Mettle Analysis

IOB - Indicator of Behavior (27)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en26
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us24
vn4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Dnsmasq4
pfSense2
NoneCms2
Creolabs Gravity2
Magento2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Dnsmasq extract_name heap-based overflow5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00144CVE-2021-45954
2TP-LINK TL-WR841N Firmware path traversal7.57.5$0-$5k$0-$5kHighNot Defined0.000.02952CVE-2012-5687
3devise-two-factor excessive authentication5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00043CVE-2024-0227
4pfSense diag_command.php csrf_callback cross-site request forgery6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00180CVE-2019-16667
5Apache Superset REST API Get Endpoint access control5.85.8$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00270CVE-2022-45438
6WordPress Scheduled Task wp-cron.php resource consumption6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.040.00080CVE-2023-22622
7Dnsmasq fuzz_rfc1035.c resize_packet heap-based overflow5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00144CVE-2021-45955
8Dnsmasq print_mac heap-based overflow5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00144CVE-2021-45956
9Dnsmasq rfc1035.c extract_name heap-based overflow7.77.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.10872CVE-2020-25682
10Dnsmasq fuzz_rfc1035.c answer_request heap-based overflow5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00144CVE-2021-45957
11PHP FPM SAPI out-of-bounds write8.07.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.040.00148CVE-2021-21703
12Magento Deserialization deserialization8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.000.00587CVE-2020-3716
13Magento sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00582CVE-2019-7139
14Google Android file_input_stream.cc Read memory corruption7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00105CVE-2019-2105
15Google Android TQS App memscpy memory corruption8.58.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00187CVE-2015-9173
16nginx HTTP/2 resource consumption6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.02974CVE-2018-16844
17Moodle Installation information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00187CVE-2012-4403
18NoneCms App.php input validation8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.040.96678CVE-2018-20062
19Creolabs Gravity gravity_lexer.c use after free8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00331CVE-2017-1000172
20Squid Proxy HTTP Request data authenticity8.78.1$5k-$25k$0-$5kUnprovenOfficial Fix0.030.52868CVE-2016-4553

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1118.70.80.143Mettle02/12/2022verifiedHigh
2XXX.XXX.XX.XXXXxxxxx02/12/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Path TraversalpredictiveHigh
2T1059.007CWE-80Cross Site ScriptingpredictiveHigh
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Filediag_command.phppredictiveHigh
2Filefile_input_stream.ccpredictiveHigh
3Filexxxx_xxxxxxx.xpredictiveHigh
4Filexxxxxxx_xxxxx.xpredictiveHigh
5Filexxxxxxx.xpredictiveMedium
6Filexxxxxxxx/xxxxxxxxpredictiveHigh
7Filexx-xxxx.xxxpredictiveMedium
8Libraryxxxxxxxx/xxxxxxx/xxxxx/xxx.xxxpredictiveHigh
9Argumentxxxxxxxx_xxpredictiveMedium
10ArgumentxxxxxxpredictiveLow
11Argumentxxxxxxxxxx/xxxxxxxxxxxxxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!