Maze Analysis

IOB - Indicator of Behavior (171)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en122
zh20
pl16
de6
ru4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

MikroTik RouterOS8
nginx4
Microsoft IIS4
ownCloud4
Live555 Streaming Media2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013021.97CVE-2007-0354
2WordPress WP_Query sql injection6.36.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.934220.00CVE-2022-21661
3Chipmunk Scripts CMScore index.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002170.00CVE-2005-0368
4ampleShop category.cfm sql injection7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.006210.05CVE-2006-2038
5Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.09CVE-2017-0055
6Dasan GPON Home Router menu.html improper authentication8.58.4$0-$5k$0-$5kHighWorkaround0.970830.05CVE-2018-10561
7lighttpd mod_evhost/mod_simple_vhost path traversal5.34.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.294440.05CVE-2013-2324
8libssh SSH2_MSG_USERAUTH_SUCCESS Message improper authentication8.58.4$25k-$100k$0-$5kHighOfficial Fix0.137100.05CVE-2018-10933
9libxml2 Entity Expansion parser.c xmlParserHandlePEReference denial of service5.34.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.023600.00CVE-2014-0191
10JumpServer code injection9.39.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.06CVE-2024-29201
11Apache RocketMQ NameServer code injection8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.010470.04CVE-2023-37582
12JEECG HTTP POST Request jeecgFormDemoController deserialization7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.000720.00CVE-2023-49442
13DedeCMS article_allowurl_edit.php code injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.002870.15CVE-2023-2928
14OpenResty ngx.req.get_post_args sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.006370.05CVE-2018-9230
15Openads adclick.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.018710.25CVE-2007-2046
16Campcodes Complete Web-Based School Management System student_payment_details2.php cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.20CVE-2024-4527
17Gin-Vue-Admin Download Module path traversal6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001540.00CVE-2022-47762
18pomelo-monitor injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003710.07CVE-2020-7620
19CodeIgniter DB_query_builder.php or_where sql injection8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.001580.04CVE-2022-40824
20CodeIgniter HTTP Request input validation8.38.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001950.00CVE-2022-24711

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • MAZE

IOC - Indicator of Compromise (38)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.199.167.188FIN6MAZE12/16/2020verifiedLow
237.1.213.9FIN6MAZE12/16/2020verifiedLow
337.252.7.142FIN6MAZE12/16/2020verifiedLow
454.39.233.188mail.ov120.slpmt.netFIN6MAZE12/16/2020verifiedLow
591.208.184.174sell.mybeststore.clubFIN6MAZE12/16/2020verifiedVery Low
691.218.114.4FIN6MAZE12/16/2020verifiedLow
791.218.114.11Maze03/11/2022verifiedMedium
891.218.114.31FIN6MAZE12/16/2020verifiedLow
9XX.XXX.XXX.XXXxxxXxxx12/16/2020verifiedLow
10XX.XXX.XXX.XXXxxxXxxx12/16/2020verifiedLow
11XX.XXX.XXX.XXXxxxXxxx12/16/2020verifiedLow
12XX.XXX.XXX.XXXxxxXxxx12/16/2020verifiedLow
13XX.XXX.XXX.XXXxxxXxxx12/16/2020verifiedLow
14XX.XX.X.XXxx-xx-x-xx.xxxxxxxxx.xxxXxxxXxxx12/16/2020verifiedLow
15XX.XX.XX.XXXxx-xx-xx-xxx.xxxxxxxxx.xxxXxxxXxxx12/16/2020verifiedLow
16XX.XX.XX.Xxx-xx-xx-x.xxxxxxxxx.xxxXxxxXxxx12/16/2020verifiedLow
17XX.XX.XX.Xxx-xx-xx-x.xxxxxxxxx.xxxXxxxXxxx12/16/2020verifiedLow
18XX.XX.XX.XXXxx.xx.xx.xx.xxx.xx.xxxxx.xxxxxx.xx-xxxxx.xxxXxxxXxxx12/16/2020verifiedLow
19XX.XX.XX.XXXxx.xx.xx.xx.xxx.xx.xxxxx.xxxxxx.xx-xxxxx.xxxXxxxXxxx12/16/2020verifiedLow
20XX.XX.XX.Xxxxxxxxx-xx-x.xxx.xxXxxxXxxx12/16/2020verifiedLow
21XX.XX.XX.XXxxxx.xxxxxxxxxx.xxxxXxxxXxxx12/16/2020verifiedLow
22XX.XX.XX.XXxx-xx-xx-xx.xx.xxx.xxXxxxXxxx12/16/2020verifiedLow
23XX.XX.XX.XXxxx.xxxxxxxxxxxxxx.xxx.xxXxxxXxxx12/16/2020verifiedLow
24XX.XX.XX.XXXxx-xx-xx-xxx.xx.xxx.xxXxxxXxxx12/16/2020verifiedLow
25XX.XX.XXX.Xxxxxxxx.xxXxxxXxxx12/16/2020verifiedLow
26XX.XX.XXX.XXXxxxXxxx12/16/2020verifiedLow
27XX.XXX.XX.XXXXxxx05/31/2021verifiedLow
28XXX.XXX.XXX.XXxxxxx.xxxxxxxxxxxxxxx.xxxXxxxXxxx12/16/2020verifiedLow
29XXX.XXX.XXX.XXXxxxxxx-xxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxxXxxxXxxx12/16/2020verifiedLow
30XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxxXxxx12/16/2020verifiedLow
31XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxxXxxx12/16/2020verifiedLow
32XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxxXxxx12/16/2020verifiedLow
33XXX.XX.XXX.XXXXxxxXxxx12/16/2020verifiedLow
34XXX.XXX.XX.XXXxxxXxxx12/16/2020verifiedLow
35XXX.XXX.XX.XXXxxx04/29/2022verifiedMedium
36XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxxXxxxXxxx12/16/2020verifiedLow
37XXX.XXX.XXX.XXXxxxxxx-xxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxxXxxxXxxx12/16/2020verifiedLow
38XXX.XX.XXX.XXXxxxxxxxxxx.xxxXxxxXxxx12/16/2020verifiedLow

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (127)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File//predictiveLow
2File/admin/edit-admin.phppredictiveHigh
3File/ajax-files/postComment.phppredictiveHigh
4File/cgi-bin/login_action.cgipredictiveHigh
5File/cgi-bin/webprocpredictiveHigh
6File/exportpredictiveLow
7File/forum/away.phppredictiveHigh
8File/index.phppredictiveMedium
9File/index.php/weblinks-categoriespredictiveHigh
10File/menu.htmlpredictiveMedium
11File/mics/j_spring_security_checkpredictiveHigh
12File/mybb_1806/Upload/admin/index.phppredictiveHigh
13File/scp/directory.phppredictiveHigh
14File/uncpath/predictiveMedium
15File/var/log/nginxpredictiveHigh
16File/view/student_payment_details2.phppredictiveHigh
17Fileaccount/gallery.phppredictiveHigh
18Fileadclick.phppredictiveMedium
19Fileadd_edit_cat.asppredictiveHigh
20Filexxxxx.xxx?xxx=xxxx&xxx=xxxpredictiveHigh
21Filexxxxx/xxxxx_xxxxxxx.xxxpredictiveHigh
22Filexxxxxxxxx.xxpredictiveMedium
23Filexxx.xxxpredictiveLow
24Filexxx/xxxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
25Filexxx/xxxxxxxx/xxxxx/xxxxx_xxxxx.xpredictiveHigh
26Filexxx.xxxpredictiveLow
27Filexxxxxxxx.xxxpredictiveMedium
28Filexxxxxxxx.xxxpredictiveMedium
29Filexxx-xxx/xxx_xxx_xxxxxx.xxxpredictiveHigh
30Filexxxxxxxx.xxxpredictiveMedium
31Filexxxxxx/xxxx/x_xxxx.xpredictiveHigh
32Filexxxxxxx.xxxpredictiveMedium
33Filexx/xx_xxxxxxxx.xxxpredictiveHigh
34Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
35Filexxxxx.xxxpredictiveMedium
36Filexxxxxxx.xpredictiveMedium
37Filexxxx.xxxpredictiveMedium
38Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xxpredictiveHigh
39Filexxx.xxxpredictiveLow
40Filexxxxx.xxxpredictiveMedium
41Filexxxx.xxxpredictiveMedium
42Filexxxxxxxxxx/xxxxxxxxxxx_xxxxxx.xxxpredictiveHigh
43Filexxxxxxxx/xxxx_xxxxpredictiveHigh
44Filexxxx.xxxpredictiveMedium
45Filexxxxx.xxxpredictiveMedium
46Filexxxxx.xxxpredictiveMedium
47Filexxxxx.xxxpredictiveMedium
48Filexxxx_xxxxxxxx.xxxpredictiveHigh
49Filexxx/xxxx_xxx.xxxpredictiveHigh
50Filexxxxxxx\xxxxxxxxx\xxxxxxx.xxxpredictiveHigh
51Filexxxx.xxxpredictiveMedium
52Filexxxxxxxx.xxxx/xxxx.xxxxpredictiveHigh
53Filexxxxxx.xpredictiveMedium
54Filexxxxxxxx.xxxpredictiveMedium
55Filexxxxxxxxxx.xxxpredictiveHigh
56Filexxxxxxx_xxxx.xxxpredictiveHigh
57Filexxxxx.xxxpredictiveMedium
58Filexxxx/xxxx.xxxpredictiveHigh
59Filexxxx_xxxxxxxx.xxx/xxxx_xxxx.xxxpredictiveHigh
60Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
61Filexxx_xxxxxxx.xxxpredictiveHigh
62Filexxxxxxxx-x.xpredictiveMedium
63Filexxxxxx.xxxpredictiveMedium
64Filexxxxxxx/xxxx/xxxxxxx_xxxxxxxx_xxxx.xxxpredictiveHigh
65Filexxxx/xxxxxxxxxx.xxx?xxxxxx=xxxxpredictiveHigh
66Filexxxxxxxx.xxxpredictiveMedium
67Filexxxx_xxxx.xxxpredictiveHigh
68Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
69Filexx-xxxxx/xxxx-xxx.xxxpredictiveHigh
70Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
71Filexxxxxxxxxxxxxx.xxxpredictiveHigh
72Filexxxxxx.xxxpredictiveMedium
73Libraryxxxxxx.xxxpredictiveMedium
74Libraryxxxxxxxxx/xxxxxxx_xxx.xxx.xxxpredictiveHigh
75Argument$xxxxx_xxxxxxxxxxpredictiveHigh
76Argument?xxxxxxpredictiveLow
77ArgumentxxxpredictiveLow
78ArgumentxxxxpredictiveLow
79ArgumentxxxxxxxpredictiveLow
80ArgumentxxxpredictiveLow
81ArgumentxxxxxpredictiveLow
82Argumentxxx_xxpredictiveLow
83ArgumentxxxpredictiveLow
84ArgumentxxxxxxxxxxxpredictiveMedium
85Argumentxxxxxxxxx_xxxxxx/xxxxxxxxx_xxxxxxpredictiveHigh
86ArgumentxxxxpredictiveLow
87Argumentxxxx_xxxxxx=xxxxpredictiveHigh
88ArgumentxxxpredictiveLow
89ArgumentxxxxpredictiveLow
90Argumentxxxx/xxxxxxpredictiveMedium
91ArgumentxxxxxxxxpredictiveMedium
92ArgumentxxxxxxxpredictiveLow
93ArgumentxxxxxxxxpredictiveMedium
94Argumentxxxxxxx[xxxx_xxx][$xxxx->xxxx][xxxxxxxxxxxxxxpredictiveHigh
95ArgumentxxxpredictiveLow
96ArgumentxxxxpredictiveLow
97ArgumentxxxxxxxxpredictiveMedium
98ArgumentxxpredictiveLow
99ArgumentxxxxxpredictiveLow
100ArgumentxxxxxxpredictiveLow
101Argumentx_xxxxxxxxpredictiveMedium
102Argumentxxxx[*][xxxx]predictiveHigh
103ArgumentxxxpredictiveLow
104Argumentxxxx_xxxxxx_xxpredictiveHigh
105ArgumentxxxxpredictiveLow
106ArgumentxxxxpredictiveLow
107Argumentxxx_xxxxxxxpredictiveMedium
108ArgumentxxxxxpredictiveLow
109ArgumentxxxxpredictiveLow
110Argumentxxxx=predictiveLow
111ArgumentxxxxxxpredictiveLow
112Argumentx_xxxxpredictiveLow
113Argumentxxxxx_xxpredictiveMedium
114ArgumentxxxpredictiveLow
115ArgumentxxxpredictiveLow
116ArgumentxxxxxpredictiveLow
117ArgumentxxxxxxxxxxxxxxpredictiveHigh
118Argumentxxxxx_xxxxxxxxxpredictiveHigh
119Argumentxxxx_xx[]predictiveMedium
120Argumentxxxxxxxx/xxxx xxxxxxpredictiveHigh
121ArgumentxxxpredictiveLow
122ArgumentxxxxxxxxpredictiveMedium
123Argumentxxxx_xx[]predictiveMedium
124Input Value' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxxpredictiveHigh
125Input Value../predictiveLow
126Input Valuex%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xxpredictiveHigh
127Input Valuexx xxxxxxxxx xxxxxxx(xxxxxxxxxxxx(xxxx(),xxxxxx(xxxx,xxxxxxx())),x);predictiveHigh

References (5)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!