menuPass Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (151)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	94
zh	38
it	8
fr	6
es	2

Country

us	140
cn	4
id	2
it	2
ua	2

Actors

menuPass	3
FIN7	1
Dridex	1
TrickBot	1
Conti	1

Activities

Interest

Timeline

Type

Not Defined	60
Operating System	8
Web Server	6
Application Server Software	6
Database Software	4

Vendor

Not Defined	50
Apache	12
Apple	8
HPE	8
Oracle	6

Product

Apache Tomcat	6
ThinkPHP	6
Apple iOS	4
PhonePe Wallet	2
Alfresco Community Edition	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	Kubernetes kubelet pprof information disclosure	7.3	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05	0.53513	CVE-2019-11248
2	shell-quote Windows Drive Letter exec os command injection	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00160	CVE-2021-42740
3	Rockwellautomation 1756-ENBT series A Firmware perform access control	10.0	10.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.48259	CVE-2010-2965
4	Simple Link Directory Plugin SQL Statement qcopd_upvote_action sql injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.02705	CVE-2022-0760
5	nginx request smuggling	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.30	0.00241	CVE-2020-12440
6	Litespeed Technologies OpenLiteSpeed access control	8.0	7.6	$0-$5k	Calculating	Proof-of-Concept	Not Defined	0.00	0.06285	CVE-2021-26758
7	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.79	0.00943	CVE-2010-0966
8	emercoin Header resource consumption	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00245	CVE-2018-19152
9	OpenSSH Authentication Username information disclosure	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.04	0.10737	CVE-2016-6210
10	Joomla CMS Media Form Field cross site scripting	5.2	4.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00137	CVE-2019-9714
11	Joomla CMS Edit View cross site scripting	5.2	4.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00137	CVE-2019-9711
12	PHP exif.c exif_read_data use after free	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00536	CVE-2018-12882
13	Tiki Admin Password tiki-login.php improper authentication	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	5.68	0.00936	CVE-2020-15906
14	TikiWiki tiki-register.php input validation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	10.00	0.01009	CVE-2006-6168
15	eSyndicat Directory Software suggest-listing.php cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00000
16	Oracle Database Server Privilege Escalation	6.3	6.3	$5k-$25k	Calculating	High	Not Defined	0.02	0.05635	CVE-2010-0866
17	WP ALL Export Pro Plugin cross-site request forgery	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00136	CVE-2023-5882
18	EMC Replication Manager credentials management	4.0	3.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00042	CVE-2013-3272
19	WordPress input validation	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00576	CVE-2013-2204
20	WordPress information disclosure	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00358	CVE-2013-2202

Campaigns (3)

These are the campaigns that can be associated with the actor:

Cloud Hopper
Xxxxxxx
Xxxxxx Xxx

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	60.2.148.167		menuPass	Poison Ivy	12/17/2020	verified	High
2	60.10.1.114	hebei.10.60.in-addr.arpa	menuPass	Poison Ivy	12/17/2020	verified	High
3	60.10.1.115	hebei.10.60.in-addr.arpa	menuPass	Poison Ivy	12/17/2020	verified	High
4	60.10.1.120	hebei.10.60.in-addr.arpa	menuPass	Poison Ivy	12/17/2020	verified	High
5	XX.XX.X.XXX	xxxxx.xx.xx.xx-xxxx.xxxx	Xxxxxxxx	Xxxxxx Xxx	12/17/2020	verified	High
6	XX.XXX.XXX.XX	xxxxxx.xxxxxxxxxxxxx.xxx	Xxxxxxxx	Xxxxx Xxxxxx	12/17/2020	verified	High
7	XX.XXX.XXX.XX	xxx.xxxxxxxx.xxx	Xxxxxxxx		12/17/2020	verified	High
8	XX.XXX.XXX.XXX	xxxxx.xxxxxxxxxx.xxx	Xxxxxxxx	Xxxxxxx	12/17/2020	verified	High
9	XX.XXX.XXX.XXX		Xxxxxxxx		02/13/2024	verified	High
10	XX.XXX.XXX.XXX	xxxxxxxx.xx	Xxxxxxxx		02/13/2024	verified	High
11	XXX.XXX.XXX.XX		Xxxxxxxx	Xxxxxx Xxx	12/17/2020	verified	High
12	XXX.XXX.XX.XXX	xxx-xxx-xx-xxx.xxxxxx.xxxx.xx	Xxxxxxxx	Xxxxx Xxxxxx	12/17/2020	verified	High
13	XXX.XX.XX.XX		Xxxxxxxx	Xxxxxxx	12/17/2020	verified	High
14	XXX.XXX.XX.XXX		Xxxxxxxx		12/17/2020	verified	High
15	XXX.XX.XXX.XXX		Xxxxxxxx		12/17/2020	verified	High
16	XXX.XX.XXX.XXX	xxxxxxx.xxxxx.xxx	Xxxxxxxx		12/17/2020	verified	High
17	XXX.XX.XXX.XXX		Xxxxxxxx		02/13/2024	verified	High
18	XXX.XX.XXX.XX	xxxxxxxxxx.xxxxxxxxx.xxxx	Xxxxxxxx		03/10/2022	verified	High

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CWE-22	Path Traversal	predictive	High
2	T1059	CWE-94, CWE-1321	Argument Injection	predictive	High
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	High
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	High
6	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
9	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
10	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
11	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
12	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High
13	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (77)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/anony/mjpg.cgi	predictive	High
2	File	/debug/pprof	predictive	Medium
3	File	/secure/admin/InsightDefaultCustomFieldConfig.jspa	predictive	High
4	File	/uncpath/	predictive	Medium
5	File	ArchivesMapper.xml	predictive	High
6	File	blind\source\high.php	predictive	High
7	File	cart.php	predictive	Medium
8	File	cat.php	predictive	Low
9	File	categorie.php3	predictive	High
10	File	xxxxx/xxxxxxxx-xxxxxxxxx/xxxxxxxxxxxxxxx.xxxxx.xxx	predictive	High
11	File	xxx.xxxxxxx.xxx	predictive	High
12	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
13	File	xxxxxx.xx	predictive	Medium
14	File	xxxx.xxx	predictive	Medium
15	File	xxx_xxxxxx_xxx_xxxxxx.x	predictive	High
16	File	xxx/xxxx/xxxx.x	predictive	High
17	File	xxxxxxxxxxx.xxx/xxxxxxxxxxx	predictive	High
18	File	xxxxxxxxx/xxxxx/xxxxxxx_xxxxxxx.xxx	predictive	High
19	File	xxxxxx.xx	predictive	Medium
20	File	xxx/xxxxxx.xxx	predictive	High
21	File	xxxxxxx_xxxx/xxxxxxxx.xxx	predictive	High
22	File	xxxxx.xxx	predictive	Medium
23	File	xxxxxxxxx/xxx/xxx_xxxxxxxx.xxx	predictive	High
24	File	xxx.x	predictive	Low
25	File	xxxxxxxx/xxxxxxxxx	predictive	High
26	File	xxxxxxx/xxxxx/xx/xxxxxx.xxxxx.xxx	predictive	High
27	File	xxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxx	predictive	High
28	File	xxx.xxx	predictive	Low
29	File	xxxx_xxx.xxxx	predictive	High
30	File	xxxxxxx.xxx	predictive	Medium
31	File	xxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]	predictive	High
32	File	xxxx/xxxxx	predictive	Medium
33	File	xxxxxx_xxxxxx.xxx	predictive	High
34	File	xxxx.xxx	predictive	Medium
35	File	xxxxxxx.xxx	predictive	Medium
36	File	xxxxxxxxx.xxx	predictive	High
37	File	xxxxxxx-xxxxxxx.xxx	predictive	High
38	File	xxxxxxxxx/xxxxxxxxxx	predictive	High
39	File	xxxx-xxxxx.xxx	predictive	High
40	File	xxxx-xxxxxxxx.xxx	predictive	High
41	File	xx-xxxxx/xxxxxxxx/xxxxx-xxxx-xxxxxx-xxxxxxxx.xxx	predictive	High
42	File	xx-xxxx.xxx	predictive	Medium
43	File	xxxx.xx	predictive	Low
44	Argument	xxxxxxxxxxx	predictive	Medium
45	Argument	xxxxxxxx	predictive	Medium
46	Argument	xxxxx	predictive	Low
47	Argument	xxxxx	predictive	Low
48	Argument	xxx	predictive	Low
49	Argument	xxxxxxxxxxxxxx	predictive	High
50	Argument	xxxxxxx	predictive	Low
51	Argument	xx	predictive	Low
52	Argument	xxxxxxxxxxx	predictive	Medium
53	Argument	xxxxxxxxxxxxxxx	predictive	High
54	Argument	xxxxxxx_xxxxxxx	predictive	High
55	Argument	xxxxxxx[xx_xxx_xxxx]	predictive	High
56	Argument	xxxx_xxxx/xxxxxxx_xxxxxxxxxxx	predictive	High
57	Argument	xx	predictive	Low
58	Argument	xxxx_xxxxx	predictive	Medium
59	Argument	xxx	predictive	Low
60	Argument	xxxxx	predictive	Low
61	Argument	xxxxxx	predictive	Low
62	Argument	xxxx	predictive	Low
63	Argument	xxxx/xxxxxxx	predictive	Medium
64	Argument	xxxxxx xxxxxx	predictive	High
65	Argument	xxxxx	predictive	Low
66	Argument	xxxxxxxx	predictive	Medium
67	Argument	xxxxxxxx	predictive	Medium
68	Argument	xxxxxxxx	predictive	Medium
69	Argument	xxx_xxxx	predictive	Medium
70	Argument	xxxx_xx	predictive	Low
71	Argument	xxxx	predictive	Low
72	Argument	xxxxx	predictive	Low
73	Argument	xxxxxxxxx	predictive	Medium
74	Argument	xxxxxxxxx	predictive	Medium
75	Input Value	::$xxxxx_xxxxxxxxxx	predictive	High
76	Input Value	xxxx	predictive	Low
77	Network Port	xxx xxxxxx xxxx	predictive	High

References (7)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!