menuPass Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (169)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en100
zh58
fr6
it2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA146
RU: Russia4
UA: Ukraine2
IT: Italy2
CN: China2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

menuPass3
FIN71
Feodo1
TrickBot1
Conti1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined76
Content Management System14
Web Server6
Cloud Software4
Operating System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined48
Apache8
HPE6
OpenStack4
Microsoft4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Grafana6
OpenStack Keystone4
Joomla CMS4
Apache Tomcat4
HPE Intelligent Management Center2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Kubernetes kubelet pprof information disclosure7.37.2$0-$5k$0-$5kNot definedOfficial fixexpected0.908410.00CVE-2019-11248
2Grafana Request redirect5.35.2$0-$5k$0-$5kNot definedOfficial fix 0.000630.04CVE-2022-29170
3EyouCMS Backend login.php deserialization4.74.5$0-$5k$0-$5kProof-of-ConceptNot defined 0.003620.16CVE-2024-3431
4shell-quote Windows Drive Letter exec os command injection5.55.3$0-$5k$0-$5kNot definedOfficial fix 0.075370.00CVE-2021-42740
5Rockwellautomation 1756-ENBT series A Firmware perform access control10.010.0$0-$5k$0-$5kNot definedNot definedexpected0.938410.00CVE-2010-2965
6Simple Link Directory Plugin SQL Statement qcopd_upvote_action sql injection7.37.0$0-$5k$0-$5kNot definedOfficial fixexpected0.873130.02CVE-2022-0760
7nginx request smuggling6.96.9$0-$5k$0-$5kNot definedNot defined 0.000000.16CVE-2020-12440
8Litespeed Technologies OpenLiteSpeed access control8.07.6$0-$5k$0-$5kProof-of-ConceptNot defined 0.033560.05CVE-2021-26758
9DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.29CVE-2010-0966
10emercoin Header resource consumption6.46.4$0-$5k$0-$5kNot definedNot defined 0.008070.00CVE-2018-19152
11OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial fixexpected0.924870.04CVE-2016-6210
12Eclipse Jetty HTTP/2 Server insufficient resource pool6.46.4$0-$5k$0-$5kNot definedNot defined 0.001350.08CVE-2022-2048
13Moment.js path traversal6.96.7$0-$5k$0-$5kNot definedOfficial fix 0.005060.08CVE-2022-24785
14Grafana API Endpoint authorization5.35.2$0-$5k$0-$5kNot definedOfficial fix 0.001130.08CVE-2022-21713
15Grafana Trace View Visualization cross site scripting5.45.4$0-$5k$0-$5kNot definedOfficial fix 0.340270.03CVE-2023-0594
16Linksys WRT54G POST Parameter apply.cgi validate_services_port stack-based overflow7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.002180.08CVE-2024-8408
17DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injection7.36.9$0-$5k$0-$5kProof-of-ConceptOfficial fixpossible0.386050.00CVE-2024-12987
18MyBatis PageHelper sql injection5.04.8$0-$5k$0-$5kNot definedNot defined 0.001440.00CVE-2022-28111
19ZKTeco ZKTime hard-coded credentials6.96.8$0-$5k$0-$5kNot definedNot defined 0.000690.08CVE-2021-39434
20Apache Commons IO FileNameUtils.normalize path traversal5.55.3$5k-$25k$0-$5kNot definedOfficial fix 0.003560.08CVE-2021-29425

Campaigns (3)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
160.2.148.167menuPassPoison Ivy12/17/2020verifiedLow
260.10.1.114hebei.10.60.in-addr.arpamenuPassPoison Ivy12/17/2020verifiedLow
360.10.1.115hebei.10.60.in-addr.arpamenuPassPoison Ivy12/17/2020verifiedLow
460.10.1.120hebei.10.60.in-addr.arpamenuPassPoison Ivy12/17/2020verifiedLow
5XX.XX.X.XXXxxxxx.xx.xx.xx-xxxx.xxxxXxxxxxxxXxxxxx Xxx12/17/2020verifiedLow
6XX.XXX.XXX.XXxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxXxxxx Xxxxxx12/17/2020verifiedVery Low
7XX.XXX.XXX.XXxxx.xxxxxxxx.xxxXxxxxxxx12/17/2020verifiedLow
8XX.XXX.XXX.XXXxxxxx.xxxxxxxxxx.xxxXxxxxxxxXxxxxxx12/17/2020verifiedLow
9XX.XXX.XXX.XXXXxxxxxxx02/13/2024verifiedHigh
10XX.XXX.XXX.XXXxxxxxxxx.xxXxxxxxxx02/13/2024verifiedHigh
11XXX.XXX.XXX.XXXxxxxxxxXxxxxx Xxx12/17/2020verifiedLow
12XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxx.xxXxxxxxxxXxxxx Xxxxxx12/17/2020verifiedLow
13XXX.XX.XX.XXXxxxxxxxXxxxxxx12/17/2020verifiedLow
14XXX.XXX.XX.XXXXxxxxxxx12/17/2020verifiedLow
15XXX.XX.XXX.XXXXxxxxxxx12/17/2020verifiedLow
16XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxxXxxxxxxx12/17/2020verifiedLow
17XXX.XX.XXX.XXXXxxxxxxx02/13/2024verifiedHigh
18XXX.XX.XXX.XXxxxxxxxxxx.xxxxxxxxx.xxxxXxxxxxxx03/10/2022verifiedLow

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94, CWE-1321Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXXxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxxxxxxxxx Xx Xx Xxxxxxxxxxxx XxxxxpredictiveHigh
13TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (85)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/anony/mjpg.cgipredictiveHigh
2File/apply.cgipredictiveMedium
3File/cgi-bin/mainfunction.cgi/apmcfguploadpredictiveHigh
4File/debug/pprofpredictiveMedium
5File/index.php?app=main&func=passport&action=loginpredictiveHigh
6File/login.php?m=admin&c=Field&a=channel_editpredictiveHigh
7File/secure/admin/InsightDefaultCustomFieldConfig.jspapredictiveHigh
8File/uncpath/predictiveMedium
9FileArchivesMapper.xmlpredictiveHigh
10Fileblind\source\high.phppredictiveHigh
11Filexxxx.xxxpredictiveMedium
12Filexxx.xxxpredictiveLow
13Filexxxxxxxxx.xxxxpredictiveHigh
14Filexxxxx/xxxxxxxx-xxxxxxxxx/xxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
15Filexxx.xxxxxxx.xxxpredictiveHigh
16Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxx.xxpredictiveMedium
18Filexxxx.xxxpredictiveMedium
19Filexxx_xxxxxx_xxx_xxxxxx.xpredictiveHigh
20Filexxx/xxxx/xxxx.xpredictiveHigh
21Filexxxxxxxxxxx.xxx/xxxxxxxxxxxpredictiveHigh
22Filexxxxxxxxx/xxxxx/xxxxxxx_xxxxxxx.xxxpredictiveHigh
23Filexxxxxx.xxpredictiveMedium
24Filexxx/xxxxxx.xxxpredictiveHigh
25Filexxxxxxx_xxxx/xxxxxxxx.xxxpredictiveHigh
26Filexxxxx.xxxpredictiveMedium
27Filexxxxxxxxx/xxx/xxx_xxxxxxxx.xxxpredictiveHigh
28Filexxx.xpredictiveLow
29Filexxxxxxxx/xxxxxxxxxpredictiveHigh
30Filexxxxxxx/xxxxx/xx/xxxxxx.xxxxx.xxxpredictiveHigh
31Filexxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxxpredictiveHigh
32Filexxx.xxxpredictiveLow
33Filexxxx_xxx.xxxxpredictiveHigh
34Filexxxxxxx.xxxpredictiveMedium
35Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
36Filexxxx/xxxxxpredictiveMedium
37Filexxxxxx_xxxxxx.xxxpredictiveHigh
38Filexxxx.xxxpredictiveMedium
39Filexxxxxxx.xxxpredictiveMedium
40Filexxxxxxxxx.xxxpredictiveHigh
41Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
42Filexxxxxxxxx/xxxxxxxxxxpredictiveHigh
43Filexxxx-xxxxx.xxxpredictiveHigh
44Filexxxx-xxxxxxxx.xxxpredictiveHigh
45Filexx-xxxxx/xxxxxxxx/xxxxx-xxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
46Filexx-xxxx.xxxpredictiveMedium
47Filexxxx.xxpredictiveLow
48ArgumentxxxxxxxxxxxpredictiveMedium
49ArgumentxxxxxxxxpredictiveMedium
50ArgumentxxxxxpredictiveLow
51ArgumentxxxxxpredictiveLow
52Argumentxxxxxxx_xxpredictiveMedium
53ArgumentxxxpredictiveLow
54ArgumentxxxxxxxxxxxxxxpredictiveHigh
55ArgumentxxxxxxxpredictiveLow
56ArgumentxxpredictiveLow
57ArgumentxxxxxxxxxxxpredictiveMedium
58ArgumentxxxxxxxxxxxxxxxpredictiveHigh
59Argumentxxxxxxx_xxxxxxxpredictiveHigh
60Argumentxxxxxxx[xx_xxx_xxxx]predictiveHigh
61Argumentxxxx_xxxx/xxxxxxx_xxxxxxxxxxxpredictiveHigh
62ArgumentxxpredictiveLow
63Argumentxxxx_xxxxxpredictiveMedium
64ArgumentxxxpredictiveLow
65ArgumentxxxxxpredictiveLow
66ArgumentxxxxxxpredictiveLow
67ArgumentxxxxpredictiveLow
68Argumentxxxx/xxxxxxxpredictiveMedium
69Argumentxxxxxx xxxxxxpredictiveHigh
70ArgumentxxxxxpredictiveLow
71ArgumentxxxxxxxpredictiveLow
72ArgumentxxxxxxxxpredictiveMedium
73ArgumentxxxxxxxxpredictiveMedium
74ArgumentxxxxxxxxpredictiveMedium
75Argumentxxx_xxxxpredictiveMedium
76Argumentxxxx_xxpredictiveLow
77ArgumentxxxxpredictiveLow
78Argumentxxxxxxxx_xxxxxpredictiveHigh
79ArgumentxxxxxxxpredictiveLow
80ArgumentxxxxxpredictiveLow
81ArgumentxxxxxxxxxpredictiveMedium
82ArgumentxxxxxxxxxpredictiveMedium
83Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
84Input ValuexxxxpredictiveLow
85Network Portxxx xxxxxx xxxxpredictiveHigh

References (7)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!