Mettle Analysis

IOB - Indicator of Behavior (23)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en24

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us16
vn8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Dnsmasq4
Google Android4
NoneCms2
PHP2
Microsoft Windows2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Dnsmasq extract_name heap-based overflow5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.01018CVE-2021-45954
2TP-LINK TL-WR841N Firmware path traversal7.57.5$0-$5k$0-$5kHighNot Defined0.040.34958CVE-2012-5687
3Dnsmasq fuzz_rfc1035.c resize_packet heap-based overflow5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.020.01018CVE-2021-45955
4Dnsmasq print_mac heap-based overflow5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.030.01018CVE-2021-45956
5Dnsmasq rfc1035.c extract_name heap-based overflow7.77.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020.02762CVE-2020-25682
6Dnsmasq fuzz_rfc1035.c answer_request heap-based overflow5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.040.01018CVE-2021-45957
7PHP FPM SAPI out-of-bounds write8.07.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.080.01282CVE-2021-21703
8Magento Deserialization deserialization8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.040.01086CVE-2020-3716
9Magento sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2019-7139
10Google Android file_input_stream.cc Read memory corruption7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.040.01156CVE-2019-2105
11Google Android TQS App memscpy memory corruption8.58.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.050.00885CVE-2015-9173
12nginx HTTP2 resource consumption6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01537CVE-2018-16844
13Moodle Installation information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.01136CVE-2012-4403
14NoneCms App.php input validation8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.84378CVE-2018-20062
15Creolabs Gravity gravity_lexer.c use after free8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.04083CVE-2017-1000172
16Squid Proxy HTTP Request data authenticity8.78.1$5k-$25k$0-$5kUnprovenOfficial Fix0.010.03779CVE-2016-4553
17Mozilla Firefox memory corruption8.07.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.010.01018CVE-2017-7811
18Pivotal RabbitMQ password access control7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.050.01018CVE-2016-9877
19Microsoft Windows IIS IPP Service numeric error6.35.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.020.36902CVE-2008-1446
20WPHRM Human Resource Management System sql injection7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.01564CVE-2017-14848

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
1118.70.80.143MettleverifiedHigh
2XXX.XXX.XX.XXXXxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Filefile_input_stream.ccpredictiveHigh
2Filefuzz_rfc1035.cpredictiveHigh
3Filexxxxxxx_xxxxx.xpredictiveHigh
4Filexxxxxxx.xpredictiveMedium
5Filexxxxxxxx/xxxxxxxxpredictiveHigh
6Libraryxxxxxxxx/xxxxxxx/xxxxx/xxx.xxxpredictiveHigh
7Argumentxxxxxxxx_xxpredictiveMedium
8ArgumentxxxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!