Miner Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (332)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en298
fr12
de8
ru6
ja6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

sc162
us76
li10
de4
ml2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Miner5
Tor2mine1
Gafgyt1
Bashlite1
EwDoor1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined146
Operating System22
Content Management System18
Smartphone Operating System12
SCADA Software10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined106
Microsoft18
Google14
Siemens12
Apple8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows14
Google Android10
Linux Kernel6
GitLab Community Edition6
GitLab Enterprise Edition6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Jetty URI access control5.35.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.47555CVE-2021-34429
2portable SDK for UPnP unique_service_name memory corruption10.09.5$0-$5k$0-$5kHighOfficial Fix0.030.97445CVE-2012-5958
3jquery-bbq Prototype Object.prototype code injection5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00102CVE-2021-20086
4nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.300.00241CVE-2020-12440
5CKFinder File Name unrestricted upload7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.070.00155CVE-2019-15862
6Asus RT-AC2900 input validation8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.08597CVE-2018-8826
7GitLab Community Edition/Enterprise Edition Permission permission assignment5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00054CVE-2019-18446
8phpMyAdmin PMA_safeUnserialize deserialization9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00433CVE-2016-9865
9phpMyAdmin Username sql injection7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00326CVE-2016-9864
10mlmmj Admin Web Interface path traversal6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00448CVE-2009-4896
11Libbitcoin Explorer Milk Sad entropy5.35.3$0-$5k$0-$5kHighNot Defined0.020.00116CVE-2023-39910
12Microsoft ASP.NET Core Kestrel Web Application password recovery8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.02783CVE-2018-0787
13D-Link DAR-8000-10 sys1.php os command injection7.57.3$5k-$25k$0-$5kProof-of-ConceptNot Defined0.040.00067CVE-2023-4542
14KeyCloak Admin REST API injection3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00080CVE-2022-1274
15OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.040.10737CVE-2016-6210
16Schneider Electric Modicon PLC Project File unusual condition6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2023-25620
17Kubernetes kubelet pprof information disclosure7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.050.53513CVE-2019-11248
18Sonatype Nexus Repository Manager OSS Admin Panel access control6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.090.00044CVE-2022-31289
19Microsoft Exchange Server Remote Code Execution9.88.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.04447CVE-2021-28481
20Apple Safari WebKit state issue5.95.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.230.00079CVE-2022-46692

IOC - Indicator of Compromise (29)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.9.116.27static.27.116.9.5.clients.your-server.deMiner04/14/2022verifiedHigh
25.9.175.19static.19.175.9.5.clients.your-server.deMiner04/14/2022verifiedHigh
35.9.176.3static.3.176.9.5.clients.your-server.deMiner04/14/2022verifiedHigh
45.9.198.83static.83.198.9.5.clients.your-server.deMiner04/14/2022verifiedHigh
513.107.21.200Miner04/14/2022verifiedHigh
623.6.70.227a23-6-70-227.deploy.static.akamaitechnologies.comMiner04/14/2022verifiedHigh
7XX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxx04/14/2022verifiedHigh
8XX.XX.XX.XXXxxx-xx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxx04/14/2022verifiedHigh
9XX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxx04/14/2022verifiedHigh
10XX.XXX.XX.XXxxx-xx-xxx-xx-xx.xx-xxxxxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxx04/14/2022verifiedMedium
11XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxx04/14/2022verifiedMedium
12XX.XXX.XXX.XXxx.xxxxxxxx.xxxXxxxx04/14/2022verifiedHigh
13XX.XXX.XXX.XXxx.xxxxxxxx.xxxXxxxx04/14/2022verifiedHigh
14XX.XX.XX.XXxx.xxxxxxxx.xxxXxxxx04/14/2022verifiedHigh
15XX.XXX.XXX.XXxxx.xxxxxxx.xxxXxxxx04/14/2022verifiedHigh
16XX.XXX.XX.XXXxxxx03/11/2022verifiedHigh
17XX.X.XX.XXXxxx-x-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxx04/14/2022verifiedHigh
18XX.X.XX.XXxxx-x-xx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxx04/14/2022verifiedHigh
19XXX.XXX.XXX.XXXxxxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxx04/14/2022verifiedHigh
20XXX.XX.XXX.XXXxxxx07/09/2022verifiedHigh
21XXX.XXX.X.XXxxxx04/14/2022verifiedHigh
22XXX.XXX.XX.XXxxxx04/14/2022verifiedHigh
23XXX.XXX.XX.XXXxxxxxxxx-xx-xx.xxxxx.xxxXxxxx04/14/2022verifiedHigh
24XXX.XXX.XX.XXxxxx-xxx-xx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxx04/14/2022verifiedHigh
25XXX.XXX.XXX.XXXxxxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxx04/14/2022verifiedHigh
26XXX.X.XX.XXXxxxxxx.xxx.xx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxx04/14/2022verifiedHigh
27XXX.XX.XX.XXXxxx.xx.xx.xxx.xx.xxx.xxXxxxx03/11/2022verifiedHigh
28XXX.XX.XX.XXXxxx.xx.xx.xxx.xx.xxx.xxXxxxx03/11/2022verifiedHigh
29XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxx04/14/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22, CWE-23Path TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CWE-94Argument InjectionpredictiveHigh
5T1059.007CWE-79Cross Site ScriptingpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
19TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
20TXXXX.XXXCWE-XXX, CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
21TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (111)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin.php/pic/admin/type/pl_savepredictiveHigh
2File/admin/sysmon.phppredictiveHigh
3File/api/content/posts/commentspredictiveHigh
4File/app/sys1.phppredictiveHigh
5File/churchcrm/WhyCameEditor.phppredictiveHigh
6File/debug/pprofpredictiveMedium
7File/example/editorpredictiveHigh
8File/goform/aspFormpredictiveHigh
9File/Home/GetAttachmentpredictiveHigh
10File/index.php?page=search/rentalspredictiveHigh
11File/members/view_member.phppredictiveHigh
12File/mgmt/tm/util/bashpredictiveHigh
13File/modules/projects/vw_files.phppredictiveHigh
14File/xxx_xxxx_xxxxxxx.xxxpredictiveHigh
15File/xxxx.xxxpredictiveMedium
16File/xxxxxxxx/xxxxpredictiveHigh
17File/xxx/xxx/xxxxxxx/predictiveHigh
18Filexxxxx.xxxpredictiveMedium
19Filexxxxx/xxxxxx.xxxpredictiveHigh
20Filexxxxx.xxxpredictiveMedium
21Filexxx-xxx/xxxx_xxx.xxxpredictiveHigh
22Filexxx.xxxpredictiveLow
23Filexxxxxx\xxx.xpredictiveMedium
24Filexxxxxx.xpredictiveMedium
25Filexxxxxxx.xpredictiveMedium
26Filexxxx/xxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
27Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
28Filexxxx/xxxxpredictiveMedium
29Filexxxxxxx/xxx/xxx-xxxx.xpredictiveHigh
30Filexxxx-xxxxx-xxxxxxxxx.xxxpredictiveHigh
31Filexxxxxx_xxx.xpredictiveMedium
32Filexxxxxxxxxxxxxx.xxpredictiveHigh
33Filexx/xxxxxxx/xxx.xpredictiveHigh
34Filexxx/xx/xxxx/xxxx.xxxxx.xxxpredictiveHigh
35Filexxxxx.xxxpredictiveMedium
36Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHigh
37Filexxxxxx.xpredictiveMedium
38Filexxxxxxxx.xxxpredictiveMedium
39Filexxx.xxx/xxx.xxxpredictiveHigh
40Filexx.xxxpredictiveLow
41Filexxxxxxxxxxxx/xxx.xpredictiveHigh
42Filexxxxx.xxxpredictiveMedium
43Filexxx_xxxxxxxxx.xpredictiveHigh
44Filexxxxxxx.xxxpredictiveMedium
45Filexxx_xxxxx_xxxx.xpredictiveHigh
46Filexxxxxxxx.xpredictiveMedium
47Filexxxxxxxx/xxxxxx/xxxxxx/_xxxxxxxxxxxx/_xxxxxxxx.xxxpredictiveHigh
48Filexxxxxxx/xxxxpredictiveMedium
49Filexxxxxxx.xxxpredictiveMedium
50Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
51Filexxx_xxxxxxx.xpredictiveHigh
52Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
53Filexxxxxxxx.xpredictiveMedium
54Filexxxxxx.xpredictiveMedium
55Filexxxxxxxx_xxxxxxxxxxxx_xxxxxx.xxpredictiveHigh
56Filexxx_xxxxx_xxxxxxxxx.xpredictiveHigh
57Filexxxxxx.xxpredictiveMedium
58Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictiveHigh
59Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
60Filexxxxxxxx/xxxxxxxxxxxx-xxxxxxxxxxpredictiveHigh
61Filexxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxxpredictiveHigh
62Filexxxxx.xpredictiveLow
63Filexxxx.xxxpredictiveMedium
64Filexxx xxxx xxxxxxxpredictiveHigh
65Filexxxxx/xxx_xxxxxx.xpredictiveHigh
66Filexxx_xxx.xxxxpredictiveMedium
67Filexxx/xxx/xxxxxxxxxx/xxxx/xxxxx/xxxxxxxx.xxxpredictiveHigh
68Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
69Filexxxxx-xxxxxx.xxxpredictiveHigh
70Libraryxxx-xx-xxx-xxxx-xxxx-xx-x-x.xxxpredictiveHigh
71Libraryxxxxx.xxxpredictiveMedium
72Libraryxxxxx.xxxpredictiveMedium
73Argument-xpredictiveLow
74ArgumentxxxxxxxxxxxxxxpredictiveHigh
75ArgumentxxxxxxxxpredictiveMedium
76ArgumentxxxpredictiveLow
77Argumentxxxxxx_xxxpredictiveMedium
78Argumentxxxxxxx-xxxxpredictiveMedium
79Argumentxxxxxx/xxxxxxxxxxpredictiveHigh
80ArgumentxxxxpredictiveLow
81Argumentxxxxxx/xxxxxxxpredictiveHigh
82Argumentxxxxxxxx[xxxx_xxx]predictiveHigh
83ArgumentxxxxxpredictiveLow
84ArgumentxxxxxxxxpredictiveMedium
85Argumentxxxx xxxxpredictiveMedium
86ArgumentxxxxxpredictiveLow
87Argumentxxxxxxxx xxxx/xxxxxxxx xxxxxxxx/xxxxxxxx xxxxxxx xx/xxxxxxx/xxxxpredictiveHigh
88ArgumentxxxxxxpredictiveLow
89Argumentxxxx_xxx_xxxx_xxxxpredictiveHigh
90ArgumentxxpredictiveLow
91Argumentxxx_xxxxxxxpredictiveMedium
92ArgumentxxxxxxxxpredictiveMedium
93Argumentxxxxxxxx_xxxxxx_xxxpredictiveHigh
94ArgumentxxxxxxxxxxpredictiveMedium
95Argumentxxxx_xxx_xxxxxxxx_xxxpredictiveHigh
96ArgumentxxxxxxxpredictiveLow
97ArgumentxxxxxxxxpredictiveMedium
98ArgumentxxxxxxxxpredictiveMedium
99Argumentxxxxxxx/xxxxxpredictiveHigh
100Argumentxxxxx/xxxxxxxxpredictiveHigh
101ArgumentxxxxxpredictiveLow
102ArgumentxxxxxxxxxxxxxxxxxxxpredictiveHigh
103Argumentxx_xxx_xxxxxpredictiveMedium
104Input Value../predictiveLow
105Input ValuexxxxxxxxpredictiveMedium
106Input ValuexxpredictiveLow
107Input Value\xpredictiveLow
108Network Portxxxxx xxx-xxxpredictiveHigh
109Network Portxxx/xxpredictiveLow
110Network Portxxx/xxxpredictiveLow
111Network Portxxx/xxxxpredictiveMedium

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!