Midas Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (29)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	22
zh	4
ru	2
es	2

Country

US: USA	20
CN: China	8
RU: Russia	2

Actors

Midas	2
Conti	1
TrickBot	1
Mustang Panda	1
Cobalt Strike	1

Activities

Interest

Timeline

Type

Not Defined	14
Operating System	2
File Transfer Software	2
E-Commerce Management Software	2
WordPress Plugin	2

Vendor

Not Defined	8
Cakefoundation	6
SolarWinds	2
Samsung	2
CodeIgniter	2

Product

Cakefoundation CakePHP	6
Gitblit	4
FreeBSD	2
SolarWinds Serv-U	2
Samsung Tags	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	CakePHP offset sql injection	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00186	0.00	CVE-2023-22727
2	Microsoft Exchange Server Privilege Escalation	8.8	7.7	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00176	0.05	CVE-2023-21529
3	CodeIgniter Ecommerce-CodeIgniter-Bootstrap cross site scripting	4.4	4.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00759	0.07	CVE-2024-6526
4	Oracle GlassFish Server Administration access control	7.5	7.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00065	0.03	CVE-2018-3152
5	GNU Mailman Alias path traversal	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02937	0.04	CVE-2015-2775
6	OpenSSH FIDO Authentication improper authentication	4.7	4.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00495	0.06	CVE-2021-36368
7	ntp Key Checker 7pk security	5.5	5.2	$0-$5k	$0-$5k	Unproven	Official Fix	0.02181	0.00	CVE-2015-7974
8	Samsung Tags Redirection information disclosure	3.0	3.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00085	0.00	CVE-2021-25514
9	yiisoft yii unserialize deserialization	7.8	7.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01223	0.00	CVE-2023-47130
10	CodeIgniter Error Message information disclosure	5.3	5.3	$0-$5k	Calculating	Not Defined	Not Defined	0.00287	0.00	CVE-2011-3719
11	CodeIgniter Ecommerce-CodeIgniter-Bootstrap Publish.php removeSecondaryImage Privilege Escalation	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00045	0.00	CVE-2024-31823
12	Cakefoundation CakePHP Error Page error.php Reflected cross site scripting	4.3	4.1	$0-$5k	$0-$5k	High	Official Fix	0.00463	0.09	CVE-2006-4067
13	CakePHP security.php unserialize privileges management	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.00
14	Cakefoundation CakePHP Cache unserialize input validation	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.92360	0.04	CVE-2010-4335
15	Cakefoundation CakePHP Error Message information disclosure	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00287	0.09	CVE-2011-3712
16	Cakefoundation CakePHP access control	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.11901	0.00	CVE-2012-4399
17	SAP NetWeaver ABAP Function Module os command injection	8.4	8.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00114	0.03	CVE-2023-36922
18	Gitblit .. path traversal	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00651	0.07	CVE-2022-31268
19	Gitblit Config User Service Privilege Escalation	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00313	0.02	CVE-2022-31267
20	Dell EMC Storage Cloud Mobility Remote Code Execution	8.9	8.9	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00201	0.00	CVE-2022-33936

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	5.34.178.211		Midas		09/14/2023	verified	High
2	XXX.XX.XX.XX	xxx.xxxxxxxx.xxx	Xxxxx		09/14/2023	verified	High

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1059.007	CAPEC-209	CWE-79	Basic Cross Site Scripting	predictive	High
3	TXXXX	CAPEC-XXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
4	TXXXX	CAPEC-XXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
5	TXXXX		CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
6	TXXXX	CAPEC-XXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
7	TXXXX	CAPEC-XXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/resources//../	predictive	High
2	File	/wp-json	predictive	Medium
3	File	xxxxxxxx.x	predictive	Medium
4	File	xxxxxxx.xxx	predictive	Medium
5	Library	xxxx/xxxx/xxxxxxxxxx/xxxxxxxxxx/xxxxxxxx.xxx	predictive	High
6	Library	xxxx/xxxx/xxxxx.xxx	predictive	High
7	Argument	xxxxxx_xxxxx/xxxxxxx/xxx/xxxx/xxxxxxxxx	predictive	High

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

This view requires CTI permissions

Just purchase a CTI license today!