Muhstik Analysis
IOB - Indicator of Behavior (1000)
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Activities
Interest
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Vulnerabilities
Campaigns (4)
These are the campaigns that can be associated with the actor:
- CVE-2018-7600 / CVE-2017-10271
- CVE-2019-2725
- Xxx-xxxx-xxxxx
- Xxxxxxxxx
IOC - Indicator of Compromise (91)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (24)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (216)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Class | Indicator | Type | Confidence |
---|---|---|---|---|
1 | File | /addbill.php | predictive | Medium |
2 | File | /admin/maintenance/view_designation.php | predictive | High |
3 | File | /ample/app/action/edit_product.php | predictive | High |
4 | File | /api/v2/open/rowsInfo | predictive | High |
5 | File | /cms/classes/Master.php?f=delete_service | predictive | High |
6 | File | /conf/ | predictive | Low |
7 | File | /config/api/v1/reboot | predictive | High |
8 | File | /controller/AdminController.php | predictive | High |
9 | File | /ecommerce/support_ticket | predictive | High |
10 | File | /etc/shadow | predictive | Medium |
11 | File | /forum/away.php | predictive | High |
12 | File | /friends/ajax_invite | predictive | High |
13 | File | /graphStatus/displayServiceStatus.php | predictive | High |
14 | File | /inc/HTTPClient.php | predictive | High |
15 | File | /include/makecvs.php | predictive | High |
16 | File | /index.php | predictive | Medium |
17 | File | /Items/*/RemoteImages/Download | predictive | High |
18 | File | /librarian/bookdetails.php | predictive | High |
19 | File | /login/index.php | predictive | High |
20 | File | /modules/profile/index.php | predictive | High |
21 | File | /oauth/idp/.well-known/openid-configuration | predictive | High |
22 | File | /preview.php | predictive | Medium |
23 | File | /proc/pid/syscall | predictive | High |
24 | File | /scas/admin/ | predictive | Medium |
25 | File | /xxxxxxx.xxxxx | predictive | High |
26 | File | /xxx/xxx_xxxx.xx | predictive | High |
27 | File | /xxxxxx | predictive | Low |
28 | File | /xxxxxxx/xxxxxxxxxxx.xxx | predictive | High |
29 | File | /xxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxx.xxx | predictive | High |
30 | File | /xxx/xxx/xxxxxx | predictive | High |
31 | File | /xxx-xxx/xxx.xxx | predictive | High |
32 | File | xxxxxxxxxxxxxx.xxx | predictive | High |
33 | File | xxx.x | predictive | Low |
34 | File | xxxx/xxxxxxxxx.xxx | predictive | High |
35 | File | xxxxx_xxxxxx.xxx | predictive | High |
36 | File | xxx/xxxxxxxxxxx.xxx | predictive | High |
37 | File | xxx/xxxxxxxxxxx/xxxxx.xx | predictive | High |
38 | File | xxxx/xxx/xxx/xxxxxxx.x | predictive | High |
39 | File | xxxxxxx.xxxx | predictive | Medium |
40 | File | xxxxxxx.xx | predictive | Medium |
41 | File | xxxxxx.xxxx | predictive | Medium |
42 | File | xx_xxxxx_xxxxx.xxx | predictive | High |
43 | File | xxxxxx.x | predictive | Medium |
44 | File | xxx_xxxx_xxxxx.x | predictive | High |
45 | File | x:\xxxxx\<xxxxxxxx>\xxxxxxx\xxxxxxxxxxx | predictive | High |
46 | File | xxxxxxxx.xxx | predictive | Medium |
47 | File | xxxxxxxxxxx.xxx | predictive | High |
48 | File | xxxxx/xxxxxxxx-xxxxxxxxx/xxxxxxxxxxxxxxx.xxxxx.xxx | predictive | High |
49 | File | xxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxx.xxxx | predictive | High |
50 | File | xxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/ | predictive | High |
51 | File | xxxxxxx.x | predictive | Medium |
52 | File | x_xxxxxx | predictive | Medium |
53 | File | xxxx/xxxxxxxxxxxxxxx.xxx | predictive | High |
54 | File | xxxxxxx.xxx | predictive | Medium |
55 | File | xxxxxxx.xxxx | predictive | Medium |
56 | File | xxxxxxxxx.xxx | predictive | High |
57 | File | xxx.xxx | predictive | Low |
58 | File | xxxxx.x | predictive | Low |
59 | File | xxxxxxxx.xxx | predictive | Medium |
60 | File | xxxxxxx/xxx/xx/xx_xxxxx.x | predictive | High |
61 | File | xxxxxx.x | predictive | Medium |
62 | File | xxx/xxxx/xxxx.x | predictive | High |
63 | File | xxxxxxxxxxx.xxxxx.xxx | predictive | High |
64 | File | xxxx.xxx | predictive | Medium |
65 | File | xxxxxx_xxxx_xxxxx.x | predictive | High |
66 | File | xxxxxxxxxxxx_xxxx.xxx | predictive | High |
67 | File | xxx_xxxxxx.xxx | predictive | High |
68 | File | xxx.xxx | predictive | Low |
69 | File | xxxxxx/xxxxxxxxxxxx | predictive | High |
70 | File | xxxx.xxx | predictive | Medium |
71 | File | xxxxxxxxx.xx | predictive | Medium |
72 | File | xxxxxxxxxx.xxx | predictive | High |
73 | File | xxx/xxxx.x | predictive | Medium |
74 | File | xxx/xxxxxx.xxx | predictive | High |
75 | File | xxxxxxx.xxx | predictive | Medium |
76 | File | xxxxxxx/xxxxxxxxx/xxxxxxxxx/xxxxxxxxx/xxx_xxxxxxxxxxxxx.xxx | predictive | High |
77 | File | xxxxxxx/xxxxx/xxxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxxxx.xxx | predictive | High |
78 | File | xxxxxxxx/xxxxxxxxxxxx.xxx.xxx | predictive | High |
79 | File | xxxxx.xxx | predictive | Medium |
80 | File | xxxxx.xxx | predictive | Medium |
81 | File | xxxxxxxxxxxxx.xxx | predictive | High |
82 | File | xxx_xxxxxx.xxx | predictive | High |
83 | File | xxxxxx/xxxxxx/xxxx.x | predictive | High |
84 | File | xxx/xxxxx.x | predictive | Medium |
85 | File | xxxxxxx | predictive | Low |
86 | File | xxxxxxxxxx/xxx_xx.x | predictive | High |
87 | File | xxxxx.xxx | predictive | Medium |
88 | File | xxx.xxx | predictive | Low |
89 | File | xxxx_xxxxx.x | predictive | Medium |
90 | File | xxxx.x | predictive | Low |
91 | File | xxxx.xxx | predictive | Medium |
92 | File | xxxxx.xxx | predictive | Medium |
93 | File | xxx/xxxxxx/xx_xxxxxx.x | predictive | High |
94 | File | xxxxxx_xxxxxxxx_xxxxx.xxx | predictive | High |
95 | File | xxxxxxx.xxx | predictive | Medium |
96 | File | xxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxxx.xxxx | predictive | High |
97 | File | xxxx/xxxxxxxxx.xxx | predictive | High |
98 | File | xxxxxxxxx.xxx.xxx | predictive | High |
99 | File | xxxxxxxx.xxx | predictive | Medium |
100 | File | xxxx-xxxx.xxx | predictive | High |
101 | File | xxxxxxx.xxx | predictive | Medium |
102 | File | xxxxx/xxx/xxxxxx_xxxxx/!xxxxxxxx?xxxxxxxxxx=xxxx-xxxxx-xx-xxxx.xxxxxxxx_xxxxxxxxxxxxx | predictive | High |
103 | File | xxxx.xxx | predictive | Medium |
104 | File | xxxxx.xxx | predictive | Medium |
105 | File | xxxxxxxx.xxx | predictive | Medium |
106 | File | xxxxx-xxxx/xxxxx-xxxxx-xxxx.xxx | predictive | High |
107 | File | xxxxxxxx.xxx | predictive | Medium |
108 | File | xxxxxxxx.x | predictive | Medium |
109 | File | xxxxxx.xx | predictive | Medium |
110 | File | xxxxxx/xxxxx.xxx | predictive | High |
111 | File | xxxxx.xxx | predictive | Medium |
112 | File | xxxx.xxx | predictive | Medium |
113 | File | xxxx.xxx | predictive | Medium |
114 | File | xxxxxxx.xxx | predictive | Medium |
115 | File | xxx/xxxxxxxx.xx | predictive | High |
116 | File | xxx/xxxxxxx/xxxxxxx/xxxxxxxxx.xx | predictive | High |
117 | File | xxx/xxxx/xxxx/xxx/xxxxxxxxx/xxxxxxx/xxxxxxxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxx.xxxx | predictive | High |
118 | File | xxxxxx_xxx.xxx | predictive | High |
119 | File | xxxx-xxxxx.xxx | predictive | High |
120 | File | xxxx-xxxxxxxx.xxx | predictive | High |
121 | File | xxx-xxxxxxx.x | predictive | High |
122 | File | xxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxx | predictive | High |
123 | File | xxxx/xxx/xxxx-xxxxx.xxx | predictive | High |
124 | File | xxxxxxx.xxx | predictive | Medium |
125 | File | xxxxxx.xxx | predictive | Medium |
126 | File | xx-xxxxx/xxxxx-xxx.xxx?xxxxxxx-xxxxxxxx | predictive | High |
127 | File | xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx | predictive | High |
128 | File | xx-xxxxx.xxx | predictive | Medium |
129 | File | _xxxxxx/xxxxxxxx.x | predictive | High |
130 | Library | /xxx/xxx/xxxx.xxx | predictive | High |
131 | Library | x:/xxxxxxx xxxxx/xxxxx/xxxxxxx.xxx | predictive | High |
132 | Library | xxxxxxxxx/xxxxxxxx.xxx.xxx | predictive | High |
133 | Argument | .xxx.x.x.x.x.x.xx.x.x.x.x.x.x.x.x.x.x.x | predictive | High |
134 | Argument | ?xxxx_xxxx=xxxxxxx.xxx/xxxx=xxxxxx/xxx=xxx+/xxx/.xxxxxxxx/xxxxxxx=//xxxxxxxxxxxxxx.xxx=x | predictive | High |
135 | Argument | xxxxxx_xxxxxxxxxx | predictive | High |
136 | Argument | xxxxxxxx | predictive | Medium |
137 | Argument | xxxx | predictive | Low |
138 | Argument | xxx | predictive | Low |
139 | Argument | xxxxx | predictive | Low |
140 | Argument | xxxxx_xx_xxx | predictive | Medium |
141 | Argument | xxxxxx | predictive | Low |
142 | Argument | xxxxxx_xxxxxxx[xxxx][xxxxxxx][] | predictive | High |
143 | Argument | xxx_xxxxxxx | predictive | Medium |
144 | Argument | x_xxxxxx.xxxx_xxxxx | predictive | High |
145 | Argument | xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxx | predictive | High |
146 | Argument | xxxxxxx | predictive | Low |
147 | Argument | xxxxxxxxxx | predictive | Medium |
148 | Argument | xxxxxxxxxxxxxxx | predictive | High |
149 | Argument | xxxxx | predictive | Low |
150 | Argument | xxxxxxx | predictive | Low |
151 | Argument | xx_xxxxxxx | predictive | Medium |
152 | Argument | xxxxxxx | predictive | Low |
153 | Argument | xxxx[xxxxxxx] | predictive | High |
154 | Argument | xxxxx | predictive | Low |
155 | Argument | xxxxxxxx | predictive | Medium |
156 | Argument | xxxx | predictive | Low |
157 | Argument | xxxx_xxxx/xxxxxxx_xxxxxxxxxxx | predictive | High |
158 | Argument | xx | predictive | Low |
159 | Argument | xx | predictive | Low |
160 | Argument | xxxxxxxx | predictive | Medium |
161 | Argument | xxxxx | predictive | Low |
162 | Argument | xxxxx | predictive | Low |
163 | Argument | xxxxxx | predictive | Low |
164 | Argument | xxxxxx | predictive | Low |
165 | Argument | xxxxx[xxxxx][xx] | predictive | High |
166 | Argument | xxxxx_xxxxx.xxxxxx | predictive | High |
167 | Argument | xxxxxx | predictive | Low |
168 | Argument | xxxxxxx | predictive | Low |
169 | Argument | xxxx/xxxxx | predictive | Medium |
170 | Argument | xxxxxxx_xx | predictive | Medium |
171 | Argument | xx | predictive | Low |
172 | Argument | xx | predictive | Low |
173 | Argument | xx | predictive | Low |
174 | Argument | xxxxxxx | predictive | Low |
175 | Argument | xxxxxx_xx | predictive | Medium |
176 | Argument | xxxx | predictive | Low |
177 | Argument | xxxxxxxx | predictive | Medium |
178 | Argument | xxxxxxxxx | predictive | Medium |
179 | Argument | xxxxx_xxxx_xxxx | predictive | High |
180 | Argument | xxxxxxxx | predictive | Medium |
181 | Argument | xxxxxxx xxxxx | predictive | High |
182 | Argument | xxxxxxxxxx | predictive | Medium |
183 | Argument | xxxxxxx | predictive | Low |
184 | Argument | xxxxxxxx | predictive | Medium |
185 | Argument | xxxxxxxxxxx | predictive | Medium |
186 | Argument | xxxxxxxxxxxxxxxxxx | predictive | High |
187 | Argument | xxxxxx_xxxx | predictive | Medium |
188 | Argument | xxxxxx | predictive | Low |
189 | Argument | xxxxxxxxxxx_xxxx | predictive | High |
190 | Argument | xxx-xxxxxxx | predictive | Medium |
191 | Argument | xxxxx/xxx | predictive | Medium |
192 | Argument | xxxx | predictive | Low |
193 | Argument | xxxxxxxx | predictive | Medium |
194 | Argument | xxxxx[xxxxxxx_xxxxx] | predictive | High |
195 | Argument | xxx | predictive | Low |
196 | Argument | xxxxx | predictive | Low |
197 | Argument | xxxxx | predictive | Low |
198 | Argument | xxx | predictive | Low |
199 | Argument | xxxx | predictive | Low |
200 | Argument | xxxxxx | predictive | Low |
201 | Argument | xxxxxxxx/xxxx | predictive | High |
202 | Argument | xxxx_xxxxxxxxx/xxxx_xxxxxxxx | predictive | High |
203 | Argument | xxxxx | predictive | Low |
204 | Input Value | %xxxxxx+-x+x+xx.x.xx.xxx%xx%xx | predictive | High |
205 | Input Value | %xx%xx%xxxxx%xxxxx=x%xxxxxxxxx=xxxxx(x)%xx | predictive | High |
206 | Input Value | ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxx | predictive | High |
207 | Input Value | ../ | predictive | Low |
208 | Input Value | // | predictive | Low |
209 | Input Value | </xxxxxx > | predictive | Medium |
210 | Input Value | <xxxxxx>xxxxx(x)</xxxxxx> | predictive | High |
211 | Input Value | xxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxx | predictive | High |
212 | Input Value | xxxx</xxxxx><xxxxxx>xxxxx("xxxx")</xxxxxx><xxxxx> | predictive | High |
213 | Network Port | xxxxx xxx-xxx | predictive | High |
214 | Network Port | xxxxx xxx-xxx, xxx | predictive | High |
215 | Network Port | xxx/xxxx / xxx/xxxx | predictive | High |
216 | Network Port | xxx/xxxxx | predictive | Medium |
References (12)
The following list contains external sources which discuss the actor and the associated activities:
- https://1275.ru/ioc/68/muhstik-botnet-ioc/
- https://blog.netlab.360.com/botnet-muhstik-is-actively-exploiting-drupal-cve-2018-7600-in-a-worm-style-en/
- xxxxx://xxxx.xxxxxx.xxx.xxx/xxx-xxx-xxxx-xxx-xxxxxxxx-xxxx-xx-xxxx-xxx-xxxx-xxx-xx-xxxx-xxxxxx-xxxx-xxx-xxxxxxxx-xxx/
- xxxxx://xxxxx.xxxxxxxx.xxx/xxxxx-xxxxxx-xxxxxxxxxxxx/xxxxx-xxxxxxxx-xxxxxx/xxxxx-xxxxxxxxxx-xx-xxxxxxxxxx-xx-xxxx/
- xxxxx://xxxxxx.xxx/xxxxx/xxxxx_xxxxxx_xxxxxxxxxxxx/xxxx/xxxx/xxxxxx/x/xxxxxxx
- xxxxx://xxxxxxx.xxx/xxxxxxxxx_xxx/xxxxxx/xxxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxxx.xxx/xxxxxxxxx_xxx/xxxxxx/xxxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxxx.xxx/xxxxxxxxx_xxx/xxxxxx/xxxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxxx.xxx/xxxxxxxxx_xxx/xxxxxx/xxxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxx.xxxxxxxxxxxxxxxx.xxx/xxxxxxx-xxxxxx-xxxxxxx-xxxxxx-xxxxxxx-xx-xxxxxxx-xxx-xxx-xxxxxxx/
- xxxxx://xxxxxx.xxxxxxxxxxxxxxxx.xxx/xxxxxxx-xxxxxx-xxxxxxxx-xxx-xxxxxx-xxxxxxxx-xxxxxxxxxxxxx-xxx-xxxxxxxxxxxx-xxx-xxxx-xxxxxxx/
- xxxxx://xxx.xxxxxxx.xxx/xxxx/xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxxx-xxxxxxxxxxxx/