxxXxxxverifiedHigh
24XX.XX.XX.XXXxx-xx-xx-xxx.xx.xxx.xxXxxxXxxxverifiedHigh
25XX.XX.XXX.Xxxxxxxx.xxXxxxXxxxverifiedHigh
26XX.XX.XXX.XXXxxxXxxxverifiedHigh
27XX.XXX.XX.XXXXxxxverifiedHigh
28XXX.XXX.XXX.XXxxxxx.xxxxxxxxxxxxxxx.xxxXxxxXxxxverifiedHigh
29XXX.XXX.XXX.XXXxxxxxx-xxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxxXxxxXxxxverifiedHigh
30XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxxXxxxverifiedHigh
31XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxxXxxxverifiedHigh
32XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxxXxxxverifiedHigh
33XXX.XX.XXX.XXXXxxxXxxxverifiedHigh
34XXX.XXX.XX.XXXxxxXxxxverifiedHigh
35XXX.XXX.XX.XXXxxxverifiedHigh
36XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxxXxxxXxxxverifiedHigh
37XXX.XXX.XXX.XXXxxxxxx-xxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxxXxxxXxxxverifiedHigh
38XXX.XX.XXX.XXXxxxxxxxxxx.xxxXxxxXxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (116)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File//predictiveLow
2File/ajax-files/postComment.phppredictiveHigh
3File/cgi-bin/login_action.cgipredictiveHigh
4File/cgi-bin/webprocpredictiveHigh
5File/forum/away.phppredictiveHigh
6File/index.phppredictiveMedium
7File/index.php/weblinks-categoriespredictiveHigh
8File/menu.htmlpredictiveMedium
9File/mics/j_spring_security_checkpredictiveHigh
10File/mybb_1806/Upload/admin/index.phppredictiveHigh
11File/scp/directory.phppredictiveHigh
12File/uncpath/predictiveMedium
13File/var/log/nginxpredictiveHigh
14Fileaccount/gallery.phppredictiveHigh
15Fileadd_edit_cat.asppredictiveHigh
16Fileadmin.php?mod=user&act=delpredictiveHigh
17Fileadmin/admin_process.phppredictiveHigh
18Filexxxxxxxxx.xxpredictiveMedium
19Filexxx.xxxpredictiveLow
20Filexxx/xxxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
21Filexxx/xxxxxxxx/xxxxx/xxxxx_xxxxx.xpredictiveHigh
22Filexxx.xxxpredictiveLow
23Filexxxxxxxx.xxxpredictiveMedium
24Filexxxxxxxx.xxxpredictiveMedium
25Filexxx-xxx/xxx_xxx_xxxxxx.xxxpredictiveHigh
26Filexxxxxxxx.xxxpredictiveMedium
27Filexxxxxx/xxxx/x_xxxx.xpredictiveHigh
28Filexxxxxxx.xxxpredictiveMedium
29Filexx/xx_xxxxxxxx.xxxpredictiveHigh
30Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
31Filexxxxx.xxxpredictiveMedium
32Filexxxx.xxxpredictiveMedium
33Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xxpredictiveHigh
34Filexxx.xxxpredictiveLow
35Filexxxxx.xxxpredictiveMedium
36Filexxxx.xxxpredictiveMedium
37Filexxxxxxxxxx/xxxxxxxxxxx_xxxxxx.xxxpredictiveHigh
38Filexxxxxxxx/xxxx_xxxxpredictiveHigh
39Filexxxx.xxxpredictiveMedium
40Filexxxxx.xxxpredictiveMedium
41Filexxxxx.xxxpredictiveMedium
42Filexxxxx.xxxpredictiveMedium
43Filexxxx_xxxxxxxx.xxxpredictiveHigh
44Filexxx/xxxx_xxx.xxxpredictiveHigh
45Filexxxxxxx\xxxxxxxxx\xxxxxxx.xxxpredictiveHigh
46Filexxxx.xxxpredictiveMedium
47Filexxxxxxxx.xxxx/xxxx.xxxxpredictiveHigh
48Filexxxxxx.xpredictiveMedium
49Filexxxxxxxx.xxxpredictiveMedium
50Filexxxxxxxxxx.xxxpredictiveHigh
51Filexxxxxxx_xxxx.xxxpredictiveHigh
52Filexxxxx.xxxpredictiveMedium
53Filexxxx/xxxx.xxxpredictiveHigh
54Filexxxx_xxxxxxxx.xxx/xxxx_xxxx.xxxpredictiveHigh
55Filexxx_xxxxxxx.xxxpredictiveHigh
56Filexxxxxxxx-x.xpredictiveMedium
57Filexxxxxx.xxxpredictiveMedium
58Filexxxx/xxxxxxxxxx.xxx?xxxxxx=xxxxpredictiveHigh
59Filexxxxxxxx.xxxpredictiveMedium
60Filexxxx_xxxx.xxxpredictiveHigh
61Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
62Filexx-xxxxx/xxxx-xxx.xxxpredictiveHigh
63Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
64Filexxxxxxxxxxxxxx.xxxpredictiveHigh
65Filexxxxxx.xxxpredictiveMedium
66Libraryxxxxxx.xxxpredictiveMedium
67Libraryxxxxxxxxx/xxxxxxx_xxx.xxx.xxxpredictiveHigh
68Argument$xxxxx_xxxxxxxxxxpredictiveHigh
69Argument?xxxxxxpredictiveLow
70ArgumentxxxpredictiveLow
71ArgumentxxxxpredictiveLow
72ArgumentxxxpredictiveLow
73ArgumentxxxxxpredictiveLow
74Argumentxxx_xxpredictiveLow
75ArgumentxxxpredictiveLow
76ArgumentxxxxxxxxxxxpredictiveMedium
77Argumentxxxxxxxxx_xxxxxx/xxxxxxxxx_xxxxxxpredictiveHigh
78ArgumentxxxxpredictiveLow
79Argumentxxxx_xxxxxx=xxxxpredictiveHigh
80ArgumentxxxpredictiveLow
81ArgumentxxxxpredictiveLow
82Argumentxxxx/xxxxxxpredictiveMedium
83ArgumentxxxxxxxxpredictiveMedium
84ArgumentxxxxxxxpredictiveLow
85Argumentxxxxxxx[xxxx_xxx][$xxxx->xxxx][xxxxxxxxxxxxxxpredictiveHigh
86ArgumentxxxpredictiveLow
87ArgumentxxxxxxxxpredictiveMedium
88ArgumentxxpredictiveLow
89ArgumentxxxxxxpredictiveLow
90Argumentx_xxxxxxxxpredictiveMedium
91Argumentxxxx[*][xxxx]predictiveHigh
92ArgumentxxxpredictiveLow
93Argumentxxxx_xxxxxx_xxpredictiveHigh
94ArgumentxxxxpredictiveLow
95ArgumentxxxxpredictiveLow
96Argumentxxx_xxxxxxxpredictiveMedium
97ArgumentxxxxxpredictiveLow
98ArgumentxxxxpredictiveLow
99Argumentxxxx=predictiveLow
100ArgumentxxxxxxpredictiveLow
101Argumentx_xxxxpredictiveLow
102Argumentxxxxx_xxpredictiveMedium
103ArgumentxxxpredictiveLow
104ArgumentxxxpredictiveLow
105ArgumentxxxxxpredictiveLow
106ArgumentxxxxxxxxxxxxxxpredictiveHigh
107Argumentxxxxx_xxxxxxxxxpredictiveHigh
108Argumentxxxx_xx[]predictiveMedium
109Argumentxxxxxxxx/xxxx xxxxxxpredictiveHigh
110ArgumentxxxpredictiveLow
111ArgumentxxxxxxxxpredictiveMedium
112Argumentxxxx_xx[]predictiveMedium
113Input Value' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxxpredictiveHigh
114Input Value../predictiveLow
115Input Valuex%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xxpredictiveHigh
116Input Valuexx xxxxxxxxx xxxxxxx(xxxxxxxxxxxx(xxxx(),xxxxxx(xxxx,xxxxxxx())),x);predictiveHigh

References (5)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!