menuPass Analysis

IOB - Indicator of Behavior (74)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	56
zh	8
it	4
fr	4
es	2

Country

us	50
cn	4
it	2
ua	2
gb	2

Actors

APT10	2
menuPass	2
APT41	1
Inception	1

Activities

Interest

Timeline

Type

Not Defined	34
Operating System	6
Content Management System	6
Photo Gallery Software	4
Connectivity Software	4

Vendor

Not Defined	28
Apache	6
JV2	2
Cisco	2
EMC	2

Product

OpenSSH	4
Apache Tomcat	4
Apache HTTP Server	2
Spyce	2
JV2 Folder Gallery	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	nginx request smuggling	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	3.00	0.00000	CVE-2020-12440
2	Litespeed Technologies OpenLiteSpeed access control	8.0	7.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01	0.07308	CVE-2021-26758
3	emercoin Header resource consumption	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01	0.01055	CVE-2018-19152
4	OpenSSH Authentication Username information disclosure	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.42	0.49183	CVE-2016-6210
5	Apple tvOS WebKit memory corruption	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.05	0.01889	CVE-2021-30849
6	Igno Saitz libmikmod denial of service	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01	0.01537	CVE-2007-6720
7	PEEL phpinfo.php phpinfo information disclosure	5.3	5.1	$0-$5k	$0-$5k	High	Unavailable	0.00	0.01136	CVE-2008-1506
8	Gallery file inclusion	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01	0.06790	CVE-2004-2124
9	Apple iOS Cache dyld.cpp openSharedCacheFile memory corruption	9.0	8.6	$100k and more	$0-$5k	Not Defined	Official Fix	0.09	0.01108	CVE-2013-3950
10	OKLite File Upload modulec_control.php unrestricted upload	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00885	CVE-2019-16131
11	HPE System Management Homepage improper authentication	5.8	5.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.04	0.00890	CVE-2017-12549
12	Google Android ion.c ion_buffer_kmap_get integer overflow	5.3	5.1	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.05	0.01036	CVE-2021-39714
13	Maccms Video cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00885	CVE-2021-45787
14	FreeBSD Ping pr_pack stack-based overflow	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.09	0.00000	CVE-2022-23093
15	Seafile authorization	6.5	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00885	CVE-2021-43820
16	Spyce cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.08	0.01917	CVE-2008-0980
17	OpenSSH ssh-agent double free	5.8	5.6	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.14	0.01282	CVE-2021-28041
18	SOY CMS Inquiry Form deserialization	8.6	7.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01	0.05634	CVE-2020-15188
19	Zoho ManageEngine ServiceDesk Plus REST-API improper authentication	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00885	CVE-2021-37415

Campaigns (3)

These are the campaigns that can be associated with the actor:

Cloud Hopper
Xxxxxxx
Xxxxxx Xxx

IOC - Indicator of Compromise (15)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Type	Confidence
1	60.2.148.167		menuPass	Poison Ivy	verified	High
2	60.10.1.114	hebei.10.60.in-addr.arpa	menuPass	Poison Ivy	verified	High
3	60.10.1.115	hebei.10.60.in-addr.arpa	menuPass	Poison Ivy	verified	High
4	XX.XX.X.XXX	xxxxx.xx.xx.xx-xxxx.xxxx	Xxxxxxxx	Xxxxxx Xxx	verified	High
5	XX.XX.X.XXX	xxxxx.xx.xx.xx-xxxx.xxxx	Xxxxxxxx	Xxxxxx Xxx	verified	High
6	XX.XXX.XXX.XX	xxxxxx.xxxxxxxxxxxxx.xxx	Xxxxxxxx	Xxxxx Xxxxxx	verified	High
7	XX.XXX.XXX.XX	xxx.xxxxxxxx.xxx	Xxxxxxxx		verified	High
8	XX.XXX.XXX.XXX	xxxxx.xxxxxxxxxx.xxx	Xxxxxxxx	Xxxxxxx	verified	High
9	XXX.XXX.XXX.XX		Xxxxxxxx	Xxxxxx Xxx	verified	High
10	XXX.XXX.XX.XXX	xxx-xxx-xx-xxx.xxxxxx.xxxx.xx	Xxxxxxxx	Xxxxx Xxxxxx	verified	High
11	XXX.XX.XX.XX		Xxxxxxxx	Xxxxxxx	verified	High
12	XXX.XXX.XX.XXX		Xxxxxxxx		verified	High
13	XXX.XX.XXX.XXX		Xxxxxxxx		verified	High
14	XXX.XX.XXX.XXX	xxxxxxx.xxxxx.xxx	Xxxxxxxx		verified	High
15	XXX.XX.XXX.XX	xxxxxxxxxx.xxxxxxxxx.xxxx	Xxxxxxxx		verified	High

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CWE-22	Pathname Traversal	predictive	High
2	T1059	CWE-94	Cross Site Scripting	predictive	High
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	High
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx Xxxxxxxx	predictive	High
6	TXXXX	CWE-XX	Xxxxxxx Xxxxxxxxx	predictive	High
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
9	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
10	TXXXX	CWE-XXX	Xxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx Xxxx	predictive	High
11	TXXXX	CWE-XXX	Xxxxxxxxxxxxx	predictive	High
12	TXXXX	CWE-XXX	X2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx Xxxxxxxxxx	predictive	High
13	TXXXX.XXX	CWE-XXX	Xxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (41)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/anony/mjpg.cgi	predictive	High
2	File	/secure/admin/InsightDefaultCustomFieldConfig.jspa	predictive	High
3	File	/uncpath/	predictive	Medium
4	File	cart.php	predictive	Medium
5	File	categorie.php3	predictive	High
6	File	xxxxx/xxxxxxxx-xxxxxxxxx/xxxxxxxxxxxxxxx.xxxxx.xxx	predictive	High
7	File	xxx.xxxxxxx.xxx	predictive	High
8	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
9	File	xxxx.xxx	predictive	Medium
10	File	xxxxxxxxx/xxxxx/xxxxxxx_xxxxxxx.xxx	predictive	High
11	File	xxx/xxxxxx.xxx	predictive	High
12	File	xxxxxxx_xxxx/xxxxxxxx.xxx	predictive	High
13	File	xxxxxxxxx/xxx/xxx_xxxxxxxx.xxx	predictive	High
14	File	xxx.x	predictive	Low
15	File	xxxx_xxx.xxxx	predictive	High
16	File	xxxxxxx.xxx	predictive	Medium
17	File	xxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]	predictive	High
18	File	xxxx/xxxxx	predictive	Medium
19	File	xxxx.xxx	predictive	Medium
20	File	xxxxxxxxx/xxxxxxxxxx	predictive	High
21	File	xx-xxxxx/xxxxxxxx/xxxxx-xxxx-xxxxxx-xxxxxxxx.xxx	predictive	High
22	File	xxxx.xx	predictive	Low
23	Argument	xxxxxxxx	predictive	Medium
24	Argument	xxxxx	predictive	Low
25	Argument	xxx	predictive	Low
26	Argument	xxxxxxxxxxx	predictive	Medium
27	Argument	xxxxxxxxxxxxxxx	predictive	High
28	Argument	xxxxxxx_xxxxxxx	predictive	High
29	Argument	xxxxxxx[xx_xxx_xxxx]	predictive	High
30	Argument	xxxx_xxxx/xxxxxxx_xxxxxxxxxxx	predictive	High
31	Argument	xx	predictive	Low
32	Argument	xxxxxx	predictive	Low
33	Argument	xxxx/xxxxxxx	predictive	Medium
34	Argument	xxxxxx xxxxxx	predictive	High
35	Argument	xxxxxxxx	predictive	Medium
36	Argument	xxxxxxxx	predictive	Medium
37	Argument	xxxx_xx	predictive	Low
38	Argument	xxxx	predictive	Low
39	Argument	xxxxxxxxx	predictive	Medium
40	Input Value	xxxx	predictive	Low
41	Network Port	xxx xxxxxx xxxx	predictive	High

References (6)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!