menuPass Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (157)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en112
zh34
fr6
it4
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA140
IT: Italy2
FR: France2
ID: Indonesia2
CN: China2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

menuPass3
APT101
APT411
FIN71
Dridex1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined68
Content Management System12
Application Server Software8
Connectivity Software6
Web Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined52
Apache14
Cisco4
Oracle4
Kepler Lam4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache Tomcat8
ThinkPHP4
OpenSSH4
WordPress4
Kepler Lam IpTools4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Kubernetes kubelet pprof information disclosure7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.601310.00CVE-2019-11248
2EyouCMS Backend deserialization4.74.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-3431
3shell-quote Windows Drive Letter exec os command injection5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002760.00CVE-2021-42740
4Rockwellautomation 1756-ENBT series A Firmware perform access control10.010.0$0-$5k$0-$5kNot DefinedNot Defined0.515250.00CVE-2010-2965
5Simple Link Directory Plugin SQL Statement qcopd_upvote_action sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.027050.00CVE-2022-0760
6nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.25CVE-2020-12440
7Litespeed Technologies OpenLiteSpeed access control8.07.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.085410.00CVE-2021-26758
8DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.38CVE-2010-0966
9emercoin Header resource consumption6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.002450.00CVE-2018-19152
10OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.13CVE-2016-6210
11Squid Web Proxy FTP Server information disclosure6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.009310.05CVE-2019-12528
12Microsoft Edge unknown vulnerability4.34.1$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000870.00CVE-2024-30056
13cnoa OA hard-coded password7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.00CVE-2023-2799
14Apache HTTP Server mod_cache null pointer dereference5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.041470.06CVE-2013-4352
15Joomla CMS Media Form Field cross site scripting5.24.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.001370.04CVE-2019-9714
16Joomla CMS Edit View cross site scripting5.24.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.001370.00CVE-2019-9711
17PHP exif.c exif_read_data use after free8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.005360.00CVE-2018-12882
18Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.22CVE-2020-15906
19TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010751.25CVE-2006-6168
20eSyndicat Directory Software suggest-listing.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000001.34

Campaigns (3)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
160.2.148.167menuPassPoison Ivy12/17/2020verifiedLow
260.10.1.114hebei.10.60.in-addr.arpamenuPassPoison Ivy12/17/2020verifiedLow
360.10.1.115hebei.10.60.in-addr.arpamenuPassPoison Ivy12/17/2020verifiedLow
460.10.1.120hebei.10.60.in-addr.arpamenuPassPoison Ivy12/17/2020verifiedLow
5XX.XX.X.XXXxxxxx.xx.xx.xx-xxxx.xxxxXxxxxxxxXxxxxx Xxx12/17/2020verifiedLow
6XX.XXX.XXX.XXxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxXxxxx Xxxxxx12/17/2020verifiedVery Low
7XX.XXX.XXX.XXxxx.xxxxxxxx.xxxXxxxxxxx12/17/2020verifiedLow
8XX.XXX.XXX.XXXxxxxx.xxxxxxxxxx.xxxXxxxxxxxXxxxxxx12/17/2020verifiedLow
9XX.XXX.XXX.XXXXxxxxxxx02/13/2024verifiedVery High
10XX.XXX.XXX.XXXxxxxxxxx.xxXxxxxxxx02/13/2024verifiedVery High
11XXX.XXX.XXX.XXXxxxxxxxXxxxxx Xxx12/17/2020verifiedLow
12XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxx.xxXxxxxxxxXxxxx Xxxxxx12/17/2020verifiedLow
13XXX.XX.XX.XXXxxxxxxxXxxxxxx12/17/2020verifiedLow
14XXX.XXX.XX.XXXXxxxxxxx12/17/2020verifiedLow
15XXX.XX.XXX.XXXXxxxxxxx12/17/2020verifiedLow
16XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxxXxxxxxxx12/17/2020verifiedLow
17XXX.XX.XXX.XXXXxxxxxxx02/13/2024verifiedVery High
18XXX.XX.XXX.XXxxxxxxxxxx.xxxxxxxxx.xxxxXxxxxxxx03/10/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94, CWE-1321Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-464CWE-XXXXxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxxxxxxxxx Xx Xx Xxxxxxxxxxxx XxxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (80)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/anony/mjpg.cgipredictiveHigh
2File/debug/pprofpredictiveMedium
3File/index.php?app=main&func=passport&action=loginpredictiveHigh
4File/login.php?m=admin&c=Field&a=channel_editpredictiveHigh
5File/secure/admin/InsightDefaultCustomFieldConfig.jspapredictiveHigh
6File/uncpath/predictiveMedium
7FileArchivesMapper.xmlpredictiveHigh
8Fileblind\source\high.phppredictiveHigh
9Filecart.phppredictiveMedium
10Filecat.phppredictiveLow
11Filexxxxxxxxx.xxxxpredictiveHigh
12Filexxxxx/xxxxxxxx-xxxxxxxxx/xxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
13Filexxx.xxxxxxx.xxxpredictiveHigh
14Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
15Filexxxxxx.xxpredictiveMedium
16Filexxxx.xxxpredictiveMedium
17Filexxx_xxxxxx_xxx_xxxxxx.xpredictiveHigh
18Filexxx/xxxx/xxxx.xpredictiveHigh
19Filexxxxxxxxxxx.xxx/xxxxxxxxxxxpredictiveHigh
20Filexxxxxxxxx/xxxxx/xxxxxxx_xxxxxxx.xxxpredictiveHigh
21Filexxxxxx.xxpredictiveMedium
22Filexxx/xxxxxx.xxxpredictiveHigh
23Filexxxxxxx_xxxx/xxxxxxxx.xxxpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxxxxxxxx/xxx/xxx_xxxxxxxx.xxxpredictiveHigh
26Filexxx.xpredictiveLow
27Filexxxxxxxx/xxxxxxxxxpredictiveHigh
28Filexxxxxxx/xxxxx/xx/xxxxxx.xxxxx.xxxpredictiveHigh
29Filexxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxxpredictiveHigh
30Filexxx.xxxpredictiveLow
31Filexxxx_xxx.xxxxpredictiveHigh
32Filexxxxxxx.xxxpredictiveMedium
33Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
34Filexxxx/xxxxxpredictiveMedium
35Filexxxxxx_xxxxxx.xxxpredictiveHigh
36Filexxxx.xxxpredictiveMedium
37Filexxxxxxx.xxxpredictiveMedium
38Filexxxxxxxxx.xxxpredictiveHigh
39Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
40Filexxxxxxxxx/xxxxxxxxxxpredictiveHigh
41Filexxxx-xxxxx.xxxpredictiveHigh
42Filexxxx-xxxxxxxx.xxxpredictiveHigh
43Filexx-xxxxx/xxxxxxxx/xxxxx-xxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
44Filexx-xxxx.xxxpredictiveMedium
45Filexxxx.xxpredictiveLow
46ArgumentxxxxxxxxxxxpredictiveMedium
47ArgumentxxxxxxxxpredictiveMedium
48ArgumentxxxxxpredictiveLow
49ArgumentxxxxxpredictiveLow
50Argumentxxxxxxx_xxpredictiveMedium
51ArgumentxxxpredictiveLow
52ArgumentxxxxxxxxxxxxxxpredictiveHigh
53ArgumentxxxxxxxpredictiveLow
54ArgumentxxpredictiveLow
55ArgumentxxxxxxxxxxxpredictiveMedium
56ArgumentxxxxxxxxxxxxxxxpredictiveHigh
57Argumentxxxxxxx_xxxxxxxpredictiveHigh
58Argumentxxxxxxx[xx_xxx_xxxx]predictiveHigh
59Argumentxxxx_xxxx/xxxxxxx_xxxxxxxxxxxpredictiveHigh
60ArgumentxxpredictiveLow
61Argumentxxxx_xxxxxpredictiveMedium
62ArgumentxxxpredictiveLow
63ArgumentxxxxxpredictiveLow
64ArgumentxxxxxxpredictiveLow
65ArgumentxxxxpredictiveLow
66Argumentxxxx/xxxxxxxpredictiveMedium
67Argumentxxxxxx xxxxxxpredictiveHigh
68ArgumentxxxxxpredictiveLow
69ArgumentxxxxxxxxpredictiveMedium
70ArgumentxxxxxxxxpredictiveMedium
71ArgumentxxxxxxxxpredictiveMedium
72Argumentxxx_xxxxpredictiveMedium
73Argumentxxxx_xxpredictiveLow
74ArgumentxxxxpredictiveLow
75ArgumentxxxxxpredictiveLow
76ArgumentxxxxxxxxxpredictiveMedium
77ArgumentxxxxxxxxxpredictiveMedium
78Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
79Input ValuexxxxpredictiveLow
80Network Portxxx xxxxxx xxxxpredictiveHigh

References (7)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!