Mekotio Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (167)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en114
zh18
de12
ru8
fr6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA86
CN: China20
GB: Great Britain18
WF: Wallis and Futuna6
BR: Brazil4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Mekotio25
Cobalt Strike9
Mirai5
RedLine Stealer5
Bashlite4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined68
Content Management System12
Operating System12
WordPress Plugin8
Programming Language Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined76
Microsoft14
Keenetic4
WordPress2
Qualcomm2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows8
Keenetic KN-10104
Keenetic KN-14104
Keenetic KN-17114
Keenetic KN-18104

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1SPIP filtres.php encoder_contexte_ajax code injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004460.03CVE-2016-3154
2SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001931.06CVE-2022-28959
3Myupb UPB cross site scripting4.34.3$0-$5k$0-$5kHighUnavailable0.005030.04CVE-2008-6727
4Project Worlds Student Project Allocation System Admin Login Module admin_login.php cross site scripting4.94.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000710.07CVE-2024-0726
5Simple Art Gallery adminHome.php sliderPicSubmit unrestricted upload7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.003250.04CVE-2023-1415
6FreePBX cdr Cdr.class.php ajaxHandler sql injection6.96.9$0-$5k$0-$5kNot DefinedOfficial Fix0.005760.04CVE-2020-36630
7WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.005760.09CVE-2022-21664
8Keenetic KN-1010/KN-1410/KN-1711/KN-1810/KN-1910 Version Data version.js information disclosure5.35.1$0-$5k$0-$5kProof-of-ConceptWorkaround0.000450.04CVE-2024-4022
9Keenetic KN-1010/KN-1410/KN-1711/KN-1810/KN-1910 Configuration Setting ndmComponents.js information disclosure5.35.1$0-$5k$0-$5kProof-of-ConceptWorkaround0.000450.04CVE-2024-4021
10Palo Alto PAN-OS Web Interface race condition3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.001160.02CVE-2023-0008
11RoundCube Webmail Email Message rcube_string_replacer.php linkref_addindex cross site scripting5.25.2$0-$5k$0-$5kHighOfficial Fix0.025480.02CVE-2020-35730
12FreePBX Operator Panel Module index_inc.php information disclosure5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000850.00CVE-2019-11407
13OpenCart Program Extension Upload Temporary unrestricted upload6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.002250.00CVE-2018-11494
14DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.028200.24CVE-2010-0966
15SPIP spip_login.php3 cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.010060.06CVE-2005-4494
16Rocklobster Contact Form 7 unrestricted upload6.36.3$0-$5k$0-$5kNot DefinedOfficial Fix0.159070.08CVE-2020-35489
17PHPGurukul Job Portal unrestricted upload8.38.3$0-$5k$0-$5kNot DefinedNot Defined0.000500.00CVE-2024-8463
18Four-Faith F3x24/F3x36 apply.cgi os command injection7.27.2$0-$5k$0-$5kHighNot Defined0.000460.05CVE-2024-12856
19Redmine sql injection6.46.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.015340.04CVE-2019-18890
20Webmin CGI command injection9.39.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.06CVE-2024-12828

IOC - Indicator of Compromise (84)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
14.240.84.251Mekotio05/08/2023verifiedHigh
25.181.156.865-181-156-86.mivocloud.comMekotio12/08/2023verifiedMedium
313.66.15.167Mekotio02/10/2022verifiedLow
415.228.13.156ec2-15-228-13-156.sa-east-1.compute.amazonaws.comMekotio05/12/2023verifiedMedium
515.228.16.45ec2-15-228-16-45.sa-east-1.compute.amazonaws.comMekotio08/06/2023verifiedMedium
615.228.46.182ec2-15-228-46-182.sa-east-1.compute.amazonaws.comMekotio01/14/2023verifiedLow
715.229.1.40ec2-15-229-1-40.sa-east-1.compute.amazonaws.comMekotio12/20/2023verifiedMedium
815.229.26.142ec2-15-229-26-142.sa-east-1.compute.amazonaws.comMekotio02/17/2023verifiedLow
918.118.78.11ec2-18-118-78-11.us-east-2.compute.amazonaws.comMekotio05/20/2023verifiedMedium
1018.223.102.186ec2-18-223-102-186.us-east-2.compute.amazonaws.comMekotio05/12/2023verifiedMedium
1118.231.161.239ec2-18-231-161-239.sa-east-1.compute.amazonaws.comMekotio05/12/2023verifiedMedium
1220.5.65.48Mekotio04/28/2023verifiedHigh
1320.25.181.202Mekotio05/12/2023verifiedHigh
1420.38.37.160Mekotio08/06/2023verifiedHigh
1520.121.119.89Mekotio05/20/2023verifiedHigh
1620.206.121.1Mekotio02/10/2022verifiedLow
1720.239.166.4Mekotio05/08/2023verifiedHigh
18XX.XXX.XX.XXXxxxxxx09/19/2023verifiedHigh
19XX.XXX.XX.XXXXxxxxxx03/08/2023verifiedHigh
20XX.XXX.XX.XXxx-xxx-xx-xx.xxxxxxxxxxx.xxxXxxxxxx05/12/2023verifiedHigh
21XX.XXX.XXX.XXXXxxxxxx12/08/2023verifiedHigh
22XX.XXX.XXX.XXXXxxxxxx09/23/2023verifiedHigh
23XX.XX.XXX.XXXxxx.xxx.xx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxx11/10/2023verifiedMedium
24XX.XXX.X.XXXxxx.x.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxx03/26/2024verifiedHigh
25XX.XXX.XXX.XXXxxx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxx09/19/2023verifiedMedium
26XX.XXX.XXX.XXXxxxxxx06/22/2023verifiedHigh
27XX.XXX.XXX.XXxx.xxx.xxx.xx.xxxx.xxxxxxxxxxxx.xxxXxxxxxx10/28/2024verifiedVery High
28XX.XXX.XXX.XXXxxxxxx.xxxxxx-xxx-xxxxxx.xxXxxxxxx05/08/2023verifiedHigh
29XX.XXX.XXX.XXXxxx-xxx-xxx-xx.xxxxxxx.xxxxxxxxxxxxxxx.xxxXxxxxxx12/03/2022verifiedMedium
30XX.XXX.XXX.XXXxxxxxxxx.xxxxxx-xxxx-xxxxx.xxxxxxXxxxxxx02/09/2023verifiedMedium
31XX.XXX.XXX.XXXXxxxxxx12/03/2022verifiedMedium
32XX.XX.XX.XXXXxxxxxx12/20/2023verifiedHigh
33XX.XX.XX.XXXXxxxxxx05/12/2023verifiedHigh
34XX.XX.XXX.XXXxxxxxx02/10/2022verifiedLow
35XX.XX.X.Xx.xx.xx.x.x.xxxxxxx.xxxxxxxx.xxxXxxxxxx04/04/2023verifiedHigh
36XX.XX.XX.XXXxx-xx-xx-xxx.xxxxxxxxxxx.xxxXxxxxxx12/08/2023verifiedHigh
37XX.XX.XXX.XXXxxxxxx08/06/2023verifiedHigh
38XX.XX.XXX.XXxxxxxxxxx.xxxxx.xxx.xxXxxxxxx02/08/2023verifiedMedium
39XX.XXX.XXX.XXXXxxxxxx05/12/2023verifiedHigh
40XX.XX.XXX.Xx.xxx.xx.xx.xxxx.xxxxxxxxxxxx.xxxXxxxxxx10/28/2024verifiedVery High
41XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxxxxx.xxxXxxxxxx05/12/2023verifiedHigh
42XX.XXX.XXX.XXxxxxxx04/28/2023verifiedHigh
43XX.XX.XXX.XXXxxx-xx-xx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxx05/12/2023verifiedMedium
44XX.XX.XXX.XXXxxx-xxx-xx-xx.xxxxxxx-xxxXxxxxxx02/08/2023verifiedMedium
45XX.XXX.XXX.XXXxxx.xxx.xxx.xx.xxxx.xxxxxxxxxxxx.xxxXxxxxxx09/19/2023verifiedHigh
46XX.XXX.XXX.XXXxxx.xxx.xxx.xx.xxxx.xxxxxxxxxxxx.xxxXxxxxxx12/08/2023verifiedHigh
47XX.XX.XXX.XXxxxxxx.xxxxxxx.xxxxXxxxxxx05/08/2023verifiedMedium
48XX.XX.XXX.XXxxxxxxxxx.xxxxx.xxx.xxXxxxxxx02/08/2023verifiedMedium
49XX.XX.XXX.XXxxxxxxxxx.xxxxx.xxx.xxXxxxxxx01/24/2023verifiedMedium
50XX.XXX.XX.XXxxxxxxx.xxxxxxxxxxx.xxxXxxxxxx12/08/2023verifiedHigh
51XXX.XX.XXX.XXXXxxxxxx12/20/2023verifiedHigh
52XXX.XX.XXX.XXXXxxxxxx05/12/2023verifiedHigh
53XXX.XX.XXX.XXXXxxxxxx02/16/2023verifiedMedium
54XXX.XX.XXX.XXXxxxxxx02/16/2023verifiedMedium
55XXX.XXX.XX.XXXXxxxxxx05/12/2023verifiedHigh
56XXX.XXX.XX.XXXxxxxxx01/06/2023verifiedMedium
57XXX.XXX.XXX.XXXxxxxxx07/05/2023verifiedHigh
58XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxx12/08/2023verifiedMedium
59XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxx08/06/2023verifiedMedium
60XXX.XX.XXX.XXXXxxxxxx12/08/2023verifiedHigh
61XXX.X.XX.XXXxxxxxx10/28/2023verifiedHigh
62XXX.X.XX.XXXxxxxxx10/28/2023verifiedHigh
63XXX.XX.XXX.XXXxxxxxxxx.xxxxxxxxxxx.xxx.xxXxxxxxx07/05/2023verifiedLow
64XXX.XXX.X.XXXxxxxxxxx.xxxxxxxxxxx.xxx.xxXxxxxxx05/20/2023verifiedLow
65XXX.XX.XX.XXXXxxxxxx08/07/2023verifiedHigh
66XXX.XXX.XX.XXXxxxxxx01/10/2023verifiedMedium
67XXX.XXX.XX.XXXXxxxxxx12/08/2023verifiedHigh
68XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxxxxxxx.xxxXxxxxxx05/12/2023verifiedHigh
69XXX.XX.XXX.Xxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxx12/08/2023verifiedHigh
70XXX.XXX.XX.XXXxxxxxx01/24/2023verifiedMedium
71XXX.XXX.XX.XXXxxxxxx08/06/2023verifiedHigh
72XXX.XXX.XX.XXXxxxxxx12/03/2022verifiedMedium
73XXX.XXX.XX.XXXxxxxxxxx.xxxxxxxxx-xxxxx.xxxxxxXxxxxxx01/24/2023verifiedMedium
74XXX.XXX.XX.XXXxxxx.xxxxxx.xxXxxxxxx12/03/2022verifiedMedium
75XXX.XXX.XX.XXXxxxxx.xxxxx-xxxx.xxxxXxxxxxx01/24/2023verifiedMedium
76XXX.XXX.XX.XXXxxxxxx.xxxXxxxxxx01/24/2023verifiedMedium
77XXX.XXX.XX.XXXxxx.xxxxxxxxxx.xxXxxxxxx01/10/2023verifiedMedium
78XXX.XXX.XX.XXXxxxxx.xxxxxx-xxxxxxx.xxxXxxxxxx03/08/2023verifiedMedium
79XXX.XXX.XX.XXxxxxxxxxxxxxx.xxxXxxxxxx04/28/2023verifiedHigh
80XXX.XXX.XX.XXXxxxxxxx.xxxXxxxxxx04/28/2023verifiedHigh
81XXX.XXX.XX.XXXxxxxxxxx.xxxxx.xxxxXxxxxxx02/17/2023verifiedMedium
82XXX.XXX.XX.XXXXxxxxxx05/08/2023verifiedHigh
83XXX.XXX.XXX.XXXXxxxxxx05/12/2023verifiedHigh
84XXX.X.XXX.XXXxxxxxx.xxxx.xxxXxxxxxx12/08/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23, CWE-37Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxx-xxx Xxxx Xxxxxxx XxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (87)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/?page=reportspredictiveHigh
2File/admin/ajax.php?action=save_windowpredictiveHigh
3File/api/v1/snapshotspredictiveHigh
4File/cgi-bin/cstecgi.cgipredictiveHigh
5File/manager/index.phppredictiveHigh
6File/mgmt/tm/util/bashpredictiveHigh
7File/ndmComponents.jspredictiveHigh
8File/secure/QueryComponent!Default.jspapredictiveHigh
9File/spip.phppredictiveMedium
10File/swdHGFizaW.php/general/attachment/edit/ids/4?dialog=1predictiveHigh
11File/xxxxxxx/predictiveMedium
12File/xxxxxx-xxxxxx.xxxpredictiveHigh
13File/xxxxxxx/xxxx.xxxpredictiveHigh
14File/xxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
15File/xxx/xxx/xxxxxx.xxxxpredictiveHigh
16File/xxxxxxx.xxpredictiveMedium
17File/xxxx/xxx/xxxxxxx/xxx_xxxxxx.xxxpredictiveHigh
18File/[xxxxxx_xxx].xxx/xxxxxxx/xxxxxxxxxx/xxxx/xxx/x?xxxxxx=xpredictiveHigh
19Filexxxxxxx.xxxpredictiveMedium
20Filexxxxxxxxx.xxxpredictiveHigh
21Filexxxxx_xxxxx.xxxpredictiveHigh
22Filexxx/xxxxx/xxxxxxxxx.xxxpredictiveHigh
23Filexxx/xxxxxxxx_xxxxx/xxxxx_xxx.xxxpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxx\xxxxxxxx\xxxxxxx_xxxxx.xxxpredictiveHigh
26Filexxxx_xxxxx_xxx_xxxxx.xpredictiveHigh
27Filexxxxxx/xxxxxxx/xxxx/xxxxxxx/xxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
28Filexxxxxx/xxxxx-xxx_xxxxxxxx.xxxpredictiveHigh
29Filexxxxxxx=xxxxxxxxxx&xxxx=xxxx&xxxxxxxxxxxxx=/predictiveHigh
30Filexxxxxx/xxx/xxxxxxx.xxxpredictiveHigh
31Filexxx/xxxxxx.xxxpredictiveHigh
32Filexxxxx.xxxxpredictiveMedium
33Filexxxxx.xxxpredictiveMedium
34Filexxxxx.xxxxpredictiveMedium
35Filexxxxxx/xxxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveHigh
36Filexxx/xxxxxxxxx/xxxxx_xxxx.xpredictiveHigh
37Filexxxxx.xxxpredictiveMedium
38Filexxxxx/xxxxxxxxxxx/xxxxxxxxxx_xxxxxxxxxxx.xxxpredictiveHigh
39Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
40Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictiveHigh
41Filexxxxx.xxxpredictiveMedium
42Filexxxxx.xxxpredictiveMedium
43Filexxxxxxxxxx.xxxpredictiveHigh
44Filexxxx_xxxxx.xxxxpredictiveHigh
45Filexxxxxxxxxxx.xxxpredictiveHigh
46Filexxxx-xxxxx.xxxpredictiveHigh
47Filexxxx-xxxxxxxx.xxxpredictiveHigh
48Filexxx/xxx.xxxxx.xxxpredictiveHigh
49Filexxxxxx.xxxpredictiveMedium
50Filexxxxxxxxxxxx.xxxpredictiveHigh
51Filexxxx_xxxxx.xxxpredictiveHigh
52Filexxxx.xpredictiveLow
53Filexxxxxxxxxxx.xxxpredictiveHigh
54ArgumentxxxxxxxxpredictiveMedium
55ArgumentxxxpredictiveLow
56ArgumentxxxxxxxxpredictiveMedium
57Argumentxxx_xxxxxxxxx_xxxxpredictiveHigh
58ArgumentxxxxxxpredictiveLow
59Argumentxxxxxxx/xxxxxxx/xxxxxxx_xxxxxxxxxx/xxxxxxx_xxxxxx/xxxxxxxx/xxxx_xxxxxpredictiveHigh
60ArgumentxxxxpredictiveLow
61ArgumentxxpredictiveLow
62ArgumentxxxxpredictiveLow
63ArgumentxxxxxxxxpredictiveMedium
64Argumentxxx_xxxpredictiveLow
65ArgumentxxpredictiveLow
66ArgumentxxxpredictiveLow
67Argumentxxxxx/xxxxxxpredictiveMedium
68ArgumentxxxpredictiveLow
69ArgumentxxxxpredictiveLow
70ArgumentxxxxxpredictiveLow
71ArgumentxxxxpredictiveLow
72ArgumentxxxxxxxxpredictiveMedium
73Argumentxxx_xxxpredictiveLow
74ArgumentxxxxxxxxxxxxxpredictiveHigh
75Argumentxxxxxxx-xxx-xxxpredictiveHigh
76ArgumentxxxxxxxxpredictiveMedium
77Argumentxxx[xxx]/xxx[xxxxxxxxxx]/xxx[xxxxxxxxxxx]predictiveHigh
78Argumentxxx_xxxpredictiveLow
79ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
80Argumentxxx_xxxxxpredictiveMedium
81Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
82ArgumentxxxxxpredictiveLow
83ArgumentxxxpredictiveLow
84Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
85ArgumentxxxxpredictiveLow
86Argument_xxxxxxpredictiveLow
87Input Valuexxxx%xx%xxxxxxxx%xxxxxxx(%xxxxxxxx%xx)%xx/xxxxxx%xxpredictiveHigh

References (27)

The following list contains external sources which discuss the actor and the associated activities:

Samples (27)

The following list contains associated samples:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!