Miori Analysis

IOB - Indicator of Behavior (110)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en94
ar8
de6
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us58
de12
il10
ru6
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome10
Oracle MySQL Server6
Revive Adserver4
Google Android4
Zend Framework2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Vmware Workspace ONE Access/Identity Manager Template injection9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.97436CVE-2022-22954
2IBM Security Access Manager Appliance Advanced Access Control access control7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00167CVE-2018-1850
3Microsoft Windows WLAN AutoConfig Service Remote Code Execution8.87.7$100k and more$5k-$25kUnprovenOfficial Fix0.000.02293CVE-2021-36965
4Google Chrome Sandbox input validation8.07.9$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.03391CVE-2019-5782
5Oracle MySQL Server Encryption information disclosure5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00173CVE-2019-2922
6Oracle MySQL Server Compiling buffer overflow9.89.4$100k and more$5k-$25kNot DefinedOfficial Fix0.040.09761CVE-2019-5482
7Procmail Signal privileges management7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2001-0905
8CA XCOM Data Transport code injection9.89.8$25k-$100k$5k-$25kNot DefinedNot Defined0.020.00403CVE-2012-5973
9OpenSSH Supplemental Group privileges management4.64.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00056CVE-2021-41617
10WordPress Pingback server-side request forgery5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00120CVE-2022-3590
11emlog index.php information disclosure5.55.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00300CVE-2021-3293
12PHPWind sql injection5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.030.00072CVE-2019-6691
13Microsoft Windows Security Center API Remote Code Execution8.17.4$100k and more$5k-$25kUnprovenOfficial Fix0.020.01681CVE-2022-21874
14Google Android Privilege Escalation5.55.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00109CVE-2021-1049
15ONLYOFFICE Document Server NSFileDownloader input validation8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00847CVE-2020-11534
16Microsoft Office Excel authorization7.36.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.01336CVE-2021-42292
17VMware ESXi System Call privileges management7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00044CVE-2020-4005
18Microsoft Windows WLAN AutoConfig Service Remote Code Execution8.07.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.00056CVE-2021-36967
19D-Link DIR-816 HTTP Request Parameter form2userconfig.cgi command injection4.64.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00255CVE-2021-39509
20pac-resolver PAC File Remote Code Execution5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00393CVE-2021-23406

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
194.177.226.227host227-226-177-94.static.arubacloud.deMiori03/27/2022verifiedHigh
2XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxx03/27/2022verifiedHigh
3XXX.XX.XXX.XXXxxx.xxXxxxx07/17/2022verifiedHigh
4XXX.XXX.XX.XXXxxxx07/17/2019verifiedHigh

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Path TraversalpredictiveHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (38)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.procmailrcpredictiveMedium
2File/debian/patches/load_ppp_generic_if_neededpredictiveHigh
3File/etc/fstabpredictiveMedium
4File/forms/nslookupHandlerpredictiveHigh
5File/goform/form2userconfig.cgipredictiveHigh
6File/xxxx/xxxx/xxxxxxxxxpredictiveHigh
7Filexxxxx.xxx?x=xxxxxx&x=xxxxxx&x=xxxxxxpredictiveHigh
8Filexxxxxxxx_xxxxxxxx_xxxxxxx.xxxpredictiveHigh
9Filexxxx.xxxxpredictiveMedium
10Filexxxxxx.xpredictiveMedium
11Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxxx-xxx/xx.xxxpredictiveHigh
13Filexxxxxxx.xxpredictiveMedium
14Filexxxxxx/xxx/xxxxxxx.xxxpredictiveHigh
15Filexxx/xxxxxx.xxxpredictiveHigh
16Filexxxxxxxx/xxxxx-xxxxxxxxx.xxxpredictiveHigh
17Filexxxxxx-xxxxxxx.xxxpredictiveHigh
18Filexxxxxxx.xxxpredictiveMedium
19Filexxxxxx.xxxpredictiveMedium
20Filexxxxxx.xxxpredictiveMedium
21Filex/xxxxx.xxxpredictiveMedium
22FilexxxxxxxxxpredictiveMedium
23Filexx-xxxxx/xxxxx.xxx?xxxx=xxx-xxxxx&xxxxxx=xxxx-xxxxxpredictiveHigh
24Argument-xpredictiveLow
25ArgumentxxxxxxxxpredictiveMedium
26Argumentxxxxxxxxxxx/xxxxxxxxxxxpredictiveHigh
27ArgumentxxpredictiveLow
28ArgumentxxxxxxxpredictiveLow
29ArgumentxxxxxxxxxxpredictiveMedium
30Argumentxxxxxxxx_xxxxxxxpredictiveHigh
31ArgumentxxxxxxxxxxxxxxpredictiveHigh
32ArgumentxxxxxxpredictiveLow
33Argumentxxxx_xxpredictiveLow
34Argumentxxxxxxx[]predictiveMedium
35Input Value..predictiveLow
36Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
37Input Value|xxx${xxx}predictiveMedium
38Network Portxxx xxxxxx xxxxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!