Mint Sandstorm Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (42)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en36
it4
ar2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA38
GB: Great Britain4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Mint Sandstorm4
TunnelVision2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined10
Content Management System8
Programming Language Software4
Firewall Software2
Groupware Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined16
Microsoft4
FtrainSoft2
ZyXEL2
WordPress2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress4
FtrainSoft Fast Click2
Redis2
ZyXEL USG FLEX 1002
ZyXEL USG FLEX 2002

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1SAP NetWeaver MigrationService improper authorization9.29.2$5k-$25k$5k-$25kNot definedNot defined 0.001560.00CVE-2021-21481
2WordPress cross site scripting5.75.7$0-$5k$0-$5kNot definedOfficial fix 0.232750.07CVE-2022-21662
3WordPress WP_Query sql injection6.36.1$5k-$25k$0-$5kProof-of-ConceptOfficial fixexpected0.899110.07CVE-2022-21661
4Microsoft Windows RDP authorization8.88.2$25k-$100k$5k-$25kUnprovenOfficial fix 0.019970.08CVE-2021-1669
5Adminer adminer.php server-side request forgery7.37.0$0-$5k$0-$5kNot definedOfficial fixexpected0.888450.07CVE-2021-21311
6Cacti Request Parameter remote_agent.php injection9.08.9$0-$5k$0-$5kHighOfficial fixverified0.944690.08CVE-2022-46169
7ZyXEL USG FLEX 50 CGI Program os command injection9.08.9$0-$5k$0-$5kHighOfficial fixverified0.944450.06CVE-2022-30525
8All in One SEO Plugin REST API Endpoint access control6.36.0$0-$5k$0-$5kNot definedOfficial fix 0.009880.09CVE-2021-25036
9YITH WooCommerce Gift Cards Premium Plugin Shopping Cart php unrestricted upload7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.122450.06CVE-2021-3120
10WordPress wp-publications Plugin Archive bibtexbrowser.php path traversal7.87.6$0-$5k$0-$5kNot definedOfficial fix 0.046280.00CVE-2021-38360
11WP Import Export Plugin class-wpie-general.php wpie_process_file_download authorization6.46.3$0-$5k$0-$5kNot definedNot definedpossible0.373900.07CVE-2022-0236
12Cisco Small Business RV345 stack-based overflow9.99.7$5k-$25k$0-$5kHighOfficial fixverified0.910490.00CVE-2022-20699
13WordPress Object injection5.35.2$5k-$25k$0-$5kNot definedOfficial fix 0.009880.05CVE-2022-21663
14WordPress sql injection6.86.7$5k-$25k$0-$5kNot definedOfficial fix 0.071470.06CVE-2022-21664
15Oracle GlassFish Open Source Edition Demo Feature hard-coded credentials8.58.5$5k-$25k$5k-$25kNot definedNot defined 0.024570.00CVE-2018-14324
16Microsoft Exchange Server privilege escalation8.88.4$25k-$100k$0-$5kHighOfficial fixverified0.933990.00CVE-2021-42321
17F5 BIG-IP TMUI privilege escalation8.88.4$25k-$100k$0-$5kNot definedOfficial fix 0.023840.00CVE-2021-22988
18Microsoft SharePoint Server privilege escalation8.88.2$5k-$25k$0-$5kUnprovenOfficial fix 0.185840.07CVE-2021-31181
19Umbraco CMS Installation path traversal5.55.2$0-$5k$0-$5kProof-of-ConceptNot defined 0.025660.09CVE-2020-5811
20cpp-ethereum JSON-RPC admin_addPeer API improper authorization5.95.9$0-$5k$0-$5kNot definedNot defined 0.001580.03CVE-2017-12112

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Drokbk

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
151.89.135.15ip15.ip-51-89-135.euMint SandstormDrokbk04/22/2023verifiedMedium
2XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxXxxx XxxxxxxxxXxxxxx04/22/2023verifiedMedium
3XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxXxxx XxxxxxxxxXxxxxx04/22/2023verifiedMedium
4XX.XX.XXX.Xxxx.xx-xx-xx-xxx.xxxXxxx XxxxxxxxxXxxxxx04/22/2023verifiedMedium

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059.007CAPEC-209CWE-79Basic Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/user/Config.cgipredictiveHigh
2Fileadmin.php/User/del/ucode/predictiveHigh
3Fileadminer.phppredictiveMedium
4Filedetail.phppredictiveMedium
5Filexxx/xxxxxxxx/xxxx_xxxxx_xxxxxxx.xpredictiveHigh
6Filexxxxx.xxxpredictiveMedium
7Filexxxxx_xxx.xxxpredictiveHigh
8Filexxxxxxxxxx.xpredictiveMedium
9FilexxxpredictiveLow
10Filexxxx.xxxpredictiveMedium
11Filexxxxxxxxx.xxxpredictiveHigh
12Filexxxxxx_xxxxx.xxxpredictiveHigh
13Filexxxx.xxxpredictiveMedium
14Filexxxxxx/xxxxx.xxx/xxxx/xxxxpredictiveHigh
15Filexxxxxxxxx.xxxpredictiveHigh
16File~/xxxxxxxxxxxxx.xxxpredictiveHigh
17File~/xxxxxxxx/xxxxxxx/xxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
18ArgumentxxxpredictiveLow
19Argumentxxxx/xxxxxxxpredictiveMedium
20Argumentxxxx_xxpredictiveLow
21ArgumentxxxxxxxxpredictiveMedium
22ArgumentxxxxpredictiveLow
23ArgumentxxxxxxxpredictiveLow
24Argumentx_xxxxpredictiveLow
25Argumentxxxxx_xxpredictiveMedium
26Input Valuexxxxxx=xxx&xxxxxxxx=xxxxxxx.*predictiveHigh
27Input ValuexxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!