Roaming Mantis Analysis

IOB - Indicator of Behavior (176)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en166
zh6
sv2
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn144
us18
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress14
Drupal8
Joomla CMS8
Cisco ASA6
Cisco Identity Services Engine4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1WordPress Metadata deserialization8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.17166CVE-2018-20148
2Drupal File file access3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.070.00950CVE-2017-6922
3Cisco Identity Services Engine tcpdump command injection5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01055CVE-2022-20964
4UpdraftPlus Plugin admin.php updraft_ajax_handler server-side request forgery6.16.1$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2017-16870
5RoundCube Webmail Config Setting rcube_image.php argument injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.140.02762CVE-2020-12641
6Revive Adserver asyncspc.php Reflected 7pk security7.16.8$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00890CVE-2016-9470
7Cisco ASA ASDM improper authentication6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01055CVE-2013-5511
8Open Webmail openwebmail-main.pl cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.040.01213CVE-2007-4172
9ProFTPD mod_copy access control8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.040.70009CVE-2019-12815
10Cisco ASA WebVPN Login Page logon.html cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.410.01136CVE-2014-2120
11WordPress URL server-side request forgery8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01183CVE-2019-17670
12Joomla CMS index.php sql injection7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.090.01408CVE-2010-4166
13Apache Tomcat FORM Authentication session fixiation8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.040.05242CVE-2019-17563
14DeDeCMS recommend.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2017-17731
15Joomla CMS index.php sql injection7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01213CVE-2010-4696
16Odoo Community/Enterprise Discuss App access control6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.060.01055CVE-2018-15631
17Apache HTTP Server LuaAuthzProvider mod_lua.c access control5.34.6$25k-$100k$0-$5kUnprovenOfficial Fix0.000.07344CVE-2014-8109
18WordPress Login Page redirect6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01183CVE-2018-10100
19Cisco Identity Services Engine path traversal7.27.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01055CVE-2022-20822
20H3C H3Cloud OS grid_event sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2019-12193

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Asia Mobile Devices

IOC - Indicator of Compromise (101)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
127.124.36.32Roaming MantisverifiedHigh
227.124.36.34Roaming MantisverifiedHigh
327.124.36.52Roaming MantisverifiedHigh
427.124.39.241Roaming MantisverifiedHigh
527.124.39.242Roaming MantisverifiedHigh
627.124.39.243Roaming MantisverifiedHigh
743.240.14.44scdc.worra.comRoaming MantisAsia Mobile DevicesverifiedHigh
861.97.248.6faster-returns.viberhow.comRoaming MantisverifiedHigh
961.97.248.7vlan-routing.viberhow.comRoaming MantisverifiedHigh
1061.97.248.8can-man.viberhow.comRoaming MantisverifiedHigh
1161.97.248.9client-any.viberhow.comRoaming MantisverifiedHigh
1291.204.227.19Roaming MantisverifiedHigh
1391.204.227.20Roaming MantisverifiedHigh
1491.204.227.21Roaming MantisverifiedHigh
1591.204.227.22Roaming MantisverifiedHigh
1691.204.227.23Roaming MantisverifiedHigh
1791.204.227.24Roaming MantisverifiedHigh
1891.204.227.25Roaming MantisverifiedHigh
1991.204.227.26Roaming MantisverifiedHigh
2091.204.227.27Roaming MantisverifiedHigh
2191.204.227.28Roaming MantisverifiedHigh
22XX.XXX.XXX.XXXxxxxxx XxxxxxverifiedHigh
23XX.XXX.XXX.XXXxxxxxx XxxxxxverifiedHigh
24XX.XXX.XXX.XXXxxxxxx XxxxxxverifiedHigh
25XX.XXX.XXX.XXXxxxxxx XxxxxxverifiedHigh
26XX.XXX.XXX.XXXxxxxxx XxxxxxverifiedHigh
27XX.XXX.XXX.XXXxxxxxx XxxxxxverifiedHigh
28XX.XXX.XXX.XXXxxxxxx XxxxxxverifiedHigh
29XX.XXX.XXX.XXXXxxxxxx XxxxxxverifiedHigh
30XXX.XX.XXX.XXXxxxxxx XxxxxxverifiedHigh
31XXX.XX.XXX.XXXxxxxxx XxxxxxverifiedHigh
32XXX.XX.XXX.XXXxxxxxx XxxxxxverifiedHigh
33XXX.XX.XXX.XXXxxxxxx XxxxxxverifiedHigh
34XXX.XX.XXX.XXXxxxxxx XxxxxxverifiedHigh
35XXX.XX.XXX.XXXxxxxxx XxxxxxverifiedHigh
36XXX.XX.XXX.XXXxxxxxx XxxxxxverifiedHigh
37XXX.XX.XXX.XXXxxxxxx XxxxxxverifiedHigh
38XXX.XX.XXX.XXXxxxxxx XxxxxxverifiedHigh
39XXX.XX.XXX.XXXxxxxxx XxxxxxverifiedHigh
40XXX.XX.XXX.XXXxxxxxx XxxxxxverifiedHigh
41XXX.XX.XXX.XXXxxxxxx XxxxxxverifiedHigh
42XXX.XX.XXX.XXXxxxxxx XxxxxxverifiedHigh
43XXX.XX.XXX.XXXxxxxxx XxxxxxverifiedHigh
44XXX.XX.XXX.XXXxxxxxx XxxxxxverifiedHigh
45XXX.XX.XXX.XXXxxxxxx XxxxxxverifiedHigh
46XXX.XX.XXX.XXXxxxxxx XxxxxxverifiedHigh
47XXX.XX.XXX.XXXxxxxxx XxxxxxverifiedHigh
48XXX.XXX.XX.XXXxxxx.xxxxxxxxxx.xxxXxxxxxx XxxxxxverifiedHigh
49XXX.XXX.XX.XXXxxxxx.xxxxxxxxxx.xxxXxxxxxx XxxxxxverifiedHigh
50XXX.XXX.XX.XXXxxxxx.xxxxxxxxxx.xxxXxxxxxx XxxxxxverifiedHigh
51XXX.XXX.XX.XXXxxxx.xxxxxxxxxx.xxxXxxxxxx XxxxxxverifiedHigh
52XXX.XX.XX.XXxxxxxx XxxxxxverifiedHigh
53XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxx-xx.xxxxx.xxxXxxxxxx XxxxxxXxxx Xxxxxx XxxxxxxverifiedHigh
54XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxx-xx.xxxxx.xxxXxxxxxx XxxxxxXxxx Xxxxxx XxxxxxxverifiedHigh
55XXX.XX.XX.XXXXxxxxxx XxxxxxXxxx Xxxxxx XxxxxxxverifiedHigh
56XXX.XXX.XXX.XXXXxxxxxx XxxxxxverifiedHigh
57XXX.XXX.XXX.XXXXxxxxxx XxxxxxverifiedHigh
58XXX.XXX.XXX.XXXXxxxxxx XxxxxxverifiedHigh
59XXX.XXX.XXX.XXXXxxxxxx XxxxxxverifiedHigh
60XXX.XXX.XXX.XXXxxxxxx XxxxxxverifiedHigh
61XXX.XXX.XXX.XXXxxxxxx XxxxxxverifiedHigh
62XXX.XXX.XXX.XXXxxxxxx XxxxxxverifiedHigh
63XXX.X.XXX.XXXxxxxxx XxxxxxverifiedHigh
64XXX.X.XXX.XXXxxxxxx XxxxxxverifiedHigh
65XXX.X.XXX.XXXxxxxxx XxxxxxverifiedHigh
66XXX.X.XX.XXXXxxxxxx XxxxxxverifiedHigh
67XXX.X.XX.XXXXxxxxxx XxxxxxverifiedHigh
68XXX.X.XX.XXXXxxxxxx XxxxxxverifiedHigh
69XXX.X.XX.XXXXxxxxxx XxxxxxverifiedHigh
70XXX.X.XX.XXXXxxxxxx XxxxxxverifiedHigh
71XXX.X.XX.XXXXxxxxxx XxxxxxverifiedHigh
72XXX.X.XX.XXXXxxxxxx XxxxxxverifiedHigh
73XXX.X.XX.XXXXxxxxxx XxxxxxverifiedHigh
74XXX.X.XX.XXXXxxxxxx XxxxxxverifiedHigh
75XXX.X.XX.XXXXxxxxxx XxxxxxverifiedHigh
76XXX.X.XX.XXXXxxxxxx XxxxxxverifiedHigh
77XXX.X.XX.XXXXxxxxxx XxxxxxverifiedHigh
78XXX.X.XX.XXXXxxxxxx XxxxxxverifiedHigh
79XXX.XX.XXX.XXxx-xxx-xx-xxx-xx.xxxx.xxxxxxxxx.xxxXxxxxxx XxxxxxverifiedHigh
80XXX.XX.XXX.XXxx-xxx-xx-xxx-xx.xxxx.xxxxxxxxx.xxxXxxxxxx XxxxxxverifiedHigh
81XXX.XX.XXX.XXxx-xxx-xx-xxx-xx.xxxx.xxxxxxxxx.xxxXxxxxxx XxxxxxverifiedHigh
82XXX.XX.XXX.XXxx-xxx-xx-xxx-xx.xxxx.xxxxxxxxx.xxxXxxxxxx XxxxxxverifiedHigh
83XXX.XX.XXX.XXxx-xxx-xx-xxx-xx.xxxx.xxxxxxxxx.xxxXxxxxxx XxxxxxverifiedHigh
84XXX.XXX.XXX.XXXXxxxxxx XxxxxxXxxx Xxxxxx XxxxxxxverifiedHigh
85XXX.XX.XXX.XXXxxxxxx XxxxxxverifiedHigh
86XXX.XX.XXX.XXXXxxxxxx XxxxxxverifiedHigh
87XXX.XX.XXX.XXXXxxxxxx XxxxxxverifiedHigh
88XXX.XX.XXX.XXXXxxxxxx XxxxxxverifiedHigh
89XXX.XX.XXX.XXXXxxxxxx XxxxxxverifiedHigh
90XXX.XX.XXX.XXXXxxxxxx XxxxxxverifiedHigh
91XXX.XX.XXX.XXXXxxxxxx XxxxxxverifiedHigh
92XXX.XX.XXX.XXXXxxxxxx XxxxxxverifiedHigh
93XXX.XX.XXX.XXXXxxxxxx XxxxxxverifiedHigh
94XXX.XX.XXX.XXXXxxxxxx XxxxxxverifiedHigh
95XXX.XX.XXX.XXXXxxxxxx XxxxxxverifiedHigh
96XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxxx-xx.xxxxx.xxxXxxxxxx XxxxxxXxxx Xxxxxx XxxxxxxverifiedHigh
97XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxxx-xx.xxxxx.xxxXxxxxxx XxxxxxXxxx Xxxxxx XxxxxxxverifiedHigh
98XXX.XXX.XX.XXxxx-xxx-xx-xx.xxxxxxx-xx.xxxxx.xxxXxxxxxx XxxxxxXxxx Xxxxxx XxxxxxxverifiedHigh
99XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxx-xx.xxxxx.xxxXxxxxxx XxxxxxXxxx Xxxxxx XxxxxxxverifiedHigh
100XXX.XXX.XXX.Xxxx-xxx-xxx-x.xxxxxxx-xx.xxxxx.xxxXxxxxxx XxxxxxXxxx Xxxxxx XxxxxxxverifiedHigh
101XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxx-xx.xxxxx.xxxXxxxxxx XxxxxxXxxx Xxxxxx XxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (93)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/addnews.htmlpredictiveHigh
3File/admin/system/database/filedown.phppredictiveHigh
4File/bin/boapredictiveMedium
5File/cgi-bin/upload_vpntarpredictiveHigh
6File/MTFWUpredictiveLow
7File/network_test.phppredictiveHigh
8File/okm:rootpredictiveMedium
9File/wp-content/plugins/updraftplus/admin.phppredictiveHigh
10Fileacs.exepredictiveLow
11Fileadmin.php?m=backup&c=backup&a=dobackpredictiveHigh
12Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
13Filexxxxx/xxxxx.xxx?x=xx_xxx&x=xxxxx&x=xxxxx&x=xxxxx_xxxx_xxxxxxx&xxxxx=xxxx&xxxxx=xpredictiveHigh
14Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
15Filexxx.xxxpredictiveLow
16Filexxxxx/xxxxxxx/xxxxxxxxxxxxxpredictiveHigh
17Filexxxxxx.xxxpredictiveMedium
18Filexxxx/xxxxxx/xxxxx.xxxpredictiveHigh
19Filexxx/xxxx_xxxxxpredictiveHigh
20Filexxxxxx.xxxpredictiveMedium
21Filexxxx.xxxpredictiveMedium
22Filexxxxxxxx/xxxxxxx/xxxxx.xxxxx.xxxpredictiveHigh
23Filexxxxx.xxxpredictiveMedium
24Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictiveHigh
25Filexxxxxxx.xxxpredictiveMedium
26Filexxxxxx.xpredictiveMedium
27Filexxxxxx.xxpredictiveMedium
28Filexxxxxxx/xxxxx/xx/xxxxxx.xxxxx.xxxpredictiveHigh
29Filexxxx/xxxxxx/xxxxx.xxxpredictiveHigh
30Filexxxxxxxx.xxxpredictiveMedium
31Filexxxxxxxx.xxxpredictiveMedium
32Filexxx_xxx.xpredictiveMedium
33Filexxxxxxxxxxx-xxxx.xxpredictiveHigh
34Filexxxx/xxxxxxxxx.xxxpredictiveHigh
35Filexxxxx_xxxxx.xxxpredictiveHigh
36Filexxxxxxxx.xxxpredictiveMedium
37Filexxxxxxx.xxxpredictiveMedium
38Filexxxxxx_xxxxx.xxx/xxxxx_xxxxxxx_xxxxxxxxxx.xxpredictiveHigh
39Filexxxxx.xxxpredictiveMedium
40Filexxxxx-xxxxxxxxxxxx.xxxpredictiveHigh
41Filexxxxx/_xxxxxxxx.xxxpredictiveHigh
42Filexxxxxx.xxxpredictiveMedium
43Filexxxx_xxxxx_xxxxx.xxxpredictiveHigh
44Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
45Filexxxx/xxxx/xxxxx.xxxpredictiveHigh
46Filexxxx_xxx_xxx_xxxx.xxxpredictiveHigh
47Filexxxxx.xxxpredictiveMedium
48Filexxx/xxxxxx-xxxxxxx.xxxpredictiveHigh
49Filexxxxx.xxxpredictiveMedium
50Filexx-xxxxx/xxxx-xxx.xxxpredictiveHigh
51Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
52Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
53Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
54Filexxxxxx.xxx?xxxxxx=xxxxxxxxx.xxxx&xxxxxxxxxxx=xpredictiveHigh
55Argument$_xxxxxpredictiveLow
56Argument$_xxxxxxx['xxxx']predictiveHigh
57Argumentxx_xxxxx_xxx_xxxxpredictiveHigh
58ArgumentxxxxxxpredictiveLow
59ArgumentxxxxxxpredictiveLow
60Argumentxxxxxxxxxx_xxxxpredictiveHigh
61Argumentxxxxxx_xxxxxxxpredictiveHigh
62ArgumentxxxxxxxxpredictiveMedium
63ArgumentxxxpredictiveLow
64ArgumentxxxxpredictiveLow
65ArgumentxxxxxxpredictiveLow
66ArgumentxxxxxxxpredictiveLow
67ArgumentxxxxxxxxpredictiveMedium
68ArgumentxxxxxxxxxpredictiveMedium
69Argumentxxxxxx_xxxxx_xxxpredictiveHigh
70ArgumentxxxxxpredictiveLow
71ArgumentxxxxxxxpredictiveLow
72Argumentxxxxx_xxxxxxpredictiveMedium
73ArgumentxxxxpredictiveLow
74ArgumentxxpredictiveLow
75ArgumentxxxxxxxxxxxxxpredictiveHigh
76Argumentxxxxxxx_xxxxxxpredictiveHigh
77ArgumentxxxpredictiveLow
78ArgumentxxxxpredictiveLow
79Argumentxxxxxx_xxxx_xxxxpredictiveHigh
80ArgumentxxxxxxxxxxxxxpredictiveHigh
81ArgumentxxxxxxxpredictiveLow
82Argumentxxx_xxxxxpredictiveMedium
83ArgumentxxxxxxxxxxxxxxpredictiveHigh
84ArgumentxxxxxxpredictiveLow
85ArgumentxxxxpredictiveLow
86Argumentxxxxxxx[]predictiveMedium
87Argumentxxxxxxxxxx[xxxx]predictiveHigh
88Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
89ArgumentxxxpredictiveLow
90Argumentxxxx->xxxxxxxpredictiveHigh
91Argument_xxxxxxxpredictiveMedium
92Input Value../../predictiveLow
93Input Value..\predictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!