Monokle Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en251
ru16
de6
fr5
pl3

Country

ru108
de92
us77
it3
cn2

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.41CVE-2010-0966
3BMW Vehicle Telematics Control Unit protection mechanism8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2018-9318
4Adobe Acrobat Reader path traversal7.06.9$5k-$25k$5k-$25kNot DefinedOfficial Fix0.05CVE-2021-40724
5WordPress WP_Query sql injection6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.24CVE-2022-21661
6Samsung Galaxy S6 bcmdhd4358 Wi-Fi Driver prot_get_ring_space Kernel Memory memory corruption9.29.2$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2018-14745
7Linux Kernel USB Device atusb.c use after free4.44.2$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-19525
8Google Android sqlite3_android.cpp input validation6.56.3$5k-$25k$5k-$25kNot DefinedOfficial Fix0.04CVE-2019-2195
9Foxconn Femtocell FEMTO AP-FC4064-T UART 7pk security6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2018-6311
10Google Android Kernel Binder Driver information disclosure6.46.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.00CVE-2017-13164
11PHP FPM SAPI out-of-bounds write8.07.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21703
12Google Android ActivityPicker.java improper restriction of rendered ui layers6.05.8$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-0506
13Linux Kernel PI Futex use after free8.38.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-3347
14Qualcomm QCMAP Mobile Hotspot QCMAP_Web_CLIENT Tokenizer denial of service5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-25858
15Qualcomm Snapdragon Auto GPU Kernel Driver code injection6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2019-10567
16Cisco Linksys WRT120N fprintf memory corruption6.36.0$25k-$100k$0-$5kProof-of-ConceptUnavailable0.03
17OpenSSH GSS2 auth-gss2.c Username information disclosure5.35.2$5k-$25k$5k-$25kNot DefinedWorkaround0.08CVE-2018-15919
18Apple M1 Register s3_5_c15_c10_1 M1RACLES access control8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2021-30747
19Qualcomm Snapdragon Mobile/Snapdragon Wear QTEE Keymaster App input validation7.87.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-5869
20D-Link DAP-1360U Ping privileges management7.17.1$5k-$25k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-26582

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
3TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
4TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (58)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File//predictiveLow
2File/?Key=PhoneRequestAuthorizationpredictiveHigh
3File/proc/ioportspredictiveHigh
4File/start-stoppredictiveMedium
5File/usr/etc/rexecdpredictiveHigh
6File/WEB-INF/web.xmlpredictiveHigh
7FileActivityPicker.javapredictiveHigh
8Filexxx_xxxxxxx.xxxpredictiveHigh
9Filexxxxx/xxxxxxxx_xxxxx.xxxpredictiveHigh
10Filexxxx-xxxx.xpredictiveMedium
11Filexxxxxx.xpredictiveMedium
12Filexxxxxx_xxxxx.xpredictiveHigh
13Filexxxx_xxxxxxx.xxxpredictiveHigh
14Filexxx-xxx/xxxxxxx.xxpredictiveHigh
15Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxxx/xxxxx/xxxxxxxx/xxxxxpredictiveHigh
17Filexxxxxxx/xxx/xxxxxxxxxx/xxxxx.xpredictiveHigh
18Filexxxxxxx/xxx/xxxxxxxx/xxxxxxxx/xxx/xxxxxx.xpredictiveHigh
19Filexxxxxxx/xxx/xxxxxx/xxxxxxxx/xxxxx.xpredictiveHigh
20Filexxxxxx_xxxxxx.xxxpredictiveHigh
21Filexxxx.xpredictiveLow
22Filexx/xx_xxxxx.xpredictiveHigh
23Filexx/xxxxxxxxxxx.xpredictiveHigh
24Filexxxxx.xpredictiveLow
25Filexxxxxx_xxxxx_xxxxxxx.xpredictiveHigh
26Filexxx/xxxxxx.xxxpredictiveHigh
27Filexxxxx.xxxpredictiveMedium
28Filexxxxxxx.xxxpredictiveMedium
29Filexxxxxxxx.xxpredictiveMedium
30Filexxxx_xxxxxxxx_xxxxxxx.xxxpredictiveHigh
31Filexxxxxxxxxxxxx.xxxxpredictiveHigh
32Filexx/xxxxxxxx.xpredictiveHigh
33Filexxxxx.xxxpredictiveMedium
34Filexxxxx_xxx_xxxxxxpredictiveHigh
35Filexx_xxx.xxpredictiveMedium
36Filexxxxxx.xxxpredictiveMedium
37Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
38Filexxxxx_xxx_xxxxxxx.xpredictiveHigh
39Filexxxx-xxxxxxxx.xxxpredictiveHigh
40Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
41Filexxx_xxxxxx.xpredictiveMedium
42Filexxxxxx-xxxxx.xxxpredictiveHigh
43Filexx_xxxxxxxx.xpredictiveHigh
44Libraryxxxxxx_xxx.xxx.xxxpredictiveHigh
45Argumentxxx.xxx xxxxxxxxxxx xxxxxxxxpredictiveHigh
46ArgumentxxxxxxxxpredictiveMedium
47Argumentxxxx_xxx_xxxxpredictiveHigh
48ArgumentxxxxxxpredictiveLow
49ArgumentxxpredictiveLow
50Argumentxxxxxx_xxxpredictiveMedium
51ArgumentxxxxxxxxpredictiveMedium
52ArgumentxxxxxxxpredictiveLow
53Argumentxxxxxx_xxxxpredictiveMedium
54ArgumentxxxxxxxxxpredictiveMedium
55ArgumentxxxxxxxxpredictiveMedium
56Input Valuex" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="predictiveHigh
57Input Value<xxx>.predictiveLow
58Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!