Metamorfo Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (30)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en18
de8
fr2
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA20
TR: Turkey4
PL: Poland4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Metamorfo4
Amadey1
Mekotio1
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined10
Log Management Software4
Smartphone Operating System2
JavaScript Library2
Content Management System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined14
Microsoft4
SysAid2
Google2
Woltlab2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

SysAid ITIL2
Google Android2
Moment.js2
Woltlab Burning Board Lite2
TIBCO JasperReports Server2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Apple macOS MediaRemote privileges management7.67.5$0-$5k$0-$5kNot definedOfficial fix 0.011390.00CVE-2018-4310
2SourceCodester Accounts Manager App delete-account.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000440.08CVE-2024-7748
3SysAid ITIL Filesystem UserSelfServiceSettings.jsp access control6.36.1$0-$5k$0-$5kNot definedNot defined 0.002270.06CVE-2021-43972
4NexusPHP takeconfirm.php sql injection8.58.5$0-$5k$0-$5kNot definedNot defined 0.004870.00CVE-2017-12908
5TIBCO JasperReports Server JNDI Data Sources privilege escalation7.87.8$0-$5k$0-$5kNot definedNot defined 0.031150.00CVE-2022-41561
6Moment.js path traversal6.96.7$0-$5k$0-$5kNot definedOfficial fix 0.005390.00CVE-2022-24785
7Green Hills INTEGRITY RTOS Interpeak IPCOMShell TELNET Server memory corruption8.58.5$0-$5k$0-$5kNot definedNot defined 0.006540.05CVE-2019-7713
8phpGroupWare login.php sql injection7.37.0$0-$5kCalculatingNot definedOfficial fix 0.007830.06CVE-2009-4414
9ImageMagick cache.c PersistPixelCache resource management5.45.1$0-$5k$0-$5kNot definedOfficial fix 0.004210.00CVE-2017-14325
10Symphony content.blueprintspages.php cross site scripting5.25.2$0-$5k$0-$5kNot definedOfficial fix 0.002400.00CVE-2018-12043
11Microsoft Windows MS XML xml external entity reference7.67.5$25k-$100k$0-$5kNot definedOfficial fix 0.281710.02CVE-2019-0791
12MC Coming Soon Script launch_message.php privileges management6.35.7$0-$5k$0-$5kProof-of-ConceptNot defined 0.000000.00
13Microsoft Internet Explorer JsArraySlice memory corruption7.16.4$25k-$100k$0-$5kProof-of-ConceptOfficial fixpossible0.390050.00CVE-2017-11855
14Microsoft Windows VBScript/JScript input validation7.47.2$25k-$100k$5k-$25kNot definedOfficial fix 0.190000.00CVE-2016-3206
15PHP var_unserializer.c deserialization9.89.6$5k-$25k$0-$5kNot definedOfficial fixpossible0.772620.00CVE-2016-7124
16Microsoft XML Core Services access control5.35.3$5k-$25k$0-$5kNot definedNot defined 0.269680.00CVE-2009-0419
17AXIS 2110 Network Camera virtualinput.cgi privileges management7.36.6$0-$5k$0-$5kProof-of-ConceptNot defined 0.140930.05CVE-2004-2425
18Augeas Escape String memory corruption8.58.4$0-$5k$0-$5kNot definedOfficial fix 0.016670.00CVE-2017-7555
19Google Android SSID Hotlist API access control6.56.4$5k-$25k$0-$5kNot definedOfficial fix 0.000160.02CVE-2017-11074
20Cacti graph_settings.php sql injection7.37.3$0-$5k$0-$5kNot definedNot defined 0.007620.00CVE-2014-5262

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
13.145.213.63ec2-3-145-213-63.us-east-2.compute.amazonaws.comMetamorfo09/06/2024verifiedMedium
25.83.162.24cloud8732397.nitrado.cloudMetamorfo04/25/2018verifiedVery Low
3XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxx02/09/2022verifiedVery Low
4XX.XXX.XXX.XXXXxxxxxxxx10/25/2021verifiedLow
5XX.XXX.XXX.XXxxxxxx-xxx-xxx-xx.xxxxxx.xxxxxxxxxx.xxXxxxxxxxx05/31/2021verifiedVery Low
6XXX.XXX.XX.XXxxxx.xxxxxxx.xxXxxxxxxxx02/22/2025verifiedVery High
7XXX.XX.XXX.XXXXxxxxxxxx04/25/2018verifiedLow

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059.007CAPEC-209CWE-79Basic Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/launch_message.phppredictiveHigh
2File/endpoint/delete-account.phppredictiveHigh
3File/UserSelfServiceSettings.jsppredictiveHigh
4Filecontent/content.blueprintspages.phppredictiveHigh
5Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xpredictiveHigh
6Filexxxxx_xxxxxxxx.xxxpredictiveHigh
7Filexxxxx.xxxpredictiveMedium
8Filexxxx_xxxx.xxxpredictiveHigh
9Filexxxxx.xxxpredictiveMedium
10Filexxxxxx/xxxxx.xpredictiveHigh
11Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
12Filexxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxxxxxxxx.xxxpredictiveHigh
15Filexxxxxx.xxxpredictiveMedium
16Filexxxxxxxxxxxx.xxxpredictiveHigh
17ArgumentxxxxxxxpredictiveLow
18ArgumentxxxpredictiveLow
19Argumentxxxx_xxpredictiveLow
20ArgumentxxxxxxpredictiveLow
21ArgumentxxxxxxpredictiveLow
22ArgumentxxpredictiveLow
23ArgumentxxxxpredictiveLow
24ArgumentxxxxxxpredictiveLow
25Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
26ArgumentxxxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Samples (4)

The following list contains associated samples:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!