Metamorfo Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (25)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	10
de	6
es	6
fr	2
it	2

Country

us	16
pl	6
tr	4

Actors

Metamorfo	2

Activities

Interest

Timeline

Type

E-Commerce Management Software	4
Operating System	4
Not Defined	4
Log Management Software	4
Content Management System	2

Vendor

Not Defined	14
Woltlab	2
Microsoft	2
Apple	2
Opera	2

Product

OpenCart	4
Woltlab Burning Board Lite	2
Microsoft Windows	2
PHP	2
MC Coming Soon Script	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Apple macOS MediaRemote privileges management	7.6	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00377	0.00	CVE-2018-4310
2	Green Hills INTEGRITY RTOS Interpeak IPCOMShell TELNET Server memory corruption	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00308	0.00	CVE-2019-7713
3	phpGroupWare login.php sql injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00361	0.00	CVE-2009-4414
4	ImageMagick cache.c PersistPixelCache resource management	5.4	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00103	0.00	CVE-2017-14325
5	Symphony content.blueprintspages.php cross site scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00072	0.00	CVE-2018-12043
6	Microsoft Windows MS XML xml external entity reference	7.6	7.5	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.03103	0.00	CVE-2019-0791
7	MC Coming Soon Script launch_message.php privileges management	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
8	Microsoft Internet Explorer JsArraySlice memory corruption	7.1	6.4	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.75899	0.04	CVE-2017-11855
9	Microsoft Windows VBScript/JScript input validation	7.4	7.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.10806	0.02	CVE-2016-3206
10	PHP var_unserializer.c deserialization	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02767	0.06	CVE-2016-7124
11	Microsoft XML Core Services access control	5.3	5.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00431	0.02	CVE-2009-0419
12	AXIS 2110 Network Camera virtualinput.cgi privileges management	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05684	0.02	CVE-2004-2425
13	Augeas Escape String memory corruption	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03158	0.00	CVE-2017-7555
14	Google Android SSID Hotlist API access control	6.5	6.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.04	CVE-2017-11074
15	Cacti graph_settings.php sql injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00346	0.00	CVE-2014-5262
16	cacti sql injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00454	0.00	CVE-2013-5589
17	Woltlab Burning Board Lite thread.php decode_cookie sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00931	0.00	CVE-2006-6237
18	vBulletin redirector.php	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00106	0.04	CVE-2018-6200
19	Kaotik Kshop product_details.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00886	0.03	CVE-2007-1810
20	MidiCart PHP Shopping Cart item_show.php sql injection	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.05

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	5.83.162.24	cloud8732397.nitrado.cloud	Metamorfo	04/25/2018	verified	High
2	XX.XXX.XXX.XXX	xxx-xx-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxxxxxx	02/09/2022	verified	Medium
3	XX.XXX.XXX.XXX		Xxxxxxxxx	10/25/2021	verified	High
4	XX.XXX.XXX.XX	xxxxxx-xxx-xxx-xx.xxxxxx.xxxxxxxxxx.xx	Xxxxxxxxx	05/31/2021	verified	High
5	XXX.XX.XXX.XXX		Xxxxxxxxx	04/25/2018	verified	High

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	High
2	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
3	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
4	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
5	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/admin/launch_message.php	predictive	High
2	File	content/content.blueprintspages.php	predictive	High
3	File	ext/standard/var_unserializer.c	predictive	High
4	File	xxxxx_xxxxxxxx.xxx	predictive	High
5	File	xxxxx.xxx	predictive	Medium
6	File	xxxx_xxxx.xxx	predictive	High
7	File	xxxxx.xxx	predictive	Medium
8	File	xxxxxx/xxxxx.x	predictive	High
9	File	xxxxxxx_xxxxxxx.xxx	predictive	High
10	File	xxxxxxxxxx.xxx	predictive	High
11	File	xxxxxxxxxxxx.xxx	predictive	High
12	File	xxxxxx.xxx	predictive	Medium
13	File	xxxxxxxxxxxx.xxx	predictive	High
14	Argument	xxx	predictive	Low
15	Argument	xxxx_xx	predictive	Low
16	Argument	xxxxxx	predictive	Low
17	Argument	xx	predictive	Low
18	Argument	xxxx	predictive	Low
19	Argument	xxxxxx	predictive	Low
20	Argument	xxx	predictive	Low

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Samples (2)

The following list contains associated samples:

◂ PreviousOverviewNext ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!